Skip to content

Implement ClientSettingsPolicy #1940

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 38 commits into from
May 20, 2024
Merged

Implement ClientSettingsPolicy #1940

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
c953477
Implement ClientSettingsPolicy Attachment
Apr 24, 2024
b5a13a4
Change example files
May 7, 2024
294b347
Mark proposal as completed
May 7, 2024
7eeb012
Generate CRDs
May 7, 2024
b9f0c13
Remove PolicyAncestorRef
May 7, 2024
530cf7d
Use v1 ParentRef
May 7, 2024
77fd3ae
Update template formatting
May 8, 2024
cb2cb7f
Move routeKeyForKind
May 8, 2024
23c2465
Fix route type in test
May 8, 2024
41517dc
Add constant for ancestor max
May 8, 2024
ca228aa
Reduce rbac privs
May 8, 2024
da6afda
Add test to the names of test functions
May 8, 2024
a2e42d3
Fix comment for sort.ClientObject
May 8, 2024
65eb514
Remove newline
May 8, 2024
08e53b9
Add comments to RouteKey fields
May 8, 2024
f3938cf
Add space after includes and before locations
May 8, 2024
e6ea1bd
Add CEL validation for target ref kind
May 8, 2024
4b7e914
Add CEL validation for target ref group
May 8, 2024
fadd9e5
Remove content from Include
May 16, 2024
dbebb53
testData -> assertData
May 16, 2024
1a461aa
use real upstream in test
May 16, 2024
24e6507
Remove unnecessary validation
May 16, 2024
5986149
Extract function for adding includes to locations
May 16, 2024
a0d0c5f
Create MustExtractGVK type
May 16, 2024
0a172d1
Small fixes
May 16, 2024
f045cc7
Generate CRDs
May 17, 2024
f71d296
Add fixme
May 17, 2024
4ca2334
Run generate manifests
May 17, 2024
b37f578
Make Includes a list of strings
May 17, 2024
a287332
Refactor change processor to accept MustExtractGVK
May 17, 2024
d37c2da
Panic if addition is nil
May 17, 2024
4412a21
Use MustcastObject helper method
May 17, 2024
2d3c364
Fix condition type
May 17, 2024
f25e9fd
Address issues with sort package and tests
May 17, 2024
c28a52b
Addition does not need to be a pointer
May 17, 2024
c071435
Panic when policy is nil in isrelevant
May 17, 2024
5c41398
Simplify ancestorsFull
May 17, 2024
2842083
Reinstate header/server validation
May 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Remove unnecessary validation
  • Loading branch information
Kate Osborn committed May 20, 2024
commit 24e65079f2bfbd7aee937428c3009483e106271d
27 changes: 2 additions & 25 deletions internal/mode/static/policies/clientsettings/validator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,8 @@ func validateTargetRef(ref v1alpha2.LocalPolicyTargetReference, policyNs string)
return nil
}

// validateSettings performs validation on fields in the spec that are vulnerable to code injection.
// For all other fields, we rely on the CRD validation.
func (v *Validator) validateSettings(spec ngfAPI.ClientSettingsPolicySpec) error {
var allErrs field.ErrorList
fieldPath := field.NewPath("spec")
Expand Down Expand Up @@ -146,18 +148,6 @@ func (v *Validator) validateClientBody(body ngfAPI.ClientBody, fieldPath *field.
func (v *Validator) validateClientKeepAlive(keepAlive ngfAPI.ClientKeepAlive, fieldPath *field.Path) field.ErrorList {
var allErrs field.ErrorList

if keepAlive.Requests != nil {
requests := *keepAlive.Requests
if requests < 0 {
path := fieldPath.Child("requests")

allErrs = append(
allErrs,
field.Invalid(path, *keepAlive.Requests, "requests is invalid: must be positive"),
)
}
}

if keepAlive.Time != nil {
if err := v.genericValidator.ValidateNginxDuration(string(*keepAlive.Time)); err != nil {
path := fieldPath.Child("time")
Expand Down Expand Up @@ -190,19 +180,6 @@ func (v *Validator) validateClientKeepAlive(keepAlive ngfAPI.ClientKeepAlive, fi
)
}
}

if keepAlive.Timeout.Header != nil && keepAlive.Timeout.Server == nil {
path := fieldPath.Child("timeout")

allErrs = append(
allErrs,
field.Invalid(
path,
nil,
"server timeout must be set if header timeout is set",
),
)
}
}

return allErrs
Expand Down
16 changes: 0 additions & 16 deletions internal/mode/static/policies/clientsettings/validator_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,22 +96,6 @@ func TestValidator_Validate(t *testing.T) {
"spec.keepAlive.timeout.header",
},
},
{
name: "invalid keepalive requests",
policy: createModifiedPolicy(func(p *ngfAPI.ClientSettingsPolicy) *ngfAPI.ClientSettingsPolicy {
p.Spec.KeepAlive.Requests = helpers.GetPointer[int32](-1)
return p
}),
expErrSubstrings: []string{"spec.keepAlive.requests"},
},
{
name: "invalid keepalive timeout; header provided without server",
policy: createModifiedPolicy(func(p *ngfAPI.ClientSettingsPolicy) *ngfAPI.ClientSettingsPolicy {
p.Spec.KeepAlive.Timeout.Server = nil
return p
}),
expErrSubstrings: []string{"spec.keepAlive.timeout"},
},
{
name: "valid",
policy: createValidPolicy(),
Expand Down