Remove unnecessary validation

Kate Osborn · Kate Osborn · commit d83bbb4086a3 · 2024-05-16T18:15:02.000-06:00
diff --git a/internal/mode/static/policies/clientsettings/validator.go b/internal/mode/static/policies/clientsettings/validator.go
@@ -107,6 +107,8 @@ func validateTargetRef(ref v1alpha2.LocalPolicyTargetReference, policyNs string)
 	return nil
 }
 
+// validateSettings performs validation on fields in the spec that are vulnerable to code injection.
+// For all other fields, we rely on the CRD validation.
 func (v *Validator) validateSettings(spec ngfAPI.ClientSettingsPolicySpec) error {
 	var allErrs field.ErrorList
 	fieldPath := field.NewPath("spec")
@@ -146,18 +148,6 @@ func (v *Validator) validateClientBody(body ngfAPI.ClientBody, fieldPath *field.
 func (v *Validator) validateClientKeepAlive(keepAlive ngfAPI.ClientKeepAlive, fieldPath *field.Path) field.ErrorList {
 	var allErrs field.ErrorList
 
-	if keepAlive.Requests != nil {
-		requests := *keepAlive.Requests
-		if requests < 0 {
-			path := fieldPath.Child("requests")
-
-			allErrs = append(
-				allErrs,
-				field.Invalid(path, *keepAlive.Requests, "requests is invalid: must be positive"),
-			)
-		}
-	}
-
 	if keepAlive.Time != nil {
 		if err := v.genericValidator.ValidateNginxDuration(string(*keepAlive.Time)); err != nil {
 			path := fieldPath.Child("time")
@@ -190,19 +180,6 @@ func (v *Validator) validateClientKeepAlive(keepAlive ngfAPI.ClientKeepAlive, fi
 				)
 			}
 		}
-
-		if keepAlive.Timeout.Header != nil && keepAlive.Timeout.Server == nil {
-			path := fieldPath.Child("timeout")
-
-			allErrs = append(
-				allErrs,
-				field.Invalid(
-					path,
-					nil,
-					"server timeout must be set if header timeout is set",
-				),
-			)
-		}
 	}
 
 	return allErrs
diff --git a/internal/mode/static/policies/clientsettings/validator_test.go b/internal/mode/static/policies/clientsettings/validator_test.go
@@ -96,22 +96,6 @@ func TestValidator_Validate(t *testing.T) {
 				"spec.keepAlive.timeout.header",
 			},
 		},
-		{
-			name: "invalid keepalive requests",
-			policy: createModifiedPolicy(func(p *ngfAPI.ClientSettingsPolicy) *ngfAPI.ClientSettingsPolicy {
-				p.Spec.KeepAlive.Requests = helpers.GetPointer[int32](-1)
-				return p
-			}),
-			expErrSubstrings: []string{"spec.keepAlive.requests"},
-		},
-		{
-			name: "invalid keepalive timeout; header provided without server",
-			policy: createModifiedPolicy(func(p *ngfAPI.ClientSettingsPolicy) *ngfAPI.ClientSettingsPolicy {
-				p.Spec.KeepAlive.Timeout.Server = nil
-				return p
-			}),
-			expErrSubstrings: []string{"spec.keepAlive.timeout"},
-		},
 		{
 			name:             "valid",
 			policy:           createValidPolicy(),
