DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7717 commits 4 branches 217 tags 166 MiB
Commit graph

53 commits

Author SHA1 Message Date
Ricardo Katz
7b4e4e2fa1
Enable security features by default (#11819) 2024-08-23 04:45:51 +01:00
James Strong
6807537a70
upgrade go 1.21.5 (#10732) 
* upgrade go 1.21.5

Signed-off-by: James Strong <strong.james.e@gmail.com>

* update golang gha

Signed-off-by: James Strong <strong.james.e@gmail.com>

* supgrade golang lint ci to v1.55.2

* sfix all golang lint ci errors

* sget a nginx build as well

* srevert some e2e changes

* srevert some e2e changes

---------

Signed-off-by: James Strong <strong.james.e@gmail.com>
 2023-12-08 01:52:14 +01:00
Ricardo Katz
cf889c6c47
Disable user snippets per default (#10393) 
* Disable user snippets per default

* Enable snippet on tests
 2023-09-10 20:02:10 -07:00
Chen Chen
b3060bfbd0
Fix golangci-lint errors (#10196) 
* Fix golangci-lint errors

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix dupl errors

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix comments

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix errcheck lint errors

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix assert in e2e test

Signed-off-by: z1cheng <imchench@gmail.com>

* Not interrupt the waitForPodsReady

Signed-off-by: z1cheng <imchench@gmail.com>

* Replace string with constant

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix comments

Signed-off-by: z1cheng <imchench@gmail.com>

* Revert write file permision

Signed-off-by: z1cheng <imchench@gmail.com>

---------

Signed-off-by: z1cheng <imchench@gmail.com>
 2023-08-31 00:36:48 -07:00
Gabor Lekeny
5d8185c9d7
Handle request_id variable correctly in auth requests (#9219) 
* Handle $request_id variable correctly in auth requests

* Make share_all_vars configurable

* Fix test name
 2023-08-07 06:16:32 -07:00
Brendan Kamp
60bf6ba642
chore: move httpbun to be part of framework (#9955) 
Signed-off-by: Spazzy <brendankamp757@gmail.com>
 2023-06-12 03:25:49 -07:00
Brendan Kamp
0bdb64373c
chore: update httpbin to httpbun (#9919) 
Signed-off-by: Spazzy <brendankamp757@gmail.com>
 2023-05-10 07:43:02 -07:00
James Strong
66a760794f
update to golang 1.20 (#9690) 
update alpine and golang
remove nano
update go modules
remove need for openssl external cli
fix stale

Signed-off-by: James Strong <james.strong@chainguard.dev>
 2023-03-11 20:38:39 -08:00
James Strong
01c9a2bf25
Revert Implement pathType validation (#9511) (#9607) 
Signed-off-by: James Strong <strong.james.e@gmail.com>
 2023-02-12 22:57:29 -08:00
Harpreet singh
d1af3b5cca
Add CORS template check inside location for externalAuth.SignURL (#8814) 
* Add CORS template check inside location for externalAuth.SignURL

* Add testcase for CORS header for auth-signin redirect with CORS enabled.
 2023-01-19 06:58:36 -08:00
Johannes Würbach
3aa53aaf5b
fix: missing CORS headers when auth fails (#9251) 2022-12-04 17:49:01 -08:00
Lien Li
5b0cc8edca
migrate ginkgo to v2 (#8826) 
* Migrate ginkgo to v2

* Update test/e2e/annotations/ipwhitelist.go

Co-authored-by: Jintao Zhang <tao12345666333@163.com>

* Update test/e2e/annotations/modsecurity/modsecurity.go

Co-authored-by: Jintao Zhang <tao12345666333@163.com>

* Update test/e2e/settings/access_log.go

Co-authored-by: Jintao Zhang <tao12345666333@163.com>

* remove unnecessary blank line

* re-order packages

* less change

Co-authored-by: Jintao Zhang <tao12345666333@163.com>
 2022-07-31 09:16:28 -07:00
Maksim Nabokikh
2c27e66cc7
feat: always set auth cookie (#8213) 
* feat: always set auth cookie

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* feat: Add annotation to always set auth cookie

* Add annotation
* Add global configmap key
* Provide unit tests and e2e tests
* Fix e2e documentation autogen script

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Regenerate e2e tests

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2022-05-19 15:27:53 -07:00
Gabor Lekeny
83ce21b4dd
Add keepalive support for auth requests (#8219) 
* Add keepalive support for auth requests

* Fix typo

* Address PR comments

* Log warning when auth-url contains variable in its host:port
* Generate upstream name without replacing dots to underscores in server name
* Add comment in the nginx template when the keepalive upstream block is referenced

* Workaround for auth_request module ignores keepalive in upstream block

* The `auth_request` module does not support HTTP keepalives in upstream block:
  https://trac.nginx.org/nginx/ticket/1579
* As a workaround we use ngx.location.capture but unfortunately it does not
  support HTTP/2 so `use-http2` configuration parameter is needed.

* Handle PR comments

* Address PR comments

* Handle invalid values for int parameters

* Handle PR comments

* Fix e2e test
 2022-04-08 20:22:04 -07:00
Maksim Nabokikh
1e2ce80846
fix: deny locations with invalid auth-url annotation (#8256) 
* fix: deny locations with invalid auth-url annotation

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Delete duplicate test

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2022-03-01 02:13:51 -08:00
Ricardo Katz
90c79689c4
Release v1 (#7470) 
* Drop v1beta1 from ingress nginx (#7156)

* Drop v1beta1 from ingress nginx

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix intorstr logic in controller

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* fixing admission

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* more intorstr fixing

* correct template rendering

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix e2e tests for v1 api

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix gofmt errors

* This is finally working...almost there...

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Re-add removed validation of AdmissionReview

* Prepare for v1.0.0-alpha.1 release

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Update changelog and matrix table for v1.0.0-alpha.1 (#7274)

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* add docs for syslog feature (#7219)

* Fix link to e2e-tests.md in developer-guide (#7201)

* Use ENV expansion for namespace in args (#7146)

Update the DaemonSet namespace references to use the `POD_NAMESPACE` environment variable in the same way that the Deployment does.

* chart: using Helm builtin capabilities check (#7190)

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

* Update proper default value for HTTP2MaxConcurrentStreams in Docs (#6944)

It should be 128 as documented in https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/config/config.go#L780

* Fix MaxWorkerOpenFiles calculation on high cores nodes (#7107)

* Fix MaxWorkerOpenFiles calculation on high cores nodes

* Add e2e test for rlimit_nofile

* Fix doc for max-worker-open-files

* ingress/tcp: add additional error logging on failed (#7208)

* Add file containing stable release (#7313)

* Handle named (non-numeric) ports correctly (#7311)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Updated v1beta1 to v1 as its deprecated (#7308)

* remove mercurial from build (#7031)

* Retry to download maxmind DB if it fails (#7242)

* Retry to download maxmind DB if it fails.

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Add retries count arg, move retry logic into DownloadGeoLite2DB function

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Reorder parameters in DownloadGeoLite2DB

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Remove hardcoded value

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Release v1.0.0-alpha.1

* Add changelog for v1.0.0-alpha.2

* controller: ignore non-service backends (#7332)

* controller: ignore non-service backends

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update per feedback

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* fix: allow scope/tcp/udp configmap namespace to altered (#7161)

* Lower webhook timeout for digital ocean (#7319)

* Lower webhook timeout for digital ocean

* Set Digital Ocean value controller.admissionWebhooks.timeoutSeconds to 29

* update OWNERS and aliases files (#7365) (#7366)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Downgrade Lua modules for s390x (#7355)

Downgrade Lua modules to last known working version.

* Fix IngressClass logic for newer releases (#7341)

* Fix IngressClass logic for newer releases

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Change e2e tests for the new IngressClass presence

* Fix chart and admission tests

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix helm chart test

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix reviews

* Remove ingressclass code from admission

* update tag to v1.0.0-beta.1

* update readme and changelog for v1.0.0-beta.1

* Release v1.0.0-beta.1 - helm and manifests (#7422)

* Change the order of annotation just to trigger a new helm release (#7425)

* [cherry-pick] Add dev-v1 branch into helm releaser (#7428)

* Add dev-v1 branch into helm releaser (#7424)

* chore: add link for artifacthub.io/prerelease annotations

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

* k8s job ci pipeline for dev-v1 br v1.22.0 (#7453)

* k8s job ci pipeline for dev-v1 br v1.22.0

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* k8s job ci pipeline for dev-v1 br v1.21.2

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* remove v1.21.1 version

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* Add controller.watchIngressWithoutClass config option (#7459)

Signed-off-by: Akshit Grover <akshit.grover2016@gmail.com>

* Release new helm chart with certgen fixed (#7478)

* Update go version, modules and remove ioutil

* Release new helm chart with certgen fixed

* changed appversion, chartversion, TAG, image (#7490)

* Fix CI conflict

* Fix CI conflict

* Fix build.sh from rebase process

* Fix controller_test post rebase

Co-authored-by: Tianhao Guo <rggth09@gmail.com>
Co-authored-by: Ray <61553+rctay@users.noreply.github.com>
Co-authored-by: Bill Cassidy <cassid4@gmail.com>
Co-authored-by: Jintao Zhang <tao12345666333@163.com>
Co-authored-by: Sathish Ramani <rsathishx87@gmail.com>
Co-authored-by: Mansur Marvanov <nanorobocop@gmail.com>
Co-authored-by: Matt1360 <568198+Matt1360@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com>
Co-authored-by: Tom Hayward <thayward@infoblox.com>
Co-authored-by: Sergey Shakuto <sshakuto@infoblox.com>
Co-authored-by: Tore <tore.lonoy@gmail.com>
Co-authored-by: Bouke Versteegh <info@boukeversteegh.nl>
Co-authored-by: Shahid <shahid@us.ibm.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Long Wu Yuan <longwuyuan@gmail.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
Co-authored-by: Neha Lohia <nehapithadiya444@gmail.com>
Co-authored-by: Akshit Grover <akshit.grover2016@gmail.com>
 2021-08-21 13:42:00 -07:00
Tom Hayward
9a9ad47857 Fix forwarding of auth-response-headers to gRPC backends (#7331) 
* add e2e test for auth-response-headers annotation

* add e2e test for grpc with auth-response-headers

* fix forwarding of auth header to GRPC backends

* add test case for proxySetHeader(nil)
 2021-08-10 11:24:39 -07:00
Kubernetes Prow Robot
e3a3ea8826
Merge pull request #6294 from ianbuss/auth-error-redirect-param 
Allow customisation of redirect URL parameter in external auth redirects
 2020-11-23 01:27:37 -08:00
Manuel Alejandro de Brito Fontes
8a218687e3 Enable external auth e2e tests 2020-11-12 22:33:31 -03:00
Ian Buss
41cf628bdf Add a configurable URL redirect parameter for error URLs 2020-10-08 12:53:46 +01:00
Manuel Alejandro de Brito Fontes
7fe5eccbc6 Rollback to Poll instead of PollImmediate 2020-08-20 20:50:51 -04:00
Manuel Alejandro de Brito Fontes
351248fabb Fix wait times in e2e tests 2020-08-09 09:19:37 -04:00
Manuel Alejandro de Brito Fontes
a4ec5c8a88 Validate endpoints are ready in e2e tests 2020-07-21 09:53:03 -04:00
Manuel Alejandro de Brito Fontes
b392fed580 Test pull requests using github actions 2020-07-02 20:12:05 -04:00
Jeff Hui
7767230e6a fix undefined variable $auth_cookie error when location is denied 
(add) isLocationAllowed check before setting the cookie
 2020-06-08 13:59:52 -04:00
Manuel Alejandro de Brito Fontes
a46126a034 Update client-go methods to support context and and new create and delete options 2020-03-27 19:52:51 -03:00
Manuel Alejandro de Brito Fontes
f9624cbe46 Refactor e2e tests to use testify y httpexpect 2020-02-19 19:42:50 -03:00
Manuel Alejandro de Brito Fontes
cc318cdec1
Cleanup and standardization of e2e test definitions (#5090) 2020-02-16 15:27:58 -03:00
Manuel Alejandro de Brito Fontes
71e35c9100
Make sure set-cookie is retained from external auth endpoint (#5067) 2020-02-14 01:41:11 -03:00
Manuel Alejandro de Brito Fontes
f9e2b7c14b Fix status code 2020-01-04 13:23:16 -03:00
Manuel Alejandro de Brito Fontes
5c30820d1f Remove hard-coded annotation and don't use map pointers 2019-12-13 03:05:20 -03:00
A Gardner
786a3b6862 Add support for configmap of headers to be sent to external auth service 2019-09-24 10:53:23 -04:00
A Gardner
376b862c23 Add annotation to support map of user/pass pairs in basic auth 2019-09-13 11:33:33 -04:00
Manuel Alejandro de Brito Fontes
c85450c1e7
Remove hard-coded names from e2e test and use local docker dependencies (#4502) 2019-09-01 14:16:52 -04:00
Manuel Alejandro de Brito Fontes
fcd3054f13
Lint code using staticcheck (#4471) 2019-08-23 12:08:40 -04:00
Moritz Johner
23504db770 feat: auth-req caching 
add a way to configure the `proxy_cache_*` [1] directive for external-auth.
The user-defined cache_key may contain sensitive information
(e.g. Authorization header).
We want to store *only* a hash of that key, not the key itself on disk.

[1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2019-07-17 18:39:04 +02:00
Manuel Alejandro de Brito Fontes
5e249d3366
Refactor e2e tests to use the service ClusterIP 2019-02-24 20:04:07 -03:00
Manuel Alejandro de Brito Fontes
fdeeac3606
Wait for the right number of endpoints (#3497) 2018-11-30 20:17:18 -03:00
Manuel Alejandro de Brito Fontes
c3ff68e9ca
Adjust default timeout for e2e tests (#3495) 2018-11-30 18:55:53 -03:00
Manuel Alejandro de Brito Fontes
334c38255d Fix flaky auth test 2018-11-30 10:18:52 -03:00
Manuel Alejandro de Brito Fontes
2f71c12add Since dynamic mode only checking for 'return 503' is not valid anymore 2018-11-30 09:37:48 -03:00
Manuel Alejandro de Brito Fontes
a51136b863 Refactor assertions 2018-11-18 10:53:05 -03:00
Adnan Baruni
b511333130 add support for auth-snippet annotation 
add test for new auth-snippet annotation

document auth-snippet annotation

add e2e test for auth-snippet annotation

add log warning and update documentation
 2018-11-05 16:02:29 -06:00
Manuel Alejandro de Brito Fontes
83dc4607c5
Remove e2e boilerplate 2018-10-29 22:38:15 -03:00
Fernando Diaz
44a11898d8 Refactor e2e Tests to use common helper function 
Each e2e test is creating the same(or similar) Ingress Resource in
different ways. This makes common ingress resource creation be
performed by a framework  method, reducing code duplication
 2018-10-09 11:12:11 -05:00
takonomura
3ce0ad988f Add e2e test for external auth 2018-07-21 16:22:48 +09:00
Manuel de Brito Fontes
564f2a9fe4
Add retries to auth test checks 2018-05-26 16:27:45 -04:00
Fernando Diaz
e224259e38 Resolves issue with proxy-redirect nginx configuration 
Resolves an issue where the proxy-redirect annotations were not generating the
correct configuration possibly because of user error. This is done by only
setting the proxy_redirect if both proxy-redirect-from and proxy-redirect-to
have valid values. Also adds the e2e tests.

Fixes #2074
 2018-05-17 11:22:31 -05:00
Manuel de Brito Fontes
ff3e182350 Add support for grpc_set_header 2018-05-17 08:35:11 -04:00
Manuel de Brito Fontes
62a80a39ad
Remove most of the time.Sleep from the e2e tests 2018-04-19 17:48:50 -03:00