From 6ea2bf5d603f37d1d108e92868108579161b6e5c Mon Sep 17 00:00:00 2001 From: Sean O'Neill Date: Fri, 17 Dec 2021 12:55:44 +0000 Subject: [PATCH] fixing ap tests validation DOS override --- .../validation/appprotect_common.go | 20 +++++++++++++++---- .../validation/appprotect_common_test.go | 5 ++--- tests/Makefile | 6 +++--- 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/pkg/apis/configuration/validation/appprotect_common.go b/pkg/apis/configuration/validation/appprotect_common.go index d05269cc5f..f7390bde2a 100644 --- a/pkg/apis/configuration/validation/appprotect_common.go +++ b/pkg/apis/configuration/validation/appprotect_common.go @@ -38,11 +38,15 @@ func ValidateRequiredFields(obj *unstructured.Unstructured, fieldsList [][]strin return nil } -var logDstEx = regexp.MustCompile(`(?:syslog:server=((?:\d{1,3}\.){3}\d{1,3}|localhost):\d{1,5})|stderr`) +var ( + logDstEx = regexp.MustCompile(`(?:syslog:server=((?:\d{1,3}\.){3}\d{1,3}|localhost|[a-zA-Z0-9._-]+):\d{1,5})|stderr|(?:\/[\S]+)+`) + logDstFileEx = regexp.MustCompile(`(?:\/[\S]+)+`) + logDstFQDNEx = regexp.MustCompile(`(?:[a-zA-Z0-9_-]+\.)+[a-zA-Z0-9_-]+`) +) // ValidateAppProtectLogDestination validates destination for log configuration func ValidateAppProtectLogDestination(dstAntn string) error { - errormsg := "Error parsing App Protect Log config: Destination must follow format: syslog:server=: or stderr" + errormsg := "Error parsing App Protect Log config: Destination must follow format: syslog:server=: or fqdn or stderr or absolute path to file" if !logDstEx.MatchString(dstAntn) { return fmt.Errorf("%s Log Destination did not follow format", errormsg) } @@ -50,9 +54,13 @@ func ValidateAppProtectLogDestination(dstAntn string) error { return nil } + if logDstFileEx.MatchString(dstAntn) { + return nil + } + dstchunks := strings.Split(dstAntn, ":") - // // This error can be ignored since the regex check ensures this string will be parsable + // This error can be ignored since the regex check ensures this string will be parsable port, _ := strconv.Atoi(dstchunks[2]) if port > 65535 || port < 1 { @@ -64,8 +72,12 @@ func ValidateAppProtectLogDestination(dstAntn string) error { return nil } + if logDstFQDNEx.MatchString(ipstr) { + return nil + } + if net.ParseIP(ipstr) == nil { - return fmt.Errorf("Error parsing host: %v is not a valid ip address", ipstr) + return fmt.Errorf("Error parsing host: %v is not a valid ip address or host name", ipstr) } return nil diff --git a/pkg/apis/configuration/validation/appprotect_common_test.go b/pkg/apis/configuration/validation/appprotect_common_test.go index e7662160d2..5fbd46917a 100644 --- a/pkg/apis/configuration/validation/appprotect_common_test.go +++ b/pkg/apis/configuration/validation/appprotect_common_test.go @@ -197,14 +197,13 @@ func TestValidateRequiredSlices(t *testing.T) { func TestValidateAppProtectLogDestinationAnnotation(t *testing.T) { // Positive test cases - posDstAntns := []string{"stderr", "syslog:server=localhost:9000", "syslog:server=10.1.1.2:9000"} + posDstAntns := []string{"stderr", "syslog:server=localhost:9000", "syslog:server=10.1.1.2:9000", "/var/log/ap.log", "syslog:server=my-syslog-server.my-namespace:515"} // Negative test cases item, expected error message negDstAntns := [][]string{ {"stdout", "Log Destination did not follow format"}, {"syslog:server=localhost:99999", "not a valid port number"}, - {"syslog:server=999.99.99.99:5678", "is not a valid ip address"}, - {"/var/log/ap.log", "Error parsing App Protect Log config: Destination must follow format: syslog:server=: or stderr"}, + {"syslog:server=mysyslog-server:999", "not a valid ip address"}, } for _, tCase := range posDstAntns { diff --git a/tests/Makefile b/tests/Makefile index fabb4fd614..54ad9c7f27 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -1,8 +1,8 @@ CONTEXT = -BUILD_IMAGE = nginx/nginx-ingress:2.0.3-SNAPSHOT-61b2a91-dos +BUILD_IMAGE = nginx/nginx-ingress:edge PULL_POLICY = IfNotPresent DEPLOYMENT_TYPE = deployment -IC_TYPE = nginx-plus-ingress +IC_TYPE = nginx-ingress SERVICE = nodeport NODE_IP = TAG = latest @@ -10,7 +10,7 @@ PREFIX = test-runner KUBE_CONFIG_FOLDER = $${HOME}/.kube KIND_KUBE_CONFIG_FOLDER = $${HOME}/.kube/kind SHOW_IC_LOGS = no -PYTEST_ARGS = -m dos -v -s +PYTEST_ARGS = DOCKERFILEPATH = docker/Dockerfile .PHONY: build