Skip to content

Add SNI to NIC JWT Policy #7993

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Add SNI to NIC JWT Policy #7993

wants to merge 7 commits into from

Conversation

javorszky
Copy link
Contributor

@javorszky javorszky commented Jul 7, 2025
edited
Loading

Proposed changes

Closes #7427

Adds the ability to specify SNI related options for jwt policies.

There are two configuration options:

  • sniEnabled, which controls the value of the proxy_ssl_server_name nginx directive, and
  • sniName, which controls the value of the proxy_ssl_name` nginx directive

Specifying sniName without SNI being enabled will result in an error.

Documentation PR: nginx/documentation#795

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

@github-actions github-actions bot added enhancement Pull requests for new features/feature enhancements go Pull requests that update Go code labels Jul 7, 2025
@codecov Codecov
Copy link

codecov bot commented Jul 7, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 68.00000% with 8 lines in your changes missing coverage. Please review.

Project coverage is 52.96%. Comparing base (45add90) to head (7c2c3e4).
Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
pkg/apis/configuration/validation/policy.go 57.89% 7 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7993      +/-   ##
==========================================
+ Coverage   52.95%   52.96%   +0.01%     
==========================================
  Files          90       90              
  Lines       21729    21749      +20     
==========================================
+ Hits        11506    11519      +13     
- Misses       9746     9752       +6     
- Partials      477      478       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@javorszky javorszky force-pushed the feat/7427-sni-in-jwt-policy branch from 8e60efa to 76d3797 Compare July 8, 2025 12:44
@javorszky javorszky marked this pull request as ready for review July 8, 2025 12:45
@javorszky javorszky requested a review from a team as a code owner July 8, 2025 12:45
@javorszky javorszky mentioned this pull request Jul 8, 2025
Draft
10 tasks
@javorszky javorszky force-pushed the feat/7427-sni-in-jwt-policy branch from 5a23849 to 7c2c3e4 Compare July 8, 2025 16:12
vepatel
vepatel reviewed Jul 10, 2025
View reviewed changes
pkg/apis/configuration/v1/types.go
Token string `json:"token"`
JwksURI string `json:"jwksURI"`
KeyCache string `json:"keyCache"`
SNIEnabled bool `json:"sniEnabled"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@haywoodsh can we add same description here in the keys as the PR in docs

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nginx/documentation#795

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay working on it. I guess the review for the docs will be done in this PR then.

vepatel
vepatel reviewed Jul 10, 2025
View reviewed changes
internal/configs/version2/templates_test.go
JwksPort: "443",
JwksPath: "/spec-keys",
JwksSNIEnabled: true,
JwksSNIName: "sni.idp.spec.example.com",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@haywoodsh same test at the route level line#2371

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haywoodsh haywoodsh haywoodsh left review comments

@vepatel vepatel vepatel left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
enhancement Pull requests for new features/feature enhancements go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add SNI for JWT policy
3 participants
@javorszky @haywoodsh @vepatel