diff --git a/dataclients/kubernetes/hosts.go b/dataclients/kubernetes/hosts.go index cb6e201ac3..c6cbb04af7 100644 --- a/dataclients/kubernetes/hosts.go +++ b/dataclients/kubernetes/hosts.go @@ -16,7 +16,7 @@ func createHostRx(hosts ...string) string { hrx := make([]string, len(hosts)) for i, host := range hosts { if strings.HasPrefix(host, "*.") { - host = strings.Replace(host, "*", "[a-z0-9]+(-[a-z0-9]+)?", 1) + host = strings.Replace(host, "*", "[a-z0-9]+((-[a-z0-9]+)?)*", 1) } // trailing dots and port are not allowed in kube // ingress spec, so we can append optional setting diff --git a/dataclients/kubernetes/hosts_test.go b/dataclients/kubernetes/hosts_test.go index 677e99fc81..3e2f668ae0 100644 --- a/dataclients/kubernetes/hosts_test.go +++ b/dataclients/kubernetes/hosts_test.go @@ -20,7 +20,7 @@ func TestHostsToRegex(t *testing.T) { { msg: "wildcard", host: "*.example.org", - regex: "^([a-z0-9]+(-[a-z0-9]+)?[.]example[.]org[.]?(:[0-9]+)?)$", + regex: "^([a-z0-9]+((-[a-z0-9]+)?)*[.]example[.]org[.]?(:[0-9]+)?)$", }, } { t.Run(ti.msg, func(t *testing.T) { diff --git a/dataclients/kubernetes/testdata/ingressV1/ingress-data/wildcard-ing-prefix.eskip b/dataclients/kubernetes/testdata/ingressV1/ingress-data/wildcard-ing-prefix.eskip index 345f474ae2..99c886544e 100644 --- a/dataclients/kubernetes/testdata/ingressV1/ingress-data/wildcard-ing-prefix.eskip +++ b/dataclients/kubernetes/testdata/ingressV1/ingress-data/wildcard-ing-prefix.eskip @@ -1,3 +1,3 @@ kube_foo__qux____example_org_____qux: - Host("^([a-z0-9]+(-[a-z0-9]+)?[.]example[.]org[.]?(:[0-9]+)?)$") && PathSubtree("/") + Host("^([a-z0-9]+((-[a-z0-9]+)?)*[.]example[.]org[.]?(:[0-9]+)?)$") && PathSubtree("/") -> ; diff --git a/predicates/forwarded/forwarded_test.go b/predicates/forwarded/forwarded_test.go index a7ed04d94e..7b05341af6 100644 --- a/predicates/forwarded/forwarded_test.go +++ b/predicates/forwarded/forwarded_test.go @@ -164,9 +164,9 @@ func TestForwardedHost(t *testing.T) { isError: false, }, { msg: "wildcard host should match", - host: "^([a-z0-9]+(-[a-z0-9]+)?[.]example[.]org[.]?(:[0-9]+)?)$", // *.example.org + host: "^([a-z0-9]+((-[a-z0-9]+)?)*[.]example[.]org[.]?(:[0-9]+)?)$", // *.example.org r: request{ - url: "https://test.example.com/index.html", + url: "https://test.example.org/index.html", headers: http.Header{ "Forwarded": []string{`host="test.example.org"`}, }, @@ -175,9 +175,9 @@ func TestForwardedHost(t *testing.T) { isError: false, }, { msg: "wildcard 2 host should match", - host: "^([a-z0-9]+(-[a-z0-9]+)?[.]example[.]org[.]?(:[0-9]+)?)$", // *.example.org + host: "^([a-z0-9]+((-[a-z0-9]+)?)*[.]example[.]org[.]?(:[0-9]+)?)$", // *.example.org r: request{ - url: "https://test-v2.example.com/index.html", + url: "https://test-v2.example.org/index.html", headers: http.Header{ "Forwarded": []string{`host="test-v2.example.org"`}, }, @@ -185,12 +185,23 @@ func TestForwardedHost(t *testing.T) { matches: true, isError: false, }, { - msg: "wildcard 3 host shouldn't match", - host: "^([a-z0-9]+(-[a-z0-9]+)?[.]example[.]org[.]?(:[0-9]+)?)$", // *.example.org + msg: "wildcard 3 host should match", + host: "^([a-z0-9]+((-[a-z0-9]+)?)*[.]example[.]org[.]?(:[0-9]+)?)$", // *.example.org r: request{ - url: "https://test-.example.com/index.html", + url: "https://test-v2-v3.example.org/index.html", headers: http.Header{ - "Forwarded": []string{`host="test-.example.com"`}, + "Forwarded": []string{`host="test-v2-v3.example.org"`}, + }, + }, + matches: true, + isError: false, + }, { + msg: "wildcard 4 host shouldn't match", + host: "^([a-z0-9]+((-[a-z0-9]+)?)*[.]example[.]org[.]?(:[0-9]+)?)$", // *.example.org + r: request{ + url: "https://test-.example.org/index.html", + headers: http.Header{ + "Forwarded": []string{`host="test-.example.org"`}, }, }, matches: false,