Admissionwebhook misses faulty regex #12937

MarkusFlorian79 · 2024-04-25T10:10:35Z

Is there an existing issue for this?

I have searched the existing issues

Kong version (`$ kong version`)

3.6.1

Current Behavior

Adding following faulty HTTPRoute:

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: broken-http-route
  annotations:
    konghq.com/strip-path: "false"
    konghq.com/preserve-host: "false"
    konghq.com/protocols: https
spec:
  hostnames:
    - broken.api-ch-dev.balgroupit.com
  rules:
    - matches:
        - path:
            type: RegularExpression
            value: .*\.do
        - path:
            type: RegularExpression
            value: .*\.css
        - path:
            type: RegularExpression
            value: .*\.woff2
        - path:
            type: RegularExpression
            value: .*\.js
        - path:
            type: RegularExpression
            value: .*\.svg
      backendRefs:
        - name: echo-host-service
          kind: Service
          port: 1027

is not rejected by the AdmissionWebhook while the IngressController discovers the error:

Update route httproute.ch-kong-dev.broken-http-route.0.0 failed: HTTP status 400 (message: "5 schema violations (paths.1: should start with: / (fixed path) or ~/ (regex path); paths.2: should start with: / (fixed path) or ~/ (regex path); paths.3: should start with: / (fixed path) or ~/ (regex path); paths.4: should start with: / (fixed path) or ~/ (regex path); paths.5: should start with: / (fixed path) or ~/ (regex path))")

Expected Behavior

Admissionwebhook rejects the HTTPRoute.

Steps To Reproduce

See current behaviour

Anything else?

No response

The text was updated successfully, but these errors were encountered:

chronolaw · 2024-05-06T03:11:50Z

@randmonkey , could you take a look at this?

randmonkey · 2024-07-15T03:30:26Z

@MarkusFlorian79 KIC enables validation on HTTPRoute to check if the spec is valid (will not generate invalid Kong configuration) since 2.12. Please check if your KIC version is below 2.12 or admission webhooks are not configured correctly.

github-actions · 2024-07-30T01:53:51Z

This issue is marked as stale because it has been open for 14 days with no activity.

github-actions · 2024-08-06T01:54:21Z

Dear contributor,

We are automatically closing this issue because it has not seen any activity for three weeks.
We're sorry that your issue could not be resolved. If any new information comes up that could
help resolving it, please feel free to reopen it.

Your contribution is greatly appreciated!

Please have a look
our pledge to the community
for more information.

Sincerely,
Your Kong Gateway team

Water-Melon added the area/ingress-controller Issues where Kong is running as a Kubernetes Ingress Controller label Apr 26, 2024

randmonkey added the pending author feedback Waiting for the issue author to get back to a maintainer with findings, more details, etc... label Jul 15, 2024

github-actions bot added the stale label Jul 30, 2024

github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Aug 6, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Admissionwebhook misses faulty regex #12937

Admissionwebhook misses faulty regex #12937

MarkusFlorian79 commented Apr 25, 2024

chronolaw commented May 6, 2024

randmonkey commented Jul 15, 2024

github-actions bot commented Jul 30, 2024

github-actions bot commented Aug 6, 2024

Admissionwebhook misses faulty regex #12937

Admissionwebhook misses faulty regex #12937

Comments

MarkusFlorian79 commented Apr 25, 2024

Is there an existing issue for this?

Kong version ($ kong version)

Current Behavior

Expected Behavior

Steps To Reproduce

Anything else?

chronolaw commented May 6, 2024

randmonkey commented Jul 15, 2024

github-actions bot commented Jul 30, 2024

github-actions bot commented Aug 6, 2024

Kong version (`$ kong version`)