Remove authentication send body annotation

configuration.md

@@ -252,7 +252,7 @@ For more information please see http://nginx.org/en/docs/http/ngx_http_core_modu
 ### External Authentication
 
 To use an existing service that provides authentication the Ingress rule can be annotated with `ingress.kubernetes.io/auth-url` to indicate the URL where the HTTP request should be sent.
-Additionally it is possible to set `ingress.kubernetes.io/auth-method` to specify the HTTP method to use (GET or POST) and `ingress.kubernetes.io/auth-send-body` to true or false (default).
+Additionally it is possible to set `ingress.kubernetes.io/auth-method` to specify the HTTP method to use (GET or POST).
 
 ```
 ingress.kubernetes.io/auth-url: "URL to the authentication service"

pkg/ingress/annotations/authreq/main.go

@@ -32,7 +32,6 @@ const (
  authURL = "ingress.kubernetes.io/auth-url"
  authSigninURL = "ingress.kubernetes.io/auth-signin"
  authMethod = "ingress.kubernetes.io/auth-method"
- authBody = "ingress.kubernetes.io/auth-send-body"
  authHeaders = "ingress.kubernetes.io/auth-response-headers"
 )
 
@@ -43,7 +42,6 @@ type External struct {
  Host string `json:"host"`
  SigninURL string `json:"signinUrl"`
  Method string `json:"method"`
- SendBody bool `json:"sendBody"`
  ResponseHeaders []string `json:"responseHeaders,omitEmpty"`
 }
 
@@ -67,9 +65,6 @@ func (e1 *External) Equal(e2 *External) bool {
  if e1.Method != e2.Method {
  return false
  }
- if e1.SendBody != e2.SendBody {
- return false
- }
  if e1.Method != e2.Method {
  return false
  }
@@ -170,14 +165,11 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
  }
  }
 
- sb, _ := parser.GetBoolAnnotation(authBody, ing)
-
  return &External{
  URL: str,
  Host: ur.Hostname(),
  SigninURL: signin,
  Method: m,
- SendBody: sb,
  ResponseHeaders: h,
  }, nil
 }

pkg/ingress/annotations/authreq/main_test.go

@@ -74,22 +74,20 @@ func TestAnnotations(t *testing.T) {
  url string
  signinURL string
  method string
- sendBody bool
  expErr bool
  }{
- {"empty", "", "", "", false, true},
- {"no scheme", "bar", "bar", "", false, true},
- {"invalid host", "http://", "http://", "", false, true},
- {"invalid host (multiple dots)", "http://foo..bar.com", "http://foo..bar.com", "", false, true},
- {"valid URL", "http://bar.foo.com/external-auth", "http://bar.foo.com/external-auth", "", false, false},
- {"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "POST", true, false},
- {"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "GET", true, false},
+ {"empty", "", "", "", true},
+ {"no scheme", "bar", "bar", "", true},
+ {"invalid host", "http://", "http://", "", true},
+ {"invalid host (multiple dots)", "http://foo..bar.com", "http://foo..bar.com", "", true},
+ {"valid URL", "http://bar.foo.com/external-auth", "http://bar.foo.com/external-auth", "", false},
+ {"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "POST", false},
+ {"valid URL - send body", "http://foo.com/external-auth", "http://foo.com/external-auth", "GET", false},
  }
 
  for _, test := range tests {
  data[authURL] = test.url
  data[authSigninURL] = test.signinURL
- data[authBody] = fmt.Sprintf("%v", test.sendBody)
  data[authMethod] = fmt.Sprintf("%v", test.method)
 
  i, err := NewParser().Parse(ing)
@@ -112,9 +110,6 @@ func TestAnnotations(t *testing.T) {
  if u.Method != test.method {
  t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.title, test.method, u.Method)
  }
- if u.SendBody != test.sendBody {
- t.Errorf("%v: expected \"%v\" but \"%v\" was returned", test.title, test.sendBody, u.SendBody)
- }
  }
 }
 

rootfs/etc/nginx/template/nginx.tmpl

@@ -625,23 +625,24 @@ stream {
  {{ if not (empty $authPath) }}
  location = {{ $authPath }} {
  internal;
- set $proxy_upstream_name "internal";
+ set $proxy_upstream_name "external-authentication";
 
- {{ if not $location.ExternalAuth.SendBody }}
  proxy_pass_request_body off;
  proxy_set_header Content-Length "";
- {{ end }}
+
  {{ if not (empty $location.ExternalAuth.Method) }}
  proxy_method {{ $location.ExternalAuth.Method }};
  proxy_set_header X-Original-URI $request_uri;
  proxy_set_header X-Scheme $pass_access_scheme;
  {{ end }}
- proxy_pass_request_headers on;
+
  proxy_set_header Host {{ $location.ExternalAuth.Host }};
  proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
  proxy_set_header X-Auth-Request-Redirect $request_uri;
- proxy_ssl_server_name on;
+ proxy_set_header  X-Sent-From "nginx-ingress-controller";
 
+ proxy_ssl_server_name on;
+ proxy_pass_request_headers on;
  client_max_body_size "{{ $location.Proxy.BodySize }}";
  {{ if isValidClientBodyBufferSize $location.ClientBodyBufferSize }}
  client_body_buffer_size {{ $location.ClientBodyBufferSize }};
@@ -651,6 +652,7 @@ stream {
  proxy_pass $target;
  }
  {{ end }}
+
  location {{ $path }} {
  {{ if $all.Cfg.EnableVtsStatus }}{{ if $location.VtsFilterKey }} vhost_traffic_status_filter_by_set_key {{ $location.VtsFilterKey }};{{ end }}{{ end }}