diff --git a/library/common-test/tests/ingress/validation_test.yaml b/library/common-test/tests/ingress/validation_test.yaml index b5540b8a..e8b23640 100644 --- a/library/common-test/tests/ingress/validation_test.yaml +++ b/library/common-test/tests/ingress/validation_test.yaml @@ -476,3 +476,97 @@ tests: asserts: - failedTemplate: errorMessage: Ingress - Expected targeted service port [my-port] to be enabled + + - it: should fail if tls.hosts are empty + set: + operator: *operator + service: *service + ingress: + my-ingress: + enabled: true + primary: true + hosts: *hosts + tls: + - hosts: [] + asserts: + - failedTemplate: + errorMessage: Ingress - Expected non-empty [tls.hosts] + + - it: should fail if tls.hosts is not a slice + set: + operator: *operator + service: *service + ingress: + my-ingress: + enabled: true + primary: true + hosts: *hosts + tls: + - hosts: not-a-slice + asserts: + - failedTemplate: + errorMessage: Ingress - Expected [tls.hosts] to be a [slice], but got [string] + + - it: should fail if tls.hosts.host is empty + set: + operator: *operator + service: *service + ingress: + my-ingress: + enabled: true + primary: true + hosts: *hosts + tls: + - hosts: + - host: "" + asserts: + - failedTemplate: + errorMessage: Ingress - Expected non-empty [tls.hosts.host] + + - it: should fail if tls.hosts.host starts with https:// + set: + operator: *operator + service: *service + ingress: + my-ingress: + enabled: true + primary: true + hosts: *hosts + tls: + - hosts: + - host: https://test-host + asserts: + - failedTemplate: + errorMessage: Ingress - Expected [tls.hosts.host] to not start with [https://], but got [https://test-host] + + - it: should fail if tls.hosts.host starts with http:// + set: + operator: *operator + service: *service + ingress: + my-ingress: + enabled: true + primary: true + hosts: *hosts + tls: + - hosts: + - host: http://test-host + asserts: + - failedTemplate: + errorMessage: Ingress - Expected [tls.hosts.host] to not start with [http://], but got [http://test-host] + + - it: should fail if tls.hosts.host contains ":" + set: + operator: *operator + service: *service + ingress: + my-ingress: + enabled: true + primary: true + hosts: *hosts + tls: + - hosts: + - host: test-host:123 + asserts: + - failedTemplate: + errorMessage: Ingress - Expected [tls.hosts.host] to not contain [:], but got [test-host:123] diff --git a/library/common/templates/lib/ingress/_validation.tpl b/library/common/templates/lib/ingress/_validation.tpl index 55cff13b..a5b97831 100644 --- a/library/common/templates/lib/ingress/_validation.tpl +++ b/library/common/templates/lib/ingress/_validation.tpl @@ -95,6 +95,33 @@ objectData: {{- end -}} {{- end -}} + {{- range $t := $objectData.tls -}} + {{- if not $t.hosts -}} + {{- fail "Ingress - Expected non-empty [tls.hosts]" -}} + {{- end -}} + + {{- if not (kindIs "slice" $t.hosts) -}} + {{- fail (printf "Ingress - Expected [tls.hosts] to be a [slice], but got [%s]" (kindOf $t.hosts)) -}} + {{- end -}} + + {{- range $h := $t.hosts -}} + {{- if not $h.host -}} + {{- fail "Ingress - Expected non-empty [tls.hosts.host]" -}} + {{- end -}} + + {{- $host := tpl $h.host $rootCtx -}} + {{- if (hasPrefix "http://" $host) -}} + {{- fail (printf "Ingress - Expected [tls.hosts.host] to not start with [http://], but got [%s]" $host) -}} + {{- end -}} + {{- if (hasPrefix "https://" $host) -}} + {{- fail (printf "Ingress - Expected [tls.hosts.host] to not start with [https://], but got [%s]" $host) -}} + {{- end -}} + {{- if (contains ":" $host) -}} + {{- fail (printf "Ingress - Expected [tls.hosts.host] to not contain [:], but got [%s]" $host) -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} {{/* Ingress Primary Validation */}}