Skip to content

Commit

Permalink
[cherry-pick] remove reference to auth_request off (#5937)
Browse files Browse the repository at this point in the history
  • Loading branch information
nginx-bot authored Jul 3, 2024
1 parent 146daf0 commit 522bc0b
Show file tree
Hide file tree
Showing 4 changed files with 1 addition and 59 deletions.
2 changes: 0 additions & 2 deletions docs/content/configuration/policy-resource.md
Original file line number Diff line number Diff line change
Expand Up @@ -155,8 +155,6 @@ If the hashed keys match, the NGINX JavaScript (NJS) subrequest issues a 204 No

It is possible to use the [errorPages](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#errorpage) property on a route, to change the default behaviour of 401 or 403 errors.

An API Key policy can be disabled on a route by adding the [location snippet](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#using-snippets) `auth_request off;`

At least one header or query param is required.

The policy below configures NGINX Ingress Controller to require the API Key `password` in the header "my-header".
Expand Down
17 changes: 1 addition & 16 deletions examples/custom-resources/api-key/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,7 @@ a web application, configure load balancing for it via a VirtualServer, and appl

## Prerequisites

1. Follow the [installation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/)
instructions to deploy the Ingress Controller. In this example we will be using a snippet to turn the policy off on a specific path so ensure that the `enable-snippets` flag is set.
1. Follow the [installation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/) instructions to deploy the Ingress Controller.
1. Save the public IP address of the Ingress Controller into a shell variable:

```console
Expand Down Expand Up @@ -105,18 +104,4 @@ URI: /coffee
Request ID: 4feedb3265a0430a1f58831d016e846d
```

If you attempt to access the /tea path, the request will be allowed without an API Key, because the auth_request directive is turned off for that path with a location snippet:

```console
curl -k --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP https://cafe.example.com:$IC_HTTPS_PORT/tea
```

```text
Server address: 10.244.0.5:8080
Server name: tea-596697966f-dmq7t
Date: 13/Jun/2024:13:16:46 +0000
URI: /tea
Request ID: 26e6d7dd0272eca82f31f33bf90698c9
```

Additionally you can set [error pages](https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#errorpage) to handle the 401 and 403 responses.
8 changes: 0 additions & 8 deletions examples/custom-resources/api-key/cafe-virtual-server.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,7 @@ spec:
- name: coffee
service: coffee-svc
port: 80
- name: tea
service: tea-svc
port: 80
routes:
- path: /coffee
action:
pass: coffee
- path: /tea
location-snippets: |
auth_request off;
action:
pass: tea
33 changes: 0 additions & 33 deletions examples/custom-resources/api-key/cafe.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,36 +30,3 @@ spec:
name: http
selector:
app: coffee
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tea
spec:
replicas: 1
selector:
matchLabels:
app: tea
template:
metadata:
labels:
app: tea
spec:
containers:
- name: tea
image: nginxdemos/nginx-hello:plain-text
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: tea-svc
spec:
ports:
- port: 80
targetPort: 8080
protocol: TCP
name: http
selector:
app: tea

0 comments on commit 522bc0b

Please sign in to comment.