65b8eeddec
* Add Initial support for multiple cors origins in nginx - bump cluster version for `make dev-env` - add buildOriginRegex function in nginx.tmpl - add e2e 4 e2e tests for cors.go - refers to feature request #5496 * add tests + use search to identify '*' origin * add tests + use search to identify '*' origin Signed-off-by: Christopher Larivière <lariviere.c@gmail.com> * fix "should enable cors test" looking at improper values * Modify tests and add some logic for origin validation - add origin validation in cors ingress annotations - add extra tests to validate regex - properly escape regex using "QuoteMeta" - fix some copy/paste errors * add TrimSpace and length validation before adding a new origin * modify documentation for cors and remove dangling comment * add support for optional port mapping on origin * support single-level wildcard subdomains + tests * Remove automatic `*` fonctionality from incorrect origins - use []string instead of basic string to avoid reparsing in template.go - fix typo in docs - modify template to properly enable only if the whole block is enabled - modify cors parsing - test properly by validating that the value returned is the proper origin - update unit tests and annotation tests * Re-add `*` when no cors origins are supplied + fix tests - fix e2e tests to allow for `*` - re-add `*` to cors parsing if trimmed cors-allow-origin is empty (supplied but empty) and if it wasn't supplied at all. * remove unecessary logic for building cors origin + remove comments - add some edge cases in e2e tests - rework logic for building cors origin there was no need for logic in template.go for buildCorsOriginRegex if there is a `*` it ill be short-circuited by first if. if it's a wildcard domain or any domain (without a wildcard), it MUST match the main/cors.go regex format. if there's a star in a wildcard domain, it must be replaced with `[A-Za-z0-9]+` * add missing check in e2e tests
174 lines
5.5 KiB
Go
174 lines
5.5 KiB
Go
/*
|
|
Copyright 2017 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package cors
|
|
|
|
import (
|
|
"testing"
|
|
|
|
api "k8s.io/api/core/v1"
|
|
networking "k8s.io/api/networking/v1"
|
|
meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
|
|
"k8s.io/ingress-nginx/internal/ingress/resolver"
|
|
)
|
|
|
|
func buildIngress() *networking.Ingress {
|
|
defaultBackend := networking.IngressBackend{
|
|
Service: &networking.IngressServiceBackend{
|
|
Name: "default-backend",
|
|
Port: networking.ServiceBackendPort{
|
|
Number: 80,
|
|
},
|
|
},
|
|
}
|
|
|
|
return &networking.Ingress{
|
|
ObjectMeta: meta_v1.ObjectMeta{
|
|
Name: "foo",
|
|
Namespace: api.NamespaceDefault,
|
|
},
|
|
Spec: networking.IngressSpec{
|
|
DefaultBackend: &networking.IngressBackend{
|
|
Service: &networking.IngressServiceBackend{
|
|
Name: "default-backend",
|
|
Port: networking.ServiceBackendPort{
|
|
Number: 80,
|
|
},
|
|
},
|
|
},
|
|
Rules: []networking.IngressRule{
|
|
{
|
|
Host: "foo.bar.com",
|
|
IngressRuleValue: networking.IngressRuleValue{
|
|
HTTP: &networking.HTTPIngressRuleValue{
|
|
Paths: []networking.HTTPIngressPath{
|
|
{
|
|
Path: "/foo",
|
|
Backend: defaultBackend,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
func TestIngressCorsConfigValid(t *testing.T) {
|
|
ing := buildIngress()
|
|
|
|
data := map[string]string{}
|
|
|
|
// Valid
|
|
data[parser.GetAnnotationWithPrefix("enable-cors")] = "true"
|
|
data[parser.GetAnnotationWithPrefix("cors-allow-headers")] = "DNT,X-CustomHeader, Keep-Alive,User-Agent"
|
|
data[parser.GetAnnotationWithPrefix("cors-allow-credentials")] = "false"
|
|
data[parser.GetAnnotationWithPrefix("cors-allow-methods")] = "GET, PATCH"
|
|
data[parser.GetAnnotationWithPrefix("cors-allow-origin")] = "https://origin123.test.com:4443"
|
|
data[parser.GetAnnotationWithPrefix("cors-expose-headers")] = "*, X-CustomResponseHeader"
|
|
data[parser.GetAnnotationWithPrefix("cors-max-age")] = "600"
|
|
ing.SetAnnotations(data)
|
|
|
|
corst, err := NewParser(&resolver.Mock{}).Parse(ing)
|
|
if err != nil {
|
|
t.Errorf("error parsing annotations: %v", err)
|
|
}
|
|
|
|
nginxCors, ok := corst.(*Config)
|
|
if !ok {
|
|
t.Errorf("expected a Config type but returned %t", corst)
|
|
}
|
|
|
|
if !nginxCors.CorsEnabled {
|
|
t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix("enable-cors")], nginxCors.CorsEnabled)
|
|
}
|
|
|
|
if nginxCors.CorsAllowCredentials {
|
|
t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix("cors-allow-credentials")], nginxCors.CorsAllowCredentials)
|
|
}
|
|
|
|
if nginxCors.CorsAllowHeaders != "DNT,X-CustomHeader, Keep-Alive,User-Agent" {
|
|
t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix("cors-allow-headers")], nginxCors.CorsAllowHeaders)
|
|
}
|
|
|
|
if nginxCors.CorsAllowMethods != "GET, PATCH" {
|
|
t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix("cors-allow-methods")], nginxCors.CorsAllowMethods)
|
|
}
|
|
|
|
if nginxCors.CorsAllowOrigin[0] != "https://origin123.test.com:4443" {
|
|
t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix("cors-allow-origin")], nginxCors.CorsAllowOrigin)
|
|
}
|
|
|
|
if nginxCors.CorsExposeHeaders != "*, X-CustomResponseHeader" {
|
|
t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix("cors-expose-headers")], nginxCors.CorsExposeHeaders)
|
|
}
|
|
|
|
if nginxCors.CorsMaxAge != 600 {
|
|
t.Errorf("expected %v but returned %v", data[parser.GetAnnotationWithPrefix("cors-max-age")], nginxCors.CorsMaxAge)
|
|
}
|
|
}
|
|
|
|
func TestIngressCorsConfigInvalid(t *testing.T) {
|
|
ing := buildIngress()
|
|
|
|
data := map[string]string{}
|
|
|
|
// Valid
|
|
data[parser.GetAnnotationWithPrefix("enable-cors")] = "yes"
|
|
data[parser.GetAnnotationWithPrefix("cors-allow-headers")] = "@alright, #ingress"
|
|
data[parser.GetAnnotationWithPrefix("cors-allow-credentials")] = "no"
|
|
data[parser.GetAnnotationWithPrefix("cors-allow-methods")] = "GET, PATCH, $nginx"
|
|
data[parser.GetAnnotationWithPrefix("cors-allow-origin")] = "origin123.test.com:4443"
|
|
data[parser.GetAnnotationWithPrefix("cors-expose-headers")] = "@alright, #ingress"
|
|
data[parser.GetAnnotationWithPrefix("cors-max-age")] = "abcd"
|
|
ing.SetAnnotations(data)
|
|
|
|
corst, err := NewParser(&resolver.Mock{}).Parse(ing)
|
|
if err != nil {
|
|
t.Errorf("error parsing annotations: %v", err)
|
|
}
|
|
|
|
nginxCors, ok := corst.(*Config)
|
|
if !ok {
|
|
t.Errorf("expected a Config type but returned %t", corst)
|
|
}
|
|
|
|
if nginxCors.CorsEnabled {
|
|
t.Errorf("expected %v but returned %v", false, nginxCors.CorsEnabled)
|
|
}
|
|
|
|
if !nginxCors.CorsAllowCredentials {
|
|
t.Errorf("expected %v but returned %v", true, nginxCors.CorsAllowCredentials)
|
|
}
|
|
|
|
if nginxCors.CorsAllowHeaders != defaultCorsHeaders {
|
|
t.Errorf("expected %v but returned %v", defaultCorsHeaders, nginxCors.CorsAllowHeaders)
|
|
}
|
|
|
|
if nginxCors.CorsAllowMethods != defaultCorsMethods {
|
|
t.Errorf("expected %v but returned %v", defaultCorsHeaders, nginxCors.CorsAllowMethods)
|
|
}
|
|
|
|
if nginxCors.CorsExposeHeaders != "" {
|
|
t.Errorf("expected %v but returned %v", "", nginxCors.CorsExposeHeaders)
|
|
}
|
|
|
|
if nginxCors.CorsMaxAge != defaultCorsMaxAge {
|
|
t.Errorf("expected %v but returned %v", defaultCorsMaxAge, nginxCors.CorsMaxAge)
|
|
}
|
|
}
|