Integrate AuthConfig's v1beta3 changes in AuthPolicy

[adam-cattermole]

Verification

make local-setup

kubectl -n kuadrant-system apply -f - <<EOF
apiVersion: kuadrant.io/v1beta1
kind: Kuadrant
metadata:
  name: kuadrant
spec: {}
EOF

kubectl apply -f examples/toystore/toystore.yaml

kubectl apply -f - <<EOF
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: toystore
spec:
  parentRefs:
  - name: kuadrant-ingressgateway
    namespace: gateway-system
  hostnames:
  - api.toystore.com
  rules:
  - matches:
    - method: GET
      path:
        type: PathPrefix
        value: "/cars"
    - method: GET
      path:
        type: PathPrefix
        value: "/dolls"
    backendRefs:
    - name: toystore
      port: 80
  - matches:
    - path:
        type: PathPrefix
        value: "/admin"
    backendRefs:
    - name: toystore
      port: 80
EOF

kubectl apply -f - <<EOF
apiVersion: kuadrant.io/v1beta3
kind: AuthPolicy
metadata:
  name: toystore
spec:
  targetRef:
    group: gateway.networking.k8s.io
    kind: HTTPRoute
    name: toystore
  when:
    - predicate: request.headers['my-header'] == 'test'
  rules:
    authentication:
      "api-key-users":
        apiKey:
          selector:
            matchLabels:
              app: toystore
          allNamespaces: true
        credentials:
          authorizationHeader:
            prefix: APIKEY
EOF

kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
  name: bob-key
  labels:
    authorino.kuadrant.io/managed-by: authorino
    app: toystore
  annotations:
    secret.kuadrant.io/user-id: bob
stringData:
  api_key: IAMBOB
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
  name: alice-key
  labels:
    authorino.kuadrant.io/managed-by: authorino
    app: toystore
  annotations:
    secret.kuadrant.io/user-id: alice
stringData:
  api_key: IAMALICE
type: Opaque
EOF

export INGRESS_HOST=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.status.addresses[0].value}')
export INGRESS_PORT=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.spec.listeners[?(@.name=="http")].port}')
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT

curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/cars -i
# HTTP/1.1 200 OK

curl -H 'Host: api.toystore.com' -H 'my-header: test' http://$GATEWAY_URL/cars -i
# HTTP/1.1 401 Unauthorized

curl -H 'Host: api.toystore.com' -H 'my-header: test' -H 'Authorization: APIKEY IAMALICE' http://$GATEWAY_URL/cars -i
# HTTP/1.1 200 OK

kubectl get -n gateway-system wasmplugin/kuadrant-kuadrant-ingressgateway -o yaml

[adam-cattermole]

Somewhat confusingly we called the wasm plugin Condition (i.e. PatternExpression) Predicate.. but now we have a Predicates field in wasm and so to retain both I've renamed Predicate -> Condition and introduced Predicates ([]string) in routeRuleConditions..

[adam-cattermole]

I'm not 100% about changing these - they're not used elsewhere but it's a little confusing using some within CEL predicates and others for PatternExpressions

[adam-cattermole]

For now importing the version from main until we have a v0.19.0 release