-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Include lua libraries to enable JWT manipulations #7633
Conversation
@mtparet: This issue is currently awaiting triage. If Ingress contributors determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Hi @mtparet. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: mtparet The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What's you thought on adding these libraries, is there anything I could do to ease the review of this PR ? |
Hi @mtparet and thanks for your PR. Gonna write my opinion, which may not represent a consensus between other contributors. I think that for now, we should stop adding stuff on Lua side/openresty, just to make sure we have a stable environment. We have some issues about coredump/segmentation fault that are already pointed as something caused inside openresty (and we are trying to identify that with openresty core developers!) but still not sure what happens. It may turn into a fragile adding here. Also, once we want to add a new library, I guess it would be good to have a concrete use case. For instance, some annotation that allows setting some jwt validation before the backend? Finally, I'm really tempted about replacing some openresty parts to NJS and this is one of those cases that this may suit well. If you want to take a look into what I'm talking about, take a look at http://nginx.org/en/docs/njs/examples.html Thanks once more! |
@rikatz, are there any plans for njs plugins? |
"https://github.com/bungle/lua-resty-session/archive/v$LUA_RESTY_SESSION.tar.gz" | ||
|
||
get_src e7c2b0b8edf14eed7569cd5684fc00c6f97a8abf6d6c0e462cd49b4b266e3390 \ | ||
"https://github.com/SkyLothar/lua-resty-jwt/archive/v$LUA_RESTY_JWT.tar.gz" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mtparet, please check SkyLothar/lua-resty-jwt#85, I think you need to reference another repository.
get_src 6917d7a64b2619394787406c0d41f398f5c172b27b244fc7181b7c8a44c382f3 \ | ||
"https://github.com/bungle/lua-resty-session/archive/v$LUA_RESTY_SESSION.tar.gz" | ||
|
||
get_src e7c2b0b8edf14eed7569cd5684fc00c6f97a8abf6d6c0e462cd49b4b266e3390 \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you sure that lua-resty-hmac is not required? I think it is a dependency
I want to start thinking about it ASAP, ideas are always welcome for this! :D |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close |
@k8s-triage-robot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@mtparet is this droped? |
What this PR does / why we need it:
Today JWT is a common way to secure http transactions. Many people wish to manipulate this data at the proxy level (see issues related).
The first goal here is not to propose a ready to use solution but makes things easier for people so they do not need to modify the nginx controller or the kubernetes deployment.
Perhaps in the future we could propose the ready to use solution but it is out of scope for this PR.
Once this PR is merged, people will only need to add custom lua block in ingress objects while using the official nginx ingress controller.
Types of changes
Which issue/s this PR fixes
Related to :
#5865 #5834 #1850
How Has This Been Tested?
I tested locally on minikube.
Checklist: