10BC0 update template · nginx/kubernetes-ingress@561492d · GitHub
[go: up one dir, main page]
Skip to content

Commit 561492d

Browse files
haywoodshhaywoodsh
committed
update template
1 parent f062290 commit 561492d

File tree

5 files changed

+11
-7
lines changed

5 files changed

+11
-7
lines changed

examples/custom-resources/jwks/jwks.yaml

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,6 @@ spec:
66
jwt:
77
realm: MyProductAPI
88
token: $http_token
9-
# jwksURI: http://10.42.0.67:8080/realms/example/protocol/openid-connect/certs
10-
119
jwksURI: http://keycloak.default.svc.cluster.local:8080/realms/example/protocol/openid-connect/certs
12-
# keyCache: 10m
10+
keyCache: 1h
11+

internal/configs/version2/nginx-plus.virtualserver.tmpl

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -57,14 +57,14 @@ match {{ $m.Name }} {
5757
{{ end }}
5858

5959
{{ $s := .Server }}
60+
{{ with $s.JWTAuth }}
61+
{{ if .KeyCache }}proxy_cache_path /var/cache/nginx/jwk levels=1 keys_zone=jwk:1m max_size=10m; {{ end }}
62+
{{ end }}
63+
6064
server {
6165
listen 80{{ if $s.ProxyProtocol }} proxy_protocol{{ end }};
6266
{{ if not $s.DisableIPV6 }}listen [::]:80{{ if $s.ProxyProtocol }} proxy_protocol{{ end }};{{ end }}
6367

64-
{{ with $s.JWTAuth }}
65-
{{ if .KeyCache }} proxy_cache_path /var/cache/nginx/jwk levels=1 keys_zone=jwk:1m max_size=10m; {{ end }}
66-
{{ end }}
67-
6868
server_name {{ $s.ServerName }};
6969
status_zone {{ $s.StatusZone }};
7070
set $resource_type "virtualserver";

internal/configs/virtualserver.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -820,6 +820,7 @@ func (p *policiesCfg) addJWTAuthConfig(
820820
res.addWarningf("Multiple jwt policies in the same context is not valid. JWT policy %s will be ignored", polKey)
821821
return res
822822
}
823+
//TODO: consider removing validation as it's done in crd apply (policy.go)
823824
if jwtAuth.Secret != "" && jwtAuth.JwksURI != "" {
824825
res.addWarningf("Secret and JwksURI cannot be used at the same time. JWT policy %s will be ignored", polKey)
825826
res.isError = true

pkg/apis/configuration/validation/policy.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -175,6 +175,8 @@ func validateJWT(jwt *v1.JWTAuth, fieldPath *field.Path) field.ErrorList {
175175

176176
allErrs = append(allErrs, validateJWTToken(jwt.Token, fieldPath.Child("token"))...)
177177

178+
//TODO: validate jwt.JwksURI and jwt.KeyCache
179+
178180
return allErrs
179181
}
180182

pkg/apis/configuration/validation/policy_test.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -399,6 +399,7 @@ func TestValidateRateLimitFails(t *testing.T) {
399399
}
400400
}
401401

402+
// TODO: fix and add tests
402403
func TestValidateJWT(t *testing.T) {
403404
t.Parallel()
404405
tests := []struct {
@@ -429,6 +430,7 @@ func TestValidateJWT(t *testing.T) {
429430
}
430431
}
431432

433+
// TODO: fix and add tests
432434
func TestValidateJWTFails(t *testing.T) {
433435
t.Parallel()
434436
tests := []struct {

0 commit comments

Comments
 (0)
0