Skip to content

Commit

Permalink
Merge branch 'main' into chore/refactor-configmap-go
Browse files Browse the repository at this point in the history
  • Loading branch information
j1m-ryan authored Nov 27, 2024
2 parents 369699c + 7e7535d commit 5db33d7
Show file tree
Hide file tree
Showing 8 changed files with 57 additions and 17 deletions.
3 changes: 1 addition & 2 deletions .github/workflows/build-oss.yml
Original file line number Diff line number Diff line change
Expand Up @@ -203,10 +203,9 @@ jobs:
id: docker-scout
uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1
with:
command: cves,recommendations
command: cves
image: ${{ steps.meta.outputs.tags }}
ignore-base: true
only-fixed: true
sarif-file: "${{ inputs.image }}-results/scout.sarif"
write-comment: false
github-token: ${{ secrets.GITHUB_TOKEN }} # to be able to write the comment
Expand Down
3 changes: 1 addition & 2 deletions .github/workflows/build-plus.yml
Original file line number Diff line number Diff line change
Expand Up @@ -224,10 +224,9 @@ jobs:
id: docker-scout
uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1
with:
command: cves,recommendations
command: cves
image: ${{ steps.meta.outputs.tags }}
ignore-base: true
only-fixed: true
sarif-file: "${{ inputs.image }}-results/scout.sarif"
write-comment: false
github-token: ${{ secrets.GITHUB_TOKEN }} # to be able to write the comment
Expand Down
9 changes: 3 additions & 6 deletions .github/workflows/image-promotion.yml
Original file line number Diff line number Diff line change
Expand Up @@ -451,10 +451,9 @@ jobs:
id: docker-scout
uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1
with:
command: cves,recommendations
command: cves
image: ${{ steps.meta.outputs.tags }}
ignore-base: true
only-fixed: true
sarif-file: "${{ steps.directory.outputs.directory }}/scout.sarif"
write-comment: false
github-token: ${{ secrets.GITHUB_TOKEN }} # to be able to write the comment
Expand Down Expand Up @@ -541,10 +540,9 @@ jobs:
id: docker-scout
uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1
with:
command: cves,recommendations
command: cves
image: ${{ steps.meta.outputs.tags }}
ignore-base: true
only-fixed: true
sarif-file: "${{ steps.directory.outputs.directory }}/scout.sarif"
write-comment: false
github-token: ${{ secrets.GITHUB_TOKEN }} # to be able to write the comment
Expand Down Expand Up @@ -638,10 +636,9 @@ jobs:
id: docker-scout
uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1
with:
command: cves,recommendations
command: cves
image: ${{ steps.meta.outputs.tags }}
ignore-base: true
only-fixed: true
sarif-file: "${{ steps.directory.outputs.directory }}/scout.sarif"
write-comment: false
github-token: ${{ secrets.GITHUB_TOKEN }} # to be able to write the comment
Expand Down
2 changes: 1 addition & 1 deletion build/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ FROM ghcr.io/nginxinc/dependencies/nginx-ot:nginx-1.27.2-alpine@sha256:83da7cd36
FROM ghcr.io/nginxinc/dependencies/nginx-ubi-ppc64le:nginx-1.27.2@sha256:4c47c1295b25018342d9f7c8383fd933e73e162a482f2f45a21326f70c6d501d AS ubi-ppc64le
FROM ghcr.io/nginxinc/alpine-fips:0.2.3-alpine3.17@sha256:67b69b49aff96e185be841e2b2ff2d8236551ea5c18002bffa4344798d803fd8 AS alpine-fips-3.17
FROM ghcr.io/nginxinc/alpine-fips:0.2.3-alpine3.20@sha256:4c29e5c50b122354d9d4ba6b97cdf64647468e788b965fc0240ead541653454a AS alpine-fips-3.20
FROM redhat/ubi9-minimal@sha256:d85040b6e3ed3628a89683f51a38c709185efc3fb552db2ad1b9180f2a6c38be AS ubi-minimal
FROM redhat/ubi9-minimal:9.5@sha256:d85040b6e3ed3628a89683f51a38c709185efc3fb552db2ad1b9180f2a6c38be AS ubi-minimal
FROM golang:1.23-alpine@sha256:c694a4d291a13a9f9d94933395673494fc2cc9d4777b85df3a7e70b3492d3574 AS golang-builder


Expand Down
7 changes: 4 additions & 3 deletions cmd/nginx-ingress/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ func main() {
parsedFlags := os.Args[1:]

buildOS := os.Getenv("BUILD_OS")
controllerNamespace := os.Getenv("POD_NAMESPACE")

config, kubeClient := mustCreateConfigAndKubeClient(ctx)
mustValidateKubernetesVersionInfo(ctx, kubeClient)
Expand Down Expand Up @@ -146,6 +147,8 @@ func main() {

isWildcardEnabled := processWildcardSecret(ctx, kubeClient, nginxManager)

staticSSLPath := nginxManager.GetSecretsDir()

globalConfigurationValidator := createGlobalConfigurationValidator()

mustProcessGlobalConfiguration(ctx)
Expand Down Expand Up @@ -177,7 +180,7 @@ func main() {
EnableCertManager: *enableCertManager,
DynamicSSLReload: *enableDynamicSSLReload,
DynamicWeightChangesReload: *enableDynamicWeightChangesReload,
StaticSSLPath: nginxManager.GetSecretsDir(),
StaticSSLPath: staticSSLPath,
NginxVersion: nginxVersion,
AppProtectBundlePath: appProtectBundlePath,
}
Expand Down Expand Up @@ -211,8 +214,6 @@ func main() {
NginxVersion: nginxVersion,
})

controllerNamespace := os.Getenv("POD_NAMESPACE")

transportServerValidator := cr_validation.NewTransportServerValidator(*enableTLSPassthrough, *enableSnippets, *nginxPlus)
virtualServerValidator := cr_validation.NewVirtualServerValidator(
cr_validation.IsPlus(*nginxPlus),
Expand Down
11 changes: 11 additions & 0 deletions internal/configs/version1/template_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ import (
"github.com/nginxinc/kubernetes-ingress/internal/nginx"
)

var fakeManager = nginx.NewFakeManager("/etc/nginx")

func TestMain(m *testing.M) {
v := m.Run()

Expand Down Expand Up @@ -2017,6 +2019,7 @@ var (
}

mainCfg = MainConfig{
StaticSSLPath: fakeManager.GetSecretsDir(),
DefaultHTTPListenerPort: 80,
DefaultHTTPSListenerPort: 443,
ServerNamesHashMaxSize: "512",
Expand Down Expand Up @@ -2061,6 +2064,7 @@ var (
}

mainCfgR31 = MainConfig{
StaticSSLPath: fakeManager.GetSecretsDir(),
DefaultHTTPListenerPort: 80,
DefaultHTTPSListenerPort: 443,
ServerNamesHashMaxSize: "512",
Expand Down Expand Up @@ -2090,6 +2094,7 @@ var (
}

mainCfgHTTP2On = MainConfig{
StaticSSLPath: fakeManager.GetSecretsDir(),
DefaultHTTPListenerPort: 80,
DefaultHTTPSListenerPort: 443,
HTTP2: true,
Expand Down Expand Up @@ -2130,6 +2135,7 @@ var (
}

mainCfgCustomTLSPassthroughPort = MainConfig{
StaticSSLPath: fakeManager.GetSecretsDir(),
ServerNamesHashMaxSize: "512",
ServerTokens: "off",
WorkerProcesses: "auto",
Expand Down Expand Up @@ -2157,6 +2163,7 @@ var (
}

mainCfgWithoutTLSPassthrough = MainConfig{
StaticSSLPath: fakeManager.GetSecretsDir(),
ServerNamesHashMaxSize: "512",
ServerTokens: "off",
WorkerProcesses: "auto",
Expand Down Expand Up @@ -2184,6 +2191,7 @@ var (
}

mainCfgDefaultTLSPassthroughPort = MainConfig{
StaticSSLPath: fakeManager.GetSecretsDir(),
ServerNamesHashMaxSize: "512",
ServerTokens: "off",
WorkerProcesses: "auto",
Expand Down Expand Up @@ -2211,6 +2219,7 @@ var (
}

mainCfgCustomDefaultHTTPAndHTTPSListenerPorts = MainConfig{
StaticSSLPath: fakeManager.GetSecretsDir(),
DefaultHTTPListenerPort: 8083,
DefaultHTTPSListenerPort: 8443,
ServerNamesHashMaxSize: "512",
Expand Down Expand Up @@ -2238,6 +2247,7 @@ var (
}

mainCfgCustomDefaultHTTPListenerPort = MainConfig{
StaticSSLPath: fakeManager.GetSecretsDir(),
DefaultHTTPListenerPort: 8083,
DefaultHTTPSListenerPort: 443,
ServerNamesHashMaxSize: "512",
Expand Down Expand Up @@ -2265,6 +2275,7 @@ var (
}

mainCfgCustomDefaultHTTPSListenerPort = MainConfig{
StaticSSLPath: fakeManager.GetSecretsDir(),
DefaultHTTPListenerPort: 80,
DefaultHTTPSListenerPort: 8443,
ServerNamesHashMaxSize: "512",
Expand Down
10 changes: 7 additions & 3 deletions internal/k8s/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -1749,7 +1749,7 @@ func (lbc *LoadBalancerController) handleRegularSecretDeletion(resources []Resou
}

func (lbc *LoadBalancerController) handleSecretUpdate(secret *api_v1.Secret, resources []Resource) {
secretNsName := secret.Namespace + "/" + secret.Name
secretNsName := generateSecretNSName(secret)

var warnings configs.Warnings
var addOrUpdateErr error
Expand All @@ -1766,7 +1766,7 @@ func (lbc *LoadBalancerController) handleSecretUpdate(secret *api_v1.Secret, res
}

func (lbc *LoadBalancerController) validationTLSSpecialSecret(secret *api_v1.Secret, secretName string, secretList *[]string) {
secretNsName := secret.Namespace + "/" + secret.Name
secretNsName := generateSecretNSName(secret)

err := secrets.ValidateTLSSecret(secret)
if err != nil {
Expand All @@ -1779,7 +1779,7 @@ func (lbc *LoadBalancerController) validationTLSSpecialSecret(secret *api_v1.Sec

func (lbc *LoadBalancerController) handleSpecialSecretUpdate(secret *api_v1.Secret) {
var specialTLSSecretsToUpdate []string
secretNsName := secret.Namespace + "/" + secret.Name
secretNsName := generateSecretNSName(secret)

if secretNsName == lbc.specialSecrets.defaultServerSecret {
lbc.validationTLSSpecialSecret(secret, configs.DefaultServerSecretFileName, &specialTLSSecretsToUpdate)
Expand All @@ -1797,6 +1797,10 @@ func (lbc *LoadBalancerController) handleSpecialSecretUpdate(secret *api_v1.Secr
lbc.recorder.Eventf(secret, api_v1.EventTypeNormal, "Updated", "the special Secret %v was updated", secretNsName)
}

func generateSecretNSName(secret *api_v1.Secret) string {
return secret.Namespace + "/" + secret.Name
}

func getStatusFromEventTitle(eventTitle string) string {
switch eventTitle {
case "AddedOrUpdatedWithError", "Rejected", "NoVirtualServersFound", "Missing Secret", "UpdatedWithError":
Expand Down
29 changes: 29 additions & 0 deletions internal/k8s/controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3505,3 +3505,32 @@ func TestNewTelemetryCollector(t *testing.T) {
}
}
}

func TestGenerateSecretNSName(t *testing.T) {
t.Parallel()
testCases := []struct {
name string
secret *api_v1.Secret
expected string
}{
{
name: "Valid secret",
secret: &api_v1.Secret{
ObjectMeta: meta_v1.ObjectMeta{
Namespace: "testns",
Name: "test-secret",
},
},
expected: "testns/test-secret",
},
}

for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
result := generateSecretNSName(tc.secret)
if result != tc.expected {
t.Fatalf("Expected %v, but got %v", tc.expected, result)
}
})
}
}

0 comments on commit 5db33d7

Please sign in to comment.