Fix reviews and fcgi e2e
This commit is contained in:
Ricardo Katz
parent
b435ab13cf
commit
cdbf699b9f
5 changed files with 14 additions and 15 deletions
|
|
@ -27,7 +27,6 @@ import (
|
||||||
"k8s.io/client-go/tools/cache"
|
"k8s.io/client-go/tools/cache"
|
||||||
|
|
||||||
"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
|
"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
|
||||||
"k8s.io/ingress-nginx/internal/ingress/errors"
|
|
||||||
ing_errors "k8s.io/ingress-nginx/internal/ingress/errors"
|
ing_errors "k8s.io/ingress-nginx/internal/ingress/errors"
|
||||||
"k8s.io/ingress-nginx/internal/ingress/resolver"
|
"k8s.io/ingress-nginx/internal/ingress/resolver"
|
||||||
"k8s.io/ingress-nginx/pkg/util/sets"
|
"k8s.io/ingress-nginx/pkg/util/sets"
|
||||||
|
|
@ -111,7 +110,7 @@ var authReqAnnotations = parser.Annotation{
|
||||||
Documentation: `This annotation specifies a duration in seconds which an idle keepalive connection to an upstream server will stay open`,
|
Documentation: `This annotation specifies a duration in seconds which an idle keepalive connection to an upstream server will stay open`,
|
||||||
},
|
},
|
||||||
authReqCacheDuration: {
|
authReqCacheDuration: {
|
||||||
Validator: parser.ValidateRegex(*parser.ExtendedChars, false),
|
Validator: parser.ValidateRegex(*parser.ExtendedCharsRegex, false),
|
||||||
Scope: parser.AnnotationScopeLocation,
|
Scope: parser.AnnotationScopeLocation,
|
||||||
Risk: parser.AnnotationRiskMedium,
|
Risk: parser.AnnotationRiskMedium,
|
||||||
Documentation: `This annotation allows to specify a caching time for auth responses based on their response codes, e.g. 200 202 30m`,
|
Documentation: `This annotation allows to specify a caching time for auth responses based on their response codes, e.g. 200 202 30m`,
|
||||||
|
|
@ -306,7 +305,7 @@ func (a authReq) Parse(ing *networking.Ingress) (interface{}, error) {
|
||||||
|
|
||||||
authMethod, err := parser.GetStringAnnotation(authReqMethodAnnotation, ing, a.annotationConfig.Annotations)
|
authMethod, err := parser.GetStringAnnotation(authReqMethodAnnotation, ing, a.annotationConfig.Annotations)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if errors.IsValidationError(err) {
|
if ing_errors.IsValidationError(err) {
|
||||||
return nil, ing_errors.NewLocationDenied("invalid HTTP method")
|
return nil, ing_errors.NewLocationDenied("invalid HTTP method")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -314,7 +313,7 @@ func (a authReq) Parse(ing *networking.Ingress) (interface{}, error) {
|
||||||
// Optional Parameters
|
// Optional Parameters
|
||||||
signIn, err := parser.GetStringAnnotation(authReqSigninAnnotation, ing, a.annotationConfig.Annotations)
|
signIn, err := parser.GetStringAnnotation(authReqSigninAnnotation, ing, a.annotationConfig.Annotations)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if errors.IsValidationError(err) {
|
if ing_errors.IsValidationError(err) {
|
||||||
klog.Warningf("%s value is invalid: %s", authReqSigninAnnotation, err)
|
klog.Warningf("%s value is invalid: %s", authReqSigninAnnotation, err)
|
||||||
}
|
}
|
||||||
klog.V(3).InfoS("auth-signin annotation is undefined and will not be set")
|
klog.V(3).InfoS("auth-signin annotation is undefined and will not be set")
|
||||||
|
|
@ -322,7 +321,7 @@ func (a authReq) Parse(ing *networking.Ingress) (interface{}, error) {
|
||||||
|
|
||||||
signInRedirectParam, err := parser.GetStringAnnotation(authReqSigninRedirParamAnnotation, ing, a.annotationConfig.Annotations)
|
signInRedirectParam, err := parser.GetStringAnnotation(authReqSigninRedirParamAnnotation, ing, a.annotationConfig.Annotations)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if errors.IsValidationError(err) {
|
if ing_errors.IsValidationError(err) {
|
||||||
klog.Warningf("%s value is invalid: %s", authReqSigninRedirParamAnnotation, err)
|
klog.Warningf("%s value is invalid: %s", authReqSigninRedirParamAnnotation, err)
|
||||||
}
|
}
|
||||||
klog.V(3).Infof("auth-signin-redirect-param annotation is undefined and will not be set")
|
klog.V(3).Infof("auth-signin-redirect-param annotation is undefined and will not be set")
|
||||||
|
|
@ -335,7 +334,7 @@ func (a authReq) Parse(ing *networking.Ingress) (interface{}, error) {
|
||||||
|
|
||||||
authCacheKey, err := parser.GetStringAnnotation(authReqCacheKeyAnnotation, ing, a.annotationConfig.Annotations)
|
authCacheKey, err := parser.GetStringAnnotation(authReqCacheKeyAnnotation, ing, a.annotationConfig.Annotations)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if errors.IsValidationError(err) {
|
if ing_errors.IsValidationError(err) {
|
||||||
klog.Warningf("%s value is invalid: %s", authReqCacheKeyAnnotation, err)
|
klog.Warningf("%s value is invalid: %s", authReqCacheKeyAnnotation, err)
|
||||||
}
|
}
|
||||||
klog.V(3).InfoS("auth-cache-key annotation is undefined and will not be set")
|
klog.V(3).InfoS("auth-cache-key annotation is undefined and will not be set")
|
||||||
|
|
@ -379,7 +378,7 @@ func (a authReq) Parse(ing *networking.Ingress) (interface{}, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
durstr, err := parser.GetStringAnnotation(authReqCacheDuration, ing, a.annotationConfig.Annotations)
|
durstr, err := parser.GetStringAnnotation(authReqCacheDuration, ing, a.annotationConfig.Annotations)
|
||||||
if err != nil && errors.IsValidationError(err) {
|
if err != nil && ing_errors.IsValidationError(err) {
|
||||||
return nil, fmt.Errorf("%s contains invalid value", authReqCacheDuration)
|
return nil, fmt.Errorf("%s contains invalid value", authReqCacheDuration)
|
||||||
}
|
}
|
||||||
authCacheDuration, err := ParseStringToCacheDurations(durstr)
|
authCacheDuration, err := ParseStringToCacheDurations(durstr)
|
||||||
|
|
@ -389,7 +388,7 @@ func (a authReq) Parse(ing *networking.Ingress) (interface{}, error) {
|
||||||
|
|
||||||
responseHeaders := []string{}
|
responseHeaders := []string{}
|
||||||
hstr, err := parser.GetStringAnnotation(authReqResponseHeadersAnnotation, ing, a.annotationConfig.Annotations)
|
hstr, err := parser.GetStringAnnotation(authReqResponseHeadersAnnotation, ing, a.annotationConfig.Annotations)
|
||||||
if err != nil && errors.IsValidationError(err) {
|
if err != nil && ing_errors.IsValidationError(err) {
|
||||||
return nil, ing_errors.NewLocationDenied("validation error")
|
return nil, ing_errors.NewLocationDenied("validation error")
|
||||||
}
|
}
|
||||||
if len(hstr) != 0 {
|
if len(hstr) != 0 {
|
||||||
|
|
@ -445,12 +444,12 @@ func (a authReq) Parse(ing *networking.Ingress) (interface{}, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
requestRedirect, err := parser.GetStringAnnotation(authReqRequestRedirectAnnotation, ing, a.annotationConfig.Annotations)
|
requestRedirect, err := parser.GetStringAnnotation(authReqRequestRedirectAnnotation, ing, a.annotationConfig.Annotations)
|
||||||
if err != nil && errors.IsValidationError(err) {
|
if err != nil && ing_errors.IsValidationError(err) {
|
||||||
return nil, fmt.Errorf("%s is invalid: %w", authReqRequestRedirectAnnotation, err)
|
return nil, fmt.Errorf("%s is invalid: %w", authReqRequestRedirectAnnotation, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
alwaysSetCookie, err := parser.GetBoolAnnotation(authReqAlwaysSetCookieAnnotation, ing, a.annotationConfig.Annotations)
|
alwaysSetCookie, err := parser.GetBoolAnnotation(authReqAlwaysSetCookieAnnotation, ing, a.annotationConfig.Annotations)
|
||||||
if err != nil && errors.IsValidationError(err) {
|
if err != nil && ing_errors.IsValidationError(err) {
|
||||||
return nil, fmt.Errorf("%s is invalid: %w", authReqAlwaysSetCookieAnnotation, err)
|
return nil, fmt.Errorf("%s is invalid: %w", authReqAlwaysSetCookieAnnotation, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,7 @@ var globalAuthAnnotations = parser.Annotation{
|
||||||
Validator: parser.ValidateBool,
|
Validator: parser.ValidateBool,
|
||||||
Scope: parser.AnnotationScopeLocation,
|
Scope: parser.AnnotationScopeLocation,
|
||||||
Risk: parser.AnnotationRiskLow,
|
Risk: parser.AnnotationRiskLow,
|
||||||
Documentation: `Defines if the gloabl external authentication should be enabled.`,
|
Documentation: `Defines if the global external authentication should be enabled.`,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -63,7 +63,7 @@ var (
|
||||||
// This combination can also be used on fields that may contain characters like / (as ns/name)
|
// This combination can also be used on fields that may contain characters like / (as ns/name)
|
||||||
BasicCharsRegex = regexp.MustCompile("^[/" + alphaNumericChars + "]*$")
|
BasicCharsRegex = regexp.MustCompile("^[/" + alphaNumericChars + "]*$")
|
||||||
// ExtendedChars is alphanumeric and ".", "-", "_", "~" and ":" plus "," and spaces, usually used on simple host:port/path composition
|
// ExtendedChars is alphanumeric and ".", "-", "_", "~" and ":" plus "," and spaces, usually used on simple host:port/path composition
|
||||||
ExtendedChars = regexp.MustCompile("^[/" + extendedAlphaNumeric + "]*$")
|
ExtendedCharsRegex = regexp.MustCompile("^[/" + extendedAlphaNumeric + "]*$")
|
||||||
// CharsWithSpace is like basic chars, but includes the space character
|
// CharsWithSpace is like basic chars, but includes the space character
|
||||||
CharsWithSpace = regexp.MustCompile("^[/" + alphaNumericChars + " ]*$")
|
CharsWithSpace = regexp.MustCompile("^[/" + alphaNumericChars + " ]*$")
|
||||||
// NGINXVariable allows entries with alphanumeric characters, -, _ and the special "$"
|
// NGINXVariable allows entries with alphanumeric characters, -, _ and the special "$"
|
||||||
|
|
|
||||||
|
|
@ -221,7 +221,7 @@ func (p proxySSL) Parse(ing *networking.Ingress) (interface{}, error) {
|
||||||
config.Protocols, err = parser.GetStringAnnotation(proxySSLProtocolsAnnotation, ing, p.annotationConfig.Annotations)
|
config.Protocols, err = parser.GetStringAnnotation(proxySSLProtocolsAnnotation, ing, p.annotationConfig.Annotations)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if errors.IsValidationError(err) {
|
if errors.IsValidationError(err) {
|
||||||
klog.Warningf("invalid value passed to proxy-ssl-protocolos, defaulting to %s", defaultProxySSLProtocols)
|
klog.Warningf("invalid value passed to proxy-ssl-protocols, defaulting to %s", defaultProxySSLProtocols)
|
||||||
}
|
}
|
||||||
config.Protocols = defaultProxySSLProtocols
|
config.Protocols = defaultProxySSLProtocols
|
||||||
} else {
|
} else {
|
||||||
|
|
|
||||||
|
|
@ -75,7 +75,7 @@ var _ = framework.DescribeAnnotation("backend-protocol - FastCGI", func() {
|
||||||
Namespace: f.Namespace,
|
Namespace: f.Namespace,
|
||||||
},
|
},
|
||||||
Data: map[string]string{
|
Data: map[string]string{
|
||||||
"SCRIPT_FILENAME": "/home/www/scripts/php$fastcgi_script_name",
|
"SCRIPT_FILENAME": "$fastcgi_script_name",
|
||||||
"REDIRECT_STATUS": "200",
|
"REDIRECT_STATUS": "200",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
@ -94,7 +94,7 @@ var _ = framework.DescribeAnnotation("backend-protocol - FastCGI", func() {
|
||||||
|
|
||||||
f.WaitForNginxServer(host,
|
f.WaitForNginxServer(host,
|
||||||
func(server string) bool {
|
func(server string) bool {
|
||||||
return strings.Contains(server, "fastcgi_param SCRIPT_FILENAME \"/home/www/scripts/php$fastcgi_script_name\";") &&
|
return strings.Contains(server, "fastcgi_param SCRIPT_FILENAME \"$fastcgi_script_name\";") &&
|
||||||
strings.Contains(server, "fastcgi_param REDIRECT_STATUS \"200\";")
|
strings.Contains(server, "fastcgi_param REDIRECT_STATUS \"200\";")
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue