Skip to content

Commit 262f93d

Browse files
jhadvigjhadvig
committed
OCPBUGS-74506: Remove ConsolePluginSecurityPolicy featuregate
1 parent c16ec2b commit 262f93d

16 files changed

+310
-583
lines changed

console/v1/tests/consoleplugins.console.openshift.io/AAA_ungated.yaml

Lines changed: 186 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -87,3 +87,189 @@ tests:
8787
i18n:
8888
loadType: Invalid
8989
expectedError: "Unsupported value: \"Invalid\""
90+
- name: Should be able to create a ConsolePlugin with valid CSP configuration
91+
initial: |
92+
apiVersion: console.openshift.io/v1
93+
kind: ConsolePlugin
94+
spec:
95+
displayName: foo
96+
backend:
97+
type: Service
98+
contentSecurityPolicy:
99+
- directive: ScriptSrc
100+
values:
101+
- https://script1.com/
102+
- directive: ImgSrc
103+
values:
104+
- https://img1.com/
105+
expected: |
106+
apiVersion: console.openshift.io/v1
107+
kind: ConsolePlugin
108+
spec:
109+
displayName: foo
110+
backend:
111+
type: Service
112+
contentSecurityPolicy:
113+
- directive: ScriptSrc
114+
values:
115+
- https://script1.com/
116+
- directive: ImgSrc
117+
values:
118+
- https://img1.com/
119+
- name: Should throw an error for duplicate CSP directive entries
120+
initial: |
121+
apiVersion: console.openshift.io/v1
122+
kind: ConsolePlugin
123+
spec:
124+
displayName: foo
125+
backend:
126+
type: Service
127+
contentSecurityPolicy:
128+
- directive: ScriptSrc
129+
values:
130+
- https://script1.com/
131+
- directive: ScriptSrc
132+
values:
133+
- https://script1.com/
134+
expectedError: "spec.contentSecurityPolicy[1]: Duplicate value: map[string]interface {}{\"directive\":\"ScriptSrc\"}"
135+
- name: Should throw an error for duplicate CSP directive values
136+
initial: |
137+
apiVersion: console.openshift.io/v1
138+
kind: ConsolePlugin
139+
spec:
140+
displayName: foo
141+
backend:
142+
type: Service
143+
contentSecurityPolicy:
144+
- directive: ScriptSrc
145+
values:
146+
- https://script1.com/
147+
- https://script1.com/
148+
expectedError: "spec.contentSecurityPolicy[0].values: Invalid value: \"array\": each CSP directive value must be unique"
149+
- name: Should throw an error for incorrect directive type
150+
initial: |
151+
apiVersion: console.openshift.io/v1
152+
kind: ConsolePlugin
153+
spec:
154+
displayName: foo
155+
backend:
156+
type: Service
157+
contentSecurityPolicy:
158+
- directive: TestSrc
159+
values:
160+
- https://script1.com/
161+
expectedError: "spec.contentSecurityPolicy[0].directive: Unsupported value: \"TestSrc\": supported values: \"DefaultSrc\", \"ScriptSrc\", \"StyleSrc\", \"ImgSrc\", \"FontSrc\""
162+
- name: Should throw an error for invalid CSP directive values, using wildcard
163+
initial: |
164+
apiVersion: console.openshift.io/v1
165+
kind: ConsolePlugin
166+
spec:
167+
displayName: foo
168+
backend:
169+
type: Service
170+
contentSecurityPolicy:
171+
- directive: ScriptSrc
172+
values:
173+
- "*"
174+
expectedError: "spec.contentSecurityPolicy[0].values[0]: Invalid value: \"string\": CSP directive value cannot be a wildcard"
175+
- name: Should be able to create a ConsolePlugin with valid CSP value, using domain with wildcard prefix
176+
initial: |
177+
apiVersion: console.openshift.io/v1
178+
kind: ConsolePlugin
179+
spec:
180+
displayName: foo
181+
backend:
182+
type: Service
183+
contentSecurityPolicy:
184+
- directive: ScriptSrc
185+
values:
186+
- "*.example.com"
187+
expected: |
188+
apiVersion: console.openshift.io/v1
189+
kind: ConsolePlugin
190+
spec:
191+
displayName: foo
192+
backend:
193+
type: Service
194+
contentSecurityPolicy:
195+
- directive: ScriptSrc
196+
values:
197+
- "*.example.com"
198+
- name: Should throw an error for invalid CSP directive values, starting and ending with quotes
199+
initial: |
200+
apiVersion: console.openshift.io/v1
201+
kind: ConsolePlugin
202+
spec:
203+
displayName: foo
204+
backend:
205+
type: Service
206+
contentSecurityPolicy:
207+
- directive: ScriptSrc
208+
values:
209+
- "'none'"
210+
expectedError: "\"string\": CSP directive value cannot contain a quote"
211+
- name: Should throw an error for invalid CSP directive values with quote
212+
initial: |
213+
apiVersion: console.openshift.io/v1
214+
kind: ConsolePlugin
215+
spec:
216+
displayName: foo
217+
backend:
218+
type: Service
219+
contentSecurityPolicy:
220+
- directive: ScriptSrc
221+
values:
222+
- "foo'bar"
223+
expectedError: "\"string\": CSP directive value cannot contain a quote"
224+
- name: Should throw an error for invalid CSP directive values with comma
225+
initial: |
226+
apiVersion: console.openshift.io/v1
227+
kind: ConsolePlugin
228+
spec:
229+
displayName: foo
230+
backend:
231+
type: Service
232+
contentSecurityPolicy:
233+
- directive: ScriptSrc
234+
values:
235+
- "foo,bar"
236+
expectedError: "spec.contentSecurityPolicy[0].values[0]: Invalid value: \"string\": CSP directive value cannot contain a comma"
237+
- name: Should throw an error for invalid CSP directive values with semi-colon
238+
initial: |
239+
apiVersion: console.openshift.io/v1
240+
kind: ConsolePlugin
241+
spec:
242+
displayName: foo
243+
backend:
244+
type: Service
245+
contentSecurityPolicy:
246+
- directive: ScriptSrc
247+
values:
248+
- "foo;bar"
249+
expectedError: "spec.contentSecurityPolicy[0].values[0]: Invalid value: \"string\": CSP directive value cannot contain a semi-colon"
250+
- name: Should throw an error for invalid CSP directive values with whitespace, using space
251+
initial: |
252+
apiVersion: console.openshift.io/v1
253+
kind: ConsolePlugin
254+
spec:
255+
displayName: foo
256+
backend:
257+
type: Service
258+
contentSecurityPolicy:
259+
- directive: ScriptSrc
260+
values:
261+
- https://scr ipt1.com/
262+
expectedError: "spec.contentSecurityPolicy[0].values[0]: Invalid value: \"string\": CSP directive value cannot contain a whitespace"
263+
- name: Should throw an error for invalid CSP directive values with whitespace, using tab
264+
initial: |
265+
apiVersion: console.openshift.io/v1
266+
kind: ConsolePlugin
267+
spec:
268+
displayName: foo
269+
backend:
270+
type: Service
271+
contentSecurityPolicy:
272+
- directive: ScriptSrc
273+
values:
274+
- https://scri pt1.com/
275+
expectedError: "spec.contentSecurityPolicy[0].values[0]: Invalid value: \"string\": CSP directive value cannot contain a whitespace"

console/v1/tests/consoleplugins.console.openshift.io/ConsolePluginContentSecurityPolicy.yaml

Lines changed: 0 additions & 194 deletions
This file was deleted.

console/v1/types_console_plugin.go

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,6 @@ type ConsolePluginSpec struct {
9090
// OpenShift web console server CSP response header:
9191
// Content-Security-Policy: default-src 'self'; base-uri 'self'; script-src 'self' https://script1.com/ https://script2.com/ https://script3.com/; font-src 'self' https://font1.com/ https://font2.com/; img-src 'self' https://img1.com/; style-src 'self'; frame-src 'none'; object-src 'none'
9292
//
93-
// +openshift:enable:FeatureGate=ConsolePluginContentSecurityPolicy
9493
// +kubebuilder:validation:MaxItems=5
9594
// +kubebuilder:validation:XValidation:rule="self.map(x, x.values.map(y, y.size()).sum()).sum() < 8192",message="the total combined size of values of all directives must not exceed 8192 (8kb)"
9695
// +listType=map

0 commit comments

Comments
 (0)