nginx-gateway-fabric
nginx-gateway-fabric copied to clipboard
Remove in-code validation of already CEL validated fields when appropriate
When the Gateway API moved to CEL validation from the web hook, we removed a lot of duplicated validation logic from our codebase as CEL validation is much trickier to circumvent than the web hook was. The exception is when removing the validation could result in insecure configuration (e.g. insecure NGINX config).
We still have some areas where this validation is being duplicated - for example, in internal/mode/static/state/graph/backend_tls_policy.go
. If our strategy going forward is to assume the CEL validation has taken place, we should remove the duplicated, non-security related, validation from our code base.
A/C:
Remove duplicated validation from the codebase where it is not required for security reasons