relax url constraint for auth request
This commit is contained in:
Cole Mickens
parent
fb8e2d7373
commit
ba8aea4642
2 changed files with 20 additions and 24 deletions
|
|
@ -17,9 +17,6 @@ limitations under the License.
|
|||
package authreq
|
||||
|
||||
import (
|
||||
"net/url"
|
||||
"strings"
|
||||
|
||||
"k8s.io/kubernetes/pkg/apis/extensions"
|
||||
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/parser"
|
||||
|
|
@ -68,30 +65,11 @@ func NewParser() parser.IngressAnnotation {
|
|||
// ParseAnnotations parses the annotations contained in the ingress
|
||||
// rule used to use an external URL as source for authentication
|
||||
func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
|
||||
str, err := parser.GetStringAnnotation(authURL, ing)
|
||||
auth, err := parser.GetURLAnnotation(authURL, ing)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if str == "" {
|
||||
return nil, ing_errors.NewLocationDenied("an empty string is not a valid URL")
|
||||
}
|
||||
|
||||
ur, err := url.Parse(str)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if ur.Scheme == "" {
|
||||
return nil, ing_errors.NewLocationDenied("url scheme is empty")
|
||||
}
|
||||
if ur.Host == "" {
|
||||
return nil, ing_errors.NewLocationDenied("url host is empty")
|
||||
}
|
||||
|
||||
if strings.Contains(ur.Host, "..") {
|
||||
return nil, ing_errors.NewLocationDenied("invalid url host")
|
||||
}
|
||||
|
||||
m, err := parser.GetStringAnnotation(authMethod, ing)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -104,7 +82,7 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
|
|||
sb, _ := parser.GetBoolAnnotation(authBody, ing)
|
||||
|
||||
return &External{
|
||||
URL: str,
|
||||
URL: auth.String(),
|
||||
Method: m,
|
||||
SendBody: sb,
|
||||
}, nil
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ limitations under the License.
|
|||
package parser
|
||||
|
||||
import (
|
||||
"net/url"
|
||||
"strconv"
|
||||
|
||||
"k8s.io/kubernetes/pkg/apis/extensions"
|
||||
|
|
@ -51,6 +52,14 @@ func (a ingAnnotations) parseString(name string) (string, error) {
|
|||
return "", errors.ErrMissingAnnotations
|
||||
}
|
||||
|
||||
func (a ingAnnotations) parseURL(name string) (*url.URL, error) {
|
||||
val, ok := a[name]
|
||||
if ok {
|
||||
return url.Parse(val)
|
||||
}
|
||||
return nil, errors.ErrMissingAnnotations
|
||||
}
|
||||
|
||||
func (a ingAnnotations) parseInt(name string) (int, error) {
|
||||
val, ok := a[name]
|
||||
if ok {
|
||||
|
|
@ -100,3 +109,12 @@ func GetIntAnnotation(name string, ing *extensions.Ingress) (int, error) {
|
|||
}
|
||||
return ingAnnotations(ing.GetAnnotations()).parseInt(name)
|
||||
}
|
||||
|
||||
// GetUrlAnnotation extracts a URL from an Ingress annotation
|
||||
func GetURLAnnotation(name string, ing *extensions.Ingress) (*url.URL, error) {
|
||||
err := checkAnnotation(name, ing)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return ingAnnotations(ing.GetAnnotations()).parseURL(name)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue