Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement annotation validation #9673

Merged
merged 14 commits into from
Jul 22, 2023
Merged

Implement annotation validation #9673

merged 14 commits into from
Jul 22, 2023

Conversation

rikatz
Copy link
Contributor

@rikatz rikatz commented Feb 27, 2023

What this PR does / why we need it:

This is the initial work on getting a better sanitization on all annotations.

It changes the checkAnnotation string to get some AnnotationConfig and fields, and receives a validation function for each annotation.

It also enforces the existence of the functions. Also, adds some documentations and risks that will be used later for automated documentation

TODO:

  • Do this for all annotations
  • Create a verify job to check if all annotations has proper validators, otherwise it should not be merged

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • CVE Report (Scanner found CVE and adding report)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation only

Which issue/s this PR fixes

How Has This Been Tested?

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I've read the CONTRIBUTION guide
  • I have added unit and/or e2e tests to cover my changes.
  • All new and existing tests passed.
  • Added Release Notes.

Does my pull request need a release note?

Any user-visible or operator-visible change qualifies for a release note. This could be a:

  • CLI change
  • API change
  • UI change
  • configuration schema change
  • behavioral change
  • change in non-functional attributes such as efficiency or availability, availability of a new platform
  • a warning about a deprecation
  • fix of a previous Known Issue
  • fix of a vulnerability (CVE)

No release notes are required for changes to the following:

  • Tests
  • Build infrastructure
  • Fixes for unreleased bugs

For more tips on writing good release notes, check out the Release Notes Handbook

All annotations has its own validation now and enforces this validations.

@k8s-ci-robot
Copy link
Contributor

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Feb 27, 2023
@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Feb 27, 2023
@k8s-ci-robot
Copy link
Contributor

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-priority size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Feb 27, 2023
@rikatz rikatz force-pushed the validate-annotations branch 2 times, most recently from 4a36f02 to bbb3203 Compare June 11, 2023 22:08
@rikatz rikatz marked this pull request as ready for review June 11, 2023 22:09
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 11, 2023
@tao12345666333 tao12345666333 self-assigned this Jun 12, 2023
@rikatz
Copy link
Contributor Author

rikatz commented Jun 12, 2023 

Summarizing 20 Failures:
  [FAIL] [Annotations] proxy-* [It] should build proxy next upstream
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/framework.go:249
  [FAIL] [Annotations] proxy-ssl-* [It] should set valid proxy-ssl-secret, proxy-ssl-ciphers to HIGH:!AES
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/framework.go:249
  [FAIL] [Annotations] cors-* [It] should not match
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/httpexpect/reporter.go:47
  [FAIL] [Annotations] cors-* [It] should allow - single origin for multiple cors values
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/httpexpect/reporter.go:47
  [FAIL] [Annotations] cors-* [It] should allow - matching origin with wildcard origin (2 subdomains)
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/httpexpect/reporter.go:47
  [FAIL] [Setting] [Security] global-auth-url when global external authentication is configured [It] should return status code 200 when request whitelisted (via ingress annotation) service and 401 when request protected service
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/httpexpect/reporter.go:47
  [FAIL] [Annotations] cors-* [It] should not allow - unmatching origin with wildcard origin (2 subdomains)
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/httpexpect/reporter.go:47
  [FAIL] [Annotations] cors-* [It] should not allow - single origin for multiple cors values
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/httpexpect/reporter.go:47
  [FAIL] [Annotations] cors-* [It] should allow - matching origin+port with wildcard origin
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/httpexpect/reporter.go:47
  [FAIL] [Annotations] auth-tls-* [It] should return 200 using auth-tls-match-cn where atleast one of the regex options matches CN from client
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/framework.go:249
  [FAIL] [Annotations] cors-* [It] should allow correct origins - missing subdomain + origin with wildcard origin and correct origin
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/httpexpect/reporter.go:47
  [FAIL] [Annotations] cors-* [It] should allow - single origin with required port
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/httpexpect/reporter.go:47
  [FAIL] [Annotations] cors-* [It] should allow correct origins - single origin for multiple cors values
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/httpexpect/reporter.go:47
  [FAIL] [Annotations] annotation-global-rate-limit [It] generates correct configuration
  /go/src/k8s.io/ingress-nginx/test/e2e/annotations/globalratelimit.go:79
  [FAIL] [Annotations] cors-* [It] should not allow - single origin without port and origin with required port
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/httpexpect/reporter.go:47
  [FAIL] [Annotations] proxy-* [It] should setup proxy cookies
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/framework.go:249
  [FAIL] [Annotations] backend-protocol - GRPC [It] authorization metadata should be overwritten by external auth response headers
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/framework.go:249
  [FAIL] [Annotations] cors-* [It] should not allow - single origin with port and origin without port
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/httpexpect/reporter.go:47
  [FAIL] [Annotations] custom-http-errors [It] configures Nginx correctly
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/framework.go:249
  [FAIL] [Annotations] cors-* [It] should not allow - portless origin with wildcard origin
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/httpexpect/reporter.go:47

Ran 418 of 424 Specs in 2708.255 seconds
FAIL! -- 398 Passed | 20 Failed | 0 Pending | 6 Skipped

Not that bad :D

tao12345666333
tao12345666333 reviewed Jun 12, 2023
View reviewed changes
Copy link
Member

@tao12345666333 tao12345666333 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still haven't finished all 😅

internal/ingress/annotations/alias/main_test.go Outdated Show resolved Hide resolved
internal/ingress/annotations/annotations.go Show resolved Hide resolved
@rikatz
Copy link
Contributor Author

rikatz commented Jun 12, 2023
edited
Loading 

Summarizing 2 Failures:
  [FAIL] [Setting] [Security] global-auth-url when global external authentication is configured [It] should return status code 200 when request whitelisted (via ingress annotation) service and 401 when request protected service
  /go/src/k8s.io/ingress-nginx/test/e2e/framework/httpexpect/reporter.go:47

Ran 418 of 424 Specs in 2669.888 seconds
FAIL! -- 412 Passed | 2 Failed | 0 Pending | 6 Skipped

tao12345666333
tao12345666333 reviewed Jun 13, 2023
View reviewed changes
Copy link
Member

@tao12345666333 tao12345666333 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

internal/ingress/annotations/parser/validators.go Outdated Show resolved Hide resolved
@strongjz
Copy link
Member

/cherry-pick release-1.9

@k8s-infra-cherrypick-robot
Copy link
Contributor

@strongjz: once the present PR merges, I will cherry-pick it on top of release-1.9 in a new PR and assign it to you.

In response to this:

/cherry-pick release-1.9

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

tao12345666333
tao12345666333 approved these changes Jul 22, 2023
View reviewed changes
Copy link
Member

@tao12345666333 tao12345666333 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/ok-to-test
/lgtm

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. lgtm "Looks good to me", indicates that a PR is ready to be merged. labels Jul 22, 2023
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rikatz, tao12345666333

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [rikatz,tao12345666333]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit c5f348e into kubernetes:main Jul 22, 2023
37 checks passed
@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Jul 22, 2023
Closed
@k8s-infra-cherrypick-robot
Copy link
Contributor

@strongjz: new pull request created: #10236

In response to this:

/cherry-pick release-1.9

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@strongjz
Copy link
Member

/cherry-pick release-1.9

@k8s-infra-cherrypick-robot
Copy link
Contributor

@strongjz: #9673 failed to apply on top of branch "release-1.9":

Applying: Add validation to all annotations
Using index info to reconstruct a base tree...
M	internal/ingress/annotations/alias/main.go
M	internal/ingress/annotations/alias/main_test.go
M	internal/ingress/annotations/annotations.go
M	internal/ingress/annotations/annotations_test.go
M	internal/ingress/annotations/auth/main.go
M	internal/ingress/annotations/auth/main_test.go
M	internal/ingress/annotations/authreq/main.go
M	internal/ingress/annotations/authreq/main_test.go
M	internal/ingress/annotations/authreqglobal/main.go
M	internal/ingress/annotations/authtls/main.go
M	internal/ingress/annotations/authtls/main_test.go
M	internal/ingress/annotations/backendprotocol/main.go
M	internal/ingress/annotations/backendprotocol/main_test.go
M	internal/ingress/annotations/canary/main.go
M	internal/ingress/annotations/clientbodybuffersize/main.go
M	internal/ingress/annotations/clientbodybuffersize/main_test.go
M	internal/ingress/annotations/connection/main.go
M	internal/ingress/annotations/connection/main_test.go
M	internal/ingress/annotations/cors/main.go
M	internal/ingress/annotations/cors/main_test.go
M	internal/ingress/annotations/customhttperrors/main.go
M	internal/ingress/annotations/defaultbackend/main.go
M	internal/ingress/annotations/defaultbackend/main_test.go
M	internal/ingress/annotations/globalratelimit/main.go
M	internal/ingress/annotations/globalratelimit/main_test.go
M	internal/ingress/annotations/http2pushpreload/main.go
M	internal/ingress/annotations/http2pushpreload/main_test.go
M	internal/ingress/annotations/ipdenylist/main.go
M	internal/ingress/annotations/ipdenylist/main_test.go
A	internal/ingress/annotations/ipwhitelist/main.go
A	internal/ingress/annotations/ipwhitelist/main_test.go
M	internal/ingress/annotations/loadbalancing/main.go
M	internal/ingress/annotations/loadbalancing/main_test.go
M	internal/ingress/annotations/log/main.go
M	internal/ingress/annotations/log/main_test.go
M	internal/ingress/annotations/mirror/main.go
M	internal/ingress/annotations/mirror/main_test.go
M	internal/ingress/annotations/modsecurity/main.go
M	internal/ingress/annotations/opentelemetry/main.go
M	internal/ingress/annotations/opentelemetry/main_test.go
M	internal/ingress/annotations/opentracing/main.go
M	internal/ingress/annotations/opentracing/main_test.go
M	internal/ingress/annotations/parser/main.go
M	internal/ingress/annotations/parser/main_test.go
M	internal/ingress/annotations/portinredirect/main.go
M	internal/ingress/annotations/portinredirect/main_test.go
M	internal/ingress/annotations/proxy/main.go
M	internal/ingress/annotations/proxy/main_test.go
M	internal/ingress/annotations/proxyssl/main.go
M	internal/ingress/annotations/proxyssl/main_test.go
M	internal/ingress/annotations/ratelimit/main.go
M	internal/ingress/annotations/ratelimit/main_test.go
M	internal/ingress/annotations/redirect/redirect.go
M	internal/ingress/annotations/redirect/redirect_test.go
M	internal/ingress/annotations/rewrite/main.go
M	internal/ingress/annotations/rewrite/main_test.go
M	internal/ingress/annotations/satisfy/main.go
M	internal/ingress/annotations/satisfy/main_test.go
M	internal/ingress/annotations/serversnippet/main.go
M	internal/ingress/annotations/serversnippet/main_test.go
M	internal/ingress/annotations/serviceupstream/main.go
M	internal/ingress/annotations/serviceupstream/main_test.go
M	internal/ingress/annotations/sessionaffinity/main.go
M	internal/ingress/annotations/snippet/main.go
M	internal/ingress/annotations/snippet/main_test.go
M	internal/ingress/annotations/sslcipher/main.go
M	internal/ingress/annotations/sslcipher/main_test.go
M	internal/ingress/annotations/sslpassthrough/main.go
M	internal/ingress/annotations/sslpassthrough/main_test.go
M	internal/ingress/annotations/streamsnippet/main.go
M	internal/ingress/annotations/streamsnippet/main_test.go
M	internal/ingress/annotations/upstreamhashby/main.go
M	internal/ingress/annotations/upstreamhashby/main_test.go
M	internal/ingress/annotations/upstreamvhost/main.go
M	internal/ingress/annotations/upstreamvhost/main_test.go
M	internal/ingress/annotations/xforwardedprefix/main.go
M	internal/ingress/annotations/xforwardedprefix/main_test.go
M	internal/ingress/controller/controller.go
M	internal/ingress/controller/controller_test.go.git/rebase-apply/patch:117: trailing whitespace.
			Documentation: `this annotation can be used to define additional server 
.git/rebase-apply/patch:732: trailing whitespace.
			Documentation: `This annotation enables setting a cookie returned by auth request. 
.git/rebase-apply/patch:1337: trailing whitespace.
			Documentation: `this annotation can be used to define which protocol should 
.git/rebase-apply/patch:1467: trailing whitespace.
			Documentation: `This annotation defines the header value to match for notifying the Ingress to route the request to the service specified in the Canary Ingress. 
.git/rebase-apply/patch:1468: trailing whitespace.
			When the request header is set to this value, it will be routed to the canary. For any other header value, the header will be ignored and the request compared against the other canary rules by precedence. 
warning: squelched 34 whitespace errors
warning: 39 lines add whitespace errors.

M	internal/ingress/controller/store/store.go
M	internal/ingress/controller/store/store_test.go
M	internal/ingress/errors/errors.go
M	pkg/apis/ingress/types.go
M	pkg/apis/ingress/types_equals.go
M	rootfs/etc/nginx/template/nginx.tmpl
A	test/e2e/annotations/ipwhitelist.go
Falling back to patching base and 3-way merge...
Auto-merging test/e2e/annotations/ipallowlist.go
Auto-merging rootfs/etc/nginx/template/nginx.tmpl
Auto-merging pkg/apis/ingress/types_equals.go
Auto-merging pkg/apis/ingress/types.go
Auto-merging internal/ingress/errors/errors.go
CONFLICT (content): Merge conflict in internal/ingress/errors/errors.go
Auto-merging internal/ingress/controller/store/store_test.go
CONFLICT (content): Merge conflict in internal/ingress/controller/store/store_test.go
Auto-merging internal/ingress/controller/store/store.go
CONFLICT (content): Merge conflict in internal/ingress/controller/store/store.go
Auto-merging internal/ingress/controller/controller_test.go
Auto-merging internal/ingress/controller/controller.go
CONFLICT (content): Merge conflict in internal/ingress/controller/controller.go
Auto-merging internal/ingress/annotations/xforwardedprefix/main_test.go
Auto-merging internal/ingress/annotations/xforwardedprefix/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/xforwardedprefix/main.go
Auto-merging internal/ingress/annotations/upstreamvhost/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/upstreamvhost/main.go
Auto-merging internal/ingress/annotations/upstreamhashby/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/upstreamhashby/main.go
Auto-merging internal/ingress/annotations/streamsnippet/main_test.go
Auto-merging internal/ingress/annotations/streamsnippet/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/streamsnippet/main.go
Auto-merging internal/ingress/annotations/sslpassthrough/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/sslpassthrough/main.go
Auto-merging internal/ingress/annotations/sslcipher/main_test.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/sslcipher/main_test.go
Auto-merging internal/ingress/annotations/sslcipher/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/sslcipher/main.go
Auto-merging internal/ingress/annotations/snippet/main_test.go
Auto-merging internal/ingress/annotations/snippet/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/snippet/main.go
Auto-merging internal/ingress/annotations/sessionaffinity/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/sessionaffinity/main.go
Auto-merging internal/ingress/annotations/serviceupstream/main_test.go
Auto-merging internal/ingress/annotations/serviceupstream/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/serviceupstream/main.go
Auto-merging internal/ingress/annotations/serversnippet/main_test.go
Auto-merging internal/ingress/annotations/serversnippet/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/serversnippet/main.go
Auto-merging internal/ingress/annotations/satisfy/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/satisfy/main.go
Auto-merging internal/ingress/annotations/rewrite/main_test.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/rewrite/main_test.go
Auto-merging internal/ingress/annotations/rewrite/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/rewrite/main.go
Auto-merging internal/ingress/annotations/redirect/redirect_test.go
Auto-merging internal/ingress/annotations/redirect/redirect.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/redirect/redirect.go
Auto-merging internal/ingress/annotations/ratelimit/main.go
Auto-merging internal/ingress/annotations/proxyssl/main_test.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/proxyssl/main_test.go
Auto-merging internal/ingress/annotations/proxyssl/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/proxyssl/main.go
Auto-merging internal/ingress/annotations/proxy/main_test.go
Auto-merging internal/ingress/annotations/proxy/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/proxy/main.go
Auto-merging internal/ingress/annotations/portinredirect/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/portinredirect/main.go
CONFLICT (add/add): Merge conflict in internal/ingress/annotations/parser/validators_test.go
Auto-merging internal/ingress/annotations/parser/validators_test.go
CONFLICT (add/add): Merge conflict in internal/ingress/annotations/parser/validators.go
Auto-merging internal/ingress/annotations/parser/validators.go
Auto-merging internal/ingress/annotations/parser/main_test.go
Auto-merging internal/ingress/annotations/parser/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/parser/main.go
Auto-merging internal/ingress/annotations/opentracing/main_test.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/opentracing/main_test.go
Auto-merging internal/ingress/annotations/opentracing/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/opentracing/main.go
Auto-merging internal/ingress/annotations/opentelemetry/main_test.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/opentelemetry/main_test.go
Auto-merging internal/ingress/annotations/opentelemetry/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/opentelemetry/main.go
Auto-merging internal/ingress/annotations/modsecurity/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/modsecurity/main.go
Auto-merging internal/ingress/annotations/mirror/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/mirror/main.go
Auto-merging internal/ingress/annotations/log/main_test.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/log/main_test.go
Auto-merging internal/ingress/annotations/log/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/log/main.go
Auto-merging internal/ingress/annotations/loadbalancing/main_test.go
Auto-merging internal/ingress/annotations/loadbalancing/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/loadbalancing/main.go
Auto-merging internal/ingress/annotations/ipdenylist/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/ipdenylist/main.go
Auto-merging internal/ingress/annotations/ipallowlist/main_test.go
Auto-merging internal/ingress/annotations/ipallowlist/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/ipallowlist/main.go
Auto-merging internal/ingress/annotations/http2pushpreload/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/http2pushpreload/main.go
Auto-merging internal/ingress/annotations/globalratelimit/main_test.go
Auto-merging internal/ingress/annotations/globalratelimit/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/globalratelimit/main.go
Auto-merging internal/ingress/annotations/defaultbackend/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/defaultbackend/main.go
Auto-merging internal/ingress/annotations/customhttperrors/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/customhttperrors/main.go
Auto-merging internal/ingress/annotations/cors/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/cors/main.go
Auto-merging internal/ingress/annotations/connection/main_test.go
Auto-merging internal/ingress/annotations/connection/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/connection/main.go
Auto-merging internal/ingress/annotations/clientbodybuffersize/main_test.go
Auto-merging internal/ingress/annotations/clientbodybuffersize/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/clientbodybuffersize/main.go
Auto-merging internal/ingress/annotations/canary/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/canary/main.go
Auto-merging internal/ingress/annotations/backendprotocol/main_test.go
Auto-merging internal/ingress/annotations/backendprotocol/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/backendprotocol/main.go
Auto-merging internal/ingress/annotations/authtls/main_test.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/authtls/main_test.go
Auto-merging internal/ingress/annotations/authtls/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/authtls/main.go
Auto-merging internal/ingress/annotations/authreqglobal/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/authreqglobal/main.go
Auto-merging internal/ingress/annotations/authreq/main_test.go
Auto-merging internal/ingress/annotations/authreq/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/authreq/main.go
Auto-merging internal/ingress/annotations/auth/main_test.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/auth/main_test.go
Auto-merging internal/ingress/annotations/auth/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/auth/main.go
Auto-merging internal/ingress/annotations/annotations_test.go
Auto-merging internal/ingress/annotations/annotations.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/annotations.go
Auto-merging internal/ingress/annotations/alias/main_test.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/alias/main_test.go
Auto-merging internal/ingress/annotations/alias/main.go
CONFLICT (content): Merge conflict in internal/ingress/annotations/alias/main.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Add validation to all annotations
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release-1.9

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@miklezzzz miklezzzz mentioned this pull request Oct 26, 2023
Merged
4 tasks
@joshsleeper joshsleeper mentioned this pull request Nov 8, 2023
Closed
@longwuyuan longwuyuan mentioned this pull request Nov 15, 2023
Open
@strongjz strongjz mentioned this pull request Jan 18, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@z1cheng z1cheng z1cheng left review comments

@tao12345666333 tao12345666333 tao12345666333 approved these changes

@strongjz strongjz Awaiting requested review from strongjz

Assignees

@tao12345666333 tao12345666333

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/docs area/helm Issues or PRs related to helm charts cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-priority needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges.
Projects
[SIG Network] Ingress NGINX
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@rikatz @k8s-ci-robot @tao12345666333 @strongjz @k8s-infra-cherrypick-robot @z1cheng