kubernetes-ingress
kubernetes-ingress copied to clipboard
nginxinc
Condition jwt
Adding validation for jwt variables for conditionals. this will also allow for other variables group (wildcard) to be added quickly.
Proposed changes
Added wildcard logic to condition variable validation to allow for quick validation of variable groups. The primary use case is for jwt variables.
Checklist
Before creating a PR, run through this checklist and mark each as complete.
- [ x ] I have read the CONTRIBUTING doc
- [ x ] I have added tests that prove my fix is effective or that my feature works
- [ x ] I have checked that all unit tests pass after adding my changes
- [ x ] I have updated necessary documentation
- [ x ] I have rebased my branch onto master
- [ x ] I will ensure my PR is targeting the master branch and pulling from my branch from my own fork
- I have write test for the validator, I need some help with the tests for the config generator.
:construction_worker: Deploy request for nginx-kubernetes-ingress accepted.
:hammer: Explore the source changes: 8c232de574cea0424c2ffad49f9d4c607364c59a
:mag: Inspect the deploy log: https://app.netlify.com/sites/nginx-kubernetes-ingress/deploys/60e755abdee30b0007a1d2fb
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
I did use the gofmt not sure why the lint is failing. Sorry still new to go.
James is talking about using a "Match" for routing a request as documented here: https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#match
For example, if user=john route to coffee-future and if user=bob route to coffee-deprecated
Today, we can access the key/value to be tested through a header, cookie, argument, or a variable.
Another way a key/value can be shared with nginx is through a JWT claim. Using a JWT has the advantage of a digital signature that prevents modification and unauthorized requests.
For example, a JWT claim named user is accessed by nginx through a variable named $jwt_claim_user. The key name in a JWT claim can be anything you want. All James did was add a JWT claim to the existing list of variables supported by a match condition.
So, if you take the example from the docs:
path: /coffee
matches:
- conditions:
- cookie: user
value: john
action:
pass: coffee-future
- conditions:
- cookie: user
value: bob
action:
pass: coffee-deprecated
action:
pass: coffee-stable
It would look like this when using a JWT:
path: /coffee
matches:
- conditions:
- variable: $jwt_claim_user
value: john
action:
pass: coffee-future
- conditions:
- variable: $jwt_claim_user
value: bob
action:
pass: coffee-deprecated
action:
pass: coffee-stable
@lucacome not sure what to do about the linting failing. However, I have completed the rebasing.
@outcast I think something went wrong with the rebase, I see a lot of changes unrelated to yours 🤔
Codecov Report
Merging #1718 (4166719) into main (8b1949a) will increase coverage by
0.00%. The diff coverage is100.00%.
@@ Coverage Diff @@
## main #1718 +/- ##
=======================================
Coverage 53.03% 53.04%
=======================================
Files 58 58
Lines 15645 15656 +11
=======================================
+ Hits 8298 8305 +7
- Misses 7070 7072 +2
- Partials 277 279 +2
| Impacted Files | Coverage Δ | |
|---|---|---|
| pkg/apis/configuration/validation/virtualserver.go | 94.41% <100.00%> (+0.05%) |
:arrow_up: |
| internal/k8s/configuration.go | 95.39% <0.00%> (-0.37%) |
:arrow_down: |
:mega: Codecov can now indicate which changes are the most critical in Pull Requests. Learn more
