Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support APIKey authentication #5580

Merged
merged 44 commits into from
Jun 17, 2024
Merged

Support APIKey authentication #5580

merged 44 commits into from
Jun 17, 2024

Conversation

haywoodsh
Copy link
Contributor

@haywoodsh haywoodsh commented May 20, 2024
edited

Proposed changes

Create API Key Policy to allow authentication with API key header or query in request in VirtualServer and VirtualServerRoute.
Add telemetry for API Key Policy.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

@haywoodsh
always load njs module
ba8f0c2 
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>
@haywoodsh
accept api key policy yaml
d046e57 
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>
@github-actions github-actions bot added enhancement Pull requests for new features/feature enhancements go Pull requests that update Go code labels May 20, 2024
@github-actions github-actions bot added the docker Pull requests that update Docker code label May 20, 2024
j1m-ryan and others added 3 commits May 22, 2024 15:44
@j1m-ryan
move js import to http
fd33e3b
@haywoodsh
update schema and allow update after NIC starts
5ce5ac5 
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>
@pre-commit-ci
[pre-commit.ci] auto fixes from pre-commit.com hooks
4d2ee9d 
for more information, see https://pre-commit.ci
@haywoodsh
add api key secret validation to reject duplicated keys, remove repea…
573be80 
…ted maps in config, remove reject code, add unit tests

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 6, 2024
View reviewed changes
internal/configs/virtualserver.go Fixed Show fixed Hide fixed
internal/configs/virtualserver.go Fixed Show fixed Hide fixed
haywoodsh and others added 3 commits June 6, 2024 11:58
@haywoodsh
fix linting, remove unused structs, update crds and codegen
8f877e3 
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>
@haywoodsh
add unit tests, unique map names, add validate apikey location block …
1d91b7c 
…to conf only if api key policy is used

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>
@j1m-ryan
add python tests for vs and vsr
3e53c4b
@github-actions github-actions bot added python Pull requests that update Python code tests Pull requests that update tests labels Jun 12, 2024
@github-actions github-actions bot removed github_actions Pull requests that update Github_actions code chore Pull requests for routine tasks labels Jun 13, 2024
@j1m-ryan j1m-ryan mentioned this pull request Jun 14, 2024
Merged
6 tasks
haywoodsh and others added 5 commits June 14, 2024 11:28
@haywoodsh
add unit tests, clean up code
fff5d6d 
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>
@haywoodsh
remove logs, refactor, add tests
b983616 
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>
@haywoodsh
remove logs
ec753ce 
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>
@j1m-ryan
Merge branch 'main' into feat/api-key
ec84a05
@j1m-ryan
add api key auth to telemetry
c6bd588
@j1m-ryan j1m-ryan mentioned this pull request Jun 14, 2024
Closed
@j1m-ryan j1m-ryan marked this pull request as ready for review June 14, 2024 15:40
@j1m-ryan j1m-ryan requested review from a team as code owners June 14, 2024 15:40
@haywoodsh haywoodsh linked an issue Jun 14, 2024 that may be closed by this pull request
Support APIKey authentication - Implementation #5484
Closed
@haywoodsh haywoodsh changed the title Feat/api key Support APIKey authentication Jun 14, 2024
@j1m-ryan j1m-ryan merged commit dbba378 into main Jun 17, 2024
85 checks passed
@j1m-ryan j1m-ryan deleted the feat/api-key branch June 17, 2024 10:54
pdabelf5 pushed a commit that referenced this pull request Jun 17, 2024
@haywoodsh @pre-commit-ci
@j1m-ryan @pdabelf5
Support APIKey authentication (#5580)
f74d2fe 
* always load njs module
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* accept api key policy yaml
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* add njs and nginx config

* move js import to http

* update schema and allow update after NIC starts
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* remove hardcoded variable

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* add updated njs

* move js set outside location

* use nginx.org/apikey secret type
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* simplify njs

* make query params work

* clean up template files

* add api key secret validation to reject duplicated keys, remove repeated maps in config, remove reject code, add unit tests
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* fix linting, remove unused structs, update crds and codegen
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* add unit tests, unique map names, add validate apikey location block to conf only if api key policy is used
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* add python tests for vs and vsr

* fix dockerfile merge

* add wait until pods are ready

* update error message
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* test setting same namespace

* custom objects

* add crd print

* add unit tests
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* Add example readme for apikey auth policy

* clean up

* further cleanup

* clean up test

* add unit tests, clean up code
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* remove logs, refactor, add tests
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* remove logs
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* add api key auth to telemetry

---------

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Jim Ryan <j.ryan@f5.com>
ssrahul96 pushed a commit to ssrahul96/kubernetes-ingress that referenced this pull request Jun 20, 2024
@haywoodsh @pre-commit-ci
@j1m-ryan @ssrahul96
Support APIKey authentication (nginxinc#5580)
7ff9005 
* always load njs module
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* accept api key policy yaml
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* add njs and nginx config

* move js import to http

* update schema and allow update after NIC starts
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* remove hardcoded variable

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* add updated njs

* move js set outside location

* use nginx.org/apikey secret type
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* simplify njs

* make query params work

* clean up template files

* add api key secret validation to reject duplicated keys, remove repeated maps in config, remove reject code, add unit tests
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* fix linting, remove unused structs, update crds and codegen
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* add unit tests, unique map names, add validate apikey location block to conf only if api key policy is used
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* add python tests for vs and vsr

* fix dockerfile merge

* add wait until pods are ready

* update error message
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* test setting same namespace

* custom objects

* add crd print

* add unit tests
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* Add example readme for apikey auth policy

* clean up

* further cleanup

* clean up test

* add unit tests, clean up code
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* remove logs, refactor, add tests
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* remove logs
Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>

* add api key auth to telemetry

---------

Signed-off-by: Haywood Shannon <5781935+haywoodsh@users.noreply.github.com>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Jim Ryan <j.ryan@f5.com>
This was referenced Jul 1, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@j1m-ryan j1m-ryan j1m-ryan left review comments

@oseoin oseoin oseoin approved these changes

@pdabelf5 pdabelf5 pdabelf5 approved these changes

Assignees
No one assigned
Labels
documentation Pull requests/issues for documentation enhancement Pull requests for new features/feature enhancements go Pull requests that update Go code python Pull requests that update Python code tests Pull requests that update tests
Projects
NGINX Ingress Controller
Status: Done 🚀
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support APIKey authentication - Implementation
4 participants
@haywoodsh @oseoin @j1m-ryan @pdabelf5