Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do/auth policy status #553

Merged
merged 1 commit into from
Apr 22, 2024
Merged

Do/auth policy status #553

merged 1 commit into from
Apr 22, 2024

Conversation

Boomatang
Copy link
Contributor

@Boomatang Boomatang commented Apr 17, 2024
edited
Loading

Closes: #466

Verification

  • Set up local cluster.
make local-setup
  • Install kuadrant, toystore and route authPolicy
echo "  
apiVersion: kuadrant.io/v1beta1
kind: Kuadrant
metadata:
  name: kuadrant
  namespace: kuadrant-system
spec: {}
" | kubectl apply -f -
kubectl apply -f examples/toystore/toystore.yaml
echo "
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: toystore
spec:
  parentRefs:
  - name: istio-ingressgateway
    namespace: istio-system
  hostnames:
  - api.toystore.com
  rules:
  - matches:
    - path:
        type: Exact
        value: "/toy"
      method: GET
    backendRefs:
    - name: toystore
      port: 80
" | kubectl apply -f -
echo "
apiVersion: kuadrant.io/v1beta2
kind: AuthPolicy
metadata:
  name: toystore
  namespace: default
spec:
  targetRef:
    group: gateway.networking.k8s.io
    kind: HTTPRoute
    name: toystore
  rules:
    authentication:
      "api-key-users":
        apiKey:
          selector:
            matchLabels:
              app: toystore
          allNamespaces: true
        credentials:
          authorizationHeader:
            prefix: TOYSTORE
    response:
      success:
        dynamicMetadata:
          "identity":
            json:
              properties:
                "userid":
                  selector: auth.identity.metadata.annotations.secret\.kuadrant\.io/user-id
" | kubectl apply -f -
  • Check the Enforced status of the authPolicy. Expected status True.
kubectl get authpolicy toystore -n default -o=jsonpath='{.status.conditions[?(@.type=="Enforced")]}{"\\n"}' | jq
  • Apply gateway Authpolicy with override.
echo "
apiVersion: kuadrant.io/v1beta2
kind: AuthPolicy
metadata:
  name: gateway
  namespace: istio-system
spec:
  targetRef:
    group: gateway.networking.k8s.io
    kind: Gateway
    name: istio-ingressgateway
  overrides:
    rules:
      authentication:
        "api-key-users":
          apiKey:
            selector:
              matchLabels:
                app: toystore
            allNamespaces: true
          credentials:
            authorizationHeader:
              prefix: APIKEY
      response:
        success:
          dynamicMetadata:
            "identity":
              json:
                properties:
                  "userid":
                    selector: auth.identity.metadata.annotations.secret\.kuadrant\.io/user-id
" | kubectl apply -f -
  • Check the Enforced status of the authPolicy. Expected status Fasle, reason of Overridden and gateway authPolicy to be listed in the massage.
kubectl get authpolicy toystore -n default -o=jsonpath='{.status.conditions[?(@.type=="Enforced")]}{"\\n"}' | jq

@Boomatang Boomatang force-pushed the DO/authPolicy-status branch 2 times, most recently from 33b74ca to 91c4354 Compare April 17, 2024 17:56
@Boomatang Boomatang marked this pull request as ready for review April 19, 2024 11:11
@Boomatang Boomatang requested a review from a team as a code owner April 19, 2024 11:11
@Boomatang Boomatang changed the title [WIP] Do/auth policy status Do/auth policy status Apr 19, 2024
KevFan
KevFan approved these changes Apr 22, 2024
View reviewed changes
Copy link
Contributor

@KevFan KevFan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verified, code looks good to me. An addition that would be nice would be to update the override integration tests to test for the override message in the status

@Boomatang Boomatang merged commit 7cdd23b into Kuadrant:main Apr 22, 2024
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KevFan KevFan KevFan approved these changes

Assignees
No one assigned
Labels
size/small
Projects
Kuadrant
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AuthPolicy status for D/O
2 participants
@Boomatang @KevFan