Adds AuthenticationFilter Support to Kubernetes Provider #791
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
danehans
force-pushed
the
authen_api_kube
branch
from
3f76786
to
08e1109
Compare
|
Marking as Draft while I resolve the conformance test failure. |
|
Commit 2f01f4d removes the following changes from the initial commit: Due to failed conformance test: xref: #792 |
arkodg
reviewed
Dec 9, 2022
| @@ -11,7 +11,8 @@ import ( | |||
| gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" | |||
| gwapiv1b1 "sigs.k8s.io/gateway-api/apis/v1beta1" | |||
|
|
|||
| "github.com/envoyproxy/gateway/api/config/v1alpha1" | |||
| egcfgv1a1 "github.com/envoyproxy/gateway/api/config/v1alpha1" | |||
There was a problem hiding this comment.
can we combine these two into one ?
There was a problem hiding this comment.
Shouldn't we keep them separate to simplify moving the Gateway API extensions, e.g. AuthenticationFilter, out of EG into a separate repo in the future? If we decide to remove the config API group, I think that should be done in a separate PR.
There was a problem hiding this comment.
trying to highlight the fact that current dir structure is confusing - either we have api/extensions/v1alpha1 or just api/v1alpha1 .
There was a problem hiding this comment.
Agreed. Per your request, I removed the security group from the Request Authentication design. I'll add this to the community meeting agenda to get input from other maintainers.
There was a problem hiding this comment.
xref #809 to make a decision on API type grouping. IMO a separate PR should be submitted to resolve this issue.
arkodg
reviewed
Dec 9, 2022
danehans
force-pushed
the
authen_api_kube
branch
2 times, most recently
from
4086819
to
8039e92
Compare
Codecov Report
@@ Coverage Diff @@
## main #791 +/- ##
==========================================
- Coverage 63.31% 62.95% -0.36%
==========================================
Files 46 46
Lines 6157 6257 +100
==========================================
+ Hits 3898 3939 +41
- Misses 2019 2070 +51
- Partials 240 248 +8
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
arkodg
reviewed
Dec 12, 2022
arkodg
reviewed
Dec 12, 2022
danehans
force-pushed
the
authen_api_kube
branch
3 times, most recently
from
13b9626
to
4f479ec
Compare
Signed-off-by: danehans <daneyonhansen@gmail.com>
danehans
force-pushed
the
authen_api_kube
branch
from
4f479ec
to
16b425d
Compare
arkodg
reviewed
Dec 15, 2022
arkodg
added a commit
to arkodg/gateway
that referenced
this pull request
Dec 19, 2022
Caused by merging envoyproxy#791 without rebasing envoyproxy#816 Signed-off-by: Arko Dasgupta <arko@tetrate.io>
danehans
pushed a commit
that referenced
this pull request
Dec 19, 2022
* Fix package import for HTTPRouteFilterExtensionRef Caused by merging #791 without rebasing #816 Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix test was failing with below error ``` --- FAIL: TestProcessHTTPRoutes/httproute_with_one_authenticationfilter (0.00s) routes_test.go:221: Error Trace: /Users/arkodebdasgupta/go-workspace/src/github.com/envoyproxy/gateway/internal/provider/kubernetes/routes_test.go:221 Error: Received unexpected error: List on GroupVersionKind gateway.networking.k8s.io/v1beta1, Kind=HTTPRoute specifies selector on field gatewayHTTPRouteIndex, but no index with name gatewayHTTPRouteIndex has been registered for GroupVersionKind gateway.networking.k8s.io/v1beta1, Kind=HTTPRoute Test: TestProcessHTTPRoutes/httproute_with_one_authenticationfilter ``` Signed-off-by: Arko Dasgupta <arko@tetrate.io> Signed-off-by: Arko Dasgupta <arko@tetrate.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds AuthenticationFilter API support to the Kubernetes provider:
api/v1alpha1/authenticationfilter_types.go: Adds missing Authentication -> AuthenticationFilter changes from Adds Request Authentication API #733.api/v1alpha1/zz_generated.deepcopy.go: Regenerates DeepCopy methods due to AuthenticationFilter API changes.internal/envoygateway/scheme.go: Adds thev1alpha1, e.g. AuthenticationFilter, group to the scheme.internal/gatewayapi/helpers.go: AddsValidateAuthenticationFilterRef()helper function to validate AuthenticationFilter references from an HTTPRoute.internal/gatewayapi/helpers_test.go: AddsValidateAuthenticationFilterRef()unit tests.internal/gatewayapi/translator.go: Adds AuthenticationFilter to the gatewayapi Resources type. AddsNewResources()helper function.internal/gatewayapi/zz_generated.deepcopy.go: Regenerates DeepCopy methods due to API changes.internal/provider/kubernetes/config/crd/kustomization.yaml: Adds AuthenticationFilter CRD to the list of installed CRDs.internal/provider/kubernetes/config/rbac/role.yaml: Generated bymake manifests, updating EG RBAC for AuthenticationFilter.internal/provider/kubernetes/controller.go: Add a watch for instances of AuthenticationFilter. Updates the resourceMappings type to map HTTPRoutes<>AuthenticationFilters. Adds AuthenticationFilters referenced by managed HTTPRoutes to the resourceTree.internal/provider/kubernetes/rbac.go: Updates EG RBAC kubebuilder tags for managing instances of AuthenticationFilter.internal/provider/kubernetes/helpers.go: Removes namespace check fromvalidateBackendRef(). Now that [provider] refactoring kubernetes provider to single reconciler #702 adds full ReferenceGrant support, an HTTPRoute backend should be allowed to reference a Service in a different namespace if the necessary ReferenceGrant exists (xref).internal/provider/kubernetes/kubernetes_test.go: Adds AuthenticationFilter test case to Kube provider integration tests.internal/provider/kubernetes/predicates.goAdds predicate to filter AuthenticationFilter instancess from the controller's watch.internal/provider/kubernetes/routes.go: UpdatesprocessHTTPRoutes()to process AuthenticationFilters referenced by managed HTTPRoutes.internal/provider/kubernetes/routes_test.go: Renamed fromroute_test.goto matchroutes.go. Adds a unit test forprocessHTTPRoutes()`.xref:#790
Signed-off-by: danehans daneyonhansen@gmail.com