Skip to content

Commit 5faa363

Browse files
nginx-botJim Ryan
nginx-bot
and
Jim Ryan
authored
[cherry-pick] fix api key policy undefined routes (#5852)
fix api key policy undefined routes (#5838) * fix api key policy undefined routes * add template test * update docs Co-authored-by: Jim Ryan <[email protected]>
1 parent e140259 commit 5faa363

File tree

6 files changed

+518
-6
lines changed

6 files changed

+518
-6
lines changed

examples/custom-resources/api-key/README.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -17,15 +17,15 @@ a web application, configure load balancing for it via a VirtualServer, and appl
1717
1. Save the HTTP port of the Ingress Controller into a shell variable:
1818

1919
```console
20-
IC_HTTP_PORT=<port number>
20+
IC_HTTPS_PORT=<port number>
2121
```
2222

2323
## Step 1 - Deploy a Web Application
2424

2525
Create the application deployment and service:
2626

2727
```console
28-
kubectl apply -f cafe.yaml
28+
kubectl apply -f cafe.yaml -f cafe-secret.yaml
2929
```
3030

3131
## Step 2 - Deploy the API Key Auth Secret
@@ -62,7 +62,7 @@ Note that the VirtualServer references the policy `api-key-policy` created in St
6262
If you attempt to access the application without providing a valid API Key in a expected header or query param for that VirtualServer:
6363

6464
```console
65-
curl --resolve cafe.example.com:$IC_HTTP_PORT:$IC_IP http://cafe.example.com:$IC_HTTP_PORT/
65+
curl -k --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP https://cafe.example.com:$IC_HTTPS_PORT/
6666
```
6767

6868
```text
@@ -78,7 +78,7 @@ curl --resolve cafe.example.com:$IC_HTTP_PORT:$IC_IP http://cafe.example.com:$IC
7878
If you attempt to access the application providing an incorrect API Key in an expected header or query param for that VirtualServer:
7979

8080
```console
81-
curl --resolve cafe.example.com:$IC_HTTP_PORT:$IC_IP -H "X-header-name: wrongpassword" http://cafe.example.com:$IC_HTTP_PORT/coffee
81+
curl -k --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP -H "X-header-name: wrongpassword" https://cafe.example.com:$IC_HTTPS_PORT/coffee
8282
```
8383

8484
```text
@@ -94,7 +94,7 @@ curl --resolve cafe.example.com:$IC_HTTP_PORT:$IC_IP -H "X-header-name: wrongpas
9494
If you provide a valid API Key in an a header or query defined in the policy, your request will succeed:
9595

9696
```console
97-
curl --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP -H "X-header-name: password" https://cafe.example.com:$IC_HTTPS_PORT/coffee
97+
curl -k --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP -H "X-header-name: password" https://cafe.example.com:$IC_HTTPS_PORT/coffee
9898
```
9999

100100
```text
@@ -108,7 +108,7 @@ Request ID: 4feedb3265a0430a1f58831d016e846d
108108
If you attempt to access the /tea path, the request will be allowed without an API Key, because the auth_request directive is turned off for that path with a location snippet:
109109

110110
```console
111-
curl --resolve cafe.example.com:$IC_HTTP_PORT:$IC_IP http://cafe.example.com:$IC_HTTP_PORT/tea
111+
curl -k --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP https://cafe.example.com:$IC_HTTPS_PORT/tea
112112
```
113113

114114
```text

0 commit comments

Comments
 (0)