diff --git a/api/v2alpha1/gate_types.go b/api/v2alpha1/gate_types.go index abaaa10aa..3ef728bde 100644 --- a/api/v2alpha1/gate_types.go +++ b/api/v2alpha1/gate_types.go @@ -49,9 +49,7 @@ type GateSpec struct { // +kubebuilder:validation:Pattern=^(?:[_a-z0-9](?:[_a-z0-9-]+[a-z0-9])?\.)+(?:[a-z](?:[a-z0-9-]+[a-z0-9])?)?$ Gateway *string `json:"gateway"` //Paths represents collection of Path to secure - Paths []Path `json:"paths,omitempty"` - // Mutators to be used - Mutators []*rulev1alpha1.Mutator `json:"mutators,omitempty"` + Rules []Rule `json:"rules,omitempty"` } // GateStatus defines the observed state of Gate @@ -112,8 +110,8 @@ type AuthStrategy struct { Config *runtime.RawExtension `json:"config,omitempty"` } -//Path . -type Path struct { +//Rule . +type Rule struct { // Path to be exposed // +kubebuilder:validation:Pattern=^/([0-9a-zA-Z./*]+) Path string `json:"path"` @@ -121,6 +119,8 @@ type Path struct { Scopes []string `json:"scopes,omitempty"` // Set of allowed HTTP methods Methods []string `json:"methods,omitempty"` + // Mutators to be used + Mutators []*rulev1alpha1.Mutator `json:"mutators,omitempty"` } //GatewayResourceStatus . diff --git a/api/v2alpha1/zz_generated.deepcopy.go b/api/v2alpha1/zz_generated.deepcopy.go index a79fdb996..ebc5a1503 100644 --- a/api/v2alpha1/zz_generated.deepcopy.go +++ b/api/v2alpha1/zz_generated.deepcopy.go @@ -127,24 +127,13 @@ func (in *GateSpec) DeepCopyInto(out *GateSpec) { *out = new(string) **out = **in } - if in.Paths != nil { - in, out := &in.Paths, &out.Paths - *out = make([]Path, len(*in)) + if in.Rules != nil { + in, out := &in.Rules, &out.Rules + *out = make([]Rule, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.Mutators != nil { - in, out := &in.Mutators, &out.Mutators - *out = make([]*v1alpha1.Mutator, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(v1alpha1.Mutator) - (*in).DeepCopyInto(*out) - } - } - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GateSpec. @@ -315,7 +304,7 @@ func (in *OauthModeConfig) DeepCopy() *OauthModeConfig { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Path) DeepCopyInto(out *Path) { +func (in *Rule) DeepCopyInto(out *Rule) { *out = *in if in.Scopes != nil { in, out := &in.Scopes, &out.Scopes @@ -327,14 +316,25 @@ func (in *Path) DeepCopyInto(out *Path) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.Mutators != nil { + in, out := &in.Mutators, &out.Mutators + *out = make([]*v1alpha1.Mutator, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(v1alpha1.Mutator) + (*in).DeepCopyInto(*out) + } + } + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Path. -func (in *Path) DeepCopy() *Path { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule. +func (in *Rule) DeepCopy() *Rule { if in == nil { return nil } - out := new(Path) + out := new(Rule) in.DeepCopyInto(out) return out } diff --git a/config/crd/bases/gateway.kyma-project.io_gates.yaml b/config/crd/bases/gateway.kyma-project.io_gates.yaml index d9da98c75..bff9afc8e 100644 --- a/config/crd/bases/gateway.kyma-project.io_gates.yaml +++ b/config/crd/bases/gateway.kyma-project.io_gates.yaml @@ -407,22 +407,7 @@ spec: description: Gateway to be used pattern: ^(?:[_a-z0-9](?:[_a-z0-9-]+[a-z0-9])?\.)+(?:[a-z](?:[a-z0-9-]+[a-z0-9])?)?$ type: string - mutators: - description: Mutators to be used - items: - properties: - config: - description: Config configures the handler. Configuration keys - vary per handler. - type: object - handler: - description: Name is the name of a handler - type: string - required: - - handler - type: object - type: array - paths: + rules: description: Paths represents collection of Path to secure items: properties: @@ -431,6 +416,21 @@ spec: items: type: string type: array + mutators: + description: Mutators to be used + items: + properties: + config: + description: Config configures the handler. Configuration + keys vary per handler. + type: object + handler: + description: Name is the name of a handler + type: string + required: + - handler + type: object + type: array path: description: Path to be exposed pattern: ^/([0-9a-zA-Z./*]+) diff --git a/config/samples/invalid.yaml b/config/samples/invalid.yaml index 1f89e1862..8c47453fc 100644 --- a/config/samples/invalid.yaml +++ b/config/samples/invalid.yaml @@ -37,8 +37,7 @@ spec: port: 8000 auth: name: OAUTH - paths: [] - mutators: [] + rules: [] --- apiVersion: gateway.kyma-project.io/v2alpha1 kind: Gate @@ -52,14 +51,13 @@ spec: port: 8000 auth: name: OAUTH - paths: + rules: - path: /foo scopes: ["read"] methods: ["GET"] - path: /bar scopes: ["read"] methods: ["GET"] - mutators: [] --- apiVersion: gateway.kyma-project.io/v2alpha1 kind: Gate @@ -76,11 +74,10 @@ spec: config: issuer: not-a-valid-url jwks: [] - paths: + rules: - path: /.* scopes: ["foo", "bar"] methods: ["GET"] - mutators: [] --- apiVersion: gateway.kyma-project.io/v2alpha1 kind: Gate @@ -107,7 +104,7 @@ spec: auth: name: ALLOW gateway: kyma-gateway.kyma-system.svc.cluster.local - paths: + rules: - path: /.* scopes: ["foo", "bar"] methods: ["GET"] diff --git a/config/samples/valid.yaml b/config/samples/valid.yaml index bb39e6761..e22886597 100644 --- a/config/samples/valid.yaml +++ b/config/samples/valid.yaml @@ -11,11 +11,11 @@ spec: auth: name: ALLOW gateway: kyma-gateway.kyma-system.svc.cluster.local - paths: + rules: - path: /.* scopes: [] methods: ["GET"] - mutators: [] + mutators: [] --- apiVersion: gateway.kyma-project.io/v2alpha1 kind: Gate @@ -29,11 +29,11 @@ spec: auth: name: ALLOW gateway: kyma-gateway.kyma-system.svc.cluster.local - paths: + rules: - path: /.* methods: ["GET"] - mutators: - - handler: noop + mutators: + - handler: noop --- apiVersion: gateway.kyma-project.io/v2alpha1 kind: Gate @@ -50,11 +50,11 @@ spec: config: issuer: http://dex.kyma.local jwks: [] - paths: + rules: - path: /.* scopes: [] methods: ["GET"] - mutators: [] + mutators: [] --- apiVersion: gateway.kyma-project.io/v2alpha1 kind: Gate @@ -71,12 +71,12 @@ spec: config: issuer: http://dex.kyma.local jwks: [] - paths: + rules: - path: /.* scopes: ["foo", "bar"] methods: ["GET"] - mutators: - - handler: noop + mutators: + - handler: noop --- apiVersion: gateway.kyma-project.io/v2alpha1 kind: Gate @@ -93,11 +93,11 @@ spec: config: issuer: http://dex.kyma.local jwks: [] - paths: + rules: - path: /.* scopes: ["foo", "bar"] methods: ["GET"] - mutators: [] + mutators: [] --- apiVersion: gateway.kyma-project.io/v2alpha1 kind: Gate @@ -111,11 +111,11 @@ spec: port: 8000 auth: name: OAUTH - paths: + rules: - path: /.* scopes: ["read"] methods: ["GET"] - mutators: [] + mutators: [] --- apiVersion: gateway.kyma-project.io/v2alpha1 kind: Gate @@ -129,10 +129,10 @@ spec: port: 8000 auth: name: OAUTH - paths: + rules: - path: /.* scopes: ["read"] methods: ["GET"] - mutators: - - handler: noop - config: {} \ No newline at end of file + mutators: + - handler: noop + config: {} \ No newline at end of file diff --git a/controllers/api_controller_integration_test.go b/controllers/api_controller_integration_test.go index be76c0575..04c578c52 100644 --- a/controllers/api_controller_integration_test.go +++ b/controllers/api_controller_integration_test.go @@ -363,14 +363,14 @@ func testInstance(authStrategyName, configJSON, name, namespace, serviceName, se Name: &authStrategyName, Config: rawCfg, }, - Paths: []gatewayv2alpha1.Path{ + Rules: []gatewayv2alpha1.Rule{ { - Path: path, - Scopes: scopes, - Methods: methods, + Path: path, + Scopes: scopes, + Methods: methods, + Mutators: mutators, }, }, - Mutators: mutators, }, } } diff --git a/controllers/api_controller_test.go b/controllers/api_controller_test.go index fe3d7a0ac..d7f5e4067 100644 --- a/controllers/api_controller_test.go +++ b/controllers/api_controller_test.go @@ -82,7 +82,7 @@ func fixAPI() *gatewayv2alpha1.Gate { Config: nil, }, Gateway: &gateway, - Paths: []gatewayv2alpha1.Path{ + Rules: []gatewayv2alpha1.Rule{ { Path: "/.*", Methods: []string{"GET"}, diff --git a/internal/processing/allow.go b/internal/processing/allow.go index bafbc69e7..be588bf9e 100644 --- a/internal/processing/allow.go +++ b/internal/processing/allow.go @@ -19,7 +19,7 @@ type allow struct { func (a *allow) Process(ctx context.Context, api *gatewayv2alpha1.Gate) error { destinationHost := "" var destinationPort uint32 - if a.isSecured(api, api.Spec.Paths[0]) { + if a.isSecured(api.Spec.Rules[0]) { destinationHost = fmt.Sprintf("%s.svc.cluster.local", a.oathkeeperSvc) destinationPort = a.oathkeeperSvcPort } else { @@ -33,10 +33,10 @@ func (a *allow) Process(ctx context.Context, api *gatewayv2alpha1.Gate) error { } if oldVS != nil { - newVS := prepareVirtualService(api, oldVS, destinationHost, destinationPort, api.Spec.Paths[0].Path) + newVS := prepareVirtualService(api, oldVS, destinationHost, destinationPort, api.Spec.Rules[0].Path) return a.updateVirtualService(ctx, newVS) } - vs := generateVirtualService(api, destinationHost, destinationPort, api.Spec.Paths[0].Path) + vs := generateVirtualService(api, destinationHost, destinationPort, api.Spec.Rules[0].Path) return a.createVirtualService(ctx, vs) } @@ -61,8 +61,8 @@ func (a *allow) updateVirtualService(ctx context.Context, vs *networkingv1alpha3 return a.vsClient.Update(ctx, vs) } -func (a *allow) isSecured(api *gatewayv2alpha1.Gate, path gatewayv2alpha1.Path) bool { - if len(path.Scopes) > 0 || len(api.Spec.Mutators) > 0 { +func (a *allow) isSecured(rule gatewayv2alpha1.Rule) bool { + if len(rule.Scopes) > 0 || len(rule.Mutators) > 0 { return true } return false diff --git a/internal/processing/allow_test.go b/internal/processing/allow_test.go index 7e9969ced..720f8ecc4 100644 --- a/internal/processing/allow_test.go +++ b/internal/processing/allow_test.go @@ -41,7 +41,7 @@ func TestVSforAllowModeNoMutators(t *testing.T) { assert.Equal(len(vs.Spec.HTTP[0].Match), 1) assert.Equal(vs.Spec.HTTP[0].Route[0].Destination.Host, serviceName+"."+apiNamespace+".svc.cluster.local") assert.Equal(vs.Spec.HTTP[0].Route[0].Destination.Port.Number, servicePort) - assert.Equal(vs.Spec.HTTP[0].Match[0].URI.Regex, exampleAPI.Spec.Paths[0].Path) + assert.Equal(vs.Spec.HTTP[0].Match[0].URI.Regex, exampleAPI.Spec.Rules[0].Path) assert.Equal(vs.ObjectMeta.Name, apiName+"-"+serviceName) assert.Equal(vs.ObjectMeta.Namespace, apiNamespace) @@ -71,16 +71,16 @@ func getGate4Allow() *gatewayv2alpha1.Gate { Host: &serviceHost, Port: &servicePort, }, - Paths: []gatewayv2alpha1.Path{ + Rules: []gatewayv2alpha1.Rule{ { Path: "/.*", Methods: []string{"GET"}, - }, - }, - Mutators: []*rulev1alpha1.Mutator{ - { - &rulev1alpha1.Handler{ - Name: "noop", + Mutators: []*rulev1alpha1.Mutator{ + &rulev1alpha1.Mutator{ + Handler: &rulev1alpha1.Handler{ + Name: "noop", + }, + }, }, }, }, diff --git a/internal/processing/jwt.go b/internal/processing/jwt.go index a24bee634..d2962fcf2 100644 --- a/internal/processing/jwt.go +++ b/internal/processing/jwt.go @@ -52,13 +52,13 @@ func (j *jwt) Process(ctx context.Context, api *gatewayv2alpha1.Gate) error { } if oldAR != nil { - newAR := prepareAccessRule(api, oldAR, api.Spec.Paths[0], []*rulev1alpha1.Authenticator{accessStrategy}) + newAR := prepareAccessRule(api, oldAR, api.Spec.Rules[0], []*rulev1alpha1.Authenticator{accessStrategy}) err = j.updateAccessRule(ctx, newAR) if err != nil { return err } } else { - ar := generateAccessRule(api, api.Spec.Paths[0], []*rulev1alpha1.Authenticator{accessStrategy}) + ar := generateAccessRule(api, api.Spec.Rules[0], []*rulev1alpha1.Authenticator{accessStrategy}) err = j.createAccessRule(ctx, ar) if err != nil { return err @@ -70,9 +70,9 @@ func (j *jwt) Process(ctx context.Context, api *gatewayv2alpha1.Gate) error { return err } if oldVS != nil { - return j.updateVirtualService(ctx, prepareVirtualService(api, oldVS, j.oathkeeperSvc, j.oathkeeperSvcPort, api.Spec.Paths[0].Path)) + return j.updateVirtualService(ctx, prepareVirtualService(api, oldVS, j.oathkeeperSvc, j.oathkeeperSvcPort, api.Spec.Rules[0].Path)) } - err = j.createVirtualService(ctx, generateVirtualService(api, j.oathkeeperSvc, j.oathkeeperSvcPort, api.Spec.Paths[0].Path)) + err = j.createVirtualService(ctx, generateVirtualService(api, j.oathkeeperSvc, j.oathkeeperSvcPort, api.Spec.Rules[0].Path)) if err != nil { return err } @@ -90,7 +90,7 @@ func (j *jwt) updateAccessRule(ctx context.Context, ar *rulev1alpha1.Rule) error func generateRequiredScopesJSONForJWT(gate *gatewayv2alpha1.Gate, conf *gatewayv2alpha1.JWTModeConfig) ([]byte, error) { jwtConf := &internalTypes.JwtConfig{ - RequiredScope: gate.Spec.Paths[0].Scopes, + RequiredScope: gate.Spec.Rules[0].Scopes, TrustedIssuer: []string{conf.Issuer}, } return json.Marshal(jwtConf) @@ -172,7 +172,7 @@ func (j *jwt) getAccessRule(ctx context.Context, api *gatewayv2alpha1.Gate) (*ru return ar, nil } -func prepareAccessRule(api *gatewayv2alpha1.Gate, ar *rulev1alpha1.Rule, rule gatewayv2alpha1.Path, accessStrategies []*rulev1alpha1.Authenticator) *rulev1alpha1.Rule { +func prepareAccessRule(api *gatewayv2alpha1.Gate, ar *rulev1alpha1.Rule, rule gatewayv2alpha1.Rule, accessStrategies []*rulev1alpha1.Authenticator) *rulev1alpha1.Rule { ar.ObjectMeta.OwnerReferences = []k8sMeta.OwnerReference{generateOwnerRef(api)} ar.ObjectMeta.Name = fmt.Sprintf("%s-%s", api.ObjectMeta.Name, *api.Spec.Service.Name) ar.ObjectMeta.Namespace = api.ObjectMeta.Namespace @@ -191,7 +191,7 @@ func prepareAccessRule(api *gatewayv2alpha1.Gate, ar *rulev1alpha1.Rule, rule ga }, }, Authenticators: accessStrategies, - Mutators: api.Spec.Mutators, + Mutators: rule.Mutators, } ar.Spec = *spec @@ -200,7 +200,7 @@ func prepareAccessRule(api *gatewayv2alpha1.Gate, ar *rulev1alpha1.Rule, rule ga } -func generateAccessRule(api *gatewayv2alpha1.Gate, rule gatewayv2alpha1.Path, accessStrategies []*rulev1alpha1.Authenticator) *rulev1alpha1.Rule { +func generateAccessRule(api *gatewayv2alpha1.Gate, rule gatewayv2alpha1.Rule, accessStrategies []*rulev1alpha1.Authenticator) *rulev1alpha1.Rule { objectMeta := generateObjectMeta(api) spec := &rulev1alpha1.RuleSpec{ @@ -217,7 +217,7 @@ func generateAccessRule(api *gatewayv2alpha1.Gate, rule gatewayv2alpha1.Path, ac }, }, Authenticators: accessStrategies, - Mutators: api.Spec.Mutators, + Mutators: rule.Mutators, } accessRule := &rulev1alpha1.Rule{ diff --git a/internal/processing/jwt_test.go b/internal/processing/jwt_test.go index c6cfa239d..536fa60ac 100644 --- a/internal/processing/jwt_test.go +++ b/internal/processing/jwt_test.go @@ -35,12 +35,12 @@ func getGate4JWT() *gatewayv2alpha1.Gate { Host: &serviceHost, Port: &servicePort, }, - Paths: []gatewayv2alpha1.Path{{ - Path: "/.*", - Methods: []string{"GET"}, + Rules: []gatewayv2alpha1.Rule{{ + Path: "/.*", + Methods: []string{"GET"}, + Mutators: []*rulev1alpha1.Mutator{}, }, }, - Mutators: []*rulev1alpha1.Mutator{}, }, } } @@ -93,12 +93,12 @@ func TestJwtPrepareAccessRule(t *testing.T) { }, } - oldAR := generateAccessRule(gate, gate.Spec.Paths[0], []*rulev1alpha1.Authenticator{accessStrategy}) + oldAR := generateAccessRule(gate, gate.Spec.Rules[0], []*rulev1alpha1.Authenticator{accessStrategy}) oldAR.ObjectMeta.Generation = int64(15) oldAR.ObjectMeta.Name = "mst" - newAR := prepareAccessRule(gate, oldAR, gate.Spec.Paths[0], []*rulev1alpha1.Authenticator{accessStrategy}) + newAR := prepareAccessRule(gate, oldAR, gate.Spec.Rules[0], []*rulev1alpha1.Authenticator{accessStrategy}) assert.Equal(newAR.ObjectMeta.Generation, int64(15)) @@ -142,7 +142,7 @@ func TestJwtGenerateAccessRule(t *testing.T) { }, } - ar := generateAccessRule(gate, gate.Spec.Paths[0], []*rulev1alpha1.Authenticator{accessStrategy}) + ar := generateAccessRule(gate, gate.Spec.Rules[0], []*rulev1alpha1.Authenticator{accessStrategy}) assert.Equal(len(ar.Spec.Authenticators), 1) assert.NotEmpty(ar.Spec.Authenticators[0].Config) diff --git a/internal/processing/oauth.go b/internal/processing/oauth.go index 03cfd53ff..860a0c890 100644 --- a/internal/processing/oauth.go +++ b/internal/processing/oauth.go @@ -33,13 +33,13 @@ func (o *oauth) Process(ctx context.Context, api *gatewayv2alpha1.Gate) error { } if oldVS != nil { - newVS := prepareVirtualService(api, oldVS, o.oathkeeperSvc, o.oathkeeperSvcPort, api.Spec.Paths[0].Path) + newVS := prepareVirtualService(api, oldVS, o.oathkeeperSvc, o.oathkeeperSvcPort, api.Spec.Rules[0].Path) err = o.updateVirtualService(ctx, newVS) if err != nil { return err } } else { - vs := generateVirtualService(api, o.oathkeeperSvc, o.oathkeeperSvcPort, api.Spec.Paths[0].Path) + vs := generateVirtualService(api, o.oathkeeperSvc, o.oathkeeperSvcPort, api.Spec.Rules[0].Path) err = o.createVirtualService(ctx, vs) if err != nil { return err @@ -51,7 +51,7 @@ func (o *oauth) Process(ctx context.Context, api *gatewayv2alpha1.Gate) error { return err } - requiredScopesJSON, err := generateRequiredScopesJSON(&api.Spec.Paths[0]) + requiredScopesJSON, err := generateRequiredScopesJSON(&api.Spec.Rules[0]) if err != nil { return err } @@ -66,13 +66,13 @@ func (o *oauth) Process(ctx context.Context, api *gatewayv2alpha1.Gate) error { } if oldAR != nil { - newAR := prepareAccessRule(api, oldAR, api.Spec.Paths[0], []*rulev1alpha1.Authenticator{accessStrategy}) + newAR := prepareAccessRule(api, oldAR, api.Spec.Rules[0], []*rulev1alpha1.Authenticator{accessStrategy}) err = o.updateAccessRule(ctx, newAR) if err != nil { return err } } else { - ar := generateAccessRule(api, api.Spec.Paths[0], []*rulev1alpha1.Authenticator{accessStrategy}) + ar := generateAccessRule(api, api.Spec.Rules[0], []*rulev1alpha1.Authenticator{accessStrategy}) err = o.createAccessRule(ctx, ar) if err != nil { return err @@ -141,8 +141,8 @@ func generateObjectMeta(api *gatewayv2alpha1.Gate) k8sMeta.ObjectMeta { Get() } -func generateRequiredScopesJSON(path *gatewayv2alpha1.Path) ([]byte, error) { +func generateRequiredScopesJSON(rule *gatewayv2alpha1.Rule) ([]byte, error) { requiredScopes := &internalTypes.OauthIntrospectionConfig{ - RequiredScope: path.Scopes} + RequiredScope: rule.Scopes} return json.Marshal(requiredScopes) } diff --git a/internal/processing/oauth_test.go b/internal/processing/oauth_test.go index 2f6737735..0a25940ac 100644 --- a/internal/processing/oauth_test.go +++ b/internal/processing/oauth_test.go @@ -15,7 +15,7 @@ func TestOauthGenerateVirtualService(t *testing.T) { assert := assert.New(t) gate := getGate() - vs := generateVirtualService(gate, "test-oathkeeper", 4455, gate.Spec.Paths[0].Path) + vs := generateVirtualService(gate, "test-oathkeeper", 4455, gate.Spec.Rules[0].Path) assert.Equal(len(vs.Spec.Gateways), 1) assert.Equal(vs.Spec.Gateways[0], apiGateway) @@ -45,12 +45,12 @@ func TestOauthPrepareVirtualService(t *testing.T) { gate := getGate() - oldVS := generateVirtualService(gate, "test-oathkeeper", 4455, gate.Spec.Paths[0].Path) + oldVS := generateVirtualService(gate, "test-oathkeeper", 4455, gate.Spec.Rules[0].Path) oldVS.ObjectMeta.Generation = int64(15) oldVS.ObjectMeta.Name = "mst" - newVS := prepareVirtualService(gate, oldVS, "test-oathkeeper", 4455, gate.Spec.Paths[0].Path) + newVS := prepareVirtualService(gate, oldVS, "test-oathkeeper", 4455, gate.Spec.Rules[0].Path) assert.Equal(newVS.ObjectMeta.Generation, int64(15)) @@ -92,7 +92,7 @@ func TestOauthGenerateAccessRule(t *testing.T) { }, } - ar := generateAccessRule(gate, gate.Spec.Paths[0], []*rulev1alpha1.Authenticator{accessStrategy}) + ar := generateAccessRule(gate, gate.Spec.Rules[0], []*rulev1alpha1.Authenticator{accessStrategy}) assert.Equal(len(ar.Spec.Authenticators), 1) assert.NotEmpty(ar.Spec.Authenticators[0].Config) @@ -133,12 +133,12 @@ func TestOauthPrepareAccessRule(t *testing.T) { }, } - oldAR := generateAccessRule(gate, gate.Spec.Paths[0], []*rulev1alpha1.Authenticator{accessStrategy}) + oldAR := generateAccessRule(gate, gate.Spec.Rules[0], []*rulev1alpha1.Authenticator{accessStrategy}) oldAR.ObjectMeta.Generation = int64(15) oldAR.ObjectMeta.Name = "mst" - newAR := prepareAccessRule(gate, oldAR, gate.Spec.Paths[0], []*rulev1alpha1.Authenticator{accessStrategy}) + newAR := prepareAccessRule(gate, oldAR, gate.Spec.Rules[0], []*rulev1alpha1.Authenticator{accessStrategy}) assert.Equal(newAR.ObjectMeta.Generation, int64(15)) @@ -190,14 +190,14 @@ func getGate() *gatewayv2alpha1.Gate { Host: &serviceHost, Port: &servicePort, }, - Paths: []gatewayv2alpha1.Path{ + Rules: []gatewayv2alpha1.Rule{ { - Path: "/foo", - Scopes: []string{"write", "read"}, - Methods: []string{"GET"}, + Path: "/foo", + Scopes: []string{"write", "read"}, + Methods: []string{"GET"}, + Mutators: []*rulev1alpha1.Mutator{}, }, }, - Mutators: []*rulev1alpha1.Mutator{}, }, } } diff --git a/internal/validation/allow.go b/internal/validation/allow.go index 3f057d0d7..d5b22f49f 100644 --- a/internal/validation/allow.go +++ b/internal/validation/allow.go @@ -9,13 +9,13 @@ import ( type allow struct{} func (a *allow) Validate(gate *gatewayv2alpha1.Gate) error { - if len(gate.Spec.Paths) != 1 { + if len(gate.Spec.Rules) != 1 { return fmt.Errorf("supplied config should contain exactly one path") } - if hasDuplicates(gate.Spec.Paths) { + if hasDuplicates(gate.Spec.Rules) { return fmt.Errorf("supplied config is invalid: multiple definitions of the same path detected") } - if len(gate.Spec.Paths[0].Scopes) > 0 { + if len(gate.Spec.Rules[0].Scopes) > 0 { return fmt.Errorf("allow mode does not support scopes") } return nil diff --git a/internal/validation/allow_test.go b/internal/validation/allow_test.go index 3a537f1b2..2541de56c 100644 --- a/internal/validation/allow_test.go +++ b/internal/validation/allow_test.go @@ -51,7 +51,7 @@ func getPassthroughValidGate() *gatewayv2alpha1.Gate { Host: &serviceHost, Port: &servicePort, }, - Paths: []gatewayv2alpha1.Path{ + Rules: []gatewayv2alpha1.Rule{ { Path: "/.*", Methods: []string{"GET"}, @@ -85,7 +85,7 @@ func getPassthroughNotValidGate() *gatewayv2alpha1.Gate { Host: &serviceHost, Port: &servicePort, }, - Paths: []gatewayv2alpha1.Path{ + Rules: []gatewayv2alpha1.Rule{ { Path: "/.*", Methods: []string{"GET"}, diff --git a/internal/validation/helpers.go b/internal/validation/helpers.go index a38667430..89a3bd490 100644 --- a/internal/validation/helpers.go +++ b/internal/validation/helpers.go @@ -6,7 +6,7 @@ import ( gatewayv2alpha1 "github.com/kyma-incubator/api-gateway/api/v2alpha1" ) -func hasDuplicates(paths []gatewayv2alpha1.Path) bool { +func hasDuplicates(paths []gatewayv2alpha1.Rule) bool { encountered := map[string]bool{} // Create a map of all unique elements. for v := range paths { diff --git a/internal/validation/jwt.go b/internal/validation/jwt.go index 23043907f..43d2d604e 100644 --- a/internal/validation/jwt.go +++ b/internal/validation/jwt.go @@ -13,7 +13,7 @@ type jwt struct{} func (j *jwt) Validate(gate *gatewayv2alpha1.Gate) error { var template gatewayv2alpha1.JWTModeConfig - if len(gate.Spec.Paths) == 0 { + if len(gate.Spec.Rules) == 0 { return fmt.Errorf("path is required") } diff --git a/internal/validation/jwt_test.go b/internal/validation/jwt_test.go index 9b30b2d1a..32423d9f7 100644 --- a/internal/validation/jwt_test.go +++ b/internal/validation/jwt_test.go @@ -70,7 +70,7 @@ func getJWTGate(config *runtime.RawExtension) *gatewayv2alpha1.Gate { Auth: &gatewayv2alpha1.AuthStrategy{ Config: config, }, - Paths: []gatewayv2alpha1.Path{ + Rules: []gatewayv2alpha1.Rule{ { Path: "/.*", Scopes: []string{}, diff --git a/internal/validation/oauth.go b/internal/validation/oauth.go index b9a7b64b2..6d35f109a 100644 --- a/internal/validation/oauth.go +++ b/internal/validation/oauth.go @@ -9,10 +9,10 @@ import ( type oauth struct{} func (o *oauth) Validate(gate *gatewayv2alpha1.Gate) error { - if len(gate.Spec.Paths) != 1 { + if len(gate.Spec.Rules) != 1 { return fmt.Errorf("supplied config should contain exactly one path") } - if hasDuplicates(gate.Spec.Paths) { + if hasDuplicates(gate.Spec.Rules) { return fmt.Errorf("supplied config is invalid: multiple definitions of the same path detected") } return nil