* upgrade go 1.21.5
Signed-off-by: James Strong <strong.james.e@gmail.com>
* update golang gha
Signed-off-by: James Strong <strong.james.e@gmail.com>
* supgrade golang lint ci to v1.55.2
* sfix all golang lint ci errors
* sget a nginx build as well
* srevert some e2e changes
* srevert some e2e changes
---------
Signed-off-by: James Strong <strong.james.e@gmail.com>
* added proxy-intercept-errors config option
* fixed error when comparing locations
* fixed missing location config from annotation
added e2e test
* reversed logic for proxy-intercept-errors to disable-proxy-intercept-errors
* reversed logic to disable-proxy-intercept-errors
* reversed logic
* default has to be false
* put comment in same line as return
* run gofmt
* fixing wrong Boilerplate header
* updated code to new IngressAnnotation interface
* fixes to satisfy PR comments
* synced with upstream; fixed typo
* gofumpt disableproxyintercepterrors.go
* gofumpt
* Add validation to all annotations
* Add annotation validation for fcgi
* Fix reviews and fcgi e2e
* Add flag to disable cross namespace validation
* Add risk, flag for validation, tests
* Add missing formating
* Enable validation by default on tests
* Test validation flag
* remove ajp from list
* Finalize validation changes
* Add validations to CI
* Update helm docs
* Fix code review
* Use a better name for annotation risk
* Remove variables with $ before feeding into url.Parse
Signed-off-by: Gerald Pape <gerald@giantswarm.io>
* Do not render invalid request mirroring config
Signed-off-by: Gerald Pape <gerald@giantswarm.io>
* Remove additional note from docs again
Signed-off-by: Gerald Pape <gerald@giantswarm.io>
* Include quotes in e2e test for mirror proxy_pass
---------
Signed-off-by: Gerald Pape <gerald@giantswarm.io>
update alpine and golang
remove nano
update go modules
remove need for openssl external cli
fix stale
Signed-off-by: James Strong <james.strong@chainguard.dev>
* Rework Ginkgo usage
Currently Ginkgo is launched multiple times with different options to
accomodate various use-cases. In particular, some specs needs to be run
sequentially because non-namespaced objects are created that conflicts
with concurent Helm deployments.
However Ginkgo is able to handle such cases natively, in particular
specs that needs to be run sequentially are supported (Serial spec).
This commit marks the specs that needs to be run sequentially as Serial
specs and runs the whole test suite from a single Ginkgo invocation. As
a result, a single JUnit report is now generated.
Signed-off-by: Hervé Werner <dud225@hotmail.com>
* Fix controller error in test
Error getting ConfigMap "$NAMESPACE/tcp-services": no object matching key "$NAMESPACE/tcp-services" in local store
Signed-off-by: Hervé Werner <dud225@hotmail.com>
* Replace "go get" invocations by "go install"
Executing "go get" changes the go.mod & go.sum files which is not the
case of "go install".
Signed-off-by: Hervé Werner <dud225@hotmail.com>
* Always clean out the Helm deployment
Signed-off-by: Hervé Werner <dud225@hotmail.com>
* Add E2E test to verify that changes to one or more configmap trigger an update
Signed-off-by: Hervé Werner <dud225@hotmail.com>
---------
Signed-off-by: Hervé Werner <dud225@hotmail.com>
* feat: Add support for IP Deny List
* fixed gomod
* Update package
* go mod tidy
* Revert "go mod tidy"
This reverts commit e6a837e1e7.
* update ginko version
* Updates e2e tests
* fix test typo
This adds the new annotation `nginx.ingress.kubernetes.io/session-cookie-domain`
for setting the cookie `Domain` attribute of the sticky cookie.
Signed-off-by: Matthias Neugebauer <mtneug@mailbox.org>
Signed-off-by: Matthias Neugebauer <mtneug@mailbox.org>
X-CustomHeader looks more like an example than a header we would want to
accept in production. Added Range as a useful header that enables
operations on resources that can be fetched in chunks.
* Add keepalive support for auth requests
* Fix typo
* Address PR comments
* Log warning when auth-url contains variable in its host:port
* Generate upstream name without replacing dots to underscores in server name
* Add comment in the nginx template when the keepalive upstream block is referenced
* Workaround for auth_request module ignores keepalive in upstream block
* The `auth_request` module does not support HTTP keepalives in upstream block:
https://trac.nginx.org/nginx/ticket/1579
* As a workaround we use ngx.location.capture but unfortunately it does not
support HTTP/2 so `use-http2` configuration parameter is needed.
* Handle PR comments
* Address PR comments
* Handle invalid values for int parameters
* Handle PR comments
* Fix e2e test
* Disabled default modsecurity_rules_file if modsecurity-snippet is specifed
The default modsecurity_rules_file overwrites the ModSecurity-snippet if it is specified with custom config settings like "SecRuleEngine On". This will not let Modsecurity be in blocking mode even if "SecRuleEngine On" is specified in the ModSecurity-snippet configuration
* Remove unnecessary comments
Only have the default Modsecurity conf settings in case Modsecurity configuration snippet is not present and remove unnecessary comments
* Fixed modsecurity default file only if Modsecurity snippet present
Fixed if condition Modsecurity snippet present have modsecurity default config file
* Added e2e test to disabling modsecurity conf
Added e2e in case modsecurity-snippet enabled to disable settings in default modsecurity.conf
* Validate writing to a different location
Validate also modsecurity to write to a different location instead of the default directory
* Fixed the formatting
* Fixed if empty ModsecuritySnippet
* Fixed ModsecuritySnippet condition
* Fixed the condition also in ingress controller template
* Removed the default config condition in ingress controller template
* Fixed the default config condition in ingress controller template
* Fixed pull-ingress-nginx-test
* Revert "Fixed the default config condition in ingress controller template"
This reverts commit 9d38eca40f.
* Revert template_test
* Adjusted the formating %v
