Bug 1953113: template config - HSTS header's pattern accepts case insensitive and white spaces

[alebedev87]

This PR makes HAProxy's config template accept HSTS headers with case insensitive directives and white spaces as stated in RFC6797.

Apart from the unit test, tested manually:

$ oc get route console
NAME      HOST/PORT                                    PATH   SERVICES   PORT    TERMINATION          WILDCARD
console   console-openshift-console.apps-crc.testing          console    https   reencrypt/Redirect   None

$ oc get route console --template='{{$a := index .metadata.annotations "haproxy.router.openshift.io/hsts_header"}}{{$a}}{{"\n"}}'
MAX-age=99999 ;   includesubdomains;   Preload

$ curl -k -is https://console-openshift-console.apps-crc.testing | grep -i strict-transport
strict-transport-security: MAX-age=99999 ;   includesubdomains;   Preload

[openshift-ci]

@alebedev87: This pull request references Bugzilla bug 1953113, which is invalid:

• expected the bug to target the "4.8.0" release, but it targets "---" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 1953113: template config - HSTS header's pattern accepts case insensitive and white spaces

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[alebedev87]

/bugzilla refresh

[openshift-ci]

@alebedev87: This pull request references Bugzilla bug 1953113, which is invalid:

• expected the bug to target the "4.8.0" release, but it targets "---" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[alebedev87]

/assign @candita

[alebedev87]

/retest

[alebedev87]

/retest

[Miciah]

The name is confusing; the test actually performs a substring search, not a pattern match (such as a regexp), right?

[alebedev87]

Indeed, it's not a regexp.
Didn't have many ideas for the name, renamed to configSnippet. Tell me if you have better ideas.

[alebedev87]

/retest

[alebedev87]

/assign @Miciah

[Miciah]

Can we check for just the substring "http-response set-header Strict-Transport-Security" to make sure there are no false negatives?

Suggested change

	configSnippet: `http-response set-header Strict-Transport-Security 'min-age=99999'`,
	configSnippet: `http-response set-header Strict-Transport-Security`,

[Miciah]

Oh, the state isn't cleared between test cases, is it? So with my suggestion, this test case would always fail.

[Miciah]

Suggested change

	configSnippet: `http-response set-header Strict-Transport-Security 'max-age=99999;includesubdomains;preload;wrongdirective'`,
	configSnippet: `http-response set-header Strict-Transport-Security`,

[Miciah]

Thanks! I love the improved test coverage!
/lgtm
/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alebedev87, Miciah

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [Miciah]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Miciah]

/bugzilla refresh

[openshift-ci]

@Miciah: This pull request references Bugzilla bug 1953113, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.9.0) matches configured target release for branch (4.9.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @quarterpin

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[alebedev87]

/retest

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-ci]

@alebedev87: All pull requests linked via external trackers have merged:

• openshift/router#298

Bugzilla bug 1953113 has been moved to the MODIFIED state.

In response to this:

Bug 1953113: template config - HSTS header's pattern accepts case insensitive and white spaces

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.