From d8db1eccfea76f9667b4a45858c37e74212bb149 Mon Sep 17 00:00:00 2001 From: Alex Snaps Date: Wed, 4 Sep 2024 10:30:56 -0400 Subject: [PATCH] wip: done with tests Signed-off-by: Alex Snaps --- controllers/auth_config_controller_test.go | 90 ++++++++++------------ controllers/auth_config_status_updater.go | 22 +++--- 2 files changed, 52 insertions(+), 60 deletions(-) diff --git a/controllers/auth_config_controller_test.go b/controllers/auth_config_controller_test.go index 392ab37a..f286364f 100644 --- a/controllers/auth_config_controller_test.go +++ b/controllers/auth_config_controller_test.go @@ -6,7 +6,6 @@ import ( "os" "testing" - old "github.com/kuadrant/authorino/api/v1beta1" api "github.com/kuadrant/authorino/api/v1beta2" "github.com/kuadrant/authorino/pkg/evaluators" "github.com/kuadrant/authorino/pkg/httptest" @@ -41,46 +40,46 @@ func TestMain(m *testing.M) { } func newTestAuthConfig(authConfigLabels map[string]string) api.AuthConfig { - spec := old.AuthConfigSpec{ + spec := api.AuthConfigSpec{ Hosts: []string{"echo-api"}, - Identity: []*old.Identity{ - { - Name: "keycloak", - Oidc: &old.Identity_OidcConfig{ - Endpoint: "http://127.0.0.1:9001/auth/realms/demo", + Authentication: map[string]api.AuthenticationSpec{ + "keycloak": { + AuthenticationMethodSpec: api.AuthenticationMethodSpec{ + Jwt: &api.JwtAuthenticationSpec{ + IssuerUrl: "http://127.0.0.1:9001/auth/realms/demo", + }, }, - ExtendedProperties: []old.ExtendedProperty{ - { - JsonProperty: old.JsonProperty{ - Name: "source", - Value: runtime.RawExtension{Raw: []byte(`"test"`)}, - }, + Defaults: map[string]api.ValueOrSelector{ + "source": { + Value: runtime.RawExtension{Raw: []byte(`"test"`)}, }, }, }, }, - Metadata: []*old.Metadata{ - { - Name: "userinfo", - UserInfo: &old.Metadata_UserInfo{ - IdentitySource: "keycloak", + Metadata: map[string]api.MetadataSpec{ + "userinfo": { + MetadataMethodSpec: api.MetadataMethodSpec{ + UserInfo: &api.UserInfoMetadataSpec{ + IdentitySource: "keycloak", + }, }, }, - { - Name: "resource-data", - UMA: &old.Metadata_UMA{ - Endpoint: "http://127.0.0.1:9001/auth/realms/demo", - Credentials: &v1.LocalObjectReference{ - Name: "secret", + "resource-data": { + MetadataMethodSpec: api.MetadataMethodSpec{ + Uma: &api.UmaMetadataSpec{ + Endpoint: "http://127.0.0.1:9001/auth/realms/demo", + Credentials: &v1.LocalObjectReference{ + Name: "secret", + }, }, }, }, }, - Authorization: []*old.Authorization{ - { - Name: "main-policy", - OPA: &old.Authorization_OPA{ - InlineRego: ` + Authorization: map[string]api.AuthorizationSpec{ + "main-policy": { + AuthorizationMethodSpec: api.AuthorizationMethodSpec{ + Opa: &api.OpaAuthorizationSpec{ + Rego: ` method = object.get(input.context.request.http, "method", "") path = object.get(input.context.request.http, "path", "") @@ -88,17 +87,19 @@ func newTestAuthConfig(authConfigLabels map[string]string) api.AuthConfig { method == "GET" path = "/allow" }`, + }, }, }, - { - Name: "some-extra-rules", - JSON: &old.Authorization_JSONPatternMatching{ - Rules: []old.JSONPattern{ - { - JSONPatternExpression: old.JSONPatternExpression{ - Selector: "context.identity.role", - Operator: "eq", - Value: "admin", + "some-extra-rules": { + AuthorizationMethodSpec: api.AuthorizationMethodSpec{ + PatternMatching: &api.PatternMatchingAuthorizationSpec{ + Patterns: []api.PatternExpressionOrRef{ + { + PatternExpression: api.PatternExpression{ + Selector: "context.identity.role", + Operator: "eq", + Value: "admin", + }, }, }, }, @@ -109,23 +110,14 @@ func newTestAuthConfig(authConfigLabels map[string]string) api.AuthConfig { return api.AuthConfig{ TypeMeta: metav1.TypeMeta{ Kind: "AuthConfig", - APIVersion: "authorino.kuadrant.io/v1beta1", + APIVersion: "authorino.kuadrant.io/v1beta2", }, ObjectMeta: metav1.ObjectMeta{ Name: "auth-config-1", Namespace: "authorino", Labels: authConfigLabels, }, - Spec: api.AuthConfigSpec{ - Hosts: []string{"echo-api"}, - NamedPatterns: nil, - Conditions: nil, - Authentication: nil, - Metadata: nil, - Authorization: nil, - Response: nil, - Callbacks: nil, - }, + Spec: spec, } } diff --git a/controllers/auth_config_status_updater.go b/controllers/auth_config_status_updater.go index 8fc68d84..2804d3c7 100644 --- a/controllers/auth_config_status_updater.go +++ b/controllers/auth_config_status_updater.go @@ -6,7 +6,7 @@ import ( "sort" "strings" - api "github.com/kuadrant/authorino/api/v1beta1" + api "github.com/kuadrant/authorino/api/v1beta2" "github.com/kuadrant/authorino/pkg/log" "github.com/kuadrant/authorino/pkg/utils" @@ -105,11 +105,11 @@ func (u *AuthConfigStatusUpdater) SetupWithManager(mgr ctrl.Manager) error { Complete(u) } -func updateStatusConditions(currentConditions []api.Condition, newCondition api.Condition) ([]api.Condition, bool) { +func updateStatusConditions(currentConditions []api.AuthConfigStatusCondition, newCondition api.AuthConfigStatusCondition) ([]api.AuthConfigStatusCondition, bool) { newCondition.LastTransitionTime = metav1.Now() if currentConditions == nil { - return []api.Condition{newCondition}, true + return []api.AuthConfigStatusCondition{newCondition}, true } for i, condition := range currentConditions { @@ -122,7 +122,7 @@ func updateStatusConditions(currentConditions []api.Condition, newCondition api. newCondition.LastTransitionTime = condition.LastTransitionTime } - res := make([]api.Condition, len(currentConditions)) + res := make([]api.AuthConfigStatusCondition, len(currentConditions)) copy(res, currentConditions) res[i] = newCondition return res, true @@ -143,7 +143,7 @@ func updateStatusAvailable(authConfig *api.AuthConfig, available bool) (changed message = "" } - authConfig.Status.Conditions, changed = updateStatusConditions(authConfig.Status.Conditions, api.Condition{ + authConfig.Status.Conditions, changed = updateStatusConditions(authConfig.Status.Conditions, api.AuthConfigStatusCondition{ Type: api.StatusConditionAvailable, Status: status, Reason: reason, @@ -164,7 +164,7 @@ func updateStatusReady(authConfig *api.AuthConfig, ready bool, reason, message s reason = api.StatusReasonUnknown } - authConfig.Status.Conditions, changed = updateStatusConditions(authConfig.Status.Conditions, api.Condition{ + authConfig.Status.Conditions, changed = updateStatusConditions(authConfig.Status.Conditions, api.AuthConfigStatusCondition{ Type: api.StatusConditionReady, Status: status, Reason: reason, @@ -181,14 +181,14 @@ func updateStatusSummary(authConfig *api.AuthConfig, newLinkedHosts []string) (c newLinkedHosts = []string{} } - new := api.Summary{ + new := api.AuthConfigStatusSummary{ Ready: authConfig.Status.Ready(), HostsReady: newLinkedHosts, NumHostsReady: fmt.Sprintf("%d/%d", len(newLinkedHosts), len(authConfig.Spec.Hosts)), - NumIdentitySources: int64(len(authConfig.Spec.Identity)), + NumIdentitySources: int64(len(authConfig.Spec.Authentication)), NumMetadataSources: int64(len(authConfig.Spec.Metadata)), NumAuthorizationPolicies: int64(len(authConfig.Spec.Authorization)), - NumResponseItems: int64(len(authConfig.Spec.Response)), + NumResponseItems: int64(len(authConfig.Spec.Response.Success.DynamicMetadata) + len(authConfig.Spec.Response.Success.Headers)), FestivalWristbandEnabled: issuingWristbands(authConfig), } @@ -213,8 +213,8 @@ func updateStatusSummary(authConfig *api.AuthConfig, newLinkedHosts []string) (c } func issuingWristbands(authConfig *api.AuthConfig) bool { - for _, responseConfig := range authConfig.Spec.Response { - if responseConfig.GetType() == api.ResponseWristband { + for _, responseConfig := range authConfig.Spec.Response.Success.DynamicMetadata { + if responseConfig.GetMethod() == api.WristbandAuthResponse { return true } }