Description
What happened:
auth-signin
annotation validation does not allow url-encoded values. This causes an error when the annotation is being loaded:
W0128 14:50:28.714993 7 validators.go:237] validation error on ingress foo/bar: annotation auth-signin contains invalid value https://example.com/oauth2/start?rd=https%3A%2F%2F$host$request_uri
W0128 14:50:28.715105 7 main.go:332] auth-signin value is invalid: annotation nginx.ingress.kubernetes.io/auth-signin contains invalid value
What you expected to happen:
This should pass validation and be accepted.
NGINX Ingress controller version:
-------------------------------------------------------------------------------
NGINX Ingress controller
Release: v1.12.0
Build: ba73b2c24d355f1cdcf4b31ef7c5574059f12118
Repository: https://github.com/kubernetes/ingress-nginx
nginx version: nginx/1.25.5
-------------------------------------------------------------------------------
Kubernetes version (use kubectl version
):
Environment:
-
Cloud provider or hardware configuration: AWS EKS Auto Mode
-
OS (e.g. from /etc/os-release): Linux
-
Install tools:
- Created with Terraform, using the helm chart
-
Basic cluster related info:
- Server Version: v1.30.8-eks-2d5f260
-
Others:
I believe https://github.com/kubernetes/ingress-nginx/blob/main/internal/ingress/annotations/parser/validators.go#L47 should be changed to:
urlEnabledChars = regexp.QuoteMeta(',:?&=%')
How to reproduce this issue:
Create an ingress with the nginx.ingress.kubernetes.io/auth-signin: annotation, add an encoded character within the value (e.g https:// -> https%3A%2F%2F).
Anything else we need to know:
This was working in v1.11.3
and stopped working when upgrading to v1.12.0
Happy to make a pull request with the changes required, but wanted this to go up first in case there was a specific reason for disallowing the character.
Metadata
Metadata
Assignees
Labels
Type
Projects
Status
No status