Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
feat(validation) validate secret plugin configs
For KongPlugins that set ConfigFrom:
- Verify that the KongPlugin does not also set Config.
- Use the Secret value indicated by ConfigFrom when validating plugin
  configuration.

Fix #1023
  • Loading branch information
rainest committed Feb 18, 2021
1 parent b6fd524 commit 9448eb7
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 0 deletions.
1 change: 1 addition & 0 deletions cli/ingress-controller/main.go
Expand Up @@ -506,6 +506,7 @@ func main() {
Validator: admission.KongHTTPValidator{
Client: kongClient,
Logger: logger,
Store: store,
},
Logger: logger,
}
Expand Down
15 changes: 15 additions & 0 deletions internal/admission/validator.go
Expand Up @@ -7,6 +7,8 @@ import (

"github.com/kong/go-kong/kong"
configuration "github.com/kong/kubernetes-ingress-controller/pkg/apis/configuration/v1"
"github.com/kong/kubernetes-ingress-controller/pkg/kongstate"
"github.com/kong/kubernetes-ingress-controller/pkg/store"
"github.com/sirupsen/logrus"
corev1 "k8s.io/api/core/v1"
)
Expand All @@ -23,6 +25,7 @@ type KongValidator interface {
type KongHTTPValidator struct {
Client *kong.Client
Logger logrus.FieldLogger
Store store.Storer
}

// ValidateConsumer checks if consumer has a Username and a consumer with
Expand Down Expand Up @@ -64,6 +67,18 @@ func (validator KongHTTPValidator) ValidatePlugin(
if k8sPlugin.Config != nil {
plugin.Config = kong.Configuration(k8sPlugin.Config)
}
if k8sPlugin.ConfigFrom.SecretValue != (configuration.SecretValueFromSource{}) {
if k8sPlugin.Config != nil {
return false, "plugin cannot use both Config and ConfigFrom", nil
}
config, err := kongstate.SecretToConfiguration(validator.Store,
k8sPlugin.ConfigFrom.SecretValue, k8sPlugin.Namespace)
if err != nil {
return false, fmt.Sprintf("could not load secret plugin configuration: %v", err), nil
}
plugin.Config = kong.Configuration(config)

}
if k8sPlugin.RunOn != "" {
plugin.RunOn = kong.String(k8sPlugin.RunOn)
}
Expand Down

0 comments on commit 9448eb7

Please sign in to comment.