nginx-gateway-fabric icon indicating copy to clipboard operation
nginx-gateway-fabric copied to clipboard

Remove in-code validation of already CEL validated fields when appropriate

Open ciarams87 opened this issue 9 months ago • 0 comments

When the Gateway API moved to CEL validation from the web hook, we removed a lot of duplicated validation logic from our codebase as CEL validation is much trickier to circumvent than the web hook was. The exception is when removing the validation could result in insecure configuration (e.g. insecure NGINX config).

We still have some areas where this validation is being duplicated - for example, in internal/mode/static/state/graph/backend_tls_policy.go. If our strategy going forward is to assume the CEL validation has taken place, we should remove the duplicated, non-security related, validation from our code base.

A/C:

Remove duplicated validation from the codebase where it is not required for security reasons

ciarams87 avatar May 16 '24 14:05 ciarams87