From 9f8b729bf1ea6b7a64384f437596f9b4cb3a69d3 Mon Sep 17 00:00:00 2001 From: KevFan Date: Tue, 1 Oct 2024 12:12:49 +0100 Subject: [PATCH] refactor: oneOf for v1beta3 Signed-off-by: KevFan --- install/crd/patches/oneof_in_authconfigs.yaml | 216 +++++++++++++++- install/manifests.yaml | 232 ++++++++++++++++++ 2 files changed, 447 insertions(+), 1 deletion(-) diff --git a/install/crd/patches/oneof_in_authconfigs.yaml b/install/crd/patches/oneof_in_authconfigs.yaml index bfd752de..ee4c1e1d 100644 --- a/install/crd/patches/oneof_in_authconfigs.yaml +++ b/install/crd/patches/oneof_in_authconfigs.yaml @@ -1,6 +1,220 @@ # Enables oneOf validation for the identity/authentication, metadata, authorization, and response fields. # v1beta2 +- op: add + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/authentication/additionalProperties/oneOf + value: + - properties: + credentials: {} + oauth2Introspection: {} + required: [oauth2Introspection] + - properties: + credentials: {} + jwt: {} + required: [jwt] + - properties: + credentials: {} + apiKey: {} + required: [apiKey] + - properties: + credentials: {} + x509: {} + required: [x509] + - properties: + credentials: {} + kubernetesTokenReview: {} + required: [kubernetesTokenReview] + - properties: + credentials: {} + anonymous: {} + required: [anonymous] + - properties: + credentials: {} + plain: {} + required: [plain] + +- op: add + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/metadata/additionalProperties/oneOf + value: + - properties: + userInfo: {} + required: [userInfo] + - properties: + uma: {} + required: [uma] + - properties: + http: {} + required: [http] + +- op: add + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/authorization/additionalProperties/oneOf + value: + - properties: + opa: {} + required: [opa] + - properties: + patternMatching: {} + required: [patternMatching] + - properties: + kubernetesSubjectAccessReview: {} + required: [kubernetesSubjectAccessReview] + - properties: + spicedb: {} + required: [spicedb] + +- op: add + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/response/properties/success/properties/headers/additionalProperties/oneOf + value: + - properties: + wristband: {} + required: [wristband] + - properties: + json: {} + required: [json] + - properties: + plain: {} + required: [plain] + +- op: add + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/response/properties/success/properties/dynamicMetadata/additionalProperties/oneOf + value: + - properties: + wristband: {} + required: [wristband] + - properties: + json: {} + required: [json] + - properties: + plain: {} + required: [plain] + +- op: add + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/authorization/additionalProperties/properties/patternMatching/properties/patterns/items/oneOf + value: + - properties: + patternRef: {} + required: [patternRef] + - properties: + operator: {} + selector: {} + value: {} + required: [operator, selector] + - properties: + all: {} + required: [all] + - properties: + any: {} + required: [any] + +- op: add + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/when/items/oneOf + value: + - properties: + patternRef: {} + required: [patternRef] + - properties: + operator: {} + selector: {} + value: {} + required: [operator, selector] + - properties: + all: {} + required: [all] + - properties: + any: {} + required: [any] + +- op: add + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/authentication/additionalProperties/properties/when/items/oneOf + value: + - properties: + patternRef: {} + required: [patternRef] + - properties: + operator: {} + selector: {} + value: {} + required: [operator, selector] + - properties: + all: {} + required: [all] + - properties: + any: {} + required: [any] + +- op: add + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/metadata/additionalProperties/properties/when/items/oneOf + value: + - properties: + patternRef: {} + required: [patternRef] + - properties: + operator: {} + selector: {} + value: {} + required: [operator, selector] + - properties: + all: {} + required: [all] + - properties: + any: {} + required: [any] + +- op: add + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/authorization/additionalProperties/properties/when/items/oneOf + value: + - properties: + patternRef: {} + required: [patternRef] + - properties: + operator: {} + selector: {} + value: {} + required: [operator, selector] + - properties: + all: {} + required: [all] + - properties: + any: {} + required: [any] + +- op: add + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/response/properties/success/properties/headers/additionalProperties/properties/when/items/oneOf + value: + - properties: + patternRef: {} + required: [patternRef] + - properties: + operator: {} + selector: {} + value: {} + required: [operator, selector] + - properties: + all: {} + required: [all] + - properties: + any: {} + required: [any] + +- op: add + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/response/properties/success/properties/dynamicMetadata/additionalProperties/properties/when/items/oneOf + value: + - properties: + patternRef: {} + required: [patternRef] + - properties: + operator: {} + selector: {} + value: {} + required: [operator, selector] + - properties: + all: {} + required: [all] + - properties: + any: {} + required: [any] + +# v1beta3 - op: add path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/authentication/additionalProperties/oneOf value: @@ -212,4 +426,4 @@ required: [all] - properties: any: {} - required: [any] + required: [any] \ No newline at end of file diff --git a/install/manifests.yaml b/install/manifests.yaml index dcd3a7c5..b8d66669 100644 --- a/install/manifests.yaml +++ b/install/manifests.yaml @@ -76,6 +76,42 @@ spec: properties: authentication: additionalProperties: + oneOf: + - properties: + credentials: {} + oauth2Introspection: {} + required: + - oauth2Introspection + - properties: + credentials: {} + jwt: {} + required: + - jwt + - properties: + apiKey: {} + credentials: {} + required: + - apiKey + - properties: + credentials: {} + x509: {} + required: + - x509 + - properties: + credentials: {} + kubernetesTokenReview: {} + required: + - kubernetesTokenReview + - properties: + anonymous: {} + credentials: {} + required: + - anonymous + - properties: + credentials: {} + plain: {} + required: + - plain properties: anonymous: description: Anonymous access. @@ -324,6 +360,26 @@ spec: If omitted, the config will be enforced for all requests. If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. items: + oneOf: + - properties: + patternRef: {} + required: + - patternRef + - properties: + operator: {} + selector: {} + value: {} + required: + - operator + - selector + - properties: + all: {} + required: + - all + - properties: + any: {} + required: + - any properties: all: description: A list of pattern expressions to be evaluated @@ -433,6 +489,23 @@ spec: type: object authorization: additionalProperties: + oneOf: + - properties: + opa: {} + required: + - opa + - properties: + patternMatching: {} + required: + - patternMatching + - properties: + kubernetesSubjectAccessReview: {} + required: + - kubernetesSubjectAccessReview + - properties: + spicedb: {} + required: + - spicedb properties: cache: description: |- @@ -803,6 +876,26 @@ spec: properties: patterns: items: + oneOf: + - properties: + patternRef: {} + required: + - patternRef + - properties: + operator: {} + selector: {} + value: {} + required: + - operator + - selector + - properties: + all: {} + required: + - all + - properties: + any: {} + required: + - any properties: all: description: A list of pattern expressions to be evaluated @@ -964,6 +1057,26 @@ spec: If omitted, the config will be enforced for all requests. If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. items: + oneOf: + - properties: + patternRef: {} + required: + - patternRef + - properties: + operator: {} + selector: {} + value: {} + required: + - operator + - selector + - properties: + all: {} + required: + - all + - properties: + any: {} + required: + - any properties: all: description: A list of pattern expressions to be evaluated @@ -1304,6 +1417,19 @@ spec: type: array metadata: additionalProperties: + oneOf: + - properties: + userInfo: {} + required: + - userInfo + - properties: + uma: {} + required: + - uma + - properties: + http: {} + required: + - http properties: cache: description: |- @@ -1574,6 +1700,26 @@ spec: If omitted, the config will be enforced for all requests. If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. items: + oneOf: + - properties: + patternRef: {} + required: + - patternRef + - properties: + operator: {} + selector: {} + value: {} + required: + - operator + - selector + - properties: + all: {} + required: + - all + - properties: + any: {} + required: + - any properties: all: description: A list of pattern expressions to be evaluated @@ -1665,6 +1811,19 @@ spec: dynamicMetadata: additionalProperties: description: Settings of the success custom response item. + oneOf: + - properties: + wristband: {} + required: + - wristband + - properties: + json: {} + required: + - json + - properties: + plain: {} + required: + - plain properties: cache: description: |- @@ -1752,6 +1911,26 @@ spec: If omitted, the config will be enforced for all requests. If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. items: + oneOf: + - properties: + patternRef: {} + required: + - patternRef + - properties: + operator: {} + selector: {} + value: {} + required: + - operator + - selector + - properties: + all: {} + required: + - all + - properties: + any: {} + required: + - any properties: all: description: A list of pattern expressions to @@ -1864,6 +2043,19 @@ spec: type: object headers: additionalProperties: + oneOf: + - properties: + wristband: {} + required: + - wristband + - properties: + json: {} + required: + - json + - properties: + plain: {} + required: + - plain properties: cache: description: |- @@ -1951,6 +2143,26 @@ spec: If omitted, the config will be enforced for all requests. If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. items: + oneOf: + - properties: + patternRef: {} + required: + - patternRef + - properties: + operator: {} + selector: {} + value: {} + required: + - operator + - selector + - properties: + all: {} + required: + - all + - properties: + any: {} + required: + - any properties: all: description: A list of pattern expressions to @@ -2182,6 +2394,26 @@ spec: If omitted, the AuthConfig will be enforced at all requests. If present, all conditions must match for the AuthConfig to be enforced; otherwise, Authorino skips the AuthConfig and returns to the auth request with status OK. items: + oneOf: + - properties: + patternRef: {} + required: + - patternRef + - properties: + operator: {} + selector: {} + value: {} + required: + - operator + - selector + - properties: + all: {} + required: + - all + - properties: + any: {} + required: + - any properties: all: description: A list of pattern expressions to be evaluated as