8000 Fix panic when creating VirtualServer (#6232) · nginx/kubernetes-ingress@e753ec4 · GitHub
[go: up one dir, main page]
Skip to content

Commit e753ec4

Browse files
hafeJim Ryan
hafe
and
Jim Ryan
authored
Fix panic when creating VirtualServer (#6232)
Closes #6231 Co-authored-by: Jim Ryan <j.ryan@f5.com>
1 parent e7c2aba commit e753ec4

File tree

2 files changed

+104
-2
lines changed

2 files changed

+104
-2
lines changed

internal/k8s/controller.go

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3420,7 +3420,13 @@ func (lbc *LoadBalancerController) getPolicies(policies []conf_v1.PolicyReferenc
34203420
var exists bool
34213421
var err error
34223422

3423-
policyObj, exists, err = lbc.getNamespacedInformer(polNamespace).policyLister.GetByKey(policyKey)
3423+
nsi := lbc.getNamespacedInformer(polNamespace)
3424+
if nsi == nil {
3425+
errors = append(errors, fmt.Errorf("failed to get namespace %s", polNamespace))
3426+
continue
3427+
}
3428+
3429+
policyObj, exists, err = nsi.policyLister.GetByKey(policyKey)
34243430
if err != nil {
34253431
errors = append(errors, fmt.Errorf("failed to get policy %s: %w", policyKey, err))
34263432
continue

internal/k8s/controller_test.go

Lines changed: 97 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2005,7 +2005,7 @@ func TestGetStatusFromEventTitle(t *testing.T) {
20052005
}
20062006
}
20072007

2008-
func TestGetPolicies(t *testing.T) {
2008+
func TestGetPoliciesGlobalWatch(t *testing.T) {
20092009
t.Parallel()
20102010
validPolicy := &conf_v1.Policy{
20112011
ObjectMeta: meta_v1.ObjectMeta{
@@ -2105,6 +2105,102 @@ func TestGetPolicies(t *testing.T) {
21052105
}
21062106
}
21072107

2108+
func TestGetPoliciesNamespacedWatch(t *testing.T) {
2109+
t.Parallel()
2110+
validPolicy := &conf_v1.Policy{
2111+
ObjectMeta: meta_v1.ObjectMeta{
2112+
Name: "valid-policy",
2113+
Namespace: "default",
2114+
},
2115+
Spec: conf_v1.PolicySpec{
2116+
AccessControl: &conf_v1.AccessControl{
2117+
Allow: []string{"127.0.0.1"},
2118+
},
2119+
},
2120+
}
2121+
2122+
validPolicyIngressClass := &conf_v1.Policy{
2123+
ObjectMeta: meta_v1.ObjectMeta{
2124+
Name: "valid-policy-ingress-class",
2125+
Namespace: "default",
2126+
},
2127+
Spec: conf_v1.PolicySpec{
2128+
IngressClass: "test-class",
2129+
AccessControl: &conf_v1.AccessControl{
2130+
Allow: []string{"127.0.0.1"},
2131+
},
2132+
},
2133+
}
2134+
2135+
invalidPolicy := &conf_v1.Policy{
2136+
ObjectMeta: meta_v1.ObjectMeta{
2137+
Name: "invalid-policy",
2138+
Namespace: "default",
2139+
},
2140+
Spec: conf_v1.PolicySpec{},
2141+
}
2142+
2143+
policyLister := &cache.FakeCustomStore{
2144+
GetByKeyFunc: func(key string) (item interface{}, exists bool, err error) {
2145+
switch key {
2146+
case "default/valid-policy":
2147+
return validPolicy, true, nil
2148+
case "default/valid-policy-ingress-class":
2149+
return validPolicyIngressClass, true, nil
2150+
case "default/invalid-policy":
2151+
return invalidPolicy, true, nil
2152+
case "nginx-ingress/valid-policy":
2153+
return nil, false, nil
2154+
default:
2155+
return nil, false, errors.New("GetByKey error")
2156+
}
2157+
},
2158+
}
2159+
2160+
nsi := make(map[string]*namespacedInformer)
2161+
// simulate a watch of the default namespace
2162+
nsi["default"] = &namespacedInformer{policyLister: policyLister}
2163+
2164+
lbc := LoadBalancerController{
2165+
isNginxPlus: true,
2166+
namespacedInformers: nsi,
2167+
}
2168+
2169+
policyRefs := []conf_v1.PolicyReference{
2170+
{
2171+
Name: "valid-policy",
2172+
// Namespace is implicit here
2173+
},
2174+
{
2175+
Name: "invalid-policy",
2176+
Namespace: "default",
2177+
},
2178+
{
2179+
Name: "valid-policy", // doesn't exist
2180+
Namespace: "nginx-ingress", // not watched
2181+
},
2182+
{
2183+
Name: "valid-policy-ingress-class",
2184+
Namespace: "default",
2185+
},
2186+
}
2187+
2188+
expectedPolicies := []*conf_v1.Policy{validPolicy}
2189+
expectedErrors := []error{
2190+
errors.New("policy default/invalid-policy is invalid: spec: Invalid value: \"\": must specify exactly one of: `accessControl`, `rateLimit`, `ingressMTLS`, `egressMTLS`, `basicAuth`, `apiKey`, `jwt`, `oidc`, `waf`"),
2191+
errors.New("failed to get namespace nginx-ingress"),
2192+
errors.New("referenced policy default/valid-policy-ingress-class has incorrect ingress class: test-class (controller ingress class: )"),
2193+
}
2194+
2195+
result, errors := lbc.getPolicies(policyRefs, "default")
2196+
if !reflect.DeepEqual(result, expectedPolicies) {
2197+
t.Errorf("lbc.getPolicies() returned \n%v but \nexpected %v", result, expectedPolicies)
2198+
}
2199+
if diff := cmp.Diff(expectedErrors, errors, cmp.Comparer(errorComparer)); diff != "" {
2200+
t.Errorf("lbc.getPolicies() mismatch (-want +got):\n%s", diff)
2201+
}
2202+
}
2203+
21082204
func TestCreatePolicyMap(t *testing.T) {
21092205
t.Parallel()
21102206
policies := []*conf_v1.Policy{

0 commit comments

Comments
 (0)
0