From ef30130f37893ba1b11db7ed0ed67410aeb11980 Mon Sep 17 00:00:00 2001 From: Jim Fitzpatrick Date: Thu, 30 Nov 2023 09:21:57 +0000 Subject: [PATCH 01/10] Add Authorino types --- api/v1beta1/kuadrant_types.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/api/v1beta1/kuadrant_types.go b/api/v1beta1/kuadrant_types.go index 152d43b83..dc8874890 100644 --- a/api/v1beta1/kuadrant_types.go +++ b/api/v1beta1/kuadrant_types.go @@ -19,6 +19,7 @@ package v1beta1 import ( "github.com/go-logr/logr" "github.com/google/go-cmp/cmp" + authorinov1beta1 "github.com/kuadrant/authorino-operator/api/v1beta1" limitadorv1alpha1 "github.com/kuadrant/limitador-operator/api/v1alpha1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -31,10 +32,22 @@ import ( // KuadrantSpec defines the desired state of Kuadrant type KuadrantSpec struct { + // +optional + Authorino *AuthorinoSpec `json:"authorino,omitempty"` // +optional Limitador *LimitadorSpec `json:"limitador,omitempty"` } +type AuthorinoSpec struct { + EvaluatorCacheSize *int `json:"evaluatorCacheSize,omitempty"` + Listener *authorinov1beta1.Listener `json:"listener,omitempty"` + Metrics *authorinov1beta1.Metrics `json:"metrics,omitempty"` + OIDCServer *authorinov1beta1.OIDCServer `json:"oidcServer,omitempty"` + Replicas *int32 `json:"replicas,omitempty"` + Tracing *authorinov1beta1.Tracing `json:"tracing,omitempty"` + Volumes *authorinov1beta1.VolumesSpec `json:"volumes,omitempty"` +} + type LimitadorSpec struct { // +optional From b11526c670e731e89d8c9cc851e93da6cbb9b3a6 Mon Sep 17 00:00:00 2001 From: Jim Fitzpatrick Date: Thu, 30 Nov 2023 15:10:03 +0000 Subject: [PATCH 02/10] Reconcile authorino spec from kuadrant CR --- api/v1beta1/kuadrant_types.go | 13 +- controllers/kuadrant_controller.go | 81 ++++++--- pkg/common/common.go | 1 + pkg/kuadranttools/authorino_tools.go | 70 ++++++++ pkg/kuadranttools/authorino_tools_test.go | 200 ++++++++++++++++++++++ 5 files changed, 340 insertions(+), 25 deletions(-) create mode 100644 pkg/kuadranttools/authorino_tools.go create mode 100644 pkg/kuadranttools/authorino_tools_test.go diff --git a/api/v1beta1/kuadrant_types.go b/api/v1beta1/kuadrant_types.go index dc8874890..df506ba24 100644 --- a/api/v1beta1/kuadrant_types.go +++ b/api/v1beta1/kuadrant_types.go @@ -40,7 +40,7 @@ type KuadrantSpec struct { type AuthorinoSpec struct { EvaluatorCacheSize *int `json:"evaluatorCacheSize,omitempty"` - Listener *authorinov1beta1.Listener `json:"listener,omitempty"` + Listener *AuthorinoListener `json:"listener,omitempty"` Metrics *authorinov1beta1.Metrics `json:"metrics,omitempty"` OIDCServer *authorinov1beta1.OIDCServer `json:"oidcServer,omitempty"` Replicas *int32 `json:"replicas,omitempty"` @@ -48,6 +48,17 @@ type AuthorinoSpec struct { Volumes *authorinov1beta1.VolumesSpec `json:"volumes,omitempty"` } +type AuthorinoListener struct { + // Port numbers of the GRPC and HTTP auth interfaces. + Ports *authorinov1beta1.Ports `json:"ports,omitempty"` + // TLS configuration of the auth service (GRPC and HTTP interfaces). + Tls *authorinov1beta1.Tls `json:"tls"` + // Timeout of the auth service (GRPC and HTTP interfaces), in milliseconds. + Timeout *int `json:"timeout,omitempty"` + // Maximum payload (request body) size for the auth service (HTTP interface), in bytes. + MaxHttpRequestBodySize *int `json:"maxHttpRequestBodySize,omitempty"` +} + type LimitadorSpec struct { // +optional diff --git a/controllers/kuadrant_controller.go b/controllers/kuadrant_controller.go index 626149785..875c67f11 100644 --- a/controllers/kuadrant_controller.go +++ b/controllers/kuadrant_controller.go @@ -459,38 +459,71 @@ func (r *KuadrantReconciler) reconcileLimitador(ctx context.Context, kObj *kuadr } func (r *KuadrantReconciler) reconcileAuthorino(ctx context.Context, kObj *kuadrantv1beta1.Kuadrant) error { - tmpFalse := false - authorino := &authorinov1beta1.Authorino{ - TypeMeta: metav1.TypeMeta{ - Kind: "Authorino", - APIVersion: "operator.authorino.kuadrant.io/v1beta1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "authorino", - Namespace: kObj.Namespace, - }, - Spec: authorinov1beta1.AuthorinoSpec{ - ClusterWide: true, - SupersedingHostSubsets: true, - Listener: authorinov1beta1.Listener{ - Tls: authorinov1beta1.Tls{ - Enabled: &tmpFalse, + authorinoKey := client.ObjectKey{Name: common.AuthorinoName, Namespace: kObj.Namespace} + authorino := &authorinov1beta1.Authorino{} + err := r.Client().Get(ctx, authorinoKey, authorino) + if err != nil { + if apierrors.IsNotFound(err) { + tmpFalse := false + authorino = &authorinov1beta1.Authorino{ + TypeMeta: metav1.TypeMeta{ + Kind: "Authorino", + APIVersion: "operator.authorino.kuadrant.io/v1beta1", }, - }, - OIDCServer: authorinov1beta1.OIDCServer{ - Tls: authorinov1beta1.Tls{ - Enabled: &tmpFalse, + ObjectMeta: metav1.ObjectMeta{ + Name: common.AuthorinoName, + Namespace: kObj.Namespace, }, - }, - }, + Spec: authorinov1beta1.AuthorinoSpec{ + ClusterWide: true, + SupersedingHostSubsets: true, + Listener: authorinov1beta1.Listener{ + Tls: authorinov1beta1.Tls{ + Enabled: &tmpFalse, + }, + }, + OIDCServer: authorinov1beta1.OIDCServer{ + Tls: authorinov1beta1.Tls{ + Enabled: &tmpFalse, + }, + }, + }, + } + } else { + return err + } + } + + if kObj.Spec.Authorino != nil { + if kObj.Spec.Authorino.EvaluatorCacheSize != nil { + authorino.Spec.EvaluatorCacheSize = kObj.Spec.Authorino.EvaluatorCacheSize + } + if kObj.Spec.Authorino.Metrics != nil { + authorino.Spec.Metrics = *kObj.Spec.Authorino.Metrics + } + if kObj.Spec.Authorino.Replicas != nil { + authorino.Spec.Replicas = kObj.Spec.Authorino.Replicas + } + if kObj.Spec.Authorino.Tracing != nil { + authorino.Spec.Tracing = *kObj.Spec.Authorino.Tracing + } + if kObj.Spec.Authorino.OIDCServer != nil { + authorino.Spec.OIDCServer = *kObj.Spec.Authorino.OIDCServer + } + if kObj.Spec.Authorino.Listener != nil { + authorino.Spec.Listener = kuadranttools.MapListenerSpec(&authorino.Spec.Listener, *kObj.Spec.Authorino.Listener) + } + if kObj.Spec.Authorino.Volumes != nil { + authorino.Spec.Volumes = *kObj.Spec.Authorino.Volumes + } } - err := r.SetOwnerReference(kObj, authorino) + err = r.SetOwnerReference(kObj, authorino) if err != nil { return err } - return r.ReconcileResource(ctx, &authorinov1beta1.Authorino{}, authorino, reconcilers.CreateOnlyMutator) + return r.ReconcileResource(ctx, &authorinov1beta1.Authorino{}, authorino, kuadranttools.AuthorinoMutator) } // SetupWithManager sets up the controller with the Manager. diff --git a/pkg/common/common.go b/pkg/common/common.go index 68312ce2c..86d8264e3 100644 --- a/pkg/common/common.go +++ b/pkg/common/common.go @@ -31,6 +31,7 @@ const ( AuthPolicyBackRefAnnotation = "kuadrant.io/authpolicy" NamespaceSeparator = '/' LimitadorName = "limitador" + AuthorinoName = "authorino" ) // MergeMapStringString Merge desired into existing. diff --git a/pkg/kuadranttools/authorino_tools.go b/pkg/kuadranttools/authorino_tools.go new file mode 100644 index 000000000..c98aedb06 --- /dev/null +++ b/pkg/kuadranttools/authorino_tools.go @@ -0,0 +1,70 @@ +package kuadranttools + +import ( + "fmt" + authorinov1beta1 "github.com/kuadrant/authorino-operator/api/v1beta1" + "github.com/kuadrant/kuadrant-operator/api/v1beta1" + "reflect" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +func AuthorinoMutator(existingObj, desiredObj client.Object) (bool, error) { + update := false + existing, ok := existingObj.(*authorinov1beta1.Authorino) + if !ok { + return false, fmt.Errorf("existingObj %T is not a *authorinoauthorinov1beta1.Authorino", existingObj) + } + desired, ok := desiredObj.(*authorinov1beta1.Authorino) + if !ok { + return false, fmt.Errorf("desiredObj %T is not a *authorinoauthorinov1beta1.Authorino", desiredObj) + } + + existingSpec := authorinoSpecSubSet(existing.Spec) + desiredSpec := authorinoSpecSubSet(desired.Spec) + + if !reflect.DeepEqual(existingSpec, desiredSpec) { + update = true + existing.Spec.EvaluatorCacheSize = desiredSpec.EvaluatorCacheSize + existing.Spec.Listener = desiredSpec.Listener + existing.Spec.Metrics = desiredSpec.Metrics + existing.Spec.OIDCServer = desiredSpec.OIDCServer + existing.Spec.Replicas = desiredSpec.Replicas + existing.Spec.Tracing = desiredSpec.Tracing + existing.Spec.Volumes = desiredSpec.Volumes + } + return update, nil +} + +func authorinoSpecSubSet(spec authorinov1beta1.AuthorinoSpec) authorinov1beta1.AuthorinoSpec { + out := authorinov1beta1.AuthorinoSpec{} + + out.EvaluatorCacheSize = spec.EvaluatorCacheSize + out.Listener = spec.Listener + out.Metrics = spec.Metrics + out.OIDCServer = spec.OIDCServer + out.Replicas = spec.Replicas + out.Tracing = spec.Tracing + out.Volumes = spec.Volumes + + return out +} + +func MapListenerSpec(listener *authorinov1beta1.Listener, spec v1beta1.AuthorinoListener) authorinov1beta1.Listener { + out := authorinov1beta1.Listener{} + if listener != nil { + out = *listener + } + if spec.Ports != nil { + out.Ports = *spec.Ports + } + if spec.Tls != nil { + out.Tls = *spec.Tls + } + if spec.Timeout != nil { + out.Timeout = spec.Timeout + } + if spec.MaxHttpRequestBodySize != nil { + out.MaxHttpRequestBodySize = spec.MaxHttpRequestBodySize + } + return out +} diff --git a/pkg/kuadranttools/authorino_tools_test.go b/pkg/kuadranttools/authorino_tools_test.go new file mode 100644 index 000000000..55508d7fa --- /dev/null +++ b/pkg/kuadranttools/authorino_tools_test.go @@ -0,0 +1,200 @@ +package kuadranttools + +import ( + authorinov1beta1 "github.com/kuadrant/authorino-operator/api/v1beta1" + "github.com/kuadrant/kuadrant-operator/api/v1beta1" + "k8s.io/utils/ptr" + "reflect" + "sigs.k8s.io/controller-runtime/pkg/client" + "testing" +) + +func Test_authorinoSpecSubSet(t *testing.T) { + type args struct { + spec authorinov1beta1.AuthorinoSpec + } + tests := []struct { + name string + args args + want authorinov1beta1.AuthorinoSpec + }{ + { + name: "Empty spec passed", + args: args{spec: authorinov1beta1.AuthorinoSpec{}}, + want: authorinov1beta1.AuthorinoSpec{}, + }, + { + name: "Full spec passed", + args: args{spec: authorinov1beta1.AuthorinoSpec{ + EvaluatorCacheSize: ptr.To(9000), + Listener: authorinov1beta1.Listener{}, + Metrics: authorinov1beta1.Metrics{ + Port: ptr.To(int32(9000)), + DeepMetricsEnabled: ptr.To(true), + }, + OIDCServer: authorinov1beta1.OIDCServer{}, + Replicas: ptr.To(int32(3)), + Tracing: authorinov1beta1.Tracing{}, + Volumes: authorinov1beta1.VolumesSpec{}, + }, + }, + want: authorinov1beta1.AuthorinoSpec{ + EvaluatorCacheSize: ptr.To(9000), + Listener: authorinov1beta1.Listener{}, + Metrics: authorinov1beta1.Metrics{ + Port: ptr.To(int32(9000)), + DeepMetricsEnabled: ptr.To(true), + }, + OIDCServer: authorinov1beta1.OIDCServer{}, + Replicas: ptr.To(int32(3)), + Tracing: authorinov1beta1.Tracing{}, + Volumes: authorinov1beta1.VolumesSpec{}, + }, + }, + { + name: "Partial spec passed", + args: args{spec: authorinov1beta1.AuthorinoSpec{ + Replicas: ptr.To(int32(3)), + Metrics: authorinov1beta1.Metrics{ + Port: ptr.To(int32(9000)), + DeepMetricsEnabled: ptr.To(true), + }, + }, + }, + want: authorinov1beta1.AuthorinoSpec{ + Replicas: ptr.To(int32(3)), + Metrics: authorinov1beta1.Metrics{ + Port: ptr.To(int32(9000)), + DeepMetricsEnabled: ptr.To(true), + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := authorinoSpecSubSet(tt.args.spec); !reflect.DeepEqual(got, tt.want) { + t.Errorf("authorinoSpecSubSet() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestAuthorinoMutator(t *testing.T) { + type args struct { + existingObj client.Object + desiredObj client.Object + } + tests := []struct { + name string + args args + want bool + wantErr bool + errorContains string + }{ + { + name: "existingObj is not a authorino type", + wantErr: true, + errorContains: "existingObj", + }, + { + name: "desiredObj is not a authorino type", + args: args{ + existingObj: &authorinov1beta1.Authorino{}, + }, + wantErr: true, + errorContains: "desireObj", + }, + { + name: "No update required", + args: args{ + existingObj: &authorinov1beta1.Authorino{}, + desiredObj: &authorinov1beta1.Authorino{}, + }, + want: false, + }, + { + name: "Update required", + args: args{ + existingObj: &authorinov1beta1.Authorino{ + Spec: authorinov1beta1.AuthorinoSpec{ + Replicas: ptr.To(int32(3)), + }, + }, + desiredObj: &authorinov1beta1.Authorino{ + Spec: authorinov1beta1.AuthorinoSpec{ + Replicas: ptr.To(int32(1)), + }, + }, + }, + want: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := AuthorinoMutator(tt.args.existingObj, tt.args.desiredObj) + if (err != nil) != tt.wantErr { + t.Errorf("AuthorinoMutator() error = %v, wantErr %v", err, tt.wantErr) + return + } + if got != tt.want { + t.Errorf("AuthorinoMutator() got = %v, want %v", got, tt.want) + } + }) + } +} + +func TestMapListenerSpec(t *testing.T) { + type args struct { + listener *authorinov1beta1.Listener + spec v1beta1.AuthorinoListener + } + tests := []struct { + name string + args args + want authorinov1beta1.Listener + }{ + { + name: "Authorino Listener is nil", + args: args{ + listener: nil, + }, + want: authorinov1beta1.Listener{}, + }, + { + name: "Authorino listener has deprecated port set", + args: args{ + listener: &authorinov1beta1.Listener{Port: ptr.To(int32(2))}, + spec: v1beta1.AuthorinoListener{Timeout: ptr.To(5000)}, + }, + want: authorinov1beta1.Listener{ + Port: ptr.To(int32(2)), + Timeout: ptr.To(5000), + }, + }, + { + name: "Past in spec copied to Authorino listener", + args: args{ + listener: nil, + spec: v1beta1.AuthorinoListener{ + Ports: &authorinov1beta1.Ports{}, + Tls: &authorinov1beta1.Tls{}, + Timeout: ptr.To(5000), + MaxHttpRequestBodySize: ptr.To(5000), + }, + }, + want: authorinov1beta1.Listener{ + Timeout: ptr.To(5000), + Ports: authorinov1beta1.Ports{}, + Tls: authorinov1beta1.Tls{}, + MaxHttpRequestBodySize: ptr.To(5000), + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := MapListenerSpec(tt.args.listener, tt.args.spec); !reflect.DeepEqual(got, tt.want) { + t.Errorf("MapListenerSpec() = %v, want %v", got, tt.want) + } + }) + } +} From f30c21620712dc75eb84b694c0a26bcf6ecb3477 Mon Sep 17 00:00:00 2001 From: Jim Fitzpatrick Date: Wed, 10 Jan 2024 16:37:21 +0000 Subject: [PATCH 03/10] Add API documentation --- doc/reference/kuadrant.md | 74 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/doc/reference/kuadrant.md b/doc/reference/kuadrant.md index 4bf74d8ce..11003e38d 100644 --- a/doc/reference/kuadrant.md +++ b/doc/reference/kuadrant.md @@ -16,6 +16,80 @@ The Kuadrant operator creates a Limitador CR named `limitador` in the same names | **Field** | **Type** | **Required** | **Description** | |-------------|-------------------------|:------------:|----------------------------------| +| `authorino` | [Authorino](#authorino) | No | Configure Authorino deployments. | + +### Authorino + +| **Field** | **Type** | **Required** | **Description** | +|--------------------|-----------------------------|:------------:|----------------------------------------------------------| +| evaluatorCacheSize | Integer | No | Cache size (in megabytes) of each Authorino evaluator. | +| listener | [Listener](#listener) | No | Specification of authorization service (gRPC interface). | +| metrics | [Metrics](#metrics) | No | Configuration of the metrics server. | +| oidcServer | [OIDCServer](#oidcserver) | No | Specification of the OIDC service. | +| replicas | Integer | No | Number of replicas desired for the Authorino instance. | +| tracing | [Tracing](#tracing) | No | Configuration f the OpenTelemetry tracing exporter. | +| volumes | [VolumesSpec](#volumesSpec) | No | Additional volumes to be mounted in the Authorino pods. | + +#### Listener + +| **Field** | **Type** | **Required** | **Description** | +|------------------------|-----------------|:------------:|-----------------------------------------------------------------------------------------------------------------| +| ports | [Ports](#ports) | No | Port numbers of the authorization server (gRPC and raw HTTP interfaces). | +| tls | [Tls](#tls) | No | TLS configuration of the authorization server (gRPC and HTTP interfaces). | +| timeout | Integer | No | Timeout of external authorization request (in milliseconds), controlled internally by the authorization server. | +| maxHttpRequestBodySize | Integer | No | Maximum payload (request body) size for the auth service (HTTP interface0, in bytes. | + +##### Ports + +| **Field** | **Type** | **Required** | **Description** | +|-----------|----------|:------------:|--------------------------------------------------------------------------------------------------------| +| grpc | Integer | No | Port number of the gRPC interface of the authorization server. Set to 0 to disable this interface. | +| http | Integer | No | Port number of the raw HTTP interface of the authorization server. Set to 0 to disable this interface. | + +#### Metrics + +| **Field** | **Type** | **Required** | **Description** | +|-----------|----------|:------------:|----------------------------------------------------------------------------------------------| +| deep | Boolean | No | Enable/disable metrics at the level of each evaluator config exported by the metrics server. | +| port | Integer | No | Port number of the metrics server. | + +#### OIDCServer + +| **Field** | **Type** | **Required** | **Description** | +|------------|-------------|:------------:|-------------------------------------------------------------------------------| +| port | Integer | No | Port number of OIDC Discovery server for Festival Wristband tokens. | +| tls | [TLS](#tls) | Yes | TLS configuration of the ODIC Discovery server for Festival Wristband tokens. | + +#### Tracing + +| **Field** | **Type** | **Required** | **Description** | +|-----------|----------|:------------:|-----------------------------------------------------------------------------------------------------| +| endpoint | String | Yes | Full endpoint of the OpenTelemetry tracing collector service (e.g. http://jaegar:14268/api/traces). | +| tags | Map | No | Key-value map of fixed tags to add to all OpenTelemetry traces emitted by Authorino. | + +#### VolumesSpec + +| **Field** | **Type** | **Required** | **Description** | +|-------------|-----------------------------|:------------:|------------------------------------------------------------------------------------------------------------------------------------| +| defaultMode | [[]VolumeSpec](#volumespec) | No | List of additional volumes items to project. | +| items | Integer | No | Mode bits used to set permissions on the files. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. | + +##### VolumeSpec + +| **Field** | **Type** | **Required** | **Description** | +|------------|-------------------------------------------------------------------------------------------------------|:---------------------------------:|-----------------------------------------------------------------------------------------| +| configMaps | []String | Yes, if `secrets` is not used. | List of Kubernetes ConfigMap names to mount. | +| items | [[]keyToPath](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#keytopath-v1-core) | No | Mount details for selecting specific ConfigMap or Secret entries. | +| mountPath | String | Yes | Absolute path where to all the items. | +| name | String | No | Name of the volume and volume mount within the Deployment. It must be unique in the CR. | +| secrets | []String | Yes, if `configMaps` is not used. | List of Kubernetes Secret names to mount. | + +#### Tls + +| **Field** | **Type** | **Required** | **Description** | +|---------------|---------------------------------------------------------------------------------------------------------------------------|:------------------------------:|------------------------------------------------------------------------------------------| +| enabled | Boolean | No | Whether TLS is enabled or disabled for the server. | +| certSecretRef | [LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#localobjectreference-v1-core) | Required when `enabled: true` | The reference to the secret that contains the TLS certificates `tls.cert` and `tls.key`. | | `limitador` | [Limitador](#limitador) | No | Configure limitador deployments. | ### Limitador From ac31040687a4c93258c58eafd8caaf89b6fb211c Mon Sep 17 00:00:00 2001 From: Jim Fitzpatrick Date: Thu, 11 Jan 2024 14:44:18 +0000 Subject: [PATCH 04/10] PR checks: Update code to pass --- api/v1beta1/kuadrant_types.go | 4 ++-- controllers/kuadrant_controller.go | 4 ++++ pkg/kuadranttools/authorino_tools.go | 11 ++++++----- pkg/kuadranttools/authorino_tools_test.go | 9 +++++---- 4 files changed, 17 insertions(+), 11 deletions(-) diff --git a/api/v1beta1/kuadrant_types.go b/api/v1beta1/kuadrant_types.go index df506ba24..0e7b2b1de 100644 --- a/api/v1beta1/kuadrant_types.go +++ b/api/v1beta1/kuadrant_types.go @@ -52,11 +52,11 @@ type AuthorinoListener struct { // Port numbers of the GRPC and HTTP auth interfaces. Ports *authorinov1beta1.Ports `json:"ports,omitempty"` // TLS configuration of the auth service (GRPC and HTTP interfaces). - Tls *authorinov1beta1.Tls `json:"tls"` + TLS *authorinov1beta1.Tls `json:"tls"` // Timeout of the auth service (GRPC and HTTP interfaces), in milliseconds. Timeout *int `json:"timeout,omitempty"` // Maximum payload (request body) size for the auth service (HTTP interface), in bytes. - MaxHttpRequestBodySize *int `json:"maxHttpRequestBodySize,omitempty"` + MaxHTTPRequestBodySize *int `json:"maxHttpRequestBodySize,omitempty"` } type LimitadorSpec struct { diff --git a/controllers/kuadrant_controller.go b/controllers/kuadrant_controller.go index 875c67f11..698fae9b8 100644 --- a/controllers/kuadrant_controller.go +++ b/controllers/kuadrant_controller.go @@ -20,6 +20,10 @@ import ( "context" "encoding/json" + "github.com/kuadrant/kuadrant-operator/pkg/kuadranttools" + corev1 "k8s.io/api/core/v1" + "k8s.io/utils/env" + "github.com/go-logr/logr" authorinov1beta1 "github.com/kuadrant/authorino-operator/api/v1beta1" limitadorv1alpha1 "github.com/kuadrant/limitador-operator/api/v1alpha1" diff --git a/pkg/kuadranttools/authorino_tools.go b/pkg/kuadranttools/authorino_tools.go index c98aedb06..bc1846a9c 100644 --- a/pkg/kuadranttools/authorino_tools.go +++ b/pkg/kuadranttools/authorino_tools.go @@ -2,9 +2,10 @@ package kuadranttools import ( "fmt" + "reflect" + authorinov1beta1 "github.com/kuadrant/authorino-operator/api/v1beta1" "github.com/kuadrant/kuadrant-operator/api/v1beta1" - "reflect" "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -57,14 +58,14 @@ func MapListenerSpec(listener *authorinov1beta1.Listener, spec v1beta1.Authorino if spec.Ports != nil { out.Ports = *spec.Ports } - if spec.Tls != nil { - out.Tls = *spec.Tls + if spec.TLS != nil { + out.Tls = *spec.TLS } if spec.Timeout != nil { out.Timeout = spec.Timeout } - if spec.MaxHttpRequestBodySize != nil { - out.MaxHttpRequestBodySize = spec.MaxHttpRequestBodySize + if spec.MaxHTTPRequestBodySize != nil { + out.MaxHttpRequestBodySize = spec.MaxHTTPRequestBodySize } return out } diff --git a/pkg/kuadranttools/authorino_tools_test.go b/pkg/kuadranttools/authorino_tools_test.go index 55508d7fa..a9c9579eb 100644 --- a/pkg/kuadranttools/authorino_tools_test.go +++ b/pkg/kuadranttools/authorino_tools_test.go @@ -1,12 +1,13 @@ package kuadranttools import ( + "reflect" + "testing" + authorinov1beta1 "github.com/kuadrant/authorino-operator/api/v1beta1" "github.com/kuadrant/kuadrant-operator/api/v1beta1" "k8s.io/utils/ptr" - "reflect" "sigs.k8s.io/controller-runtime/pkg/client" - "testing" ) func Test_authorinoSpecSubSet(t *testing.T) { @@ -177,9 +178,9 @@ func TestMapListenerSpec(t *testing.T) { listener: nil, spec: v1beta1.AuthorinoListener{ Ports: &authorinov1beta1.Ports{}, - Tls: &authorinov1beta1.Tls{}, + TLS: &authorinov1beta1.Tls{}, Timeout: ptr.To(5000), - MaxHttpRequestBodySize: ptr.To(5000), + MaxHTTPRequestBodySize: ptr.To(5000), }, }, want: authorinov1beta1.Listener{ From 8799593e67ef78591f97978ace92f7947fd9cb90 Mon Sep 17 00:00:00 2001 From: Jim Fitzpatrick Date: Tue, 23 Jan 2024 10:57:57 +0000 Subject: [PATCH 05/10] PR comments fix --- controllers/kuadrant_controller.go | 50 ++++++++++++++-------------- pkg/kuadranttools/authorino_tools.go | 4 +-- 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/controllers/kuadrant_controller.go b/controllers/kuadrant_controller.go index 698fae9b8..e9dcd6c5e 100644 --- a/controllers/kuadrant_controller.go +++ b/controllers/kuadrant_controller.go @@ -20,6 +20,8 @@ import ( "context" "encoding/json" + "k8s.io/utils/ptr" + "github.com/kuadrant/kuadrant-operator/pkg/kuadranttools" corev1 "k8s.io/api/core/v1" "k8s.io/utils/env" @@ -467,34 +469,32 @@ func (r *KuadrantReconciler) reconcileAuthorino(ctx context.Context, kObj *kuadr authorino := &authorinov1beta1.Authorino{} err := r.Client().Get(ctx, authorinoKey, authorino) if err != nil { - if apierrors.IsNotFound(err) { - tmpFalse := false - authorino = &authorinov1beta1.Authorino{ - TypeMeta: metav1.TypeMeta{ - Kind: "Authorino", - APIVersion: "operator.authorino.kuadrant.io/v1beta1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: common.AuthorinoName, - Namespace: kObj.Namespace, - }, - Spec: authorinov1beta1.AuthorinoSpec{ - ClusterWide: true, - SupersedingHostSubsets: true, - Listener: authorinov1beta1.Listener{ - Tls: authorinov1beta1.Tls{ - Enabled: &tmpFalse, - }, + if !apierrors.IsNotFound(err) { + return err + } + authorino = &authorinov1beta1.Authorino{ + TypeMeta: metav1.TypeMeta{ + Kind: "Authorino", + APIVersion: "operator.authorino.kuadrant.io/v1beta1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: common.AuthorinoName, + Namespace: kObj.Namespace, + }, + Spec: authorinov1beta1.AuthorinoSpec{ + ClusterWide: true, + SupersedingHostSubsets: true, + Listener: authorinov1beta1.Listener{ + Tls: authorinov1beta1.Tls{ + Enabled: ptr.To(false), }, - OIDCServer: authorinov1beta1.OIDCServer{ - Tls: authorinov1beta1.Tls{ - Enabled: &tmpFalse, - }, + }, + OIDCServer: authorinov1beta1.OIDCServer{ + Tls: authorinov1beta1.Tls{ + Enabled: ptr.To(false), }, }, - } - } else { - return err + }, } } diff --git a/pkg/kuadranttools/authorino_tools.go b/pkg/kuadranttools/authorino_tools.go index bc1846a9c..7617e719b 100644 --- a/pkg/kuadranttools/authorino_tools.go +++ b/pkg/kuadranttools/authorino_tools.go @@ -13,11 +13,11 @@ func AuthorinoMutator(existingObj, desiredObj client.Object) (bool, error) { update := false existing, ok := existingObj.(*authorinov1beta1.Authorino) if !ok { - return false, fmt.Errorf("existingObj %T is not a *authorinoauthorinov1beta1.Authorino", existingObj) + return false, fmt.Errorf("existingObj %T is not a *authorinov1beta1.Authorino", existingObj) } desired, ok := desiredObj.(*authorinov1beta1.Authorino) if !ok { - return false, fmt.Errorf("desiredObj %T is not a *authorinoauthorinov1beta1.Authorino", desiredObj) + return false, fmt.Errorf("desiredObj %T is not a *authorinov1beta1.Authorino", desiredObj) } existingSpec := authorinoSpecSubSet(existing.Spec) From 817c1d8d46885ce85ddb844c13a482b726cdd7a2 Mon Sep 17 00:00:00 2001 From: Jim Fitzpatrick Date: Fri, 26 Jan 2024 14:28:37 +0000 Subject: [PATCH 06/10] Updates for rebase Rebase to main --- api/v1beta1/zz_generated.deepcopy.go | 91 +++++++++++ bundle/manifests/kuadrant.io_kuadrants.yaml | 158 ++++++++++++++++++++ config/crd/bases/kuadrant.io_kuadrants.yaml | 158 ++++++++++++++++++++ controllers/kuadrant_controller.go | 2 +- pkg/common/common.go | 2 +- 5 files changed, 409 insertions(+), 2 deletions(-) diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index fd8dba47c..3d54654e5 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -21,12 +21,98 @@ limitations under the License. package v1beta1 import ( + apiv1beta1 "github.com/kuadrant/authorino-operator/api/v1beta1" "github.com/kuadrant/limitador-operator/api/v1alpha1" "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthorinoListener) DeepCopyInto(out *AuthorinoListener) { + *out = *in + if in.Ports != nil { + in, out := &in.Ports, &out.Ports + *out = new(apiv1beta1.Ports) + (*in).DeepCopyInto(*out) + } + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(apiv1beta1.Tls) + (*in).DeepCopyInto(*out) + } + if in.Timeout != nil { + in, out := &in.Timeout, &out.Timeout + *out = new(int) + **out = **in + } + if in.MaxHTTPRequestBodySize != nil { + in, out := &in.MaxHTTPRequestBodySize, &out.MaxHTTPRequestBodySize + *out = new(int) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorinoListener. +func (in *AuthorinoListener) DeepCopy() *AuthorinoListener { + if in == nil { + return nil + } + out := new(AuthorinoListener) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthorinoSpec) DeepCopyInto(out *AuthorinoSpec) { + *out = *in + if in.EvaluatorCacheSize != nil { + in, out := &in.EvaluatorCacheSize, &out.EvaluatorCacheSize + *out = new(int) + **out = **in + } + if in.Listener != nil { + in, out := &in.Listener, &out.Listener + *out = new(AuthorinoListener) + (*in).DeepCopyInto(*out) + } + if in.Metrics != nil { + in, out := &in.Metrics, &out.Metrics + *out = new(apiv1beta1.Metrics) + (*in).DeepCopyInto(*out) + } + if in.OIDCServer != nil { + in, out := &in.OIDCServer, &out.OIDCServer + *out = new(apiv1beta1.OIDCServer) + (*in).DeepCopyInto(*out) + } + if in.Replicas != nil { + in, out := &in.Replicas, &out.Replicas + *out = new(int32) + **out = **in + } + if in.Tracing != nil { + in, out := &in.Tracing, &out.Tracing + *out = new(apiv1beta1.Tracing) + (*in).DeepCopyInto(*out) + } + if in.Volumes != nil { + in, out := &in.Volumes, &out.Volumes + *out = new(apiv1beta1.VolumesSpec) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorinoSpec. +func (in *AuthorinoSpec) DeepCopy() *AuthorinoSpec { + if in == nil { + return nil + } + out := new(AuthorinoSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Kuadrant) DeepCopyInto(out *Kuadrant) { *out = *in @@ -89,6 +175,11 @@ func (in *KuadrantList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KuadrantSpec) DeepCopyInto(out *KuadrantSpec) { *out = *in + if in.Authorino != nil { + in, out := &in.Authorino, &out.Authorino + *out = new(AuthorinoSpec) + (*in).DeepCopyInto(*out) + } if in.Limitador != nil { in, out := &in.Limitador, &out.Limitador *out = new(LimitadorSpec) diff --git a/bundle/manifests/kuadrant.io_kuadrants.yaml b/bundle/manifests/kuadrant.io_kuadrants.yaml index f48c64de1..54e2b0977 100644 --- a/bundle/manifests/kuadrant.io_kuadrants.yaml +++ b/bundle/manifests/kuadrant.io_kuadrants.yaml @@ -50,6 +50,164 @@ spec: spec: description: KuadrantSpec defines the desired state of Kuadrant properties: + authorino: + properties: + evaluatorCacheSize: + type: integer + listener: + properties: + maxHttpRequestBodySize: + description: Maximum payload (request body) size for the auth + service (HTTP interface), in bytes. + type: integer + ports: + description: Port numbers of the GRPC and HTTP auth interfaces. + properties: + grpc: + format: int32 + type: integer + http: + format: int32 + type: integer + type: object + timeout: + description: Timeout of the auth service (GRPC and HTTP interfaces), + in milliseconds. + type: integer + tls: + description: TLS configuration of the auth service (GRPC and + HTTP interfaces). + properties: + certSecretRef: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + enabled: + type: boolean + type: object + required: + - tls + type: object + metrics: + properties: + deep: + type: boolean + port: + format: int32 + type: integer + type: object + oidcServer: + properties: + port: + format: int32 + type: integer + tls: + properties: + certSecretRef: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + enabled: + type: boolean + type: object + required: + - tls + type: object + replicas: + format: int32 + type: integer + tracing: + properties: + endpoint: + type: string + tags: + additionalProperties: + type: string + type: object + required: + - endpoint + type: object + volumes: + properties: + defaultMode: + description: Permissions mode. + format: int32 + type: integer + items: + items: + properties: + configMaps: + description: Allow multiple configmaps to mount to the + same directory + items: + type: string + type: array + items: + description: Mount details + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + mountPath: + description: An absolute path where to mount it + type: string + name: + description: Volume name + type: string + secrets: + description: Secret mount + items: + type: string + type: array + required: + - mountPath + type: object + type: array + type: object + type: object limitador: properties: affinity: diff --git a/config/crd/bases/kuadrant.io_kuadrants.yaml b/config/crd/bases/kuadrant.io_kuadrants.yaml index 04f7eeff7..9cec12dc6 100644 --- a/config/crd/bases/kuadrant.io_kuadrants.yaml +++ b/config/crd/bases/kuadrant.io_kuadrants.yaml @@ -48,6 +48,164 @@ spec: spec: description: KuadrantSpec defines the desired state of Kuadrant properties: + authorino: + properties: + evaluatorCacheSize: + type: integer + listener: + properties: + maxHttpRequestBodySize: + description: Maximum payload (request body) size for the auth + service (HTTP interface), in bytes. + type: integer + ports: + description: Port numbers of the GRPC and HTTP auth interfaces. + properties: + grpc: + format: int32 + type: integer + http: + format: int32 + type: integer + type: object + timeout: + description: Timeout of the auth service (GRPC and HTTP interfaces), + in milliseconds. + type: integer + tls: + description: TLS configuration of the auth service (GRPC and + HTTP interfaces). + properties: + certSecretRef: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + enabled: + type: boolean + type: object + required: + - tls + type: object + metrics: + properties: + deep: + type: boolean + port: + format: int32 + type: integer + type: object + oidcServer: + properties: + port: + format: int32 + type: integer + tls: + properties: + certSecretRef: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + enabled: + type: boolean + type: object + required: + - tls + type: object + replicas: + format: int32 + type: integer + tracing: + properties: + endpoint: + type: string + tags: + additionalProperties: + type: string + type: object + required: + - endpoint + type: object + volumes: + properties: + defaultMode: + description: Permissions mode. + format: int32 + type: integer + items: + items: + properties: + configMaps: + description: Allow multiple configmaps to mount to the + same directory + items: + type: string + type: array + items: + description: Mount details + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + mountPath: + description: An absolute path where to mount it + type: string + name: + description: Volume name + type: string + secrets: + description: Secret mount + items: + type: string + type: array + required: + - mountPath + type: object + type: array + type: object + type: object limitador: properties: affinity: diff --git a/controllers/kuadrant_controller.go b/controllers/kuadrant_controller.go index e9dcd6c5e..a26c5ebad 100644 --- a/controllers/kuadrant_controller.go +++ b/controllers/kuadrant_controller.go @@ -30,11 +30,11 @@ import ( authorinov1beta1 "github.com/kuadrant/authorino-operator/api/v1beta1" limitadorv1alpha1 "github.com/kuadrant/limitador-operator/api/v1alpha1" iopv1alpha1 "istio.io/istio/operator/pkg/apis/istio/v1alpha1" + appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/env" istiov1alpha1 "maistra.io/istio-operator/api/v1alpha1" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" diff --git a/pkg/common/common.go b/pkg/common/common.go index 86d8264e3..817d072cc 100644 --- a/pkg/common/common.go +++ b/pkg/common/common.go @@ -31,7 +31,7 @@ const ( AuthPolicyBackRefAnnotation = "kuadrant.io/authpolicy" NamespaceSeparator = '/' LimitadorName = "limitador" - AuthorinoName = "authorino" + AuthorinoName = "authorino" ) // MergeMapStringString Merge desired into existing. From 273b9aa035248a88c5fcfdc93d13875e239340b1 Mon Sep 17 00:00:00 2001 From: Jim Fitzpatrick Date: Mon, 29 Apr 2024 16:14:23 +0100 Subject: [PATCH 07/10] Add integration tests. --- tests/common/kuadrant/kuadrant_controller_test.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/common/kuadrant/kuadrant_controller_test.go b/tests/common/kuadrant/kuadrant_controller_test.go index e7d4214ee..2268753b8 100644 --- a/tests/common/kuadrant/kuadrant_controller_test.go +++ b/tests/common/kuadrant/kuadrant_controller_test.go @@ -7,6 +7,9 @@ import ( "time" "github.com/kuadrant/limitador-operator/api/v1alpha1" + authorinov1beta1 "github.com/kuadrant/authorino-operator/api/v1beta1" + kuadrantv1beta1 "github.com/kuadrant/kuadrant-operator/api/v1beta1" + "github.com/kuadrant/kuadrant-operator/pkg/common" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "k8s.io/utils/ptr" From 8da1d63ea80070657397b633cdbdf814915c3b6a Mon Sep 17 00:00:00 2001 From: Jim Fitzpatrick Date: Wed, 8 May 2024 11:49:37 +0100 Subject: [PATCH 08/10] Update docs for rebase. --- bundle/manifests/kuadrant.io_kuadrants.yaml | 2 ++ config/crd/bases/kuadrant.io_kuadrants.yaml | 2 ++ doc/reference/kuadrant.md | 1 + 3 files changed, 5 insertions(+) diff --git a/bundle/manifests/kuadrant.io_kuadrants.yaml b/bundle/manifests/kuadrant.io_kuadrants.yaml index 54e2b0977..2c72e8f31 100644 --- a/bundle/manifests/kuadrant.io_kuadrants.yaml +++ b/bundle/manifests/kuadrant.io_kuadrants.yaml @@ -138,6 +138,8 @@ spec: properties: endpoint: type: string + insecure: + type: boolean tags: additionalProperties: type: string diff --git a/config/crd/bases/kuadrant.io_kuadrants.yaml b/config/crd/bases/kuadrant.io_kuadrants.yaml index 9cec12dc6..fb05a0994 100644 --- a/config/crd/bases/kuadrant.io_kuadrants.yaml +++ b/config/crd/bases/kuadrant.io_kuadrants.yaml @@ -136,6 +136,8 @@ spec: properties: endpoint: type: string + insecure: + type: boolean tags: additionalProperties: type: string diff --git a/doc/reference/kuadrant.md b/doc/reference/kuadrant.md index 11003e38d..ad83ad0da 100644 --- a/doc/reference/kuadrant.md +++ b/doc/reference/kuadrant.md @@ -66,6 +66,7 @@ The Kuadrant operator creates a Limitador CR named `limitador` in the same names |-----------|----------|:------------:|-----------------------------------------------------------------------------------------------------| | endpoint | String | Yes | Full endpoint of the OpenTelemetry tracing collector service (e.g. http://jaegar:14268/api/traces). | | tags | Map | No | Key-value map of fixed tags to add to all OpenTelemetry traces emitted by Authorino. | +| insecure | Bool | No | Enable/disable insecure connection to the tracing endpoint. Disabled by default. | #### VolumesSpec From de6e57fc98f7e92ec3608cacadcb1bd1ce66a886 Mon Sep 17 00:00:00 2001 From: Jim Fitzpatrick Date: Wed, 5 Jun 2024 13:55:24 +0100 Subject: [PATCH 09/10] Change forces control to Kuadrant. If the use sets any value for authorino in the Kuadrant CR all fields that can be managed are managed. This still does allow the user to set fields in the authorino CR that are out of scope of the Kuadrant CR. --- controllers/kuadrant_controller.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/controllers/kuadrant_controller.go b/controllers/kuadrant_controller.go index a26c5ebad..b67d17cc4 100644 --- a/controllers/kuadrant_controller.go +++ b/controllers/kuadrant_controller.go @@ -499,24 +499,38 @@ func (r *KuadrantReconciler) reconcileAuthorino(ctx context.Context, kObj *kuadr } if kObj.Spec.Authorino != nil { + authorino.Spec.EvaluatorCacheSize = nil if kObj.Spec.Authorino.EvaluatorCacheSize != nil { authorino.Spec.EvaluatorCacheSize = kObj.Spec.Authorino.EvaluatorCacheSize } + authorino.Spec.Metrics = authorinov1beta1.Metrics{} if kObj.Spec.Authorino.Metrics != nil { authorino.Spec.Metrics = *kObj.Spec.Authorino.Metrics } + + authorino.Spec.Replicas = nil if kObj.Spec.Authorino.Replicas != nil { authorino.Spec.Replicas = kObj.Spec.Authorino.Replicas } + + authorino.Spec.Tracing = authorinov1beta1.Tracing{} if kObj.Spec.Authorino.Tracing != nil { authorino.Spec.Tracing = *kObj.Spec.Authorino.Tracing } + + authorino.Spec.OIDCServer = authorinov1beta1.OIDCServer{} + authorino.Spec.OIDCServer.Tls.Enabled = ptr.To(false) if kObj.Spec.Authorino.OIDCServer != nil { authorino.Spec.OIDCServer = *kObj.Spec.Authorino.OIDCServer } + + authorino.Spec.Listener = authorinov1beta1.Listener{} + authorino.Spec.Listener.Tls.Enabled = ptr.To(false) if kObj.Spec.Authorino.Listener != nil { authorino.Spec.Listener = kuadranttools.MapListenerSpec(&authorino.Spec.Listener, *kObj.Spec.Authorino.Listener) } + + authorino.Spec.Volumes = authorinov1beta1.VolumesSpec{} if kObj.Spec.Authorino.Volumes != nil { authorino.Spec.Volumes = *kObj.Spec.Authorino.Volumes } From eb909a5e337162fc782c943a04ac3367647526fb Mon Sep 17 00:00:00 2001 From: Jim Fitzpatrick Date: Wed, 5 Jun 2024 14:28:31 +0100 Subject: [PATCH 10/10] Changes required after a rebase. --- controllers/kuadrant_controller.go | 9 ++------- pkg/kuadranttools/authorino_tools.go | 3 ++- pkg/kuadranttools/authorino_tools_test.go | 3 ++- tests/common/kuadrant/kuadrant_controller_test.go | 3 --- 4 files changed, 6 insertions(+), 12 deletions(-) diff --git a/controllers/kuadrant_controller.go b/controllers/kuadrant_controller.go index b67d17cc4..b76dd28c3 100644 --- a/controllers/kuadrant_controller.go +++ b/controllers/kuadrant_controller.go @@ -20,21 +20,16 @@ import ( "context" "encoding/json" - "k8s.io/utils/ptr" - - "github.com/kuadrant/kuadrant-operator/pkg/kuadranttools" - corev1 "k8s.io/api/core/v1" - "k8s.io/utils/env" - "github.com/go-logr/logr" authorinov1beta1 "github.com/kuadrant/authorino-operator/api/v1beta1" limitadorv1alpha1 "github.com/kuadrant/limitador-operator/api/v1alpha1" iopv1alpha1 "istio.io/istio/operator/pkg/apis/istio/v1alpha1" - appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/env" + "k8s.io/utils/ptr" istiov1alpha1 "maistra.io/istio-operator/api/v1alpha1" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" diff --git a/pkg/kuadranttools/authorino_tools.go b/pkg/kuadranttools/authorino_tools.go index 7617e719b..eea2b7ae1 100644 --- a/pkg/kuadranttools/authorino_tools.go +++ b/pkg/kuadranttools/authorino_tools.go @@ -5,8 +5,9 @@ import ( "reflect" authorinov1beta1 "github.com/kuadrant/authorino-operator/api/v1beta1" - "github.com/kuadrant/kuadrant-operator/api/v1beta1" "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/kuadrant/kuadrant-operator/api/v1beta1" ) func AuthorinoMutator(existingObj, desiredObj client.Object) (bool, error) { diff --git a/pkg/kuadranttools/authorino_tools_test.go b/pkg/kuadranttools/authorino_tools_test.go index a9c9579eb..2f2c9b562 100644 --- a/pkg/kuadranttools/authorino_tools_test.go +++ b/pkg/kuadranttools/authorino_tools_test.go @@ -5,9 +5,10 @@ import ( "testing" authorinov1beta1 "github.com/kuadrant/authorino-operator/api/v1beta1" - "github.com/kuadrant/kuadrant-operator/api/v1beta1" "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/kuadrant/kuadrant-operator/api/v1beta1" ) func Test_authorinoSpecSubSet(t *testing.T) { diff --git a/tests/common/kuadrant/kuadrant_controller_test.go b/tests/common/kuadrant/kuadrant_controller_test.go index 2268753b8..e7d4214ee 100644 --- a/tests/common/kuadrant/kuadrant_controller_test.go +++ b/tests/common/kuadrant/kuadrant_controller_test.go @@ -7,9 +7,6 @@ import ( "time" "github.com/kuadrant/limitador-operator/api/v1alpha1" - authorinov1beta1 "github.com/kuadrant/authorino-operator/api/v1beta1" - kuadrantv1beta1 "github.com/kuadrant/kuadrant-operator/api/v1beta1" - "github.com/kuadrant/kuadrant-operator/pkg/common" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "k8s.io/utils/ptr"