DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

relax url constraint for auth request

Browse source
This commit is contained in:
Cole Mickens 2017-02-02 02:22:44 -08:00
parent fb8e2d7373
commit ba8aea4642
2 changed files with 20 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
core/pkg/ingress/annotations/authreq/main.go
View file

@ -17,9 +17,6 @@ limitations under the License.
package authreq package authreq
import ( import (
"net/url"
"strings"
"k8s.io/kubernetes/pkg/apis/extensions" "k8s.io/kubernetes/pkg/apis/extensions"
"k8s.io/ingress/core/pkg/ingress/annotations/parser" "k8s.io/ingress/core/pkg/ingress/annotations/parser"
@ -68,30 +65,11 @@ func NewParser() parser.IngressAnnotation {
// ParseAnnotations parses the annotations contained in the ingress // ParseAnnotations parses the annotations contained in the ingress
// rule used to use an external URL as source for authentication // rule used to use an external URL as source for authentication
func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) { func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
str, err := parser.GetStringAnnotation(authURL, ing) auth, err := parser.GetURLAnnotation(authURL, ing)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if str == "" {
return nil, ing_errors.NewLocationDenied("an empty string is not a valid URL")
}
ur, err := url.Parse(str)
if err != nil {
return nil, err
}
if ur.Scheme == "" {
return nil, ing_errors.NewLocationDenied("url scheme is empty")
}
if ur.Host == "" {
return nil, ing_errors.NewLocationDenied("url host is empty")
}
if strings.Contains(ur.Host, "..") {
return nil, ing_errors.NewLocationDenied("invalid url host")
}
m, err := parser.GetStringAnnotation(authMethod, ing) m, err := parser.GetStringAnnotation(authMethod, ing)
if err != nil { if err != nil {
return nil, err return nil, err
@ -104,7 +82,7 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
sb, _ := parser.GetBoolAnnotation(authBody, ing) sb, _ := parser.GetBoolAnnotation(authBody, ing)
return &External{ return &External{
URL: str, URL: auth.String(),
Method: m, Method: m,
SendBody: sb, SendBody: sb,
}, nil }, nil

18
core/pkg/ingress/annotations/parser/main.go
View file

@ -17,6 +17,7 @@ limitations under the License.
package parser package parser
import ( import (
"net/url"
"strconv" "strconv"
"k8s.io/kubernetes/pkg/apis/extensions" "k8s.io/kubernetes/pkg/apis/extensions"
@ -51,6 +52,14 @@ func (a ingAnnotations) parseString(name string) (string, error) {
return "", errors.ErrMissingAnnotations return "", errors.ErrMissingAnnotations
} }
func (a ingAnnotations) parseURL(name string) (*url.URL, error) {
val, ok := a[name]
if ok {
return url.Parse(val)
}
return nil, errors.ErrMissingAnnotations
}
func (a ingAnnotations) parseInt(name string) (int, error) { func (a ingAnnotations) parseInt(name string) (int, error) {
val, ok := a[name] val, ok := a[name]
if ok { if ok {
@ -100,3 +109,12 @@ func GetIntAnnotation(name string, ing *extensions.Ingress) (int, error) {
} }
return ingAnnotations(ing.GetAnnotations()).parseInt(name) return ingAnnotations(ing.GetAnnotations()).parseInt(name)
} }
// GetUrlAnnotation extracts a URL from an Ingress annotation
func GetURLAnnotation(name string, ing *extensions.Ingress) (*url.URL, error) {
err := checkAnnotation(name, ing)
if err != nil {
return nil, err
}
return ingAnnotations(ing.GetAnnotations()).parseURL(name)
}