DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make sure set-cookie is retained from external auth endpoint (#5067)

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2020-02-14 01:41:11 -03:00 committed by GitHub
parent e179a24f97
commit 71e35c9100
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 48 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -952,6 +952,8 @@ stream {
location {{ buildAuthSignURLLocation $location.Path $externalAuth.SigninURL }} { location {{ buildAuthSignURLLocation $location.Path $externalAuth.SigninURL }} {
internal; internal;
add_header Set-Cookie $auth_cookie;
return 302 {{ buildAuthSignURL $externalAuth.SigninURL }}; return 302 {{ buildAuthSignURL $externalAuth.SigninURL }};
} }
{{ end }} {{ end }}

46
test/e2e/annotations/auth.go
View file

@ -332,6 +332,52 @@ var _ = framework.IngressNginxDescribe("Annotations - Auth", func() {
}) })
}) })
It("retains cookie set by external authentication server", func() {
Skip("Skipping test until refactoring")
// TODO: this test should look like https://gist.github.com/aledbf/250645d76c080677c695929273f8fd22
host := "auth"
f.NewHttpbinDeployment()
var httpbinIP string
err := framework.WaitForEndpoints(f.KubeClientSet, framework.DefaultTimeout, framework.HTTPBinService, f.Namespace, 1)
Expect(err).NotTo(HaveOccurred())
e, err := f.KubeClientSet.CoreV1().Endpoints(f.Namespace).Get(framework.HTTPBinService, metav1.GetOptions{})
Expect(err).NotTo(HaveOccurred())
httpbinIP = e.Subsets[0].Addresses[0].IP
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-url": fmt.Sprintf("http://%s/cookies/set/alma/armud", httpbinIP),
"nginx.ingress.kubernetes.io/auth-signin": "http://$host/auth/start",
}
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
f.WaitForNginxServer(host, func(server string) bool {
return Expect(server).Should(ContainSubstring("server_name auth"))
})
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)).
Retry(10, 1*time.Second, http.StatusNotFound).
Set("Host", host).
Param("a", "b").
Param("c", "d").
End()
for _, err := range errs {
Expect(err).NotTo(HaveOccurred())
}
framework.Logf("Cookie: %v", resp.Header)
Expect(resp.Header.Get("Set-Cookie")).Should(ContainSubstring("alma=armud"))
})
Context("when external authentication is configured", func() { Context("when external authentication is configured", func() {
host := "auth" host := "auth"