TUN-6639: Validate cyclic ingress configuration

sudarshan-reddy · sudarshan-reddy · commit d4d9a43dd7b6 · 2022-08-08T16:52:55.000Z
It is currently possible to set cloudflared to proxy to the hostname
that traffic is ingressing from as an origin service. This change checks
for this configuration error and prompts a change.
diff --git a/ingress/ingress.go b/ingress/ingress.go
@@ -232,6 +232,10 @@ func validateIngress(ingress []config.UnvalidatedIngressRule, defaults OriginReq
 			} else {
 				service = newTCPOverWSService(u)
 			}
+
+			if u.Hostname() == r.Hostname {
+				return Ingress{}, fmt.Errorf("Cyclic Ingress configuration: Hostname:%s points to service:%s.", r.Hostname, r.Service)
+			}
 		}
 
 		if err := validateHostname(r, i, len(ingress)); err != nil {
diff --git a/ingress/ingress_test.go b/ingress/ingress_test.go
@@ -404,6 +404,16 @@ ingress:
    service: https://localhost:8000
  - hostname: "*"
    service: https://localhost:8001
+`},
+			wantErr: true,
+		},
+		{
+			name: "Cyclic hostname definition",
+			args: args{rawYAML: `
+ingress:
+ - hostname: "test.example.com"
+   service: https://test.example.com
+ - service: http_status_404
 `},
 			wantErr: true,
 		},

Original file line number	Diff line number	Diff line change
`@@ -232,6 +232,10 @@ func validateIngress(ingress []config.UnvalidatedIngressRule, defaults OriginReq`
`232`	`232`	`} else {`
`233`	`233`	`service = newTCPOverWSService(u)`
`234`	`234`	`}`
	`235`	`+`
	`236`	`+ if u.Hostname() == r.Hostname {`
	`237`	`+ return Ingress{}, fmt.Errorf("Cyclic Ingress configuration: Hostname:%s points to service:%s.", r.Hostname, r.Service)`
	`238`	`+ }`
`235`	`239`	`}`
`236`	`240`
`237`	`241`	`if err := validateHostname(r, i, len(ingress)); err != nil {`