updated unit test files with logr.Discard

.github/workflows/build.yml

@@ -171,7 +171,7 @@ jobs:
           fail-build: false
 
       - name: Upload scan result to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6
+        uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
         continue-on-error: true
         with:
           sarif_file: ${{ steps.scan.outputs.sarif }}

.github/workflows/codeql-analysis.yml

@@ -44,13 +44,13 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6
+        uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
           queries: security-and-quality
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6
+        uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/scorecards.yml

@@ -60,6 +60,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6
+        uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
         with:
           sarif_file: results.sarif

.pre-commit-config.yaml

@@ -27,7 +27,7 @@ repos:
         exclude: (^examples/|^docs/|.*_test.go$)
 
   - repo: https://github.com/gitleaks/gitleaks
-    rev: v8.23.2
+    rev: v8.23.3
     hooks:
       - id: gitleaks
 

apis/v1alpha1/nginxproxy_types.go

@@ -49,11 +49,21 @@ type NginxProxySpec struct {
 	//
 	// +optional
 	Logging *NginxLogging `json:"logging,omitempty"`
+	// NginxPlus specifies NGINX Plus additional settings.
+	//
+	// +optional
+	NginxPlus *NginxPlus `json:"nginxPlus,omitempty"`
 	// DisableHTTP2 defines if http2 should be disabled for all servers.
 	// Default is false, meaning http2 will be enabled for all servers.
+	DisableHTTP2 bool `json:"disableHTTP2,omitempty"`
+}
+
+// NginxPlus specifies NGINX Plus additional settings. These will only be applied if NGINX Plus is being used.
+type NginxPlus struct {
+	// AllowedAddresses specifies IPAddresses or CIDR blocks to the allow list for accessing the NGINX Plus API.
 	//
 	// +optional
-	DisableHTTP2 bool `json:"disableHTTP2,omitempty"`
+	AllowedAddresses []NginxPlusAllowAddress `json:"allowedAddresses,omitempty"`
 }
 
 // Telemetry specifies the OpenTelemetry configuration.
@@ -149,7 +159,7 @@ type RewriteClientIP struct {
 	// +listType=map
 	// +listMapKey=type
 	// +kubebuilder:validation:MaxItems=16
-	TrustedAddresses []Address `json:"trustedAddresses,omitempty"`
+	TrustedAddresses []RewriteClientIPAddress `json:"trustedAddresses,omitempty"`
 }
 
 // RewriteClientIPModeType defines how NGINX Gateway Fabric will determine the client's original IP address.
@@ -183,28 +193,49 @@ const (
 	IPv6 IPFamilyType = "ipv6"
 )
 
-// Address is a struct that specifies address type and value.
-type Address struct {
+// RewriteClientIPAddress specifies the address type and value for a RewriteClientIP address.
+type RewriteClientIPAddress struct {
 	// Type specifies the type of address.
-	Type AddressType `json:"type"`
+	Type RewriteClientIPAddressType `json:"type"`
 
 	// Value specifies the address value.
 	Value string `json:"value"`
 }
 
-// AddressType specifies the type of address.
+// RewriteClientIPAddressType specifies the type of address.
 // +kubebuilder:validation:Enum=CIDR;IPAddress;Hostname
-type AddressType string
+type RewriteClientIPAddressType string
 
 const (
-	// CIDRAddressType specifies that the address is a CIDR block.
-	CIDRAddressType AddressType = "CIDR"
+	// RewriteClientIPCIDRAddressType specifies that the address is a CIDR block.
+	RewriteClientIPCIDRAddressType RewriteClientIPAddressType = "CIDR"
+
+	// RewriteClientIPIPAddressType specifies that the address is an IP address.
+	RewriteClientIPIPAddressType RewriteClientIPAddressType = "IPAddress"
+
+	// RewriteClientIPHostnameAddressType specifies that the address is a Hostname.
+	RewriteClientIPHostnameAddressType RewriteClientIPAddressType = "Hostname"
+)
 
-	// IPAddressType specifies that the address is an IP address.
-	IPAddressType AddressType = "IPAddress"
+// NginxPlusAllowAddress specifies the address type and value for an NginxPlus allow address.
+type NginxPlusAllowAddress struct {
+	// Type specifies the type of address.
+	Type NginxPlusAllowAddressType `json:"type"`
+
+	// Value specifies the address value.
+	Value string `json:"value"`
+}
+
+// NginxPlusAllowAddressType specifies the type of address.
+// +kubebuilder:validation:Enum=CIDR;IPAddress
+type NginxPlusAllowAddressType string
+
+const (
+	// NginxPlusAllowCIDRAddressType specifies that the address is a CIDR block.
+	NginxPlusAllowCIDRAddressType NginxPlusAllowAddressType = "CIDR"
 
-	// HostnameAddressType specifies that the address is a Hostname.
-	HostnameAddressType AddressType = "Hostname"
+	// NginxPlusAllowIPAddressType specifies that the address is an IP address.
+	NginxPlusAllowIPAddressType NginxPlusAllowAddressType = "IPAddress"
 )
 
 // NginxLogging defines logging related settings for NGINX.

charts/nginx-gateway-fabric/values.schema.json

@@ -93,6 +93,34 @@
               "required": [],
               "type": "object"
             },
+            "nginxPlus": {
+              "description": "NginxPlus specifies NGINX Plus additional settings.",
+              "properties": {
+                "allowedAddresses": {
+                  "items": {
+                    "properties": {
+                      "type": {
+                        "enum": [
+                          "CIDR",
+                          "IPAddress"
+                        ],
+                        "required": [],
+                        "type": "string"
+                      },
+                      "value": {
+                        "required": [],
+                        "type": "string"
+                      }
+                    },
+                    "required": []
+                  },
+                  "required": [],
+                  "type": "array"
+                }
+              },
+              "required": [],
+              "type": "object"
+            },
             "rewriteClientIP": {
               "description": "RewriteClientIP defines configuration for rewriting the client IP to the original client's IP.",
               "properties": {

charts/nginx-gateway-fabric/values.yaml

@@ -244,6 +244,21 @@ nginx:
   #           - crit
   #           - alert
   #           - emerg
+  #   nginxPlus:
+  #     type: object
+  #     description: NginxPlus specifies NGINX Plus additional settings.
+  #     properties:
+  #       allowedAddresses:
+  #         type: array
+  #         items:
+  #           properties:
+  #             type:
+  #               type: string
+  #               enum:
+  #                 - CIDR
+  #                 - IPAddress
+  #             value:
+  #               type: string
   # @schema
   # -- The configuration for the data plane that is contained in the NginxProxy resource.
   config: {}

cmd/gateway/initialize_test.go

@@ -8,8 +8,8 @@ import (
 	"path/filepath"
 	"testing"
 
+	"github.com/go-logr/logr"
 	. "github.com/onsi/gomega"
-	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 
 	"github.com/nginx/nginx-gateway-fabric/internal/framework/helpers"
 	"github.com/nginx/nginx-gateway-fabric/internal/mode/static/licensing/licensingfakes"
@@ -27,7 +27,7 @@ func TestInitialize_OSS(t *testing.T) {
 
 	ic := initializeConfig{
 		fileManager: fakeFileMgr,
-		logger:      zap.New(),
+		logger:      logr.Discard(),
 		copy: copyFiles{
 			destDirName:  "destDir",
 			srcFileNames: []string{"src1", "src2"},
@@ -55,7 +55,7 @@ func TestInitialize_OSS_Error(t *testing.T) {
 
 	ic := initializeConfig{
 		fileManager: fakeFileMgr,
-		logger:      zap.New(),
+		logger:      logr.Discard(),
 		copy: copyFiles{
 			destDirName:  "destDir",
 			srcFileNames: []string{"src1", "src2"},
@@ -111,7 +111,7 @@ func TestInitialize_Plus(t *testing.T) {
 
 			ic := initializeConfig{
 				fileManager:   fakeFileMgr,
-				logger:        zap.New(),
+				logger:        logr.Discard(),
 				collector:     fakeCollector,
 				fileGenerator: fakeGenerator,
 				copy: copyFiles{

config/crd/bases/gateway.nginx.org_nginxproxies.yaml

@@ -83,6 +83,31 @@ spec:
                     - emerg
                     type: string
                 type: object
+              nginxPlus:
+                description: NginxPlus specifies NGINX Plus additional settings.
+                properties:
+                  allowedAddresses:
+                    description: AllowedAddresses specifies IPAddresses or CIDR blocks
+                      to the allow list for accessing the NGINX Plus API.
+                    items:
+                      description: NginxPlusAllowAddress specifies the address type
+                        and value for an NginxPlus allow address.
+                      properties:
+                        type:
+                          description: Type specifies the type of address.
+                          enum:
+                          - CIDR
+                          - IPAddress
+                          type: string
+                        value:
+                          description: Value specifies the address value.
+                          type: string
+                      required:
+                      - type
+                      - value
+                      type: object
+                    type: array
+                type: object
               rewriteClientIP:
                 description: RewriteClientIP defines configuration for rewriting the
                   client IP to the original client's IP.
@@ -122,8 +147,8 @@ spec:
                       Sets NGINX directive set_real_ip_from: https://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
                       This field is required if mode is set.
                     items:
-                      description: Address is a struct that specifies address type
-                        and value.
+                      description: RewriteClientIPAddress specifies the address type
+                        and value for a RewriteClientIP address.
                       properties:
                         type:
                           description: Type specifies the type of address.