Skip to content

Commit

Permalink
Support for Authorino enable/disable superseding strict host subsets (#…
Browse files Browse the repository at this point in the history
…143)

Exposes Authorino's `--allow-superseding-host-subsets` command-line flag (Kuadrant/authorino#434) as a new API option `spec.supersedingHostSubsets: Boolean` (default: `false`)
  • Loading branch information
guicassolato authored Oct 2, 2023
1 parent 33db95d commit edce84b
Show file tree
Hide file tree
Showing 9 changed files with 18 additions and 0 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,7 @@ the state of the Kubernetes Deployment and associated resources, based on the st
| clusterWide | Boolean | Sets the Authorino instance's [watching scope](https://github.com/Kuadrant/authorino/blob/main/docs/architecture.md#cluster-wide-vs-namespaced-instances) – cluster-wide or namespaced. | Default: `true` (cluster-wide) |
| authConfigLabelSelectors | String | [Label selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) used by the Authorino instance to filter `AuthConfig`-related reconciliation events. | Default: empty (all AuthConfigs are watched) |
| secretLabelSelectors | String | [Label selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) used by the Authorino instance to filter `Secret`-related reconciliation events (API key and mTLS authentication methods). | Default: `authorino.kuadrant.io/managed-by=authorino` |
| supersedingHostSubsets | Boolean | Enable/disable allowing AuthConfigs to supersede strict subsets of hosts already taken. | Default: `false` |
| replicas | Integer | Number of replicas desired for the Authorino instance. Values greater than 1 enable leader election in the Authorino service, where the leader updates the statuses of the `AuthConfig` CRs). | Default: 1 |
| evaluatorCacheSize | Integer | Cache size (in megabytes) of each Authorino evaluator (when enabled in an [`AuthConfig`](https://github.com/Kuadrant/authorino/blob/main/docs/features.md#common-feature-caching-cache)). | Default: 1 |
| image | String | Authorino image to be deployed (for dev/testing purpose only). | Default: `quay.io/kuadrant/authorino:latest` |
Expand Down
1 change: 1 addition & 0 deletions api/v1beta1/authorino_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ type AuthorinoSpec struct {
OIDCServer OIDCServer `json:"oidcServer"`
AuthConfigLabelSelectors string `json:"authConfigLabelSelectors,omitempty"`
SecretLabelSelectors string `json:"secretLabelSelectors,omitempty"`
SupersedingHostSubsets bool `json:"supersedingHostSubsets,omitempty"`
EvaluatorCacheSize *int `json:"evaluatorCacheSize,omitempty"`
Tracing Tracing `json:"tracing,omitempty"`
Metrics Metrics `json:"metrics,omitempty"`
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,8 @@ spec:
type: integer
secretLabelSelectors:
type: string
supersedingHostSubsets:
type: boolean
tracing:
properties:
endpoint:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,8 @@ spec:
type: integer
secretLabelSelectors:
type: string
supersedingHostSubsets:
type: boolean
tracing:
properties:
endpoint:
Expand Down
2 changes: 2 additions & 0 deletions config/deploy/manifests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5537,6 +5537,8 @@ spec:
type: integer
secretLabelSelectors:
type: string
supersedingHostSubsets:
type: boolean
tracing:
properties:
endpoint:
Expand Down
2 changes: 2 additions & 0 deletions config/install/manifests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,8 @@ spec:
type: integer
secretLabelSelectors:
type: string
supersedingHostSubsets:
type: boolean
tracing:
properties:
endpoint:
Expand Down
5 changes: 5 additions & 0 deletions controllers/authorino_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -324,6 +324,11 @@ func (r *AuthorinoReconciler) buildAuthorinoArgs(authorino *api.Authorino) []str
args = append(args, fmt.Sprintf("--%s=%s", flagWatchedSecretLabelSelector, selectors))
}

// allow-superseding-host-subsets
if authorino.Spec.SupersedingHostSubsets {
args = append(args, fmt.Sprintf("--%s", flagSupersedingHostSubsets))
}

// log-level
if logLevel := authorino.Spec.LogLevel; logLevel != "" {
args = append(args, fmt.Sprintf("--%s=%s", flagLogLevel, logLevel))
Expand Down
2 changes: 2 additions & 0 deletions controllers/authorino_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -326,6 +326,8 @@ func checkAuthorinoArgs(authorinoInstance *api.Authorino, args []string) {
Expect(value).Should(Equal(authorinoInstance.Spec.AuthConfigLabelSelectors))
case flagWatchedSecretLabelSelector:
Expect(value).Should(Equal(authorinoInstance.Spec.SecretLabelSelectors))
case flagSupersedingHostSubsets:
Expect(authorinoInstance.Spec.SupersedingHostSubsets).Should(BeTrue())
case flagLogLevel:
Expect(value).Should(Equal(authorinoInstance.Spec.LogLevel))
case flagLogMode:
Expand Down
1 change: 1 addition & 0 deletions controllers/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ const (
flagWatchNamespace string = "watch-namespace"
flagWatchedAuthConfigLabelSelector string = "auth-config-label-selector"
flagWatchedSecretLabelSelector string = "secret-label-selector"
flagSupersedingHostSubsets string = "allow-superseding-host-subsets"
flagLogLevel string = "log-level"
flagLogMode string = "log-mode"
flagTimeout string = "timeout"
Expand Down

0 comments on commit edce84b

Please sign in to comment.