diff --git a/cmd/webhook/admission/ingress.go b/cmd/webhook/admission/ingress.go index a7b5bf9b23..f4313da106 100644 --- a/cmd/webhook/admission/ingress.go +++ b/cmd/webhook/admission/ingress.go @@ -16,32 +16,15 @@ func (iga *IngressAdmitter) name() string { func (iga *IngressAdmitter) admit(req *admissionRequest) (*admissionResponse, error) { - // Serve as default validator if not set - if iga.IngressValidator == nil { - iga.IngressValidator = &definitions.IngressV1Validator{} - } - ingressItem := definitions.IngressV1Item{} err := json.Unmarshal(req.Object, &ingressItem) if err != nil { - return &admissionResponse{ - UID: req.UID, - Allowed: false, - Result: &status{ - Message: err.Error(), - }, - }, err + return nil, err } err = iga.IngressValidator.Validate(&ingressItem) if err != nil { - return &admissionResponse{ - UID: req.UID, - Allowed: false, - Result: &status{ - Message: err.Error(), - }, - }, err + return nil, err } return &admissionResponse{ diff --git a/cmd/webhook/admission/routegroup.go b/cmd/webhook/admission/routegroup.go index 58c5bb4af0..42c70810d7 100644 --- a/cmd/webhook/admission/routegroup.go +++ b/cmd/webhook/admission/routegroup.go @@ -16,32 +16,15 @@ func (rga *RouteGroupAdmitter) name() string { func (rga *RouteGroupAdmitter) admit(req *admissionRequest) (*admissionResponse, error) { - // Serve as default validator if not set - if rga.RouteGroupValidator == nil { - rga.RouteGroupValidator = &definitions.RouteGroupValidator{} - } - rgItem := definitions.RouteGroupItem{} err := json.Unmarshal(req.Object, &rgItem) if err != nil { - return &admissionResponse{ - UID: req.UID, - Allowed: false, - Result: &status{ - Message: err.Error(), - }, - }, err + return nil, err } err = rga.RouteGroupValidator.Validate(&rgItem) if err != nil { - return &admissionResponse{ - UID: req.UID, - Allowed: false, - Result: &status{ - Message: err.Error(), - }, - }, err + return nil, err } return &admissionResponse{ diff --git a/dataclients/kubernetes/clusterclient.go b/dataclients/kubernetes/clusterclient.go index f2dde0510d..e55aae2cf5 100644 --- a/dataclients/kubernetes/clusterclient.go +++ b/dataclients/kubernetes/clusterclient.go @@ -71,6 +71,7 @@ type clusterClient struct { routeGroupsLabelSelectors string loggedMissingRouteGroups bool + routeGroupValidator *definitions.RouteGroupValidator } var ( @@ -162,6 +163,7 @@ func newClusterClient(o Options, apiURL, ingCls, rgCls string, quit <-chan struc httpClient: httpClient, apiURL: apiURL, certificateRegistry: o.CertificateRegistry, + routeGroupValidator: &definitions.RouteGroupValidator{}, } if o.KubernetesInCluster { @@ -358,11 +360,10 @@ func (c *clusterClient) LoadRouteGroups() ([]*definitions.RouteGroupItem, error) return nil, err } - routeGroupValidator := &definitions.RouteGroupValidator{} rgs := make([]*definitions.RouteGroupItem, 0, len(rgl.Items)) for _, i := range rgl.Items { // Validate RouteGroup item. - if err := routeGroupValidator.Validate(i); err != nil { + if err := c.routeGroupValidator.Validate(i); err != nil { log.Errorf("[routegroup] %v", err) continue } diff --git a/dataclients/kubernetes/definitions/ingressv1.go b/dataclients/kubernetes/definitions/ingressv1.go index 0bcc7b86ce..ac5e6975f8 100644 --- a/dataclients/kubernetes/definitions/ingressv1.go +++ b/dataclients/kubernetes/definitions/ingressv1.go @@ -7,9 +7,9 @@ import ( ) const ( - SkipperfilterAnnotationKey = "zalando.org/skipper-filter" - SkipperpredicateAnnotationKey = "zalando.org/skipper-predicate" - SkipperRoutesAnnotationKey = "zalando.org/skipper-routes" + IngressFilterAnnotation = "zalando.org/skipper-filter" + IngressPredicateAnnotation = "zalando.org/skipper-predicate" + IngressRoutesAnnotation = "zalando.org/skipper-routes" ) var errInvalidPortType = errors.New("invalid port type") diff --git a/dataclients/kubernetes/definitions/ingressvalidator.go b/dataclients/kubernetes/definitions/ingressvalidator.go index c769bcc9f6..1a7e2499d8 100644 --- a/dataclients/kubernetes/definitions/ingressvalidator.go +++ b/dataclients/kubernetes/definitions/ingressvalidator.go @@ -19,10 +19,10 @@ func (igv *IngressV1Validator) Validate(item *IngressV1Item) error { } func (igv *IngressV1Validator) validateFilterAnnotation(annotations map[string]string) error { - if filters, ok := annotations[SkipperfilterAnnotationKey]; ok { + if filters, ok := annotations[IngressFilterAnnotation]; ok { _, err := eskip.ParseFilters(filters) if err != nil { - err = fmt.Errorf("invalid \"%s\" annotation: %w", SkipperfilterAnnotationKey, err) + err = fmt.Errorf("invalid \"%s\" annotation: %w", IngressFilterAnnotation, err) } return err } @@ -30,10 +30,10 @@ func (igv *IngressV1Validator) validateFilterAnnotation(annotations map[string]s } func (igv *IngressV1Validator) validatePredicateAnnotation(annotations map[string]string) error { - if predicates, ok := annotations[SkipperpredicateAnnotationKey]; ok { + if predicates, ok := annotations[IngressPredicateAnnotation]; ok { _, err := eskip.ParsePredicates(predicates) if err != nil { - err = fmt.Errorf("invalid \"%s\" annotation: %w", SkipperpredicateAnnotationKey, err) + err = fmt.Errorf("invalid \"%s\" annotation: %w", IngressPredicateAnnotation, err) } return err } @@ -41,10 +41,10 @@ func (igv *IngressV1Validator) validatePredicateAnnotation(annotations map[strin } func (igv *IngressV1Validator) validateRoutesAnnotation(annotations map[string]string) error { - if routes, ok := annotations[SkipperRoutesAnnotationKey]; ok { + if routes, ok := annotations[IngressRoutesAnnotation]; ok { _, err := eskip.Parse(routes) if err != nil { - err = fmt.Errorf("invalid \"%s\" annotation: %w", SkipperRoutesAnnotationKey, err) + err = fmt.Errorf("invalid \"%s\" annotation: %w", IngressRoutesAnnotation, err) } return err } diff --git a/dataclients/kubernetes/ingress.go b/dataclients/kubernetes/ingress.go index db081297a4..aaec03360b 100644 --- a/dataclients/kubernetes/ingress.go +++ b/dataclients/kubernetes/ingress.go @@ -226,7 +226,7 @@ func annotationFilter(m *definitions.Metadata, logger *logger) []*eskip.Filter { if ratelimitAnnotationValue, ok := m.Annotations[ratelimitAnnotationKey]; ok { annotationFilter = ratelimitAnnotationValue } - if val, ok := m.Annotations[definitions.SkipperfilterAnnotationKey]; ok { + if val, ok := m.Annotations[definitions.IngressFilterAnnotation]; ok { if annotationFilter != "" { annotationFilter += " -> " } @@ -246,7 +246,7 @@ func annotationFilter(m *definitions.Metadata, logger *logger) []*eskip.Filter { // parse predicate annotation func annotationPredicate(m *definitions.Metadata) string { var annotationPredicate string - if val, ok := m.Annotations[definitions.SkipperpredicateAnnotationKey]; ok { + if val, ok := m.Annotations[definitions.IngressPredicateAnnotation]; ok { annotationPredicate = val } return annotationPredicate @@ -255,12 +255,12 @@ func annotationPredicate(m *definitions.Metadata) string { // parse routes annotation func extraRoutes(m *definitions.Metadata, logger *logger) []*eskip.Route { var extraRoutes []*eskip.Route - annotationRoutes := m.Annotations[definitions.SkipperRoutesAnnotationKey] + annotationRoutes := m.Annotations[definitions.IngressRoutesAnnotation] if annotationRoutes != "" { var err error extraRoutes, err = eskip.Parse(annotationRoutes) if err != nil { - logger.Errorf("Failed to parse routes from %s, skipping: %v", definitions.SkipperRoutesAnnotationKey, err) + logger.Errorf("Failed to parse routes from %s, skipping: %v", definitions.IngressRoutesAnnotation, err) } } return extraRoutes diff --git a/dataclients/kubernetes/kube_test.go b/dataclients/kubernetes/kube_test.go index 6d69b60935..a5e958e167 100644 --- a/dataclients/kubernetes/kube_test.go +++ b/dataclients/kubernetes/kube_test.go @@ -201,13 +201,13 @@ func testIngress(ns, name, defaultService, ratelimitCfg, filterString, predicate setAnnotation(i, ratelimitAnnotationKey, ratelimitCfg) } if filterString != "" { - setAnnotation(i, definitions.SkipperfilterAnnotationKey, filterString) + setAnnotation(i, definitions.IngressFilterAnnotation, filterString) } if predicateString != "" { - setAnnotation(i, definitions.SkipperpredicateAnnotationKey, predicateString) + setAnnotation(i, definitions.IngressPredicateAnnotation, predicateString) } if routesString != "" { - setAnnotation(i, definitions.SkipperRoutesAnnotationKey, routesString) + setAnnotation(i, definitions.IngressRoutesAnnotation, routesString) } if pathModeString != "" { setAnnotation(i, pathModeAnnotationKey, pathModeString) diff --git a/dataclients/kubernetes/path_test.go b/dataclients/kubernetes/path_test.go index e636257146..6f74c9ccf3 100644 --- a/dataclients/kubernetes/path_test.go +++ b/dataclients/kubernetes/path_test.go @@ -86,7 +86,7 @@ func TestPathMatchingModes(t *testing.T) { annotation := strings.Join(annotations, " && ") if len(annotations) > 0 { - i.Metadata.Annotations[definitions.SkipperpredicateAnnotationKey] = annotation + i.Metadata.Annotations[definitions.IngressPredicateAnnotation] = annotation } api.ingresses.Items = []*definitions.IngressV1Item{i} diff --git a/dataclients/kubernetes/redirect.go b/dataclients/kubernetes/redirect.go index 94f21c2b46..227e8f1d81 100644 --- a/dataclients/kubernetes/redirect.go +++ b/dataclients/kubernetes/redirect.go @@ -37,7 +37,7 @@ func createRedirectInfo(defaultEnabled bool, defaultCode int) *redirectInfo { func (r *redirectInfo) initCurrent(m *definitions.Metadata) { r.enable = m.Annotations[redirectAnnotationKey] == "true" r.disable = m.Annotations[redirectAnnotationKey] == "false" - r.ignore = strings.Contains(m.Annotations[definitions.SkipperpredicateAnnotationKey], `Header("X-Forwarded-Proto"`) || strings.Contains(m.Annotations[definitions.SkipperRoutesAnnotationKey], `Header("X-Forwarded-Proto"`) + r.ignore = strings.Contains(m.Annotations[definitions.IngressPredicateAnnotation], `Header("X-Forwarded-Proto"`) || strings.Contains(m.Annotations[definitions.IngressRoutesAnnotation], `Header("X-Forwarded-Proto"`) r.code = r.defaultCode if annotationCode, ok := m.Annotations[redirectCodeAnnotationKey]; ok {