bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 15 Actions Packages Projects Releases Wiki Activity

harden updatecenter public route methods

Browse Source
This commit is contained in:
Andrew Stoltz
2026-06-18 10:37:53 -05:00
parent 4b58b0ca5f
commit 14195e5da7
4 changed files with 19 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
tests/bluejay-infra-lint/FleetManifestLintTests.cs
View File

@@ -1013,6 +1013,22 @@ public sealed class FleetManifestLintTests
match.Should().NotContain("Method(`POST`)");
}
[Fact]
public void UpdateCenterPublicIngress_KeepsDeliveryOnlyGetHeadMethodAllowlist()
{
var publicIngress = AppDocuments("fc-updater")
.Single(document => document.Kind == "IngressRoute" && document.Name == "updatecenter-web-public");
var route = publicIngress.MappingSequence("spec", "routes").Should().ContainSingle().Subject;
var match = ManifestNodeExtensions.Scalar(route, "match");
match.Should().Contain("Host(`update.flowercore.io`)");
match.Should().Contain("Host(`updates.flowercore.io`)");
match.Should().Contain("Method(`GET`)");
match.Should().Contain("Method(`HEAD`)");
match.Should().NotContain("Method(`POST`)");
match.Should().NotContain("Method(`OPTIONS`)");
}
[Fact]
public void DnsAndMediaIngressRoutes_MatchLiveInternalHosts()
{