Skip to content

auth-signin annotation fails validation with encoded url characters #12764

Open
@jasday

Description

@jasday

What happened:

auth-signin annotation validation does not allow url-encoded values. This causes an error when the annotation is being loaded:

W0128 14:50:28.714993       7 validators.go:237] validation error on ingress foo/bar: annotation auth-signin contains invalid value https://example.com/oauth2/start?rd=https%3A%2F%2F$host$request_uri
W0128 14:50:28.715105       7 main.go:332] auth-signin value is invalid: annotation nginx.ingress.kubernetes.io/auth-signin contains invalid value

What you expected to happen:

This should pass validation and be accepted.

NGINX Ingress controller version:

-------------------------------------------------------------------------------
NGINX Ingress controller
  Release:       v1.12.0
  Build:         ba73b2c24d355f1cdcf4b31ef7c5574059f12118
  Repository:    https://github.com/kubernetes/ingress-nginx
  nginx version: nginx/1.25.5

-------------------------------------------------------------------------------

Kubernetes version (use kubectl version):

Environment:

How to reproduce this issue:

Create an ingress with the nginx.ingress.kubernetes.io/auth-signin: annotation, add an encoded character within the value (e.g https:// -> https%3A%2F%2F).

Anything else we need to know:
This was working in v1.11.3 and stopped working when upgrading to v1.12.0

Happy to make a pull request with the changes required, but wanted this to go up first in case there was a specific reason for disallowing the character.

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.needs-priorityneeds-triageIndicates an issue or PR lacks a `triage/foo` label and requires one.

    Type

    No type

    Projects

    • Status

      No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions