TUN-6639: Validate cyclic ingress configuration

It is currently possible to set cloudflared to proxy to the hostname that traffic is ingressing from as an origin service. This change checks for this configuration error and prompts a change.
2022-08-08 15:17:01 +01:00 · 2022-08-08 15:17:01 +01:00 · d4d9a43dd7
parent 046a30e3c7
commit d4d9a43dd7
2 changed files with 14 additions and 0 deletions
--- a/ingress/ingress.go
+++ b/ingress/ingress.go
@ -232,6 +232,10 @@ func validateIngress(ingress []config.UnvalidatedIngressRule, defaults OriginReq
 			} else {
 				service = newTCPOverWSService(u)
 			}
+
+			if u.Hostname() == r.Hostname {
+				return Ingress{}, fmt.Errorf("Cyclic Ingress configuration: Hostname:%s points to service:%s.", r.Hostname, r.Service)
+			}
 		}

 		if err := validateHostname(r, i, len(ingress)); err != nil {
--- a/ingress/ingress_test.go
+++ b/ingress/ingress_test.go
@ -404,6 +404,16 @@ ingress:
   service: https://localhost:8000
 - hostname: "*"
   service: https://localhost:8001
+`},
+			wantErr: true,
+		},
+		{
+			name: "Cyclic hostname definition",
+			args: args{rawYAML: `
+ingress:
+ - hostname: "test.example.com"
+   service: https://test.example.com
+ - service: http_status_404
 `},
 			wantErr: true,
 		},