nginx
diff --git a/‎internal/configs/version2/__snapshots__/templates_test.snap‎
Lines changed: 47 additions & 0 deletions b/‎internal/configs/version2/__snapshots__/templates_test.snap‎
Lines changed: 47 additions & 0 deletions
diff --git a/‎internal/configs/version2/http.go‎
Lines changed: 7 additions & 0 deletions b/‎internal/configs/version2/http.go‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎internal/configs/version2/nginx-plus.virtualserver.tmpl‎
Lines changed: 4 additions & 0 deletions b/‎internal/configs/version2/nginx-plus.virtualserver.tmpl‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎internal/configs/version2/templates_test.go‎
Lines changed: 126 additions & 0 deletions b/‎internal/configs/version2/templates_test.go‎
Lines changed: 126 additions & 0 deletions
@@ -2257,6 +2257,53 @@ server {
 
 
 
+}
+
+---
+
+[TestExecuteVirtualServerTemplate_RendersTemplateWithRateLimitJWTClaim - 1]
+
+auth_jwt_claim_set $jwt_default_webapp_group_consumer_group_type consumer_group type
+map $jwt_default_webapp_group_consumer_group_type $rate_limit_default_webapp_group_consumer_group_type {
+ default Group3;
+ Gold Group1;
+ Silver Group2;
+ Bronze Group3;
+}
+map $rate_limit_default_webapp_group_consumer_group_type $http_gold {
+ default '';
+ Group1 $jwt_claim_sub;
+}
+map $rate_limit_default_webapp_group_consumer_group_type $http_silver {
+ default '';
+ Group2 $jwt_claim_sub;
+}
+map $rate_limit_default_webapp_group_consumer_group_type $http_bronze {
+ default '';
+ Group3 $jwt_claim_sub;
+}
+# HTTP snippet
+limit_req_zone $url zone=pol_rl_test_test_test:10m rate=10r/s;
+
+server {
+ listen 80;
+ listen [::]:80;
+
+
+ server_name example.com;
+ status_zone example.com;
+ set $resource_type "virtualserver";
+ set $resource_name "";
+ set $resource_namespace "";
+
+ server_tokens "off";
+ limit_req_log_level error;
+ limit_req_status 503;
+ limit_req zone=pol_rl_test_test_test burst=5 delay=10;
+
+ 
+
+ 
 }
 
 ---
 
@@ -18,6 +18,7 @@ type VirtualServerConfig struct {
 KeyVals []KeyVal
 LimitReqZones []LimitReqZone
 Maps []Map
+AuthJwtClaimSet []AuthJwtClaimSet
 Server Server
 SpiffeCerts bool
 SpiffeClientCerts bool
@@ -28,6 +29,12 @@ type VirtualServerConfig struct {
 StaticSSLPath string
 }
 
+// AuthJwtClaimSet defines the values for the `auth_jwt_claim_set` directive
+type AuthJwtClaimSet struct {
+Variable string
+Claims string
+}
+
 // Upstream defines an upstream.
 type Upstream struct {
 Name string
 
@@ -50,6 +50,10 @@ split_clients {{ $sc.Source }} {{ $sc.Variable }} {
 }
 {{- end }}
 
+{{- range $claim := .AuthJwtClaimSet }}
+auth_jwt_claim_set {{ $claim.Variable }} {{ $claim.Claims}}
+{{- end }}
+
 {{- range $m := .Maps }}
 map {{ $m.Source }} {{ $m.Variable }} {
  {{- range $p := $m.Parameters }}
 
@@ -93,6 +93,34 @@ func TestExecuteVirtualServerTemplate_RendersTemplateWithServerGunzipNotSet(t *t
 t.Log(string(got))
 }
 
+func TestExecuteVirtualServerTemplate_RendersTemplateWithRateLimitJWTClaim(t *testing.T) {
+t.Parallel()
+executor := newTmplExecutorNGINXPlus(t)
+got, err := executor.ExecuteVirtualServerTemplate(&virtualServerCfgWithRateLimitJWTClaim)
+if err != nil {
+t.Error(err)
+}
+wantedStrings := []string{
+"auth_jwt_claim_set",
+"$rate_limit_default_webapp_group_consumer_group_type",
+"$jwt_default_webapp_group_consumer_group_type",
+"Group1",
+"Group2",
+"Group3",
+"$http_bronze",
+"$http_silver",
+"$http_gold",
+}
+for _, value := range wantedStrings {
+if !bytes.Contains(got, []byte(value)) {
+t.Errorf("didn't get `%s`", value)
+}
+}
+
+snaps.MatchSnapshot(t, string(got))
+t.Log(string(got))
+}
+
 func TestExecuteVirtualServerTemplate_RendersTemplateWithSessionCookieSameSite(t *testing.T) {
 t.Parallel()
 executor := newTmplExecutorNGINXPlus(t)
@@ -1539,6 +1567,104 @@ var (
 },
 }
 
+virtualServerCfgWithRateLimitJWTClaim = VirtualServerConfig{
+LimitReqZones: []LimitReqZone{
+{
+ZoneName: "pol_rl_test_test_test", Rate: "10r/s", ZoneSize: "10m", Key: "$url",
+},
+},
+Upstreams: []Upstream{},
+AuthJwtClaimSet: []AuthJwtClaimSet{
+{
+Variable: "$jwt_default_webapp_group_consumer_group_type",
+Claims: "consumer_group type",
+},
+},
+Maps: []Map{
+{
+Source: "$jwt_default_webapp_group_consumer_group_type",
+Variable: "$rate_limit_default_webapp_group_consumer_group_type",
+Parameters: []Parameter{
+{
+Value: "default",
+Result: "Group3",
+},
+{
+Value: "Gold",
+Result: "Group1",
+},
+{
+Value: "Silver",
+Result: "Group2",
+},
+{
+Value: "Bronze",
+Result: "Group3",
+},
+},
+},
+{
+Source: "$rate_limit_default_webapp_group_consumer_group_type",
+Variable: "$http_gold",
+Parameters: []Parameter{
+{
+Value: "default",
+Result: "''",
+},
+{
+Value: "Group1",
+Result: "$jwt_claim_sub",
+},
+},
+},
+{
+Source: "$rate_limit_default_webapp_group_consumer_group_type",
+Variable: "$http_silver",
+Parameters: []Parameter{
+{
+Value: "default",
+Result: "''",
+},
+{
+Value: "Group2",
+Result: "$jwt_claim_sub",
+},
+},
+},
+{
+Source: "$rate_limit_default_webapp_group_consumer_group_type",
+Variable: "$http_bronze",
+Parameters: []Parameter{
+{
+Value: "default",
+Result: "''",
+},
+{
+Value: "Group3",
+Result: "$jwt_claim_sub",
+},
+},
+},
+},
+HTTPSnippets: []string{"# HTTP snippet"},
+Server: Server{
+ServerName: "example.com",
+StatusZone: "example.com",
+ServerTokens: "off",
+LimitReqs: []LimitReq{
+{
+ZoneName: "pol_rl_test_test_test",
+Delay: 10,
+Burst: 5,
+},
+},
+LimitReqOptions: LimitReqOptions{
+LogLevel: "error",
+RejectCode: 503,
+},
+},
+}
+
 virtualServerCfgWithWAFApBundle = VirtualServerConfig{
 Server: Server{
 ServerName: "example.com",