allow exact match upstream host validation (#143)

bcgov · Feb 11, 2025 · f4a6bbe · f4a6bbe
1 parent eed2c51
commit f4a6bbe
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 3 deletions.
diff --git a/microservices/gatewayApi/tests/utils/test_validate_upstream.py b/microservices/gatewayApi/tests/utils/test_validate_upstream.py
@@ -137,6 +137,17 @@ def test_upstream_pass_validation(app):
 
     validate_upstream (y, { "perm-upstreams": ["my-namespace"]}, [], True) 
 
+def test_upstream_pass_validation_exact_match(app):
+    payload = '''
+services:
+  - name: my-service
+    tags: ["ns.mytest", "another"]
+    host: 192.168.1.1
+'''
+    y = yaml.load(payload, Loader=yaml.FullLoader)
+
+    validate_upstream (y, { "perm-upstreams": ["192.168.1.1"]}, [], True) 
+
 def test_upstream_fail_validation(app):
     payload = '''
 services:

diff --git a/microservices/gatewayApi/utils/validators.py b/microservices/gatewayApi/utils/validators.py
@@ -52,7 +52,7 @@ def validate_upstream_host(_host, errors, allow_protected_ns, protected_kube_nam
 
     if host in restricted:
         errors.append("service upstream is invalid (e1)")
-    elif host.endswith('svc'):
+    elif host.endswith('.svc'):
         partials = host.split('.')
         # get the namespace, and make sure it is not in the protected_kube_namespaces list
         if len(partials) != 3:
@@ -61,7 +61,7 @@ def validate_upstream_host(_host, errors, allow_protected_ns, protected_kube_nam
             errors.append("service upstream is invalid (e3)")
         elif do_validate_upstreams and (partials[1] in perm_upstreams) is False:
             errors.append("service upstream is invalid (e6)")
-    elif host.endswith('svc.cluster.local'):
+    elif host.endswith('.svc.cluster.local'):
         partials = host.split('.')
         # get the namespace, and make sure it is not in the protected_kube_namespaces list
         if len(partials) != 5:
@@ -70,5 +70,5 @@ def validate_upstream_host(_host, errors, allow_protected_ns, protected_kube_nam
             errors.append("service upstream is invalid (e5)")
         elif do_validate_upstreams and (partials[1] in perm_upstreams) is False:
             errors.append("service upstream is invalid (e6)")
-    elif do_validate_upstreams:
+    elif do_validate_upstreams and (host in perm_upstreams) is False:
         errors.append("service upstream is invalid (e6)")