Skip to content

NGINX: Migrate auth cache key to NJS. #12447

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

NGINX: Migrate auth cache key to NJS. #12447

wants to merge 1 commit into from
+16 −12

Conversation

elizabeth-dev
Copy link
Member

What this PR does / why we need it:

Migrate the Lua scripting code for calculating the auth cache key to NJS, maintaining the same behavior.

Depends on #12345 (change starts from that branch)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • CVE Report (Scanner found CVE and adding report)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation only

Which issue/s this PR fixes

Part of #12383

How Has This Been Tested?

The new implementation has been tested manually to verify that the result it produces matches the one in Lua, as well as passing the e2e test suite

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I've read the CONTRIBUTION guide
  • I have added unit and/or e2e tests to cover my changes.
  • All new and existing tests passed.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Dec 7, 2024
@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. needs-priority labels Dec 7, 2024
@k8s-ci-robot
Copy link
Contributor

Hi @elizabeth-dev. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Dec 7, 2024
@netlify Netlify
Copy link

netlify bot commented Dec 7, 2024
edited
Loading

Deploy Preview for kubernetes-ingress-nginx canceled.

Name Link
🔨 Latest commit d89d7ca
🔍 Latest deploy log https://app.netlify.com/sites/kubernetes-ingress-nginx/deploys/681e24b72328200008a6cd52

@Gacko Gacko changed the title NGINX: Migrate auth cache key to NJS NGINX: Migrate auth cache key to NJS. Dec 9, 2024
@longwuyuan
Copy link
Contributor

@elizabeth-dev , you may want to look at this #12345 (comment) and adjust accordingly here

@elizabeth-dev elizabeth-dev force-pushed the feature/njs/auth-cache-key branch 2 times, most recently from 400348c to 387ea87 Compare January 4, 2025 12:31
@elizabeth-dev elizabeth-dev force-pushed the feature/njs/auth-cache-key branch 2 times, most recently from b9a7b81 to 0077427 Compare January 27, 2025 16:03
@strongjz strongjz added this to the release-1.13 milestone Feb 13, 2025
@strongjz
Copy link
Member

/ok-to-test
/kind feature
/priority backlog

@k8s-ci-robot k8s-ci-robot added kind/feature Categorizes issue or PR as related to a new feature. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. priority/backlog Higher priority than priority/awaiting-more-evidence. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-priority labels Feb 14, 2025
@Gacko
Copy link
Member

Gacko commented Feb 14, 2025

@strongjz I got this on my list of PRs I'd like to merge as soon as possible. But we first need to re-create the NJS module PR. It got merged once, but I reverted it. I also have this on my list. So overall: No worries, I'm handling this. 😁

@elizabeth-dev elizabeth-dev mentioned this pull request Feb 16, 2025
Closed
11 tasks
@Gacko Gacko force-pushed the feature/njs/auth-cache-key branch from 0077427 to 40eee8c Compare May 6, 2025 17:38
@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels May 6, 2025
Gacko
Gacko reviewed May 6, 2025
View reviewed changes
Copy link
Member

@Gacko Gacko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/triage accepted
/kind feature
/priority backlog
/hold

As this requires the NGINX NJS module in the NGINX base image, I'll first build and promote a new NGINX base image including NJS, include it on main and LGTM this PR afterwards.

@k8s-ci-robot k8s-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels May 6, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: elizabeth-dev, Gacko

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 6, 2025
@Gacko Gacko force-pushed the feature/njs/auth-cache-key branch from 40eee8c to b236414 Compare May 9, 2025 14:10
@Gacko Gacko force-pushed the feature/njs/auth-cache-key branch from b236414 to d89d7ca Compare May 9, 2025 15:52
@Gacko
Copy link
Member

Gacko commented May 9, 2025

@elizabeth-dev We added NJS to the NGINX base image and included it on main. Sadly E2E tests are failing at the moment. Can you investigate the root cause please? I'd be happy to get this merged as soon as possible. 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Gacko Gacko Gacko approved these changes

@tao12345666333 tao12345666333 Awaiting requested review from tao12345666333

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. kind/feature Categorizes issue or PR as related to a new feature. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. priority/backlog Higher priority than priority/awaiting-more-evidence. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
release-1.13
Development

Successfully merging this pull request may close these issues.
5 participants
@elizabeth-dev @k8s-ci-robot @longwuyuan @strongjz @Gacko