* upgrade to golang 1.19.2
Signed-off-by: James Strong <strong.james.e@gmail.com>
* update e2e testing to 1.25 kind
Signed-off-by: James Strong <strong.james.e@gmail.com>
Signed-off-by: James Strong <strong.james.e@gmail.com>
* Support none keyword in log-format escape
## What this PR does / why we need it:
ingress-nginx does not support disabling escaping of special characters in the nginx log. This PR exposes the setting to support that functionality.
## Types of changes
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to change)
- [ ] Documentation only
## Which issue/s this PR fixes
<!--
(optional, in `fixes #<issue number>` format, will close that issue when PR gets merged):
fixes #
-->
## How Has This Been Tested?
Followed the [getting-started](96b6228a6b/docs/developer-guide/getting-started.md) guide. Used ppa:longsleep/golang-backports on WSL Ubuntu to establish a golang-1.18 environment with latest docker and recommended kind. Built the dev-env successfully; had issues with make test, but they are entirely unrelated to anything I touched. Ultimate test was
```
FOCUS=log-format make kind-e2e-test
...
Ginkgo ran 1 suite in 6m29.7437865s
Test Suite Passed
```
## Checklist:
<!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
- [x] My change requires a change to the documentation.
- [x] I have updated the documentation accordingly.
- [x] I've read the [CONTRIBUTION](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) guide
- [x] I have added tests to cover my changes.
- [x] All new and existing tests passed.
I did not update docs/e2e-tests.md.
* gofmt -s ./internal/ingress/controller/config/config.go
This adds the new annotation `nginx.ingress.kubernetes.io/session-cookie-domain`
for setting the cookie `Domain` attribute of the sticky cookie.
Signed-off-by: Matthias Neugebauer <mtneug@mailbox.org>
Signed-off-by: Matthias Neugebauer <mtneug@mailbox.org>
We removed the use of configmap as an election lock, so we will use the
Lease API to complete the election.
Before this, we used `MultiLock` to facilitate smooth migration of
existing users of ingress-nginx from configmap to LeaseLock.
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
* update files to use one base image file
Signed-off-by: James Strong <strong.james.e@gmail.com>
* add chart test as well
Signed-off-by: James Strong <strong.james.e@gmail.com>
* update e2e-test image building
Signed-off-by: James Strong <strong.james.e@gmail.com>
* update e2e base image arg
Signed-off-by: James Strong <strong.james.e@gmail.com>
* add current e2e so test run
Signed-off-by: James Strong <strong.james.e@gmail.com>
* working on fixing build
* getting dev-env and make release to work
* test
* i think buildx is working on mac
* updates
* why docker for mac and linux cli differ
* fix target arch
* fix target arch
* fix loag issue
* fix issue
* update the chroot docker file
* fix docker base build
* mac is the issue
* env not getting to the e2e deployment.go file
* fix pull issue
* fix pull issue
* move test scripts into test folder
* clean up ci
* updates for PR
* remove unnesscary var
* Improve path rule
* Add nginx configuration tests
* Revert framework changes
* Add test to patched directives
* Fix root conf test
* Add comment in new function
X-CustomHeader looks more like an example than a header we would want to
accept in production. Added Range as a useful header that enables
operations on resources that can be fetched in chunks.
* nginx 1.19.10 keepalive_time parameter
* nginx v1.19.10 base image
* keepalive_time documentation
* base image
* restore base image
* e2e test
* replace default value in test
* Initial work on chrooting nginx process
* More improvements in chroot
* Fix charts and some file locations
* Fix symlink on non chrooted container
* fix psp test
* Add e2e tests to chroot image
* Fix logger
* Add internal logger in controller
* Fix overlay for chrooted tests
* Fix tests
* fix boilerplates
* Fix unittest to point to the right pid
* Fix PR review
* Add keepalive support for auth requests
* Fix typo
* Address PR comments
* Log warning when auth-url contains variable in its host:port
* Generate upstream name without replacing dots to underscores in server name
* Add comment in the nginx template when the keepalive upstream block is referenced
* Workaround for auth_request module ignores keepalive in upstream block
* The `auth_request` module does not support HTTP keepalives in upstream block:
https://trac.nginx.org/nginx/ticket/1579
* As a workaround we use ngx.location.capture but unfortunately it does not
support HTTP/2 so `use-http2` configuration parameter is needed.
* Handle PR comments
* Address PR comments
* Handle invalid values for int parameters
* Handle PR comments
* Fix e2e test
* update nginx base image to new alpine 3.14.4 build
Signed-off-by: James Strong <strong.james.e@gmail.com>
* update test image
Signed-off-by: James Strong <strong.james.e@gmail.com>
* Update nginx base image
Signed-off-by: Aditya Kamath <theunrealgeek@gmail.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
* Disabled default modsecurity_rules_file if modsecurity-snippet is specifed
The default modsecurity_rules_file overwrites the ModSecurity-snippet if it is specified with custom config settings like "SecRuleEngine On". This will not let Modsecurity be in blocking mode even if "SecRuleEngine On" is specified in the ModSecurity-snippet configuration
* Remove unnecessary comments
Only have the default Modsecurity conf settings in case Modsecurity configuration snippet is not present and remove unnecessary comments
* Fixed modsecurity default file only if Modsecurity snippet present
Fixed if condition Modsecurity snippet present have modsecurity default config file
* Added e2e test to disabling modsecurity conf
Added e2e in case modsecurity-snippet enabled to disable settings in default modsecurity.conf
* Validate writing to a different location
Validate also modsecurity to write to a different location instead of the default directory
* Fixed the formatting
* Fixed if empty ModsecuritySnippet
* Fixed ModsecuritySnippet condition
* Fixed the condition also in ingress controller template
* Removed the default config condition in ingress controller template
* Fixed the default config condition in ingress controller template
* Fixed pull-ingress-nginx-test
* Revert "Fixed the default config condition in ingress controller template"
This reverts commit 9d38eca40f.
* Revert template_test
* Adjusted the formating %v
* Add Initial support for multiple cors origins in nginx
- bump cluster version for `make dev-env`
- add buildOriginRegex function in nginx.tmpl
- add e2e 4 e2e tests for cors.go
- refers to feature request #5496
* add tests + use search to identify '*' origin
* add tests + use search to identify '*' origin
Signed-off-by: Christopher Larivière <lariviere.c@gmail.com>
* fix "should enable cors test" looking at improper values
* Modify tests and add some logic for origin validation
- add origin validation in cors ingress annotations
- add extra tests to validate regex
- properly escape regex using "QuoteMeta"
- fix some copy/paste errors
* add TrimSpace and length validation before adding a new origin
* modify documentation for cors and remove dangling comment
* add support for optional port mapping on origin
* support single-level wildcard subdomains + tests
* Remove automatic `*` fonctionality from incorrect origins
- use []string instead of basic string to avoid reparsing in template.go
- fix typo in docs
- modify template to properly enable only if the whole block is enabled
- modify cors parsing
- test properly by validating that the value returned is the proper
origin
- update unit tests and annotation tests
* Re-add `*` when no cors origins are supplied + fix tests
- fix e2e tests to allow for `*`
- re-add `*` to cors parsing if trimmed cors-allow-origin is empty
(supplied but empty) and if it wasn't supplied at all.
* remove unecessary logic for building cors origin + remove comments
- add some edge cases in e2e tests
- rework logic for building cors origin
there was no need for logic in template.go for buildCorsOriginRegex
if there is a `*` it ill be short-circuited by first if.
if it's a wildcard domain or any domain (without a wildcard), it MUST
match the main/cors.go regex format.
if there's a star in a wildcard domain, it must be replaced with
`[A-Za-z0-9]+`
* add missing check in e2e tests
It is possible to change this behavior on an ingress level, which works
well when you only have a few of them. When running several dozen
ingress and with a high change rate of running pods it makes it easier
to define this configuration on a global level.
This change is completely backwards compatible, only adding the
possibility of defining a new key in the configmap.
Normally Ingress sinchronization for Services is triggered when
corresponding Service's Endpoints are added, deleted or modified.
Services of type ExternalName, however, do not have any endpoints
and hence do not trigger Ingress synchronization as only Update
events are being watched. This commit makes sure that Update and
Delete Service events also enqueue a syncIngress task.
* Fix indentation of nested list in AuthTLS annotations
Also, put `<annotation>`: <description text>` on a single line in
Markdown markup, which will match what gets rendered eventually.
On the other hand, for the line on auth-tls-secret (This annotation
expects the Secret name in the form "namespace/secretName"), its
Markdown markup suggests that the author wanted the line to start on its
own line, but currently this gets rendered on the same line. It's nice
for this to be on its own line, since it's kind of a "note" about the
annotation syntax. Format/indent the markup appropriately so that it
shows up on its line.
* Fix indentation of nested list in CORS annotations
Also, put `<annotation>`: <description text>` on a single line in
Markdown markup, which will match what gets rendered eventually.
On the other hand, for lines noting the allowed characters (This is a
multi-valued field...), its Markdown markup suggests that the author
wanted the line to start on its own line, but currently this gets
rendered on the same line. It's nice for this to be on its own line,
since it's kind of a "note" about the annotation syntax. Format/indent
the markup appropriately so that it shows up on its line.
* Replace f.HTTPTestClientWithTLSConfig() in AuthTLS E2E, the odd one out for requests without client certs
* Demonstrate and document that auth-tls-secret enables the other AuthTLS annotations like verify client, depth
* Split E2E for auth-tls-error-page and *-pass-certificate-to-upstream
* Update to the base nginx image
* Revert "Update to the base nginx image"
This reverts commit ad43c1d060.
* Update test runner image
* correcting the sha and version of e2e test runner images
* Adding test cases for backend with nil service
Signed-off-by: Marcos <marcosnery.comp@gmail.com>
Co-authored-by: Renato Araujo <renatobritto@protonmail.com>
Co-authored-by: André Goretti <andremotta96@gmail.com>
Co-authored-by: Kalebe Lopes <calbkalebe@gmail.com>
* Add e2e test for backend nil service and add nil safeguard (#7344)
Co-authored-by: Renato Araujo <renatobritto@protonmail.com>
Co-authored-by: André Goretti <andremotta96@gmail.com>
Co-authored-by: Kalebe Lopes <calbkalebe@gmail.com>
* changing portuguese names to english in order to maintain the pattern
* updating boilerplate header
* adding second test case to also test valid path
Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
* Updating boilerplate
* fixing boilerplate
Signed-off-by: MarcosN <marcosnery.comp@gmail.com>
Co-authored-by: André Goretti <andremotta96@gmail.com>
Co-authored-by: Gabriel Albino <enggabrielalbino@gmail.com>
* Improving template test for cases where a nil backend service is included
Signed-off-by: MarcosN <marcosnery.comp@gmail.com>
Co-authored-by: André Goretti <andremotta96@gmail.com>
Co-authored-by: Gabriel Albino <enggabrielalbino@gmail.com>
Co-authored-by: Renato Araujo <renatobritto@protonmail.com>
Co-authored-by: André Goretti <andremotta96@gmail.com>
Co-authored-by: Kalebe Lopes <calbkalebe@gmail.com>
Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
Co-authored-by: Gabriel Albino <enggabrielalbino@gmail.com>
* bump go.mod to 1.17
* bump github ci workflow to go 1.17
* bump e2e-test-runner version
* fix go mod error
* fix go fmt error
* fix boilerplate verification
* add e2e test for auth-response-headers annotation
* add e2e test for grpc with auth-response-headers
* fix forwarding of auth header to GRPC backends
* add test case for proxySetHeader(nil)
* add auto backend protocol for HTTP/HTTPS
* e2e test for AUTO_HTTP backend protocol
* unit test for AUTO_HTTP backend protocol
Co-authored-by: Luca Del Monte <luca.delmonte5@gmail.com>
* Rewrite clean-nginx-conf.sh to speed up admission webhook
* Less diff with original clean-nginx-conf.sh
* Add error handling, add documentation, add unit test
* indent code
* Don't ignore Getwd() error
