DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: always set auth cookie (#8213)

Browse source 
* feat: always set auth cookie

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* feat: Add annotation to always set auth cookie

* Add annotation
* Add global configmap key
* Provide unit tests and e2e tests
* Fix e2e documentation autogen script

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Regenerate e2e tests

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
This commit is contained in:
Maksim Nabokikh 2022-05-20 02:27:53 +04:00 committed by GitHub
parent 93af9f726a
commit 2c27e66cc7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 501 additions and 537 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/user-guide/nginx-configuration/annotations.md
View file

@ -488,6 +488,8 @@ Additionally it is possible to set:
`<Cache_Key>` this enables caching for auth requests. specify a lookup key for auth responses. e.g. `$remote_user$http_authorization`. Each server and location has it's own keyspace. Hence a cached response is only valid on a per-server and per-location basis.
* `nginx.ingress.kubernetes.io/auth-cache-duration`:
`<Cache_duration>` to specify a caching time for auth responses based on their response codes, e.g. `200 202 30m`. See [proxy_cache_valid](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_valid) for details. You may specify multiple, comma-separated values: `200 202 10m, 401 5m`. defaults to `200 202 401 5m`.
* `nginx.ingress.kubernetes.io/auth-always-set-cookie`:
`<Boolean_Flag>` to set a cookie returned by auth request. By default, the cookie will be set only if an upstream reports with the code 200, 201, 204, 206, 301, 302, 303, 304, 307, or 308.
* `nginx.ingress.kubernetes.io/auth-snippet`:
`<Auth_Snippet>` to specify a custom snippet to use with external authentication, e.g.

5
docs/user-guide/nginx-configuration/configmap.md
View file

@ -1226,6 +1226,11 @@ Enables caching for global auth requests. Specify a lookup key for auth response
Set a caching time for auth responses based on their response codes, e.g. `200 202 30m`. See [proxy_cache_valid](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_valid) for details. You may specify multiple, comma-separated values: `200 202 10m, 401 5m`. defaults to `200 202 401 5m`.
## global-auth-always-set-cookie
Always set a cookie returned by auth request. By default, the cookie will be set only if an upstream reports with the code 200, 201, 204, 206, 301, 302, 303, 304, 307, or 308.
_**default:**_ false
## no-auth-locations
A comma-separated list of locations that should not get authenticated.