Validate ingress TLS secretName in v1
This commit is contained in:
Jordan Liggitt
@@ -1379,6 +1379,31 @@ func TestValidateIngressCreate(t *testing.T) {
|
||||
},
|
||||
expectedErrs: field.ErrorList{},
|
||||
},
|
||||
"v1: valid secret": {
|
||||
groupVersion: &networkingv1.SchemeGroupVersion,
|
||||
tweakIngress: func(ingress *networking.Ingress) {
|
||||
ingress.Spec.TLS = []networking.IngressTLS{{SecretName: "valid"}}
|
||||
},
|
||||
},
|
||||
"v1: invalid secret": {
|
||||
groupVersion: &networkingv1.SchemeGroupVersion,
|
||||
tweakIngress: func(ingress *networking.Ingress) {
|
||||
ingress.Spec.TLS = []networking.IngressTLS{{SecretName: "invalid name"}}
|
||||
},
|
||||
expectedErrs: field.ErrorList{field.Invalid(field.NewPath("spec").Child("tls").Index(0).Child("secretName"), "invalid name", `a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')`)},
|
||||
},
|
||||
"v1beta1: valid secret": {
|
||||
groupVersion: &networkingv1beta1.SchemeGroupVersion,
|
||||
tweakIngress: func(ingress *networking.Ingress) {
|
||||
ingress.Spec.TLS = []networking.IngressTLS{{SecretName: "valid"}}
|
||||
},
|
||||
},
|
||||
"v1beta1: invalid secret": {
|
||||
groupVersion: &networkingv1beta1.SchemeGroupVersion,
|
||||
tweakIngress: func(ingress *networking.Ingress) {
|
||||
ingress.Spec.TLS = []networking.IngressTLS{{SecretName: "invalid name 1"}}
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for name, testCase := range testCases {
|
||||
@@ -1431,6 +1456,7 @@ func TestValidateIngressUpdate(t *testing.T) {
|
||||
}
|
||||
|
||||
testCases := map[string]struct {
|
||||
gv schema.GroupVersion
|
||||
tweakIngresses func(newIngress, oldIngress *networking.Ingress)
|
||||
expectedErrs field.ErrorList
|
||||
}{
|
||||
@@ -1714,6 +1740,35 @@ func TestValidateIngressUpdate(t *testing.T) {
|
||||
},
|
||||
expectedErrs: field.ErrorList{},
|
||||
},
|
||||
"v1: change valid secret -> invalid secret": {
|
||||
gv: networkingv1.SchemeGroupVersion,
|
||||
tweakIngresses: func(newIngress, oldIngress *networking.Ingress) {
|
||||
oldIngress.Spec.TLS = []networking.IngressTLS{{SecretName: "valid"}}
|
||||
newIngress.Spec.TLS = []networking.IngressTLS{{SecretName: "invalid name"}}
|
||||
},
|
||||
expectedErrs: field.ErrorList{field.Invalid(field.NewPath("spec").Child("tls").Index(0).Child("secretName"), "invalid name", `a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')`)},
|
||||
},
|
||||
"v1: change invalid secret -> invalid secret": {
|
||||
gv: networkingv1.SchemeGroupVersion,
|
||||
tweakIngresses: func(newIngress, oldIngress *networking.Ingress) {
|
||||
oldIngress.Spec.TLS = []networking.IngressTLS{{SecretName: "invalid name 1"}}
|
||||
newIngress.Spec.TLS = []networking.IngressTLS{{SecretName: "invalid name 2"}}
|
||||
},
|
||||
},
|
||||
"v1beta1: change valid secret -> invalid secret": {
|
||||
gv: networkingv1beta1.SchemeGroupVersion,
|
||||
tweakIngresses: func(newIngress, oldIngress *networking.Ingress) {
|
||||
oldIngress.Spec.TLS = []networking.IngressTLS{{SecretName: "valid"}}
|
||||
newIngress.Spec.TLS = []networking.IngressTLS{{SecretName: "invalid name"}}
|
||||
},
|
||||
},
|
||||
"v1beta1: change invalid secret -> invalid secret": {
|
||||
gv: networkingv1beta1.SchemeGroupVersion,
|
||||
tweakIngresses: func(newIngress, oldIngress *networking.Ingress) {
|
||||
oldIngress.Spec.TLS = []networking.IngressTLS{{SecretName: "invalid name 1"}}
|
||||
newIngress.Spec.TLS = []networking.IngressTLS{{SecretName: "invalid name 2"}}
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for name, testCase := range testCases {
|
||||
@@ -1722,7 +1777,11 @@ func TestValidateIngressUpdate(t *testing.T) {
|
||||
oldIngress := baseIngress.DeepCopy()
|
||||
testCase.tweakIngresses(newIngress, oldIngress)
|
||||
|
||||
errs := ValidateIngressUpdate(newIngress, oldIngress, networkingv1beta1.SchemeGroupVersion)
|
||||
gv := testCase.gv
|
||||
if gv.Empty() {
|
||||
gv = networkingv1beta1.SchemeGroupVersion
|
||||
}
|
||||
errs := ValidateIngressUpdate(newIngress, oldIngress, gv)
|
||||
|
||||
if len(errs) != len(testCase.expectedErrs) {
|
||||
t.Fatalf("Expected %d errors, got %d (%+v)", len(testCase.expectedErrs), len(errs), errs)
|
||||
@@ -1978,7 +2037,7 @@ func TestValidateIngressTLS(t *testing.T) {
|
||||
Hosts: []string{wildcardHost},
|
||||
},
|
||||
}
|
||||
badWildcardTLSErr := fmt.Sprintf("spec.tls[0].hosts: Invalid value: '%v'", wildcardHost)
|
||||
badWildcardTLSErr := fmt.Sprintf("spec.tls[0].hosts[0]: Invalid value: '%v'", wildcardHost)
|
||||
errorCases[badWildcardTLSErr] = badWildcardTLS
|
||||
|
||||
for k, v := range errorCases {
|
||||
|
||||
Reference in New Issue
Block a user