DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix ipallowlist parser not handling validation type errors

Browse source 
Signed-off-by: joey <zchengjoey@gmail.com>
This commit is contained in:
joey 2024-09-13 16:28:00 +08:00
parent 1c2aecbf02
commit e8c72c70f9
No known key found for this signature in database
GPG key ID: B5AE69C27B241A78
2 changed files with 58 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
internal/ingress/annotations/annotations_test.go
View file

@ -17,6 +17,7 @@ limitations under the License.
package annotations package annotations
import ( import (
"fmt"
"testing" "testing"
apiv1 "k8s.io/api/core/v1" apiv1 "k8s.io/api/core/v1"
@ -366,3 +367,57 @@ func TestCustomResponseHeaders(t *testing.T) {
} }
} }
} }
func TestIPAllowList(t *testing.T) {
mockObj := mockCfg{}
mockObj.MockConfigMaps = map[string]*apiv1.ConfigMap{}
ec := NewAnnotationExtractor(mockObj)
ing := buildIngress()
annotationKeys := []string{"allowlist-source-range", "whitelist-source-range"}
for _, tc := range []struct {
name string
net string
expectErr bool
errOut string
}{
{
name: "test parse a valid net",
net: "10.0.0.0/24",
},
{
name: "test parse a invalid net",
net: "ww",
errOut: "annotation nginx.ingress.kubernetes.io/%s contains invalid value",
expectErr: true,
},
{
name: "test parse multiple valid cidr",
net: "2.2.2.2/32,1.1.1.1/32,3.3.3.0/24",
expectErr: false,
},
{
name: "test parse multiple invalid cidr(missing comma)",
net: "1.1.1.1 2.2.2.2",
expectErr: true,
errOut: "annotation nginx.ingress.kubernetes.io/%s contains invalid value",
},
} {
t.Run(tc.name, func(t *testing.T) {
for _, annotationKey := range annotationKeys {
ing.SetAnnotations(map[string]string{
parser.GetAnnotationWithPrefix(annotationKey): tc.net,
})
i, err := ec.Extract(ing)
if (err != nil) != tc.expectErr {
t.Errorf("expected error: %t got error: %t err value: %s. %+v", tc.expectErr, err != nil, err, i)
}
if tc.expectErr && err != nil {
if err.Error() != fmt.Sprintf(tc.errOut, annotationKey) {
t.Errorf("expected error %s but got %s", tc.errOut, err)
}
}
}
})
}
}

3
internal/ingress/annotations/ipallowlist/main.go
View file

@ -95,6 +95,9 @@ func (a ipallowlist) Parse(ing *networking.Ingress) (interface{}, error) {
if err == ing_errors.ErrMissingAnnotations { if err == ing_errors.ErrMissingAnnotations {
return &SourceRange{CIDR: defaultAllowlistSourceRange}, nil return &SourceRange{CIDR: defaultAllowlistSourceRange}, nil
} }
if ing_errors.IsValidationError(err) {
return &SourceRange{CIDR: defaultAllowlistSourceRange}, err
}
return &SourceRange{CIDR: defaultAllowlistSourceRange}, ing_errors.LocationDeniedError{ return &SourceRange{CIDR: defaultAllowlistSourceRange}, ing_errors.LocationDeniedError{
Reason: err, Reason: err,