Skip to content

Commit

Permalink
Add kubebuilder validations in proto for extauth AuthConfig (#9481)
Browse files Browse the repository at this point in the history 
* add maxLength

* omg major 🤦 : maxLength --> maxItems

* test a CEL rule as well

* ext-auth-service opaServer.Translate / ext-auth-service AuthConfig state

* Revert "ext-auth-service opaServer.Translate / ext-auth-service AuthConfig state"

This reverts commit c128fa8.

* add kubebuilder validations for extauth

* make go-generate-apis fmt

* changelog

* Adding changelog file to new location

* Deleting changelog file from old location

* Adding changelog file to new location

* Deleting changelog file from old location

* PR comment; combine apr rules into one

* Adding changelog file to new location

* Deleting changelog file from old location

* Adding changelog file to new location

* Deleting changelog file from old location

* move changelog

* Adding changelog file to new location

* Deleting changelog file from old location

* Adding changelog file to new location

* Deleting changelog file from old location

* avoid changes to CRD using new DisableKubeMarkers flag from solo-kit / protoc-gen-openapi

* codegen- presumably from solo-kit v0.35.1?

* oops- committed local file

* move changelog

* use solo-kit release now (not branch)

* bump solo-kit to v0.35.3, codegen

---------

Co-authored-by: soloio-bulldozer[bot] <48420018+soloio-bulldozer[bot]@users.noreply.github.com>
Co-authored-by: changelog-bot <changelog-bot>
  • Loading branch information
@arianaw66 @soloio-bulldozer
arianaw66 and soloio-bulldozer[bot] committed Jun 20, 2024
1 parent 8ff021c commit e308d8f
Show file tree
Hide file tree
Showing 8 changed files with 240 additions and 40 deletions.
6 changes: 6 additions & 0 deletions changelog/v1.18.0-beta1/authconfig-cel-rules.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
changelog:
- type: NEW_FEATURE
issueLink: https://github.com/solo-io/gloo-mesh-enterprise/issues/16010
description: |
Adds pre-admission [validation rules](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-rules) to the `AuthConfig` CRD.
resolvesIssue: false
62 changes: 31 additions & 31 deletions ...-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.sk.md
View file

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions generate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@ func main() {
"gloo.solo.io.HybridListener",
"gloo.solo.io.AggregateListener",
},
DisableKubeMarkers: true,
},
}
if err := cmd.Generate(generateOptions); err != nil {
Expand Down
4 changes: 2 additions & 2 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,14 +51,14 @@ require (
github.com/solo-io/go-utils v0.24.8
github.com/solo-io/k8s-utils v0.7.2
github.com/solo-io/protoc-gen-ext v0.0.18
github.com/solo-io/protoc-gen-openapi v0.2.2
github.com/solo-io/protoc-gen-openapi v0.2.4
github.com/solo-io/skv2 v0.39.1

// Pinned to the `sa-k8s-1.29-bump` tag of solo-apis on `gloo-main` branch
// Ref: https://github.com/solo-io/gloo/pull/9463/files#r1594409655 && https://solo-io-corp.slack.com/archives/C03MFATU265/p1716913420716729?thread_ts=1716476992.938679&cid=C03MFATU265
// as to why it is now based off `gloo-main` and not `gloo-repo-branch`
github.com/solo-io/solo-apis v0.0.0-20240528173540-7879b7d12cb9
github.com/solo-io/solo-kit v0.35.0
github.com/solo-io/solo-kit v0.35.3
github.com/spf13/afero v1.9.2
github.com/spf13/cobra v1.8.0
github.com/spf13/pflag v1.0.5
Expand Down
8 changes: 4 additions & 4 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2028,14 +2028,14 @@ github.com/solo-io/k8s-utils v0.7.2 h1:pIRiTOpwymdCHUOSjzKDi/Ay16FNtF7JV7NIRlC2Z
github.com/solo-io/k8s-utils v0.7.2/go.mod h1:RrT6PVTSD1X0vteKCQmGzoAAfjI1U5oV/wA+T3T+NoM=
github.com/solo-io/protoc-gen-ext v0.0.18 h1:zSAL8NzWpJUGYoA5IyjHiKASNyHjR0uxBQ7eQS94i3A=
github.com/solo-io/protoc-gen-ext v0.0.18/go.mod h1:iGyCvmKmhJNXs5MgBcYFBF0om7LDnCVD2WwhOZGnqeA=
github.com/solo-io/protoc-gen-openapi v0.2.2 h1:OzyOAxiZuMAaLYWMNoTl2v9E7IXcl7UEeiTeCSwvCJ0=
github.com/solo-io/protoc-gen-openapi v0.2.2/go.mod h1:osEjRl1miHqlq4Wl/8SEqHFoyydptPL1EzEdM9c4vfE=
github.com/solo-io/protoc-gen-openapi v0.2.4 h1:9tqGhCAq83IRSzHhKDzpWnPlbPPORTM2izVxjLk0Ftw=
github.com/solo-io/protoc-gen-openapi v0.2.4/go.mod h1:osEjRl1miHqlq4Wl/8SEqHFoyydptPL1EzEdM9c4vfE=
github.com/solo-io/skv2 v0.39.1 h1:dWaZTWgntAsvh4lTlojd3xE+g7NF4oYNonfcdpy0nXE=
github.com/solo-io/skv2 v0.39.1/go.mod h1:Zsnl+OYmOkj+6KeaMfkzYIxHTVMC0w2gVApzNJRadM8=
github.com/solo-io/solo-apis v0.0.0-20240528173540-7879b7d12cb9 h1:4DNulNBJdaVz+fOaMQes1MqVCIO/db2vmwz7bVe3iIU=
github.com/solo-io/solo-apis v0.0.0-20240528173540-7879b7d12cb9/go.mod h1:fA+jJC7TXNM+i3uXvq7fpVrJ6JpNu1BgBxc4U9ntUW0=
github.com/solo-io/solo-kit v0.35.0 h1:iX7Wl9h59M7sPAH+fLVdjalY+nAfeG2ry+zrXYuyXTo=
github.com/solo-io/solo-kit v0.35.0/go.mod h1:fxakm2fhYzT3UNsM4baURVz19wCa75sv/KBNi4lwv6Q=
github.com/solo-io/solo-kit v0.35.3 h1:cm+uHB5cFFlAnghwKdboaKI0Ki+t1ECA0Db3TnTL6KU=
github.com/solo-io/solo-kit v0.35.3/go.mod h1:KBCEfl59/wE0K68s90aDcrTc36gKR5L97TbVelwL8n4=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
Expand Down
39 changes: 39 additions & 0 deletions install/helm/gloo/crds/enterprise.gloo.solo.io_v1_AuthConfig.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,11 @@ spec:
type: string
type: object
type: array
required:
- secretRefs
type: object
required:
- secretRefs
type: object
jwt:
maxProperties: 0
Expand Down Expand Up @@ -268,6 +272,8 @@ spec:
type: string
userDnTemplate:
type: string
required:
- address
type: object
name:
nullable: true
Expand Down Expand Up @@ -297,6 +303,8 @@ spec:
items:
type: string
type: array
required:
- appUrl
type: object
oauth2:
properties:
Expand Down Expand Up @@ -326,6 +334,8 @@ spec:
type: string
userIdAttributeName:
type: string
required:
- introspectionUrl
type: object
introspectionUrl:
type: string
Expand All @@ -337,13 +347,17 @@ spec:
properties:
inlineString:
type: string
required:
- inlineString
type: object
remoteJwks:
properties:
refreshInterval:
type: string
url:
type: string
required:
- url
type: object
type: object
requiredScopes:
Expand Down Expand Up @@ -474,6 +488,12 @@ spec:
additionalProperties:
type: string
type: object
required:
- clientId
- appUrl
- callbackPath
- authEndpoint
- tokenEndpoint
type: object
oidcAuthorizationCode:
properties:
Expand Down Expand Up @@ -562,6 +582,8 @@ spec:
type: object
validFor:
type: string
required:
- signingKeyRef
type: object
type: object
clientId:
Expand Down Expand Up @@ -758,6 +780,11 @@ spec:
additionalProperties:
type: string
type: object
required:
- clientId
- issuerUrl
- appUrl
- callbackPath
type: object
type: object
opaAuth:
Expand All @@ -780,6 +807,8 @@ spec:
type: object
query:
type: string
required:
- query
type: object
opaServerAuth:
properties:
Expand All @@ -796,6 +825,8 @@ spec:
type: string
serverAddr:
type: string
required:
- package
type: object
passThroughAuth:
properties:
Expand Down Expand Up @@ -827,6 +858,8 @@ spec:
type: object
tlsConfig:
type: object
required:
- address
type: object
http:
properties:
Expand Down Expand Up @@ -868,6 +901,8 @@ spec:
type: object
url:
type: string
required:
- url
type: object
type: object
pluginAuth:
Expand All @@ -881,6 +916,8 @@ spec:
type: string
pluginFileName:
type: string
required:
- config
type: object
type: object
type: array
Expand All @@ -894,6 +931,8 @@ spec:
x-kubernetes-preserve-unknown-fields: true
type: object
type: object
required:
- configs
type: object
status:
default: {}
Expand Down
Loading

0 comments on commit e308d8f

Please sign in to comment.