diff --git a/docs/content/configuration/policy-resource.md b/docs/content/configuration/policy-resource.md index 35e6be87f2..b640d33e4d 100644 --- a/docs/content/configuration/policy-resource.md +++ b/docs/content/configuration/policy-resource.md @@ -155,8 +155,6 @@ If the hashed keys match, the NGINX JavaScript (NJS) subrequest issues a 204 No It is possible to use the [errorPages](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#errorpage) property on a route, to change the default behaviour of 401 or 403 errors. -An API Key policy can be disabled on a route by adding the [location snippet](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#using-snippets) `auth_request off;` - At least one header or query param is required. The policy below configures NGINX Ingress Controller to require the API Key `password` in the header "my-header". diff --git a/examples/custom-resources/api-key/README.md b/examples/custom-resources/api-key/README.md index 4a206afd02..c1ca8c0922 100644 --- a/examples/custom-resources/api-key/README.md +++ b/examples/custom-resources/api-key/README.md @@ -6,8 +6,7 @@ a web application, configure load balancing for it via a VirtualServer, and appl ## Prerequisites -1. Follow the [installation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/) - instructions to deploy the Ingress Controller. In this example we will be using a snippet to turn the policy off on a specific path so ensure that the `enable-snippets` flag is set. +1. Follow the [installation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/) instructions to deploy the Ingress Controller. 1. Save the public IP address of the Ingress Controller into a shell variable: ```console @@ -105,18 +104,4 @@ URI: /coffee Request ID: 4feedb3265a0430a1f58831d016e846d ``` -If you attempt to access the /tea path, the request will be allowed without an API Key, because the auth_request directive is turned off for that path with a location snippet: - -```console -curl -k --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP https://cafe.example.com:$IC_HTTPS_PORT/tea -``` - -```text -Server address: 10.244.0.5:8080 -Server name: tea-596697966f-dmq7t -Date: 13/Jun/2024:13:16:46 +0000 -URI: /tea -Request ID: 26e6d7dd0272eca82f31f33bf90698c9 -``` - Additionally you can set [error pages](https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#errorpage) to handle the 401 and 403 responses. diff --git a/examples/custom-resources/api-key/cafe-virtual-server.yaml b/examples/custom-resources/api-key/cafe-virtual-server.yaml index b523112eb6..032cb9bc46 100644 --- a/examples/custom-resources/api-key/cafe-virtual-server.yaml +++ b/examples/custom-resources/api-key/cafe-virtual-server.yaml @@ -12,15 +12,7 @@ spec: - name: coffee service: coffee-svc port: 80 - - name: tea - service: tea-svc - port: 80 routes: - path: /coffee action: pass: coffee - - path: /tea - location-snippets: | - auth_request off; - action: - pass: tea diff --git a/examples/custom-resources/api-key/cafe.yaml b/examples/custom-resources/api-key/cafe.yaml index f049e8bf29..6e0ea4614e 100644 --- a/examples/custom-resources/api-key/cafe.yaml +++ b/examples/custom-resources/api-key/cafe.yaml @@ -30,36 +30,3 @@ spec: name: http selector: app: coffee ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: tea -spec: - replicas: 1 - selector: - matchLabels: - app: tea - template: - metadata: - labels: - app: tea - spec: - containers: - - name: tea - image: nginxdemos/nginx-hello:plain-text - ports: - - containerPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - name: tea-svc -spec: - ports: - - port: 80 - targetPort: 8080 - protocol: TCP - name: http - selector: - app: tea