DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

use-regex annotation should be applied to only one Location

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2020-07-06 15:44:19 -04:00
parent ec4fb05cad
commit a8a8b5f6e9
4 changed files with 11 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
internal/ingress/controller/template/template.go
View file

@ -171,7 +171,6 @@ var (
"buildOpentracing": buildOpentracing, "buildOpentracing": buildOpentracing,
"proxySetHeader": proxySetHeader, "proxySetHeader": proxySetHeader,
"buildInfluxDB": buildInfluxDB, "buildInfluxDB": buildInfluxDB,
"enforceRegexModifier": enforceRegexModifier,
"buildCustomErrorDeps": buildCustomErrorDeps, "buildCustomErrorDeps": buildCustomErrorDeps,
"buildCustomErrorLocationsPerServer": buildCustomErrorLocationsPerServer, "buildCustomErrorLocationsPerServer": buildCustomErrorLocationsPerServer,
"shouldLoadModSecurityModule": shouldLoadModSecurityModule, "shouldLoadModSecurityModule": shouldLoadModSecurityModule,
@ -373,26 +372,9 @@ func needsRewrite(location *ingress.Location) bool {
return false return false
} }
// enforceRegexModifier checks if the "rewrite-target" or "use-regex" annotation
// is used on any location path within a server
func enforceRegexModifier(input interface{}) bool {
locations, ok := input.([]*ingress.Location)
if !ok {
klog.Errorf("expected an '[]*ingress.Location' type but %T was returned", input)
return false
}
for _, location := range locations {
if needsRewrite(location) || location.Rewrite.UseRegex {
return true
}
}
return false
}
// buildLocation produces the location string, if the ingress has redirects // buildLocation produces the location string, if the ingress has redirects
// (specified through the nginx.ingress.kubernetes.io/rewrite-target annotation) // (specified through the nginx.ingress.kubernetes.io/rewrite-target annotation)
func buildLocation(input interface{}, enforceRegex bool) string { func buildLocation(input interface{}) string {
location, ok := input.(*ingress.Location) location, ok := input.(*ingress.Location)
if !ok { if !ok {
klog.Errorf("expected an '*ingress.Location' type but %T was returned", input) klog.Errorf("expected an '*ingress.Location' type but %T was returned", input)
@ -400,7 +382,7 @@ func buildLocation(input interface{}, enforceRegex bool) string {
} }
path := location.Path path := location.Path
if enforceRegex { if location.Rewrite.UseRegex {
return fmt.Sprintf(`~* "^%s"`, path) return fmt.Sprintf(`~* "^%s"`, path)
} }

34
internal/ingress/controller/template/template_test.go
View file

@ -64,7 +64,7 @@ var (
Sticky bool Sticky bool
XForwardedPrefix string XForwardedPrefix string
SecureBackend bool SecureBackend bool
enforceRegex bool UseRegex bool
}{ }{
"when secure backend enabled": { "when secure backend enabled": {
"/", "/",
@ -275,7 +275,7 @@ func TestQuote(t *testing.T) {
func TestBuildLocation(t *testing.T) { func TestBuildLocation(t *testing.T) {
invalidType := &ingress.Ingress{} invalidType := &ingress.Ingress{}
expected := "/" expected := "/"
actual := buildLocation(invalidType, true) actual := buildLocation(invalidType)
if !reflect.DeepEqual(expected, actual) { if !reflect.DeepEqual(expected, actual) {
t.Errorf("Expected '%v' but returned '%v'", expected, actual) t.Errorf("Expected '%v' but returned '%v'", expected, actual)
@ -284,10 +284,10 @@ func TestBuildLocation(t *testing.T) {
for k, tc := range tmplFuncTestcases { for k, tc := range tmplFuncTestcases {
loc := &ingress.Location{ loc := &ingress.Location{
Path: tc.Path, Path: tc.Path,
Rewrite: rewrite.Config{Target: tc.Target}, Rewrite: rewrite.Config{Target: tc.Target, UseRegex: tc.UseRegex},
} }
newLoc := buildLocation(loc, tc.enforceRegex) newLoc := buildLocation(loc)
if tc.Location != newLoc { if tc.Location != newLoc {
t.Errorf("%s: expected '%v' but returned %v", k, tc.Location, newLoc) t.Errorf("%s: expected '%v' but returned %v", k, tc.Location, newLoc)
} }
@ -1195,32 +1195,6 @@ func TestBuildOpenTracing(t *testing.T) {
} }
func TestEnforceRegexModifier(t *testing.T) {
invalidType := &ingress.Ingress{}
expected := false
actual := enforceRegexModifier(invalidType)
if expected != actual {
t.Errorf("Expected '%v' but returned '%v'", expected, actual)
}
locs := []*ingress.Location{
{
Rewrite: rewrite.Config{
Target: "/alright",
UseRegex: true,
},
Path: "/ok",
},
}
expected = true
actual = enforceRegexModifier(locs)
if expected != actual {
t.Errorf("Expected '%v' but returned '%v'", expected, actual)
}
}
func TestShouldLoadModSecurityModule(t *testing.T) { func TestShouldLoadModSecurityModule(t *testing.T) {
// ### Invalid argument type tests ### // ### Invalid argument type tests ###
// The first tests should return false. // The first tests should return false.

3
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -903,9 +903,8 @@ stream {
{{ buildMirrorLocations $server.Locations }} {{ buildMirrorLocations $server.Locations }}
{{ $enforceRegex := enforceRegexModifier $server.Locations }}
{{ range $location := $server.Locations }} {{ range $location := $server.Locations }}
{{ $path := buildLocation $location $enforceRegex }} {{ $path := buildLocation $location }}
{{ $proxySetHeader := proxySetHeader $location }} {{ $proxySetHeader := proxySetHeader $location }}
{{ $authPath := buildAuthLocation $location $all.Cfg.GlobalExternalAuth.URL }} {{ $authPath := buildAuthLocation $location $all.Cfg.GlobalExternalAuth.URL }}
{{ $applyGlobalAuth := shouldApplyGlobalAuth $location $all.Cfg.GlobalExternalAuth.URL }} {{ $applyGlobalAuth := shouldApplyGlobalAuth $location $all.Cfg.GlobalExternalAuth.URL }}

7
test/e2e/annotations/rewrite.go
View file

@ -95,7 +95,8 @@ var _ = framework.DescribeAnnotation("rewrite-target use-regex enable-rewrite-lo
f.WaitForNginxServer(host, f.WaitForNginxServer(host,
func(server string) bool { func(server string) bool {
return strings.Contains(server, `location ~* "^/" {`) && strings.Contains(server, `location ~* "^/.well-known/acme/challenge" {`) return strings.Contains(server, `location / {`) &&
strings.Contains(server, `location /.well-known/acme/challenge {`)
}) })
ginkgo.By("making a second request to the non-rewritten location") ginkgo.By("making a second request to the non-rewritten location")
@ -129,7 +130,7 @@ var _ = framework.DescribeAnnotation("rewrite-target use-regex enable-rewrite-lo
f.WaitForNginxServer(host, f.WaitForNginxServer(host,
func(server string) bool { func(server string) bool {
return strings.Contains(server, `location ~* "^/foo" {`) && strings.Contains(server, `location ~* "^/foo.+" {`) return strings.Contains(server, `location /foo {`) && strings.Contains(server, `location ~* "^/foo.+" {`)
}) })
ginkgo.By("ensuring '/foo' matches '~* ^/foo'") ginkgo.By("ensuring '/foo' matches '~* ^/foo'")
@ -170,7 +171,7 @@ var _ = framework.DescribeAnnotation("rewrite-target use-regex enable-rewrite-lo
f.WaitForNginxServer(host, f.WaitForNginxServer(host,
func(server string) bool { func(server string) bool {
return strings.Contains(server, `location ~* "^/foo/bar/bar" {`) && return strings.Contains(server, `location /foo/bar/bar {`) &&
strings.Contains(server, `location ~* "^/foo/bar/[a-z]{3}" {`) strings.Contains(server, `location ~* "^/foo/bar/[a-z]{3}" {`)
}) })