fix(ingress): always deny empty hostnames

projectcapsule · Sep 5, 2023 · 057b9c1 · 057b9c1
1 parent 447cd09
commit 057b9c1
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/pkg/webhook/ingress/errors.go b/pkg/webhook/ingress/errors.go
@@ -47,6 +47,20 @@ func NewIngressHostnameCollision(hostname string) error {
 	return &ingressHostnameCollisionError{hostname: hostname}
 }
 
+func NewEmptyIngressHostname(spec api.AllowedListSpec) error {
+	return &emptyIngressHostnameError{
+		spec: spec,
+	}
+}
+
+type emptyIngressHostnameError struct {
+	spec api.AllowedListSpec
+}
+
+func (e emptyIngressHostnameError) Error() string {
+	return fmt.Sprintf("empty hostname is not allowed for the current Tenant%s", appendHostnameError(e.spec))
+}
+
 func NewIngressHostnamesNotValid(invalidHostnames []string, notMatchingHostnames []string, spec api.AllowedListSpec) error {
 	return &ingressHostnameNotValidError{invalidHostnames: invalidHostnames, notMatchingHostnames: notMatchingHostnames, spec: spec}
 }

diff --git a/pkg/webhook/ingress/validate_hostnames.go b/pkg/webhook/ingress/validate_hostnames.go
@@ -64,7 +64,14 @@ func (r *hostnames) validate(ctx context.Context, client client.Client, req admi
 	}
 
 	hostnameList := sets.New[string]()
+
 	for hostname := range ingress.HostnamePathsPairs() {
+		if len(hostname) == 0 {
+			recorder.Eventf(tenant, corev1.EventTypeWarning, "IngressHostnameEmpty", "Ingress %s/%s hostname is empty", ingress.Namespace(), ingress.Name())
+
+			return utils.ErroredResponse(NewEmptyIngressHostname(*tenant.Spec.IngressOptions.AllowedHostnames))
+		}
+
 		hostnameList.Insert(hostname)
 	}