add sslVerify for jwksUri #8292

vepatel · 2025-09-24T15:23:23Z

Proposed changes

Adds options to enable ssl_verify on idp jwksUri
updates JWT spec with sslVerify, trustedCertSecret and sslVerifyDepth

apiVersion: k8s.nginx.org/v1
kind: Policy
metadata:
  name: jwt-policy
spec:
  jwt:
    realm: MyProductAPI
    token: $http_token
    jwksURI: https://keycloak.default.svc.cluster.local:8443/realms/jwks-example/protocol/openid-connect/certs
    keyCache: 1h
    sslVerify: true
    trustedCertSecret: keycloak-ca-secret

location = /_jwks_uri_server_default/jwt-policy {
        internal;
        proxy_method GET;
        proxy_set_header Content-Length "";
        proxy_ssl_verify on;
        proxy_ssl_verify_depth 1;
        proxy_ssl_trusted_certificate /etc/nginx/secrets/default-keycloak-ca-secret-ca.crt;
        proxy_pass_request_headers off;
        proxy_pass_request_body off;
        proxy_set_header Host keycloak.default.svc.cluster.local;
        set $idp_backend keycloak.default.svc.cluster.local;
        proxy_pass https://$idp_backend:8443/realms/jwks-example/protocol/openid-connect/certs;
    }

Checklist

Before creating a PR, run through this checklist and mark each as complete.

I have read the CONTRIBUTING doc
I have added tests that prove my fix is effective or that my feature works
I have checked that all unit tests pass after adding my changes
I have updated necessary documentation
I have rebased my branch onto main
I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

for more information, see https://pre-commit.ci

codecov · 2025-09-24T15:25:34Z

Codecov Report

❌ Patch coverage is 25.71429% with 52 lines in your changes missing coverage. Please review.
✅ Project coverage is 53.34%. Comparing base (e598c44) to head (8d75911).
⚠️ Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/configs/virtualserver.go	25.00%	26 Missing and 1 partial ⚠️
internal/k8s/controller.go	10.71%	22 Missing and 3 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8292      +/-   ##
==========================================
- Coverage   53.41%   53.34%   -0.08%     
==========================================
  Files          91       91              
  Lines       22310    22379      +69     
==========================================
+ Hits        11917    11937      +20     
- Misses       9888     9934      +46     
- Partials      505      508       +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

github-actions · 2025-09-24T15:52:51Z

Package Report

gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx, 1.29.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-module-njs, 1.29.1+0.9.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-module-otel, 1.29.1+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-agent, 3.3.2~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx, 1.29.1-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-module-njs, 1.29.1+0.9.1-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-module-otel, 1.29.1+0.1.2-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-agent, 3.3.2~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus, 35-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-njs, 35+0.9.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-otel, 35+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-fips-check, 35+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-agent, 3.3.2~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus, 35-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-njs, 35+0.9.1-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-otel, 35+0.1.2-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-fips-check, 35+0.1-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-agent, 3.3.2~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus, 35-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-njs, 35+0.9.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-otel, 35+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-fips-check, 35+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-appprotect, 35+5.498.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, app-protect, 35+5.498.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, app-protect-attack-signatures, 2025.09.30-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, app-protect-threat-campaigns, 2025.09.29-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-agent, 2.43.0~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus, 35-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-njs, 35+0.9.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-otel, 35+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-fips-check, 35+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-appprotect, 35+5.498.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, app-protect-module-plus, 35+5.498.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, app-protect-plugin, 6.20.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-agent, 2.43.0~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus, 35-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-njs, 35+0.9.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-otel, 35+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-fips-check, 35+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-appprotectdos, 35+4.7.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, app-protect-dos, 35+4.7.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus, 35-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-njs, 35+0.9.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-otel, 35+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-fips-check, 35+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-appprotect, 35+5.498.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, app-protect, 35+5.498.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, app-protect-attack-signatures, 2025.09.30-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, app-protect-threat-campaigns, 2025.09.29-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-plus-module-appprotectdos, 35+4.7.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, app-protect-dos, 35+4.7.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2, nginx-agent, 2.43.0~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine, nginx, 1.29.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine, nginx-module-njs, 1.29.1.0.9.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine, nginx-module-otel, 1.29.1.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine, nginx-agent, 3.3.2, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine, nginx, 1.29.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine, nginx-module-njs, 1.29.1.0.9.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine, nginx-module-otel, 1.29.1.0.1.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine, nginx-agent, 3.3.2, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine, nginx-plus, 35-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine, nginx-plus-module-njs, 35.0.9.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine, nginx-plus-module-otel, 35.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine, nginx-plus-module-fips-check, 35.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine, nginx-agent, 3.3.2, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine, nginx-plus, 35-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine, nginx-plus-module-njs, 35.0.9.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine, nginx-plus-module-otel, 35.0.1.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine, nginx-plus-module-fips-check, 35.0.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine, nginx-agent, 3.3.2, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-plus, 35-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-plus-module-njs, 35.0.9.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-plus-module-otel, 35.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-plus-module-fips-check, 35.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-agent, 3.3.2, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-plus, 35-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-plus-module-njs, 35.0.9.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-plus-module-otel, 35.0.1.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-plus-module-fips-check, 35.0.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-agent, 3.3.2, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-plus, 35-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-plus-module-njs, 35.0.9.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-plus-module-otel, 35.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-plus-module-fips-check, 35.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-agent, 2.43.0, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-plus-module-appprotect, 35.5.498.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, app-protect, 35.5.498.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, app-protect-attack-signatures, 2025.09.30-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, app-protect-threat-campaigns, 2025.09.29-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-plus, 35-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-plus-module-njs, 35.0.9.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-plus-module-otel, 35.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-plus-module-fips-check, 35.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-agent, 2.43.0, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, nginx-plus-module-appprotect, 35.5.498.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, app-protect-module-plus, 35.5.498.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-alpine-fips, app-protect-plugin, 6.20.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx, 1.29.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-module-njs, 1.29.1+0.9.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-module-otel, 1.29.1+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-agent, 3.3.2-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx, 1.29.1-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-module-njs, 1.29.1+0.9.2-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-module-otel, 1.29.1+0.1.2-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-agent, 3.3.2-1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus, 35-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-njs, 35+0.9.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-otel, 35+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-fips-check, 35+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-agent, 3.3.2-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus, 35-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-njs, 35+0.9.1-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-otel, 35+0.1.2-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-fips-check, 35+0.1-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-agent, 3.3.2-1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus, 35-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-njs, 35+0.9.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-otel, 35+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-fips-check, 35+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-agent, 2.43.0-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-appprotect, 35+5.498.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, app-protect, 35+5.498.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, app-protect-attack-signatures, 2025.09.30-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, app-protect-threat-campaigns, 2025.09.29-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus, 35-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-njs, 35+0.9.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-otel, 35+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-fips-check, 35+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-agent, 2.43.0-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-appprotect, 35+5.498.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, app-protect-module-plus, 35+5.498.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, app-protect-plugin, 6.20.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi8, nginx-plus, 35-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi8, nginx-plus-module-njs, 35+0.9.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi8, nginx-plus-module-otel, 35+0.1.2-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi8, nginx-plus-module-fips-check, 35+0.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi8, nginx-agent, 2.43.0-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi8, nginx-plus-module-appprotect, 35+5.498.0-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi8, app-protect, 35+5.498.0-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi8, app-protect-attack-signatures, 2025.09.30-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi8, app-protect-threat-campaigns, 2025.09.29-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi8, nginx-plus, 35-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi8, nginx-plus-module-njs, 35+0.9.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi8, nginx-plus-module-otel, 35+0.1.2-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi8, nginx-plus-module-fips-check, 35+0.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi8, nginx-agent, 2.43.0-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi8, nginx-plus-module-appprotect, 35+5.498.0-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi8, app-protect-module-plus, 35+5.498.0-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi8, app-protect-plugin, 6.20.0-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus, 35-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-njs, 35+0.9.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-otel, 35+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-fips-check, 35+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-appprotectdos, 35+4.7.3-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, app-protect-dos, 35+4.7.3-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus, 35-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-njs, 35+0.9.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-otel, 35+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-fips-check, 35+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-appprotect, 35+5.498.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-plus-module-appprotectdos, 35+4.7.3-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, nginx-agent, 2.43.0-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, app-protect, 35+5.498.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, app-protect-attack-signatures, 2025.09.30-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, app-protect-threat-campaigns, 2025.09.29-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-568eaa64c1f6da632c4e5f180d70b9e2-ubi, app-protect-dos, 35+4.7.3-1.el9.ngx, x86_64

pkg/apis/configuration/v1/types.go

internal/configs/version2/templates_test.go

Copilot

Pull Request Overview

This PR adds SSL verification capabilities for JWKS (JSON Web Key Set) URIs in JWT authentication policies. The enhancement allows users to configure SSL certificate verification when NGINX fetches JWKS from remote servers, improving security by validating the identity of the JWKS provider.

Key changes:

Added three new fields to JWTAuth: sslVerify, trustedCertSecret, and sslVerifyDepth
Enhanced template generation to include SSL verification directives in NGINX configuration
Added comprehensive validation logic for SSL configuration consistency

Reviewed Changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
pkg/apis/configuration/v1/types.go	Added SSL verification fields to JWTAuth struct
pkg/apis/configuration/validation/policy.go	Added validation for SSL verification configuration
internal/configs/virtualserver.go	Implemented SSL certificate handling and configuration generation
internal/configs/version2/nginx-plus.virtualserver.tmpl	Added SSL verification directives to NGINX template
internal/k8s/controller.go	Added JWT trusted certificate secret reference handling
pkg/apis/configuration/validation/policy_test.go	Added comprehensive test cases for SSL verification validation
internal/configs/version2/templates_test.go	Added tests for SSL verification template generation

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

pkg/apis/configuration/validation/policy.go

javorszky

Approving, small nit, which @pdabelf5 already seems to have found in a kubebuilder comment

config/crd/bases/k8s.nginx.org_policies.yaml

vepatel added 2 commits September 24, 2025 16:22

add sskVerify for jwksUri

3a8cd43

Merge branch 'main' into feat/sslverify-jwks

df9a67e

github-actions bot added enhancement Pull requests for new features/feature enhancements go Pull requests that update Go code labels Sep 24, 2025

[pre-commit.ci] auto fixes from pre-commit.com hooks

51dc2db

for more information, see https://pre-commit.ci

make format

e4968ac

vepatel changed the title ~~add sskVerify for jwksUri~~ add sslVerify for jwksUri Sep 24, 2025

pdabelf5 reviewed Sep 25, 2025

View reviewed changes

pkg/apis/configuration/v1/types.go Outdated Show resolved Hide resolved

pkg/apis/configuration/v1/types.go Show resolved Hide resolved

internal/configs/version2/templates_test.go Show resolved Hide resolved

vepatel requested a review from Copilot September 25, 2025 09:48

Copilot AI reviewed Sep 25, 2025

View reviewed changes

pkg/apis/configuration/validation/policy.go Show resolved Hide resolved

Merge branch 'main' into feat/sslverify-jwks

2cc1177

vepatel marked this pull request as ready for review September 25, 2025 12:29

vepatel requested a review from a team as a code owner September 25, 2025 12:29

Merge branch 'main' into feat/sslverify-jwks

8bc4d57

javorszky previously approved these changes Sep 25, 2025

View reviewed changes

config/crd/bases/k8s.nginx.org_policies.yaml Outdated Show resolved Hide resolved

AlexFenlon previously approved these changes Sep 25, 2025

View reviewed changes

vepatel added 4 commits September 26, 2025 10:40

Merge branch 'main' into feat/sslverify-jwks

0f6b9ce

Merge branch 'main' into feat/sslverify-jwks

fe127f9

Merge branch 'main' into feat/sslverify-jwks

05cedd6

address review comments

1172cf5

vepatel dismissed stale reviews from AlexFenlon and javorszky via 1172cf5 September 30, 2025 14:59

vepatel mentioned this pull request Sep 30, 2025

nic: add docs for sslVerify in JWT policy nginx/documentation#1198

Merged

5 tasks

vepatel added 4 commits October 1, 2025 09:30

Merge branch 'main' into feat/sslverify-jwks

f19d05a

add more tests

718d807

Merge branch 'main' into feat/sslverify-jwks

615e090

fix tests

8f39de4

pdabelf5 approved these changes Oct 1, 2025

View reviewed changes

vepatel enabled auto-merge (squash) October 1, 2025 11:46

Merge branch 'main' into feat/sslverify-jwks

8d75911

AlexFenlon approved these changes Oct 1, 2025

View reviewed changes

vepatel merged commit 75f0850 into main Oct 1, 2025
83 checks passed

vepatel deleted the feat/sslverify-jwks branch October 1, 2025 13:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

add sslVerify for jwksUri #8292

add sslVerify for jwksUri #8292

Uh oh!

vepatel commented Sep 24, 2025 •

edited

Loading

Uh oh!

codecov bot commented Sep 24, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Sep 24, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

javorszky left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

add sslVerify for jwksUri #8292

add sslVerify for jwksUri #8292

Uh oh!

Conversation

vepatel commented Sep 24, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Proposed changes

Checklist

Uh oh!

codecov bot commented Sep 24, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

github-actions bot commented Sep 24, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Package Report

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull Request Overview

Reviewed Changes

Uh oh!

Uh oh!

javorszky left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

vepatel commented Sep 24, 2025 •

edited

Loading

codecov bot commented Sep 24, 2025 •

edited

Loading

github-actions bot commented Sep 24, 2025 •

edited

Loading