Add kubebuilder validations in proto for extauth AuthConfig #9481
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
the
keep pr updated
arianaw66
commented
May 14, 2024
...thub.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.sk.md
Outdated
Show resolved
Hide resolved
arianaw66
changed the title
…onfig state" This reverts commit c128fa8.
…g.configs-maxLength
arianaw66
changed the title
|
Issues linked to changelog: |
I've brought this change to the attention of @DuncanDoyle @kcbabo and @sam-heilbron, we have their thumbs up on the change and we can merge this PR right after the 1.17 branch is cut. cc: @arianaw66 |
…/ protoc-gen-openapi
…g.configs-maxLength
…g.configs-maxLength
|
It appears the bump to solo-kit v0.35.1 breaks the build-bot tests |
arianaw66
removed
the
work in progress
...thub.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.sk.md
Show resolved
Hide resolved
dmitri-d
approved these changes
Jun 19, 2024
Rachael-Graham
approved these changes
Jun 20, 2024
npolshakova
approved these changes
Jun 20, 2024
arianaw66
added
the
keep pr updated
sheidkamp
reviewed
Jun 20, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR adds kubebuilder markers and CEL validation rules to the AuthConfig CRD.
These are unit tested thoroughly in https://github.com/solo-io/gloo-mesh-enterprise/pull/16951.
The constraints are notated here, primarily in the first two commits, which come from the solo-projects validation code and are therefore guaranteed to be constraints that apply when using Edge.
API changes
No API fields have been changed, but this adds pre-admission validation which can affect customers' pipelines. The changes proposed here should only affect AuthConfig CRs which are not currently ACCEPTED by our translation.
Docs changes
The docs will unfortunately be updated with the kubebuilder markers, as there's no way to hide the additional proto comments from the docs.
The docs team will also add user-facing constraint descriptions according to the notes here.
Context
This is motivation by the validation milestone in progress for Gloo Platform.
Interesting decisions
Further discussion of the relevant factors and decisions can be found on the ExtAuthPolicy validation issue that is a part of that milestone.
Testing steps
See https://github.com/solo-io/gloo-mesh-enterprise/pull/16951 for testing steps
Checklist: