diff --git a/api/v1beta1/kuadrant_types.go b/api/v1beta1/kuadrant_types.go index 27f01d206..d3c27a272 100644 --- a/api/v1beta1/kuadrant_types.go +++ b/api/v1beta1/kuadrant_types.go @@ -68,7 +68,7 @@ func (r *KuadrantStatus) Equals(other *KuadrantStatus, logger logr.Logger) bool //+kubebuilder:object:root=true //+kubebuilder:subresource:status -// Kuadrant is the Schema for the kuadrants API +// Kuadrant configures installations of Kuadrant Service Protection components type Kuadrant struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/api/v1beta2/authpolicy_types.go b/api/v1beta2/authpolicy_types.go index 597e4adf3..ea5f1b231 100644 --- a/api/v1beta2/authpolicy_types.go +++ b/api/v1beta2/authpolicy_types.go @@ -200,6 +200,8 @@ func (s *AuthPolicyStatus) Equals(other *AuthPolicyStatus, logger logr.Logger) b // +kubebuilder:object:root=true // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="gateway.networking.k8s.io/policy=direct" + +// AuthPolicy enables authentication and authorization for service workloads in a Gateway API network type AuthPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/api/v1beta2/ratelimitpolicy_types.go b/api/v1beta2/ratelimitpolicy_types.go index 2d52029fb..0e245ffa1 100644 --- a/api/v1beta2/ratelimitpolicy_types.go +++ b/api/v1beta2/ratelimitpolicy_types.go @@ -160,10 +160,11 @@ func (s *RateLimitPolicyStatus) Equals(other *RateLimitPolicyStatus, logger logr return true } -// RateLimitPolicy is the Schema for the ratelimitpolicies API // +kubebuilder:object:root=true // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="gateway.networking.k8s.io/policy=direct" + +// RateLimitPolicy enables rate limiting for service workloads in a Gateway API network type RateLimitPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml b/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml index 8e788184e..7e4a068a9 100644 --- a/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml +++ b/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml @@ -12,6 +12,34 @@ metadata: }, "spec": {} }, + { + "apiVersion": "kuadrant.io/v1beta2", + "kind": "AuthPolicy", + "metadata": { + "name": "toystore" + }, + "spec": { + "rules": { + "authentication": { + "apikey": { + "apiKey": { + "selector": {} + } + }, + "credentials": { + "authorizationHeader": { + "prefix": "APIKEY" + } + } + } + }, + "targetRef": { + "group": "gateway.networking.k8s.io", + "kind": "HTTPRoute", + "name": "toystore" + } + } + }, { "apiVersion": "kuadrant.io/v1beta2", "kind": "RateLimitPolicy", @@ -41,7 +69,7 @@ metadata: capabilities: Basic Install categories: Integration & Delivery containerImage: quay.io/kuadrant/kuadrant-operator:latest - createdAt: "2023-11-24T11:49:17Z" + createdAt: "2023-11-27T14:18:37Z" operators.operatorframework.io/builder: operator-sdk-v1.32.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/Kuadrant/kuadrant-operator @@ -52,15 +80,22 @@ spec: apiservicedefinitions: {} customresourcedefinitions: owned: - - kind: AuthPolicy + - description: AuthPolicy enables authentication and authorization for service + workloads in a Gateway API network + displayName: AuthPolicy + kind: AuthPolicy name: authpolicies.kuadrant.io version: v1beta2 - - description: Kuadrant is the Schema for the kuadrants API + - description: Kuadrant configures installations of Kuadrant Service Protection + components displayName: Kuadrant kind: Kuadrant name: kuadrants.kuadrant.io version: v1beta1 - - kind: RateLimitPolicy + - description: RateLimitPolicy enables rate limiting for service workloads in + a Gateway API network + displayName: RateLimitPolicy + kind: RateLimitPolicy name: ratelimitpolicies.kuadrant.io version: v1beta2 description: A Kubernetes Operator to manage the lifecycle of the Kuadrant system diff --git a/bundle/manifests/kuadrant.io_authpolicies.yaml b/bundle/manifests/kuadrant.io_authpolicies.yaml index dbbd6a180..344868cc5 100644 --- a/bundle/manifests/kuadrant.io_authpolicies.yaml +++ b/bundle/manifests/kuadrant.io_authpolicies.yaml @@ -20,6 +20,8 @@ spec: - name: v1beta2 schema: openAPIV3Schema: + description: AuthPolicy enables authentication and authorization for service + workloads in a Gateway API network properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation diff --git a/bundle/manifests/kuadrant.io_kuadrants.yaml b/bundle/manifests/kuadrant.io_kuadrants.yaml index 2c9c737cd..965919073 100644 --- a/bundle/manifests/kuadrant.io_kuadrants.yaml +++ b/bundle/manifests/kuadrant.io_kuadrants.yaml @@ -19,7 +19,8 @@ spec: - name: v1beta1 schema: openAPIV3Schema: - description: Kuadrant is the Schema for the kuadrants API + description: Kuadrant configures installations of Kuadrant Service Protection + components properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation diff --git a/bundle/manifests/kuadrant.io_ratelimitpolicies.yaml b/bundle/manifests/kuadrant.io_ratelimitpolicies.yaml index 60309d0cd..6795d0063 100644 --- a/bundle/manifests/kuadrant.io_ratelimitpolicies.yaml +++ b/bundle/manifests/kuadrant.io_ratelimitpolicies.yaml @@ -20,7 +20,8 @@ spec: - name: v1beta2 schema: openAPIV3Schema: - description: RateLimitPolicy is the Schema for the ratelimitpolicies API + description: RateLimitPolicy enables rate limiting for service workloads in + a Gateway API network properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation diff --git a/config/crd/bases/kuadrant.io_authpolicies.yaml b/config/crd/bases/kuadrant.io_authpolicies.yaml index 377bda525..aa86791f4 100644 --- a/config/crd/bases/kuadrant.io_authpolicies.yaml +++ b/config/crd/bases/kuadrant.io_authpolicies.yaml @@ -19,6 +19,8 @@ spec: - name: v1beta2 schema: openAPIV3Schema: + description: AuthPolicy enables authentication and authorization for service + workloads in a Gateway API network properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation diff --git a/config/crd/bases/kuadrant.io_kuadrants.yaml b/config/crd/bases/kuadrant.io_kuadrants.yaml index f168c03a2..13ba3abc1 100644 --- a/config/crd/bases/kuadrant.io_kuadrants.yaml +++ b/config/crd/bases/kuadrant.io_kuadrants.yaml @@ -17,7 +17,8 @@ spec: - name: v1beta1 schema: openAPIV3Schema: - description: Kuadrant is the Schema for the kuadrants API + description: Kuadrant configures installations of Kuadrant Service Protection + components properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation diff --git a/config/crd/bases/kuadrant.io_ratelimitpolicies.yaml b/config/crd/bases/kuadrant.io_ratelimitpolicies.yaml index 39079ef01..2eb74a7d2 100644 --- a/config/crd/bases/kuadrant.io_ratelimitpolicies.yaml +++ b/config/crd/bases/kuadrant.io_ratelimitpolicies.yaml @@ -19,7 +19,8 @@ spec: - name: v1beta2 schema: openAPIV3Schema: - description: RateLimitPolicy is the Schema for the ratelimitpolicies API + description: RateLimitPolicy enables rate limiting for service workloads in + a Gateway API network properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation diff --git a/config/manifests/bases/kuadrant-operator.clusterserviceversion.yaml b/config/manifests/bases/kuadrant-operator.clusterserviceversion.yaml index aaf9baf26..f38ddf156 100644 --- a/config/manifests/bases/kuadrant-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/kuadrant-operator.clusterserviceversion.yaml @@ -16,21 +16,21 @@ spec: apiservicedefinitions: {} customresourcedefinitions: owned: - - description: Kuadrant is the Schema for the kuadrants API + - description: Kuadrant configures installations of Kuadrant Service Protection components displayName: Kuadrant kind: Kuadrant name: kuadrants.kuadrant.io version: v1beta1 - - description: Enable AuthN and AuthZ based access control on workloads + - description: AuthPolicy enables authentication and authorization for service workloads in a Gateway API network displayName: AuthPolicy kind: AuthPolicy name: authpolicies.kuadrant.io - version: v1beta1 - - description: Enable access control on workloads based on HTTP rate limiting + version: v1beta2 + - description: RateLimitPolicy enables rate limiting for service workloads in a Gateway API network displayName: RateLimitPolicy kind: RateLimitPolicy name: ratelimitpolicies.kuadrant.io - version: v1beta1 + version: v1beta2 description: A Kubernetes Operator to manage the lifecycle of the Kuadrant system displayName: Kuadrant Operator icon: diff --git a/config/samples/kuadrant_v1beta1_authpolicy.yaml b/config/samples/kuadrant_v1beta1_authpolicy.yaml deleted file mode 100644 index bb615f0d7..000000000 --- a/config/samples/kuadrant_v1beta1_authpolicy.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -apiVersion: kuadrant.io/v1beta1 -kind: AuthPolicy -metadata: - name: toystore -spec: - targetRef: - group: gateway.networking.k8s.io - kind: HTTPRoute - name: toystore - rules: - authScheme: - identity: - - name: friends - apiKey: - allNamespaces: true - selector: - matchLabels: - app: toystore - credentials: - in: authorization_header - keySelector: APIKEY - response: - - json: - properties: - - name: userID - valueFrom: - authJSON: auth.identity.metadata.annotations.secret\.kuadrant\.io/user-id - name: rate-limit-apikey - wrapper: envoyDynamicMetadata - wrapperKey: ext_auth_data diff --git a/config/samples/kuadrant_v1beta2_authpolicy.yaml b/config/samples/kuadrant_v1beta2_authpolicy.yaml new file mode 100644 index 000000000..23954bbd9 --- /dev/null +++ b/config/samples/kuadrant_v1beta2_authpolicy.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: kuadrant.io/v1beta2 +kind: AuthPolicy +metadata: + name: toystore +spec: + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: toystore + rules: + authentication: + "apikey": + apiKey: + selector: {} + credentials: + authorizationHeader: + prefix: APIKEY diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index 26a922f6c..5202a04c9 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -1,6 +1,6 @@ ## Append samples you want in your CSV to this file as resources ## resources: - kuadrant_v1beta1_kuadrant.yaml -- kuadrant_v1beta1_authpolicy.yaml +- kuadrant_v1beta2_authpolicy.yaml - kuadrant_v1beta2_ratelimitpolicy.yaml #+kubebuilder:scaffold:manifestskustomizesamples diff --git a/examples/toystore/authpolicy.yaml b/examples/toystore/authpolicy.yaml index 3e84b3a11..a7a404b71 100644 --- a/examples/toystore/authpolicy.yaml +++ b/examples/toystore/authpolicy.yaml @@ -8,13 +8,13 @@ spec: group: gateway.networking.k8s.io kind: HTTPRoute name: toystore + routeSelectors: + - matches: + - path: + type: Exact + value: "/admin/toy" + method: DELETE rules: - routeSelectors: - - matches: - - path: - type: Exact - value: "/admin/toy" - method: DELETE authentication: "apikey": apiKey: @@ -22,8 +22,8 @@ spec: matchLabels: app: toystore credentials: - in: authorization_header - keySelector: APIKEY + authorizationHeader: + prefix: APIKEY response: success: dynamicMetadata: