Merge main into feature branch #118
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Performance tests results * Update docs/API Rule performance.md Co-authored-by: Karol Szwaj <karol.szwaj@gmail.com> Co-authored-by: Karol Szwaj <karol.szwaj@gmail.com>
* Move processing logic into separate processors for VirtualService and AccessRule * Make object processors more independent * Rename functions * Move apply out of processors * Renamed function * Add todos that were mentioned in the issue * Inline one-liner methods * Add reconciliation commands for ory and istio * Add support for virtual service creation based on handler * Restructure modules * Move AccessRuleProcessor to ory module * Change visibility of types and remove old TODOs * Restructure virtual service functions * Remove TODO as this is not relevant any longer * Add ory virtual service tests * Move test utils * Add access rule processor tests * Add virtual service processor tests * Add reconciliation test * Add pragmatic approach to remove flakiness of tests * Add remove flakiness of tests * Fix flaky test and remove dummy feature flag implementation * Remove commented code * Use context, client and logger always from params to avoid confusion and remove getters from interface * Update internal/processing/internal/test/test_utils.go Co-authored-by: Bartosz Chwila <103247439+barchw@users.noreply.github.com> * Add abstraction for access rule as it needs to be different created * Provide logger instance as a pointer * Remove unused code * Add stronger typing for Action * Add comments for interfaces and functions * Add comments for interfaces and functions Co-authored-by: Bartosz Chwila <103247439+barchw@users.noreply.github.com>
* Update dependabot.yml * Update dependabot.yml
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.24.0 to 1.24.1. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.24.0...v1.24.1) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…o feature-istio-jwt-handler
videlov
requested review from
strekm,
werdes72,
dariusztutaj,
cnvergence,
barchw and
triffer
as code owners
kyma-bot
added
do-not-merge/invalid-commit-message
|
Keywords which can automatically close issues and at(@) or hashtag(#) mentions are not allowed in commit messages. The list of commits with invalid commit messages:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
triffer
approved these changes
Dec 9, 2022
videlov
removed
the
do-not-merge/invalid-commit-message
This was referenced Dec 22, 2022
Closed
kyma-bot
pushed a commit
that referenced
this pull request
Dec 27, 2022
* Revert "Revert istio jwt handler (#91)" This reverts commit 56a47a8. * Add JWT handler internal docs in component (#85) * Add JWT FT docs * Rephrase * Add istio APIRule to samples (#94) * Apply refactoring to istio-jwt branch (#114) * Processing restructure (#99) * Move processing logic into separate processors for VirtualService and AccessRule * Make object processors more independent * Rename functions * Move apply out of processors * Renamed function * Add todos that were mentioned in the issue * Inline one-liner methods * Add reconciliation commands for ory and istio * Add support for virtual service creation based on handler * Restructure modules * Move AccessRuleProcessor to ory module * Change visibility of types and remove old TODOs * Restructure virtual service functions * Remove TODO as this is not relevant any longer * Add ory virtual service tests * Move test utils * Add access rule processor tests * Add virtual service processor tests * Add reconciliation test * Add pragmatic approach to remove flakiness of tests * Add remove flakiness of tests * Fix flaky test and remove dummy feature flag implementation * Remove commented code * Use context, client and logger always from params to avoid confusion and remove getters from interface * Update internal/processing/internal/test/test_utils.go Co-authored-by: Bartosz Chwila <103247439+barchw@users.noreply.github.com> * Add abstraction for access rule as it needs to be different created * Provide logger instance as a pointer * Remove unused code * Add stronger typing for Action * Add comments for interfaces and functions * Add comments for interfaces and functions Co-authored-by: Bartosz Chwila <103247439+barchw@users.noreply.github.com> * Initial adjustment * Add types * Refactor processing * Remove old types * Add initial RA and AR processors * Add maps of RA and AP * Finish AP and RA processors * Add Istio JWT validator * Add validator code * Add missing jwt validate config * go mod tidy * Add missing validate config test * Add Virtual Service to Istio JWT and initial test for RA and AP * Fix lint * Migrate all RA and AP tests * Move test utils * Make ory reconciler the default * Update internal/processing/istio/authorization_policy_processor.go Co-authored-by: Bartosz Chwila <103247439+barchw@users.noreply.github.com> * Update internal/processing/istio/virtual_service_processor_test.go Co-authored-by: Bartosz Chwila <103247439+barchw@users.noreply.github.com> * Review update Co-authored-by: Tim Riffer <tim.riffer@sap.com> Co-authored-by: Bartosz Chwila <103247439+barchw@users.noreply.github.com> * Merge main into feature branch (#118) * Dummy change * Performance tests results (#100) * Performance tests results * Update docs/API Rule performance.md Co-authored-by: Karol Szwaj <karol.szwaj@gmail.com> Co-authored-by: Karol Szwaj <karol.szwaj@gmail.com> * Processing restructure (#99) * Move processing logic into separate processors for VirtualService and AccessRule * Make object processors more independent * Rename functions * Move apply out of processors * Renamed function * Add todos that were mentioned in the issue * Inline one-liner methods * Add reconciliation commands for ory and istio * Add support for virtual service creation based on handler * Restructure modules * Move AccessRuleProcessor to ory module * Change visibility of types and remove old TODOs * Restructure virtual service functions * Remove TODO as this is not relevant any longer * Add ory virtual service tests * Move test utils * Add access rule processor tests * Add virtual service processor tests * Add reconciliation test * Add pragmatic approach to remove flakiness of tests * Add remove flakiness of tests * Fix flaky test and remove dummy feature flag implementation * Remove commented code * Use context, client and logger always from params to avoid confusion and remove getters from interface * Update internal/processing/internal/test/test_utils.go Co-authored-by: Bartosz Chwila <103247439+barchw@users.noreply.github.com> * Add abstraction for access rule as it needs to be different created * Provide logger instance as a pointer * Remove unused code * Add stronger typing for Action * Add comments for interfaces and functions * Add comments for interfaces and functions Co-authored-by: Bartosz Chwila <103247439+barchw@users.noreply.github.com> * Configure Dependabot for release-1.1 (#101) * Update dependabot.yml * Update dependabot.yml * Update OWNERS (#108) * Bump k8s dependencies (#110) * gomod(deps): bump github.com/onsi/gomega from 1.24.0 to 1.24.1 (#113) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.24.0 to 1.24.1. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.24.0...v1.24.1) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Some wrong imports * Wrong resolve Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Bartosz Chwila <103247439+barchw@users.noreply.github.com> Co-authored-by: Karol Szwaj <karol.szwaj@gmail.com> Co-authored-by: Tim Riffer <tim.riffer@sap.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Restructure processors to work with mixed Ory+Istio handlers (#119) * Restructure processors * WIP Unit tests * Unit tests * Validation for supported access strategies and tests * Additional unit test check * Fix mixed case on Ory+Istio not creating AP and RA for non-jwt handlers * Review feedback impl * Fix allow/ory in combination with Istio JWT, missing AP * Add tests, fix linting and add review remarks Co-authored-by: Tim Riffer <tim.riffer@sap.com> * Add comment regarding iss jwt claim validation (#137) * Support for existing APIRules (#131) * Added access rule processor implementation in istio when feature toggle enabled * Added empty `Request Authentication` and `Authorization Policy` implementations in ory when feature toggle disabled * Add integration test for validation failure when switching cm from ory to istio * Add more integration tests to verify CM update * Add missing assert for rule list * Add test for changing JWT handler from istio to ory * Invoke reconciliation every time CM changed * Handling temporary annotation to invoke additional recociliation loop * Minor fixes * Removing unnecessary logic * Fix validation tests by adding the missing trigger for api rule reconciliation * Removing unnecessary logic * Fix integration tests when they are run by make * lint update Co-authored-by: Tim Riffer <tim.riffer@sap.com> * Add principals to Ory/allow APs (#138) * Tests for AuthorizationPolicyProcessor and RequestAuthenticationProcessor (#134) * Add tests for AuthorizationPolicyProcessor and RequestAuthenticationProcessor * Add service to the unique key of AuthorizationPolicy and RequestAuthentication to make the resource handling more reliable. * Think we skipped some releases :) * Change v1beta1 to apirulev1beta1 * Go mod tidy * Apply suggestions from code review Co-authored-by: Vladimir Videlov <vladimir.videlov@sap.com> * Adapt test to changes * Restructure tests to make them easier to read * Restructure ap tests * Restructure ap tests * Remove TODO Co-authored-by: Bartosz Chwila <bartosz.chwila@sap.com> Co-authored-by: Vladimir Videlov <vladimir.videlov@sap.com> * Merge from main (#140) * Performance tests results (#100) * Performance tests results * Update docs/API Rule performance.md Co-authored-by: Karol Szwaj <karol.szwaj@gmail.com> Co-authored-by: Karol Szwaj <karol.szwaj@gmail.com> * Processing restructure (#99) * Move processing logic into separate processors for VirtualService and AccessRule * Make object processors more independent * Rename functions * Move apply out of processors * Renamed function * Add todos that were mentioned in the issue * Inline one-liner methods * Add reconciliation commands for ory and istio * Add support for virtual service creation based on handler * Restructure modules * Move AccessRuleProcessor to ory module * Change visibility of types and remove old TODOs * Restructure virtual service functions * Remove TODO as this is not relevant any longer * Add ory virtual service tests * Move test utils * Add access rule processor tests * Add virtual service processor tests * Add reconciliation test * Add pragmatic approach to remove flakiness of tests * Add remove flakiness of tests * Fix flaky test and remove dummy feature flag implementation * Remove commented code * Use context, client and logger always from params to avoid confusion and remove getters from interface * Update internal/processing/internal/test/test_utils.go Co-authored-by: Bartosz Chwila <103247439+barchw@users.noreply.github.com> * Add abstraction for access rule as it needs to be different created * Provide logger instance as a pointer * Remove unused code * Add stronger typing for Action * Add comments for interfaces and functions * Add comments for interfaces and functions Co-authored-by: Bartosz Chwila <103247439+barchw@users.noreply.github.com> * Configure Dependabot for release-1.1 (#101) * Update dependabot.yml * Update dependabot.yml * Update OWNERS (#108) * Bump k8s dependencies (#110) * gomod(deps): bump github.com/onsi/gomega from 1.24.0 to 1.24.1 (#113) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.24.0 to 1.24.1. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.24.0...v1.24.1) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * gomod(deps): bump k8s.io/apimachinery from 0.25.4 to 0.26.0 (#120) Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.25.4 to 0.26.0. - [Release notes](https://github.com/kubernetes/apimachinery/releases) - [Commits](kubernetes/apimachinery@v0.25.4...v0.26.0) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * gomod(deps): bump k8s.io/api from 0.25.4 to 0.26.0 (#121) Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.25.4 to 0.26.0. - [Release notes](https://github.com/kubernetes/api/releases) - [Commits](kubernetes/api@v0.25.4...v0.26.0) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * gomod(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2 (#133) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.24.1 to 1.24.2. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.24.1...v1.24.2) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * gomod(deps): bump istio.io/client-go from 1.15.3 to 1.16.1 (#128) Bumps [istio.io/client-go](https://github.com/istio/client-go) from 1.15.3 to 1.16.1. - [Release notes](https://github.com/istio/client-go/releases) - [Commits](istio/client-go@v1.15.3...v1.16.1) --- updated-dependencies: - dependency-name: istio.io/client-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add comment regarding iss jwt claim validation (#136) * gomod(deps): bump k8s.io/api from 0.25.4 to 0.26.0 (#121) Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.25.4 to 0.26.0. - [Release notes](https://github.com/kubernetes/api/releases) - [Commits](kubernetes/api@v0.25.4...v0.26.0) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * gomod(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2 (#133) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.24.1 to 1.24.2. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.24.1...v1.24.2) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * gomod(deps): bump istio.io/client-go from 1.15.3 to 1.16.1 (#128) Bumps [istio.io/client-go](https://github.com/istio/client-go) from 1.15.3 to 1.16.1. - [Release notes](https://github.com/istio/client-go/releases) - [Commits](istio/client-go@v1.15.3...v1.16.1) --- updated-dependencies: - dependency-name: istio.io/client-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge from main * Merge from main * Revert "Merge from main" This reverts commit 63b1525. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Karol Szwaj <karol.szwaj@gmail.com> Co-authored-by: Tim Riffer <tim.riffer@sap.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Vladimir Videlov <vladimir.videlov@sap.com> Co-authored-by: Patryk Strugacz <werdes72@users.noreply.github.com> Co-authored-by: Karol Szwaj <karol.szwaj@gmail.com> Co-authored-by: Tim Riffer <tim.riffer@sap.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: dariusztutaj <89071551+dariusztutaj@users.noreply.github.com>
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merge
mainintofeature-istio-jwt-handlerChanges proposed in this pull request:
Related issue(s)