Skip to content

Remove in-code validation of already CEL validated fields when appropriate #1984

New issue
New issue
Open
Open
Remove in-code validation of already CEL validated fields when appropriate#1984
Labels
backlogCurrently unprioritized work. May change with user feedback or as the product progresses.tech-debtShort-term pain, long-term benefit
@ciarams87

Description

@ciarams87
ciarams87
opened on May 16, 2024

When the Gateway API moved to CEL validation from the web hook, we removed a lot of duplicated validation logic from our codebase as CEL validation is much trickier to circumvent than the web hook was. The exception is when removing the validation could result in insecure configuration (e.g. insecure NGINX config).

We still have some areas where this validation is being duplicated - for example, in internal/mode/static/state/graph/backend_tls_policy.go. If our strategy going forward is to assume the CEL validation has taken place, we should remove the duplicated, non-security related, validation from our code base.

A/C:

Remove duplicated validation from the codebase where it is not required for security reasons

Metadata

Metadata

Assignees

No one assigned

    Labels

    backlogCurrently unprioritized work. May change with user feedback or as the product progresses.tech-debtShort-term pain, long-term benefit

    Type

    No type

    Projects

    NGINX Gateway Fabric

    Status

    🆕 New

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions