Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Admissionwebhook misses faulty regex #12937

Open
1 task done
MarkusFlorian79 opened this issue Apr 25, 2024 · 1 comment
Open
1 task done

Admissionwebhook misses faulty regex #12937

MarkusFlorian79 opened this issue Apr 25, 2024 · 1 comment
Labels
area/ingress-controller Issues where Kong is running as a Kubernetes Ingress Controller

Comments

@MarkusFlorian79
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Kong version ($ kong version)

3.6.1

Current Behavior

Adding following faulty HTTPRoute:

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: broken-http-route
  annotations:
    konghq.com/strip-path: "false"
    konghq.com/preserve-host: "false"
    konghq.com/protocols: https
spec:
  hostnames:
    - broken.api-ch-dev.balgroupit.com
  rules:
    - matches:
        - path:
            type: RegularExpression
            value: .*\.do
        - path:
            type: RegularExpression
            value: .*\.css
        - path:
            type: RegularExpression
            value: .*\.woff2
        - path:
            type: RegularExpression
            value: .*\.js
        - path:
            type: RegularExpression
            value: .*\.svg
      backendRefs:
        - name: echo-host-service
          kind: Service
          port: 1027

is not rejected by the AdmissionWebhook while the IngressController discovers the error:

Update route httproute.ch-kong-dev.broken-http-route.0.0 failed: HTTP status 400 (message: "5 schema violations (paths.1: should start with: / (fixed path) or ~/ (regex path); paths.2: should start with: / (fixed path) or ~/ (regex path); paths.3: should start with: / (fixed path) or ~/ (regex path); paths.4: should start with: / (fixed path) or ~/ (regex path); paths.5: should start with: / (fixed path) or ~/ (regex path))")

Expected Behavior

Admissionwebhook rejects the HTTPRoute.

Steps To Reproduce

See current behaviour

Anything else?

No response
@Water-Melon Water-Melon added the area/ingress-controller Issues where Kong is running as a Kubernetes Ingress Controller label Apr 26, 2024
@chronolaw
Copy link
Contributor

@randmonkey , could you take a look at this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/ingress-controller Issues where Kong is running as a Kubernetes Ingress Controller
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@chronolaw @Water-Melon @MarkusFlorian79