Merged
Conversation
… make it work for future Ingress tests too.
- Updated NGINX ingress templates to wrap header values in quotes for consistency. - Removed the generateProxySetHeaders function and replaced its usage with direct header setting in templates. - Simplified header validation logic in validation.go to improve readability and maintainability. - Added comprehensive tests for proxy set header validation to ensure proper error handling for various cases. - Enhanced existing tests to reflect changes in header formatting and validation.
…OAuth2Location, getServerErrorPages
github-actions
Bot
added
enhancement
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
haywoodsh
reviewed
Apr 8, 2026
vepatel
previously approved these changes
Apr 15, 2026
haywoodsh
reviewed
Apr 15, 2026
- Simplified test cases in by removing redundant code and utilizing the new header building function. - Updated the fixture to be more flexible with parameters, allowing for easier configuration of test scenarios.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
vepatel
previously approved these changes
Apr 17, 2026
Signed-off-by: AlexFenlon <a.fenlon@f5.com>
vepatel
approved these changes
Apr 20, 2026
haywoodsh
approved these changes
Apr 20, 2026
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
github-project-automation
Bot
moved this from Todo ☑
to Done 🚀
in NGINX Ingress Controller
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces a new
externalAuthpolicy to the NGINX Ingress Controller, enabling authentication of client requests using an external authentication server (such as oauth2-proxy or a custom service). The changes include updates to the CRD schema, documentation, and a comprehensive example demonstrating how to use the new feature with both HTTP Basic Auth and OAuth2 Proxy in a Mergeable Ingress scenario.Examples and Usage
examples/ingress-resources/external-auth-mergeable) that demonstrates how to use theexternalAuthpolicy with both HTTP Basic Auth and OAuth2 Proxy (GitHub) in a Mergeable Ingress configuration. The example includes step-by-step instructions, file descriptions, and testing guidance.Policymanifest for HTTP Basic Auth using the newexternalAuthfield, showing how to configure TLS verification and reference the appropriate backend service and CA secret.docs: nginx/documentation#1838
Checklist
Before creating a PR, run through this checklist and mark each as complete.