Skip to content

Commit

Permalink
4.2.7 (#56)
Browse files Browse the repository at this point in the history 
* 20240503-01 usage updated

* 20240503-01

* 20240503-01

* 20240503-02

* 20240503-02

* 20240502-05 commit
Serverside mTLS authentication

* 20240502-06 commit
Serverside mTLS authentication

* 20240502-07 commit
Serverside mTLS authentication

* 20240509-01 commit
Postman collection updated
FEATURES updated
  • Loading branch information
@fabriziofiorucci
fabriziofiorucci authored May 9, 2024
1 parent b4fc44d commit f3bcfc9
Show file tree
Hide file tree
Showing 10 changed files with 525 additions and 347 deletions.
2 changes: 1 addition & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ Thumbs.db
=======
/.idea/
/src/__pycache__/
/src/v4_0/__pycache__/
/src/v4_1/__pycache__/
/src/v4_2/__pycache__/
/src/v4_3/__pycache__/
/contrib/devportal/redocly/src/__pycache__/
/venv/
45 changes: 30 additions & 15 deletions FEATURES.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,21 +2,21 @@

### NGINX `http` and `stream` servers

| Feature | API v4.1 | API v4.2 | Notes |
|-----------------------------|-----------|----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Upstreams | CRUD | CRUD | <li>Snippets supported: static and from source of truth</li> |
| HTTP servers | CRUD | CRUD | <li>Snippets supported (`http`, `servers`, `locations`): static and from source of truth</li> |
| TCP/UDP servers | CRUD | CRUD | <li>Snippets supported (`streams`, `servers`): static and from source of truth</li> |
| TLS | CRUD | CRUD | <li>Certificates and keys can be dynamically fetched from source of truth</li> |
| Client authentication | X | X | See [client authentication profiles](#Client-authentication-profiles) |
| Server authentication | X | X | See [server authentication profiles](#Upstream-and-Source-of-truth-authentication-profiles) |
| Rate limiting | X | X | |
| Active healthchecks | X | X | |
| Cookie-based stickiness | X | X | |
| HTTP headers manipulation | | X | <li>To server: set, delete</li><li>To client: add, delete, replace</li> |
| Maps | X | X | |
| NGINX Plus REST API access | X | X | |
| NGINX App Protect WAF | X | X | <li>Per-policy CRUD at `server` and `location` level</li><li>Support for dataplane-based bundle compilation</li><li>Security policies can be fetched from source of truth</li> |
| Feature | API v4.1 | API v4.2 | Notes |
|----------------------------|-----------|----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Upstreams | CRUD | CRUD | <li>Snippets supported: static and from source of truth</li> |
| HTTP servers | CRUD | CRUD | <li>Snippets supported (`http`, `servers`, `locations`): static and from source of truth</li> |
| TCP/UDP servers | CRUD | CRUD | <li>Snippets supported (`streams`, `servers`): static and from source of truth</li> |
| TLS | CRUD | CRUD | <li>Certificates and keys can be dynamically fetched from source of truth</li> |
| Client authentication | X | X | See [client authentication](#Client-authentication) |
| Upstream authentication | X | X | See [upstream and Source of truth authentication](#Upstream-and-Source-of-truth-authentication) |
| Rate limiting | X | X | |
| Active healthchecks | X | X | |
| Cookie-based stickiness | X | X | |
| HTTP headers manipulation | | X | <li>To server: set, delete</li><li>To client: add, delete, replace</li> |
| Maps | X | X | |
| NGINX Plus REST API access | X | X | |
| NGINX App Protect WAF | X | X | <li>Per-policy CRUD at `server` and `location` level</li><li>Support for dataplane-based bundle compilation</li><li>Security policies can be fetched from source of truth</li> |

### API Gateway

Expand Down Expand Up @@ -120,6 +120,7 @@ Client-side authorization profiles to be defined under `.declaration.http.author
| Bearer token | Authentication token as Authorization Bearer | X | X | `Bearer` Authorization header is injected in requests to upstreams and source of truth |
| Basic Auth | Authentication token as Authorization Basic | | X | `Basic` Authorization header is injected in requests to upstreams and source of truth |
| HTTP header | Authentication token in custom HTTP header | X | X | HTTP header is injected in requests to upstreams and source of truth |
| mTLS | Mutual TLS | X | X | Client certificate is sent to upstream / source of truth |

#### Examples

Expand Down Expand Up @@ -166,6 +167,20 @@ Server-side authentication profiles to be defined under `.declaration.http.authe
}
```

- mTLS authentication profile

```json
"server": [
{
"name": "<PROFILE_NAME>",
"type": "mtls",
"mtls": {
"certificate": "<CLIENT_CERTIFICATE>",
"key": "<CLIENT_KEY>"
}
}
```

### HTTP Headers manipulation

| Type | API v4.1 | API v4.2 | Notes |
Expand Down
Loading

0 comments on commit f3bcfc9

Please sign in to comment.