Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

validator: make sure Ingress/RouteGroup doesn't have duplicate hosts #2753

Merged
merged 4 commits into from
Jan 23, 2024
Merged

validator: make sure Ingress/RouteGroup doesn't have duplicate hosts #2753

merged 4 commits into from
Jan 23, 2024

Conversation

MustafaSaber
Copy link
Member

@MustafaSaber MustafaSaber commented Nov 27, 2023
edited
Loading

Relates to #1618

AlexanderYastrebov
AlexanderYastrebov reviewed Nov 27, 2023
View reviewed changes
dataclients/kubernetes/definitions/testdata/validation/route-with-duplicate-hosts.yaml
@@ -0,0 +1,28 @@
apiVersion: zalando.org/v1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the test fixture for Ingress is missing

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right now we don't validate ingress in skipper we only do in ValidationWebhook, I think we will need another PR to migrate current ingress adhock validation to validator object.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What I mean by adhock validation https://github.com/zalando/skipper/blob/master/dataclients/kubernetes/ingress.go#L257C1-L269C2

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#2757

AlexanderYastrebov
AlexanderYastrebov reviewed Nov 27, 2023
View reviewed changes
cmd/webhook/admission/testdata/ingress/invalid-ingress-with-duplicate-hosts.json
@@ -0,0 +1,41 @@
{
"request": {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still think we do not need to add tests for admission webhook when we change validator, its just increases size of PR but adds no value as webhook simply calls validator

Base automatically changed from cw2023freeze to master November 28, 2023 10:01
@MustafaSaber MustafaSaber force-pushed the validate-duplicate-routes-per-resource branch from 8828e25 to 6df46c7 Compare November 28, 2023 15:17
@MustafaSaber MustafaSaber self-assigned this Nov 28, 2023
@MustafaSaber MustafaSaber changed the title Validate Ingress/RouteGroup doesn't have duplicate hosts validator: make sure Ingress/RouteGroup doesn't have duplicate hosts Nov 29, 2023
@AlexanderYastrebov
Copy link
Member

@MustafaSaber What's up with this one? Looks like it needs rebase

@MustafaSaber MustafaSaber added the major moderate risk, for example new API, small filter changes that have no risk like refactoring or logs label Jan 4, 2024
@MustafaSaber
Copy link
Member Author

This was based on backendValidation maybe we can roll it forward first and then rebase this?

@MustafaSaber
Copy link
Member Author

Revert PR
#2825

@MustafaSaber
Validate Ingress/RouteGroup doesn't have duplicate hosts
d733e18 
Signed-off-by: Mustafa Abdelrahman <mustafa.abdelrahman@zalando.de>
@MustafaSaber
Address comments
c8f3b31 
Signed-off-by: Mustafa Abdelrahman <mustafa.abdelrahman@zalando.de>
@MustafaSaber
Update testcases with duplicate routes
2b64634 
Signed-off-by: Mustafa Abdelrahman <mustafa.abdelrahman@zalando.de>
@MustafaSaber MustafaSaber force-pushed the validate-duplicate-routes-per-resource branch from dbbe504 to 2b64634 Compare January 22, 2024 14:52
@MustafaSaber
Fix testcase dropped from merging
60a9c94 
Signed-off-by: Mustafa Abdelrahman <mustafa.abdelrahman@zalando.de>
@AlexanderYastrebov
Copy link
Member

👍

1 similar comment
@MustafaSaber
Copy link
Member Author

👍

@MustafaSaber MustafaSaber merged commit 6c33066 into master Jan 23, 2024
14 checks passed
@MustafaSaber MustafaSaber deleted the validate-duplicate-routes-per-resource branch January 23, 2024 14:08
AlexanderYastrebov
AlexanderYastrebov reviewed Jan 23, 2024
View reviewed changes
dataclients/kubernetes/definitions/ingressvalidator.go
Comment on lines +58 to +63
for _, rule := range item.Spec.Rules {
if _, ok := uniqueHosts[rule.Host]; ok {
errs = append(errs, fmt.Errorf("duplicate host %q", rule.Host))
}
uniqueHosts[rule.Host] = struct{}{}
}
Copy link
Member

@AlexanderYastrebov AlexanderYastrebov Jan 23, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think ingress rules may have the same host repeated with different rules, lets check

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We agreed to disable duplicate hostname validation for ingress.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#2884

@MustafaSaber MustafaSaber mentioned this pull request Jan 23, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AlexanderYastrebov AlexanderYastrebov AlexanderYastrebov left review comments

Assignees

@MustafaSaber MustafaSaber

Labels
major moderate risk, for example new API, small filter changes that have no risk like refactoring or logs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MustafaSaber @AlexanderYastrebov