Wrong validation for permanent-redirect and temporal-redirect annotation values

[N4SoftwareNinja]

Hi everyone,

I think in this file there is a wrong validator for the values of permanent-redirect and temporal-redirect annotation used.

Reasoning: It should be possible to use variables like "$request_uri" for redirecting to the same path as in the original request for example, but this is blocked by the validation because the $ is not allowed.
If I use a configuration-snippet with the following content, it works fine:

return 301 https://wheelscompany.com/$request_uri;

So for me it looks like if URLWithNginxVariableRegex should be the correct Regex to be used at this point.

[k8s-ci-robot]

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[samtoxie]

I can notice the same behaviour when performing the minor update. Ingress objects using the annotation as such will break and get rejected by the controller:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-domain-redirect
  namespace: dev
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod-http"
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/permanent-redirect: "https://my.new.domain$request_uri"
spec:
  ingressClassName: nginx
  rules:
  - host: my.domain
  - host: www.my.domain
  tls:
  - hosts:
    - my.domain
    - www.my.domain
    secretName: my-domain-tls

Removing the $ allows it to be accepted again, however I need the request_uri to be preserved on redirects.

[MiGrandjean]

Can confirm, updating from v1.11.3 to v1.12.0 breaks this:

W0127 16:18:19.319229       8 validators.go:237] validation error on ingress foo/portal-redirect: annotation permanent-redirect contains invalid value $scheme://portal.example.org$request_uri
E0127 16:18:19.319254       8 annotations.go:193] "ingress contains invalid annotation value" err="annotation nginx.ingress.kubernetes.io/permanent-redirect contains invalid value"
E0127 16:18:19.319266       8 store.go:938] annotation nginx.ingress.kubernetes.io/permanent-redirect contains invalid value

[jasday]

Just to add on, auth-sign in validation appears broken when updating from v1.11.3 to v1.12.0 as well:

W0128 09:25:51.467367       7 validators.go:237] validation error on ingress foo/bar: annotation auth-signin contains invalid value https://auth.example.com/oauth2/start?rd=https%3A%2F%2F$host$request_uri

EDIT:
Looking a bit deeper, auth-signin already uses URLWithNginxVariableRegex, so this error this is likely due to the URL encoded characters in the address. This is working on v1.11.3, so not sure what has changed since that release, however potentially not related to this issue.