Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix api key policy undefined routes #5838

Merged
merged 6 commits into from
Jun 25, 2024
Merged

Fix api key policy undefined routes #5838

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
70aa98a
fix api key policy undefined routes
j1m-ryan Jun 24, 2024
2fd1e52
Merge branch 'main' into fix/apikey-undefined-routes
j1m-ryan Jun 24, 2024
1c2310b
Merge branch 'main' into fix/apikey-undefined-routes
j1m-ryan Jun 25, 2024
c180492
add template test
j1m-ryan Jun 25, 2024
37c1747
update docs
j1m-ryan Jun 25, 2024
3fe951a
Update examples/custom-resources/api-key/README.md
j1m-ryan Jun 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions examples/custom-resources/api-key/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,15 +17,15 @@ a web application, configure load balancing for it via a VirtualServer, and appl
1. Save the HTTP port of the Ingress Controller into a shell variable:

```console
IC_HTTP_PORT=<port number>
IC_HTTPS_PORT=<port number>
```

## Step 1 - Deploy a Web Application

Create the application deployment and service:

```console
kubectl apply -f cafe.yaml
kubectl apply -f cafe.yaml -f cafe-secret.yaml
```

## Step 2 - Deploy the API Key Auth Secret
Expand Down Expand Up @@ -62,7 +62,7 @@ Note that the VirtualServer references the policy `api-key-policy` created in St
If you attempt to access the application without providing a valid API Key in a expected header or query param for that VirtualServer:

```console
curl --resolve cafe.example.com:$IC_HTTP_PORT:$IC_IP http://cafe.example.com:$IC_HTTP_PORT/
curl -k --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP https://cafe.example.com:$IC_HTTPS_PORT/
```

```text
Expand All @@ -78,7 +78,7 @@ curl --resolve cafe.example.com:$IC_HTTP_PORT:$IC_IP http://cafe.example.com:$IC
If you attempt to access the application providing an incorrect API Key in an expected header or query param for that VirtualServer:

```console
curl --resolve cafe.example.com:$IC_HTTP_PORT:$IC_IP -H "X-header-name: wrongpassword" http://cafe.example.com:$IC_HTTP_PORT/coffee
curl -k --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP -H "X-header-name: wrongpassword" https://cafe.example.com:$IC_HTTPS_PORT/coffee
```

```text
Expand All @@ -94,7 +94,7 @@ curl --resolve cafe.example.com:$IC_HTTP_PORT:$IC_IP -H "X-header-name: wrongpas
If you provide a valid API Key in an a header or query defined in the policy, your request will succeed:

```console
curl --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP -H "X-header-name: password" https://cafe.example.com:$IC_HTTPS_PORT/coffee
curl -k --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP -H "X-header-name: password" https://cafe.example.com:$IC_HTTPS_PORT/coffee
```

```text
Expand All @@ -108,7 +108,7 @@ Request ID: 4feedb3265a0430a1f58831d016e846d
If you attempt to access the /tea path, the request will be allowed without an API Key, because the auth_request directive is turned off for that path with a location snippet:

```console
curl --resolve cafe.example.com:$IC_HTTP_PORT:$IC_IP http://cafe.example.com:$IC_HTTP_PORT/tea
curl -k --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP https://cafe.example.com:$IC_HTTPS_PORT/tea
```

```text
Expand Down
Loading