Remove authentication send body annotation

2017-10-15 17:20:33 -03:00 · 2017-10-15 17:20:33 -03:00 · 8506e1ca67
commit 8506e1ca67
parent 908807a76d
4 changed files with 15 additions and 26 deletions
--- a/configuration.md
+++ b/configuration.md
@ -252,7 +252,7 @@ For more information please see http://nginx.org/en/docs/http/ngx_http_core_modu
 ### External Authentication

 To use an existing service that provides authentication the Ingress rule can be annotated with `ingress.kubernetes.io/auth-url` to indicate the URL where the HTTP request should be sent.
-Additionally it is possible to set `ingress.kubernetes.io/auth-method` to specify the HTTP method to use (GET or POST) and `ingress.kubernetes.io/auth-send-body` to true or false (default).
+Additionally it is possible to set `ingress.kubernetes.io/auth-method` to specify the HTTP method to use (GET or POST).

 ```
 ingress.kubernetes.io/auth-url: "URL to the authentication service"
--- a/pkg/ingress/annotations/authreq/main.go
+++ b/pkg/ingress/annotations/authreq/main.go
@ -32,7 +32,6 @@ const (
 	authURL       = "ingress.kubernetes.io/auth-url"
 	authSigninURL = "ingress.kubernetes.io/auth-signin"
 	authMethod    = "ingress.kubernetes.io/auth-method"
-	authBody      = "ingress.kubernetes.io/auth-send-body"
 	authHeaders   = "ingress.kubernetes.io/auth-response-headers"
 )

@ -43,7 +42,6 @@ type External struct {
 	Host            string   `json:"host"`
 	SigninURL       string   `json:"signinUrl"`
 	Method          string   `json:"method"`
-	SendBody        bool     `json:"sendBody"`
 	ResponseHeaders []string `json:"responseHeaders,omitEmpty"`
 }

@ -67,9 +65,6 @@ func (e1 *External) Equal(e2 *External) bool {
 	if e1.Method != e2.Method {
 		return false
 	}
-	if e1.SendBody != e2.SendBody {
-		return false
-	}
 	if e1.Method != e2.Method {
 		return false
 	}
@ -170,14 +165,11 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
 		}
 	}

-	sb, _ := parser.GetBoolAnnotation(authBody, ing)
-
 	return &External{
 		URL:             str,
 		Host:            ur.Hostname(),
 		SigninURL:       signin,
 		Method:          m,
-		SendBody:        sb,
 		ResponseHeaders: h,
 	}, nil
 }
--- a/pkg/ingress/annotations/authreq/main_test.go
+++ b/pkg/ingress/annotations/authreq/main_test.go
@ -74,22 +74,20 @@ func TestAnnotations(t *testing.T) {
 		url       string
 		signinURL string
 		method    string
-		sendBody  bool
 		expErr    bool
 	}{
-		{"empty", "", "", "", false, true},
-		{"no scheme", "bar", "bar", "", false, true},
-		{"invalid host", "http://", "http://", "", false, true},
-		{"invalid host (multiple dots)", "http://foo..bar.com", "http://foo..bar.com", "", false, true},
-		{"valid URL", "http://bar.foo.com/external-auth", "http://bar.foo.com/external-auth", "", false, false},
-		{"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "POST", true, false},
-		{"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "GET", true, false},
+		{"empty", "", "", "", true},
+		{"no scheme", "bar", "bar", "", true},
+		{"invalid host", "http://", "http://", "", true},
+		{"invalid host (multiple dots)", "http://foo..bar.com", "http://foo..bar.com", "", true},
+		{"valid URL", "http://bar.foo.com/external-auth", "http://bar.foo.com/external-auth", "", false},
+		{"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "POST", false},
+		{"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "GET", false},
 	}

 	for _, test := range tests {
 		data[authURL] = test.url
 		data[authSigninURL] = test.signinURL
-		data[authBody] = fmt.Sprintf("%v", test.sendBody)
 		data[authMethod] = fmt.Sprintf("%v", test.method)

 		i, err := NewParser().Parse(ing)
@ -112,9 +110,6 @@ func TestAnnotations(t *testing.T) {
 		if u.Method != test.method {
 			t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.title, test.method, u.Method)
 		}
-		if u.SendBody != test.sendBody {
-			t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.title, test.sendBody, u.SendBody)
-		}
 	}
 }

--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@ -625,23 +625,24 @@ stream {
        {{ if not (empty $authPath) }}
        location = {{ $authPath }} {
            internal;
-            set $proxy_upstream_name "internal";
+            set $proxy_upstream_name "external-authentication";

-            {{ if not $location.ExternalAuth.SendBody }}
            proxy_pass_request_body     off;
            proxy_set_header            Content-Length "";
-            {{ end }}
+
            {{ if not (empty $location.ExternalAuth.Method) }}
            proxy_method                {{ $location.ExternalAuth.Method }};
            proxy_set_header            X-Original-URI          $request_uri;
            proxy_set_header            X-Scheme                $pass_access_scheme;
            {{ end }}
-            proxy_pass_request_headers  on;
+
            proxy_set_header            Host                    {{ $location.ExternalAuth.Host }};
            proxy_set_header            X-Original-URL          $scheme://$http_host$request_uri;
            proxy_set_header            X-Auth-Request-Redirect $request_uri;
-            proxy_ssl_server_name       on;
+            proxy_set_header            X-Sent-From             "nginx-ingress-controller";

+            proxy_ssl_server_name       on;
+            proxy_pass_request_headers  on;
            client_max_body_size        "{{ $location.Proxy.BodySize }}";
            {{ if isValidClientBodyBufferSize $location.ClientBodyBufferSize }}
            client_body_buffer_size     {{ $location.ClientBodyBufferSize }};
@ -651,6 +652,7 @@ stream {
            proxy_pass $target;
        }
        {{ end }}
+
        location {{ $path }} {
            {{ if $all.Cfg.EnableVtsStatus }}{{ if $location.VtsFilterKey }} vhost_traffic_status_filter_by_set_key {{ $location.VtsFilterKey }};{{ end }}{{ end }}