DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ingress-nginx-helm/internal/ingress/annotations/parser/validators_test.go
Marco Ebert 8d3d4a33bf
Chores: Pick patches from main. (#11103) 
* Release version v1.10.0

* set deploy url to v1-10-0 in docs

* quotes around numbers fort ports definitions

* Bump dorny/paths-filter from 3.0.1 to 3.0.2

Bumps [dorny/paths-filter](https://github.com/dorny/paths-filter) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/dorny/paths-filter/releases)
- [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md)
- [Commits](ebc4d7e9eb...de90cc6fb3)

---
updated-dependencies:
- dependency-name: dorny/paths-filter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

* Bump aquasecurity/trivy-action from 0.17.0 to 0.18.0

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.17.0 to 0.18.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](84384bd6e7...062f259268)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

* Bump github/codeql-action from 3.24.5 to 3.24.6

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.5 to 3.24.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](47b3d888fe...8a470fddaf)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

* Bump github.com/prometheus/common from 0.48.0 to 0.49.0

Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.49.0.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.49.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

* Bump docker/setup-buildx-action from 3.0.0 to 3.1.0

Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](f95db51fdd...0d103c3126)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

* Bump github.com/stretchr/testify from 1.8.4 to 1.9.0

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

* Bump actions/download-artifact from 4.1.2 to 4.1.4

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.2 to 4.1.4.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](eaceaf801f...c850b930e6)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

* Update README.md

remove older version, left latest for release train.

* docs: update the 404 link to FAQ

* bump golang

* golangci-lint update, ci cleanup, group dependabot updates

* bump golangci-lint to v1.56.x

* cleanup empty lines

* group dependabot updates

* run on job changes as well

* remove deprecated checks

* fix lints and format

* Bump github.com/prometheus/common from 0.49.0 to 0.50.0

Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.49.0 to 0.50.0.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](https://github.com/prometheus/common/compare/v0.49.0...v0.50.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

* Bump the all group with 1 update

Bumps the all group with 1 update: [google.golang.org/grpc](https://github.com/grpc/grpc-go).

Updates `google.golang.org/grpc` from 1.62.0 to 1.62.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.62.0...v1.62.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

* Bump the all group with 1 update

Bumps the all group with 1 update: [actions/add-to-project](https://github.com/actions/add-to-project).

Updates `actions/add-to-project` from 0.5.0 to 0.6.0
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](31b3f3ccdc...0609a2702e)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

* Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.16.0

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.15.0 to 2.16.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.15.0...v2.16.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

---------

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
Co-authored-by: Bartosz Fenski <fenio@debian.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Grinish <grinish@gmail.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
2024-03-11 14:30:46 -07:00

365 lines
8.7 KiB
Go
Raw Blame History

/*
Copyright 2023 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package parser
import (
"fmt"
"testing"
networking "k8s.io/api/networking/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
func TestValidateArrayOfServerName(t *testing.T) {
tests := []struct {
name string
value string
wantErr bool
}{
{
name: "should accept common name",
value: "something.com,anything.com",
wantErr: false,
},
{
name: "should accept wildcard name",
value: "*.something.com,otherthing.com",
wantErr: false,
},
{
name: "should allow names with spaces between array and some regexes",
value: `~^www\d+\.example\.com$,something.com`,
wantErr: false,
},
{
name: "should allow names with regexes",
value: `http://some.test.env.com:2121/$someparam=1&$someotherparam=2`,
wantErr: false,
},
{
name: "should allow names with wildcard in middle common name",
value: "*.so*mething.com,bla.com",
wantErr: false,
},
{
name: "should deny names with weird characters",
value: "something.com,lolo;xpto.com,nothing.com",
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if err := ValidateArrayOfServerName(tt.value); (err != nil) != tt.wantErr {
t.Errorf("ValidateArrayOfServerName() error = %v, wantErr %v", err, tt.wantErr)
}
})
}
}
func Test_checkAnnotation(t *testing.T) {
type args struct {
name string
ing *networking.Ingress
fields AnnotationFields
}
tests := []struct {
name string
args args
want string
wantErr bool
}{
{
name: "null ingress should error",
want: "",
args: args{
name: "some-random-annotation",
},
wantErr: true,
},
{
name: "not having a validator for a specific annotation is a bug",
want: "",
args: args{
name: "some-new-invalid-annotation",
ing: &networking.Ingress{
ObjectMeta: v1.ObjectMeta{
Annotations: map[string]string{
GetAnnotationWithPrefix("some-new-invalid-annotation"): "xpto",
},
},
},
fields: AnnotationFields{
"otherannotation": AnnotationConfig{
Validator: func(_ string) error { return nil },
},
},
},
wantErr: true,
},
{
name: "annotationconfig found and no validation func defined on annotation is a bug",
want: "",
args: args{
name: "some-new-invalid-annotation",
ing: &networking.Ingress{
ObjectMeta: v1.ObjectMeta{
Annotations: map[string]string{
GetAnnotationWithPrefix("some-new-invalid-annotation"): "xpto",
},
},
},
fields: AnnotationFields{
"some-new-invalid-annotation": AnnotationConfig{},
},
},
wantErr: true,
},
{
name: "no annotation can turn into a null pointer and should fail",
want: "",
args: args{
name: "some-new-invalid-annotation",
ing: &networking.Ingress{
ObjectMeta: v1.ObjectMeta{},
},
fields: AnnotationFields{
"some-new-invalid-annotation": AnnotationConfig{},
},
},
wantErr: true,
},
{
name: "no AnnotationField config should bypass validations",
want: GetAnnotationWithPrefix("some-valid-annotation"),
args: args{
name: "some-valid-annotation",
ing: &networking.Ingress{
ObjectMeta: v1.ObjectMeta{
Annotations: map[string]string{
GetAnnotationWithPrefix("some-valid-annotation"): "xpto",
},
},
},
},
wantErr: false,
},
{
name: "annotation with invalid value should fail",
want: "",
args: args{
name: "some-new-annotation",
ing: &networking.Ingress{
ObjectMeta: v1.ObjectMeta{
Annotations: map[string]string{
GetAnnotationWithPrefix("some-new-annotation"): "xpto1",
},
},
},
fields: AnnotationFields{
"some-new-annotation": AnnotationConfig{
Validator: func(value string) error {
if value != "xpto" {
return fmt.Errorf("this is an error")
}
return nil
},
},
},
},
wantErr: true,
},
{
name: "annotation with valid value should pass",
want: GetAnnotationWithPrefix("some-other-annotation"),
args: args{
name: "some-other-annotation",
ing: &networking.Ingress{
ObjectMeta: v1.ObjectMeta{
Annotations: map[string]string{
GetAnnotationWithPrefix("some-other-annotation"): "xpto",
},
},
},
fields: AnnotationFields{
"some-other-annotation": AnnotationConfig{
Validator: func(value string) error {
if value != "xpto" {
return fmt.Errorf("this is an error")
}
return nil
},
},
},
},
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := checkAnnotation(tt.args.name, tt.args.ing, tt.args.fields)
if (err != nil) != tt.wantErr {
t.Errorf("checkAnnotation() error = %v, wantErr %v", err, tt.wantErr)
return
}
if got != tt.want {
t.Errorf("checkAnnotation() = %v, want %v", got, tt.want)
}
})
}
}
func TestCheckAnnotationRisk(t *testing.T) {
tests := []struct {
name string
annotations map[string]string
maxrisk AnnotationRisk
config AnnotationFields
wantErr bool
}{
{
name: "high risk should not be accepted with maximum medium",
maxrisk: AnnotationRiskMedium,
annotations: map[string]string{
"nginx.ingress.kubernetes.io/bla": "blo",
"nginx.ingress.kubernetes.io/bli": "bl3",
},
config: AnnotationFields{
"bla": {
Risk: AnnotationRiskHigh,
},
"bli": {
Risk: AnnotationRiskMedium,
},
},
wantErr: true,
},
{
name: "high risk should be accepted with maximum critical",
maxrisk: AnnotationRiskCritical,
annotations: map[string]string{
"nginx.ingress.kubernetes.io/bla": "blo",
"nginx.ingress.kubernetes.io/bli": "bl3",
},
config: AnnotationFields{
"bla": {
Risk: AnnotationRiskHigh,
},
"bli": {
Risk: AnnotationRiskMedium,
},
},
wantErr: false,
},
{
name: "low risk should be accepted with maximum low",
maxrisk: AnnotationRiskLow,
annotations: map[string]string{
"nginx.ingress.kubernetes.io/bla": "blo",
"nginx.ingress.kubernetes.io/bli": "bl3",
},
config: AnnotationFields{
"bla": {
Risk: AnnotationRiskLow,
},
"bli": {
Risk: AnnotationRiskLow,
},
},
wantErr: false,
},
{
name: "critical risk should be accepted with maximum critical",
maxrisk: AnnotationRiskCritical,
annotations: map[string]string{
"nginx.ingress.kubernetes.io/bla": "blo",
"nginx.ingress.kubernetes.io/bli": "bl3",
},
config: AnnotationFields{
"bla": {
Risk: AnnotationRiskCritical,
},
"bli": {
Risk: AnnotationRiskCritical,
},
},
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if err := CheckAnnotationRisk(tt.annotations, tt.maxrisk, tt.config); (err != nil) != tt.wantErr {
t.Errorf("CheckAnnotationRisk() error = %v, wantErr %v", err, tt.wantErr)
}
})
}
}
func TestCommonNameAnnotationValidator(t *testing.T) {
tests := []struct {
name string
annotation string
wantErr bool
}{
{
name: "correct example",
annotation: `CN=(my\.common\.name)`,
wantErr: false,
},
{
name: "no CN= prefix",
annotation: `(my\.common\.name)`,
wantErr: true,
},
{
name: "invalid prefix",
annotation: `CN(my\.common\.name)`,
wantErr: true,
},
{
name: "invalid regex",
annotation: `CN=(my\.common\.name]`,
wantErr: true,
},
{
name: "wildcard regex",
annotation: `CN=(my\..*\.name)`,
wantErr: false,
},
{
name: "somewhat complex regex",
annotation: "CN=(my\\.app\\.dev|.*\\.bbb\\.aaaa\\.tld)",
wantErr: false,
},
{
name: "another somewhat complex regex",
annotation: `CN=(my-app.*\.c\.defg\.net|other.app.com)`,
wantErr: false,
},
{
name: "nested parenthesis regex",
annotation: `CN=(api-one\.(asdf)?qwer\.webpage\.organization\.org)`,
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if err := CommonNameAnnotationValidator(tt.annotation); (err != nil) != tt.wantErr {
t.Errorf("CommonNameAnnotationValidator() error = %v, wantErr %v", err, tt.wantErr)
}
})
}
}
Reference in a new issue View git blame Copy permalink