remove http cache for jwks (#8198)

Author: vepatel

internal/configs/version2/__snapshots__/templates_test.snap

@@ -1234,7 +1234,6 @@ upstream vs_default_cafe_coffee {
     keepalive 16;
 }
 
-proxy_cache_path /var/cache/nginx/jwks_uri_cafe levels=1 keys_zone=jwks_uri_cafe:1m max_size=10m;
 
 server {
     listen 80;
@@ -1256,8 +1255,6 @@ server {
         internal;
         proxy_method GET;
         proxy_set_header Content-Length "";
-        proxy_cache jwks_uri_cafe;
-        proxy_cache_valid 200 12h;
         proxy_ssl_server_name on;
         proxy_ssl_name sni.idp.spec.example.com;
         proxy_pass_request_headers off;
@@ -1270,8 +1267,6 @@ server {
         internal;
         proxy_method GET;
         proxy_set_header Content-Length "";
-        proxy_cache jwks_uri_cafe;
-        proxy_cache_valid 200 12h;
         proxy_ssl_server_name on;
         proxy_ssl_name sni.idp.spec.example.com;
         proxy_pass_request_headers off;
@@ -1362,7 +1357,6 @@ upstream vs_default_cafe_coffee {
     keepalive 16;
 }
 
-proxy_cache_path /var/cache/nginx/jwks_uri_cafe levels=1 keys_zone=jwks_uri_cafe:1m max_size=10m;
 
 server {
     listen 80;
@@ -1384,8 +1378,6 @@ server {
         internal;
         proxy_method GET;
         proxy_set_header Content-Length "";
-        proxy_cache jwks_uri_cafe;
-        proxy_cache_valid 200 12h;
         proxy_pass_request_headers off;
         proxy_pass_request_body off;
         proxy_set_header Host idp.spec.example.com;
@@ -1396,8 +1388,6 @@ server {
         internal;
         proxy_method GET;
         proxy_set_header Content-Length "";
-        proxy_cache jwks_uri_cafe;
-        proxy_cache_valid 200 12h;
         proxy_pass_request_headers off;
         proxy_pass_request_body off;
         proxy_set_header Host idp.route.example.com;

internal/configs/version2/nginx-plus.virtualserver.tmpl

@@ -115,10 +115,6 @@ map $request_method $cache_purge_{{ replaceAll $l.Cache.ZoneName "-" "_" }} {
 {{- end }}
 {{- end }}
 
-{{- with $s.JWKSAuthEnabled }}
-proxy_cache_path /var/cache/nginx/jwks_uri_{{$s.VSName}} levels=1 keys_zone=jwks_uri_{{$s.VSName}}:1m max_size=10m;
-{{- end }}
-
 {{- if and $s.OIDC $s.OIDC.PKCEEnable }}
 include oidc/oidc_pkce_supplements.conf;
 {{- end }}
@@ -290,10 +286,6 @@ server {
         internal;
         proxy_method GET;
         proxy_set_header Content-Length "";
-        {{- if .KeyCache }}
-        proxy_cache jwks_uri_{{ $s.VSName }};
-        proxy_cache_valid 200 12h;
-        {{- end }}
         {{- with .JwksURI }}
         {{- if .JwksSNIEnabled }}
         proxy_ssl_server_name on;

internal/configs/version2/templates_test.go

@@ -731,12 +731,6 @@ func TestExecuteVirtualServerTemplateWithJWKSWithToken(t *testing.T) {
 	if !bytes.Contains(got, []byte("token=$http_token")) {
 		t.Error("want `token=$http_token` in generated template")
 	}
-	if !bytes.Contains(got, []byte("proxy_cache jwks_uri_")) {
-		t.Error("want `proxy_cache` in generated template")
-	}
-	if !bytes.Contains(got, []byte("proxy_cache_valid 200 12h;")) {
-		t.Error("want `proxy_cache_valid 200 12h;` in generated template")
-	}
 
 	if !bytes.Contains(got, []byte("proxy_ssl_server_name on;")) {
 		t.Error("want `proxy_ssl_server_name on;` in generated template")
@@ -760,12 +754,6 @@ func TestExecuteVirtualServerTemplateWithJWKSWithoutToken(t *testing.T) {
 	if bytes.Contains(got, []byte("token=$http_token")) {
 		t.Error("want no `token=$http_token` string in generated template")
 	}
-	if !bytes.Contains(got, []byte("proxy_cache jwks_uri_")) {
-		t.Error("want `proxy_cache` in generated template")
-	}
-	if !bytes.Contains(got, []byte("proxy_cache_valid 200 12h;")) {
-		t.Error("want `proxy_cache_valid 200 12h;` in generated template")
-	}
 	snaps.MatchSnapshot(t, string(got))
 	t.Log(string(got))
 }