Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update default block list,docs, tests #7942

Merged
merged 5 commits into from
Nov 23, 2021
Merged

update default block list,docs, tests #7942

merged 5 commits into from
Nov 23, 2021

Conversation

strongjz
Copy link
Member

1.0.5 created a breaking change with a default blocklist for user, this PR reverts that and makes the default blocklist an empty string.

What this PR does / why we need it:

fixes #7939

Types of changes

  • [ X ] Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation only

How Has This Been Tested?

make test and e2e-test locally

Checklist:

  • [X ] My change requires a change to the documentation.
  • [X ] I have updated the documentation accordingly.
  • [X ] I've read the CONTRIBUTION guide
  • [X ] I have added tests to cover my changes.
  • [X ] All new and existing tests passed.

@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-priority size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Nov 17, 2021
@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 17, 2021
@strongjz
Copy link
Member Author

/ok-to-test

@k8s-ci-robot k8s-ci-robot added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Nov 17, 2021
@strongjz
Copy link
Member Author

/kind bug
/priority critical-urgent
/triage accepted

@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-priority needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Nov 17, 2021
@strongjz
Copy link
Member Author

/assign @rikatz

@rikatz
Copy link
Contributor

rikatz commented Nov 17, 2021

/lgtm
I'm on mobile but just to confirm, we test the custom blocklist scenario right?

Thanks!!!

@rikatz
Copy link
Contributor

rikatz commented Nov 17, 2021
edited
Loading

/hold
Unhold as desired!

@k8s-ci-robot k8s-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. lgtm "Looks good to me", indicates that a PR is ready to be merged. labels Nov 17, 2021
@strongjz
Copy link
Member Author

I left the tests in there with a custom list, just added one with the no setting so the new default empty string.

@rikatz
Copy link
Contributor

rikatz commented Nov 18, 2021

I'm checking here why the tests are failing

@rikatz
Copy link
Contributor

rikatz commented Nov 18, 2021

https://github.com/kubernetes/ingress-nginx/pull/7874/files#diff-9dcbb8eba12c61d6f3dde188c0b8d8332365139e5062995d322795e02710fb6cR45 Probably being caused by this, happened locally...

strange as this was going just fine, will check it again with bigger timeout just to remove this as something that may happen

@rikatz
Copy link
Contributor

rikatz commented Nov 18, 2021

In https://github.com/kubernetes/ingress-nginx/blob/main/internal/ingress/controller/store/store.go#L826-L830 you can remove/replace for the following block (I have left a klog.Errorf that should be removed as well...)

	if s.backendConfig.AnnotationValueWordBlocklist != "" {
		if err := checkBadAnnotationValue(copyIng.Annotations, s.backendConfig.AnnotationValueWordBlocklist); err != nil {
			klog.Errorf("skipping ingress %s: %s", key, err)
			return
		}
	}

In https://github.com/kubernetes/ingress-nginx/blob/main/internal/ingress/controller/controller.go#L245
add the same check like:

var arraybadWords []string
if s.backendConfig.AnnotationValueWordBlocklist != "" {
   arraybadWords = strings.Split(strings.TrimSpace(cfg.AnnotationValueWordBlocklist), ",")
}

@rikatz
Copy link
Contributor

rikatz commented Nov 18, 2021

One more:

As we are turning the default value as empty string, on our tests (like /go/src/k8s.io/ingress-nginx/test/e2e/settings/badannotationvalues.go:65) you probably want to configure with the default values (or remove this test)

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 18, 2021
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Nov 18, 2021
@strongjz
Copy link
Member Author

/label tide/merge-method-squash

@k8s-ci-robot k8s-ci-robot added the tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. label Nov 20, 2021
@strongjz
Copy link
Member Author

/retest

rikatz
rikatz reviewed Nov 23, 2021
View reviewed changes
internal/ingress/controller/store/store.go
return
if s.backendConfig.AnnotationValueWordBlocklist != "" {
if err := checkBadAnnotationValue(copyIng.Annotations, s.backendConfig.AnnotationValueWordBlocklist); err != nil {
klog.Errorf("skipping ingress %s: %s", key, err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit/followup: turn this into a warning (my bad, I left as error, people complained!)

rikatz
rikatz approved these changes Nov 23, 2021
View reviewed changes
Copy link
Contributor

@rikatz rikatz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
Thanks.

Left a small followup/cleanup to move the error into warning, but IMO we can merge this, just do the small fix later and release

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 23, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rikatz, strongjz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@rikatz
Copy link
Contributor

rikatz commented Nov 23, 2021

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 23, 2021
@k8s-ci-robot k8s-ci-robot merged commit d4a6ade into kubernetes:main Nov 23, 2021
@rikatz rikatz added this to the v1.1.0 milestone Nov 23, 2021
strongjz added a commit to strongjz/ingress-nginx that referenced this pull request Nov 24, 2021
@strongjz
update default block list,docs, tests (kubernetes#7942)
a79f099 
* update default block list,docs, tests

* fix config for admin test

* gofmt

* remove the err return
k8s-ci-robot pushed a commit that referenced this pull request Nov 24, 2021
@strongjz @rikatz
Legacy cherrypick (#7965)
18e6eb0 
* update default block list,docs, tests (#7942)

* update default block list,docs, tests

* fix config for admin test

* gofmt

* remove the err return

* Change sanitization message from error to warning (#7963)

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* duplicate test

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
@sdickhoven sdickhoven mentioned this pull request Dec 14, 2021
Closed
@strongjz strongjz deleted the fix-7939 branch April 2, 2022 20:11
rchshld pushed a commit to joomcode/ingress-nginx that referenced this pull request May 19, 2023
@strongjz @rchshld
update default block list,docs, tests (kubernetes#7942)
e371cd2 
* update default block list,docs, tests

* fix config for admin test

* gofmt

* remove the err return
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rikatz rikatz rikatz approved these changes

@cmluciano cmluciano Awaiting requested review from cmluciano

@ElvinEfendi ElvinEfendi Awaiting requested review from ElvinEfendi

Assignees

@rikatz rikatz

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/docs cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
v1.1.0
Development

Successfully merging this pull request may close these issues.

Release 1.0.5 is breaking (Chart release 4.0.8), major version should be bumped
3 participants
@strongjz @rikatz @k8s-ci-robot