Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tmp test failing build #9626

Closed
wants to merge 56 commits into from
Closed

Tmp test failing build #9626

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
56 commits
Select commit Hold shift + click to select a range
7d99ece
add maxLength
arianaw66 May 14, 2024
e64ef24
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 14, 2024
3f93728
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 15, 2024
809c47b
omg major :facepalm: : maxLength --> maxItems
arianaw66 May 16, 2024
12d791c
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 16, 2024
bf1f87d
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 16, 2024
65e7680
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 16, 2024
1c152c0
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 17, 2024
c6c6067
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 17, 2024
cf5e0c7
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 17, 2024
4e51b1e
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 17, 2024
6283964
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 20, 2024
2d212b0
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 20, 2024
569ec7c
test a CEL rule as well
arianaw66 May 20, 2024
2602f62
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 21, 2024
9e739af
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 21, 2024
754e41f
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 21, 2024
95a4b03
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 22, 2024
e2f9cac
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 23, 2024
c128fa8
ext-auth-service opaServer.Translate / ext-auth-service AuthConfig state
arianaw66 May 23, 2024
114b2a9
Revert "ext-auth-service opaServer.Translate / ext-auth-service AuthC…
arianaw66 May 23, 2024
178cf25
add kubebuilder validations for extauth
arianaw66 May 23, 2024
fd4d918
Merge branch 'main' of https://github.com/solo-io/gloo into AuthConfi…
arianaw66 May 23, 2024
b5c4e49
make go-generate-apis fmt
arianaw66 May 23, 2024
e1eefef
changelog
arianaw66 May 23, 2024
4eabf73
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 23, 2024
5bcb67e
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 24, 2024
0a3de6d
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 24, 2024
92cfa95
Adding changelog file to new location
May 24, 2024
4e990aa
Deleting changelog file from old location
May 24, 2024
868a01f
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 28, 2024
754908b
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 28, 2024
fa7f4fc
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 28, 2024
4779e87
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 28, 2024
6a4f398
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 29, 2024
97dca25
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 29, 2024
2480e4f
Adding changelog file to new location
May 29, 2024
d899818
Deleting changelog file from old location
May 29, 2024
14db380
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 29, 2024
da62150
Merge refs/heads/main into AuthConfig.configs-maxLength
soloio-bulldozer[bot] May 29, 2024
1b748ec
PR comment; combine apr rules into one
arianaw66 May 29, 2024
548791b
Adding changelog file to new location
May 31, 2024
59b5013
Deleting changelog file from old location
May 31, 2024
6faa26e
Adding changelog file to new location
Jun 4, 2024
5ce3119
Deleting changelog file from old location
Jun 4, 2024
52f5d3a
Merge branch 'main' into AuthConfig.configs-maxLength
arianaw66 Jun 11, 2024
d71d74e
move changelog
arianaw66 Jun 11, 2024
0a4e5ba
Adding changelog file to new location
Jun 12, 2024
3a32c03
Deleting changelog file from old location
Jun 12, 2024
6b0b016
Adding changelog file to new location
Jun 13, 2024
b755e89
Deleting changelog file from old location
Jun 13, 2024
4be4ced
Merge main into tmp-test-failing-build
soloio-bulldozer[bot] Jun 14, 2024
8fef18e
bump solo-kit to v0.35.1, codegen
arianaw66 Jun 14, 2024
cebb01b
bump solo-kit to branch revert-554-jbohanon/json-snapshots, codegen
arianaw66 Jun 17, 2024
0577518
Adding changelog file to new location
Jun 19, 2024
f1cad81
Deleting changelog file from old location
Jun 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions changelog/v1.17.0-rc6/authconfig-cel-rules.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
changelog:
- type: NEW_FEATURE
issueLink: https://github.com/solo-io/gloo-mesh-enterprise/issues/16010
description: |
Adds pre-admission [validation rules](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-rules) to the `AuthConfig` CRD.
resolvesIssue: false
62 changes: 31 additions & 31 deletions ...-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.sk.md
View file
Open in desktop

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,14 +51,14 @@ require (
github.com/solo-io/go-utils v0.24.8
github.com/solo-io/k8s-utils v0.7.2
github.com/solo-io/protoc-gen-ext v0.0.18
github.com/solo-io/protoc-gen-openapi v0.2.2
github.com/solo-io/protoc-gen-openapi v0.2.4
github.com/solo-io/skv2 v0.39.1

// Pinned to the `sa-k8s-1.29-bump` tag of solo-apis on `gloo-main` branch
// Ref: https://github.com/solo-io/gloo/pull/9463/files#r1594409655 && https://solo-io-corp.slack.com/archives/C03MFATU265/p1716913420716729?thread_ts=1716476992.938679&cid=C03MFATU265
// as to why it is now based off `gloo-main` and not `gloo-repo-branch`
github.com/solo-io/solo-apis v0.0.0-20240528173540-7879b7d12cb9
github.com/solo-io/solo-kit v0.35.0
github.com/solo-io/solo-kit v0.35.3-0.20240617205358-ffe0eaa62e6b
github.com/spf13/afero v1.9.2
github.com/spf13/cobra v1.8.0
github.com/spf13/pflag v1.0.5
Expand Down
8 changes: 4 additions & 4 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2028,14 +2028,14 @@ github.com/solo-io/k8s-utils v0.7.2 h1:pIRiTOpwymdCHUOSjzKDi/Ay16FNtF7JV7NIRlC2Z
github.com/solo-io/k8s-utils v0.7.2/go.mod h1:RrT6PVTSD1X0vteKCQmGzoAAfjI1U5oV/wA+T3T+NoM=
github.com/solo-io/protoc-gen-ext v0.0.18 h1:zSAL8NzWpJUGYoA5IyjHiKASNyHjR0uxBQ7eQS94i3A=
github.com/solo-io/protoc-gen-ext v0.0.18/go.mod h1:iGyCvmKmhJNXs5MgBcYFBF0om7LDnCVD2WwhOZGnqeA=
github.com/solo-io/protoc-gen-openapi v0.2.2 h1:OzyOAxiZuMAaLYWMNoTl2v9E7IXcl7UEeiTeCSwvCJ0=
github.com/solo-io/protoc-gen-openapi v0.2.2/go.mod h1:osEjRl1miHqlq4Wl/8SEqHFoyydptPL1EzEdM9c4vfE=
github.com/solo-io/protoc-gen-openapi v0.2.4 h1:9tqGhCAq83IRSzHhKDzpWnPlbPPORTM2izVxjLk0Ftw=
github.com/solo-io/protoc-gen-openapi v0.2.4/go.mod h1:osEjRl1miHqlq4Wl/8SEqHFoyydptPL1EzEdM9c4vfE=
github.com/solo-io/skv2 v0.39.1 h1:dWaZTWgntAsvh4lTlojd3xE+g7NF4oYNonfcdpy0nXE=
github.com/solo-io/skv2 v0.39.1/go.mod h1:Zsnl+OYmOkj+6KeaMfkzYIxHTVMC0w2gVApzNJRadM8=
github.com/solo-io/solo-apis v0.0.0-20240528173540-7879b7d12cb9 h1:4DNulNBJdaVz+fOaMQes1MqVCIO/db2vmwz7bVe3iIU=
github.com/solo-io/solo-apis v0.0.0-20240528173540-7879b7d12cb9/go.mod h1:fA+jJC7TXNM+i3uXvq7fpVrJ6JpNu1BgBxc4U9ntUW0=
github.com/solo-io/solo-kit v0.35.0 h1:iX7Wl9h59M7sPAH+fLVdjalY+nAfeG2ry+zrXYuyXTo=
github.com/solo-io/solo-kit v0.35.0/go.mod h1:fxakm2fhYzT3UNsM4baURVz19wCa75sv/KBNi4lwv6Q=
github.com/solo-io/solo-kit v0.35.3-0.20240617205358-ffe0eaa62e6b h1:MzYJWnRb9XIu0py7uvBp5lYDshmU9Qmi72oKdsmJlwU=
github.com/solo-io/solo-kit v0.35.3-0.20240617205358-ffe0eaa62e6b/go.mod h1:KBCEfl59/wE0K68s90aDcrTc36gKR5L97TbVelwL8n4=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
Expand Down
98 changes: 97 additions & 1 deletion install/helm/gloo/crds/enterprise.gloo.solo.io_v1_AuthConfig.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,12 @@ spec:
type: object
type: object
type: object
x-kubernetes-validations:
- message: Either apr or both encryption and userSource must
be set; apr may not be set alongside either encryption or
userSource
rule: 'has(self.apr) ? !has(self.encryption) && !has(self.userList)
: has(self.encryption) && has(self.userList)'
hmacAuth:
properties:
parametersInHeaders:
Expand All @@ -221,15 +227,21 @@ spec:
namespace:
type: string
type: object
minItems: 1
type: array
required:
- secretRefs
type: object
required:
- secretRefs
type: object
jwt:
maxProperties: 0
type: object
ldap:
properties:
address:
minLength: 1
type: string
allowedGroups:
items:
Expand Down Expand Up @@ -268,13 +280,16 @@ spec:
type: string
userDnTemplate:
type: string
required:
- address
type: object
name:
nullable: true
type: string
oauth:
properties:
appUrl:
minLength: 1
type: string
authEndpointQueryParams:
additionalProperties:
Expand All @@ -297,6 +312,8 @@ spec:
items:
type: string
type: array
required:
- appUrl
type: object
oauth2:
properties:
Expand All @@ -323,11 +340,22 @@ spec:
nullable: true
type: boolean
introspectionUrl:
minLength: 1
type: string
userIdAttributeName:
type: string
type: object
required:
- introspectionUrl
type: object
x-kubernetes-validations:
- message: If clientId is set, clientSecretRef must
be set or disableClientSecret must be true. Otherwise,
clientSecretRef must not be set.
rule: 'has(self.clientId) && size(self.clientId) >
0 ? has(self.clientSecretRef) || (has(self.disableClientSecret)
&& self.disableClientSecret) : !has(self.clientSecretRef)'
introspectionUrl:
minLength: 1
type: string
jwt:
properties:
Expand All @@ -336,14 +364,20 @@ spec:
localJwks:
properties:
inlineString:
minLength: 1
type: string
required:
- inlineString
type: object
remoteJwks:
properties:
refreshInterval:
type: string
url:
minLength: 1
type: string
required:
- url
type: object
type: object
requiredScopes:
Expand All @@ -361,16 +395,20 @@ spec:
afterLogoutUrl:
type: string
appUrl:
minLength: 1
type: string
authEndpoint:
minLength: 1
type: string
authEndpointQueryParams:
additionalProperties:
type: string
type: object
callbackPath:
minLength: 1
type: string
clientId:
minLength: 1
type: string
clientSecretRef:
properties:
Expand Down Expand Up @@ -469,12 +507,24 @@ spec:
type: object
type: object
tokenEndpoint:
minLength: 1
type: string
tokenEndpointQueryParams:
additionalProperties:
type: string
type: object
required:
- clientId
- appUrl
- callbackPath
- authEndpoint
- tokenEndpoint
type: object
x-kubernetes-validations:
- message: Either clientSecretRef must be set or disableClientSecret
must be true
rule: has(self.clientSecretRef) || (has(self.disableClientSecret)
&& self.disableClientSecret)
oidcAuthorizationCode:
properties:
accessToken:
Expand All @@ -494,6 +544,7 @@ spec:
afterLogoutUrl:
type: string
appUrl:
minLength: 1
type: string
authEndpointQueryParams:
additionalProperties:
Expand Down Expand Up @@ -535,6 +586,7 @@ spec:
type: string
type: object
callbackPath:
minLength: 1
type: string
clientAuthentication:
properties:
Expand All @@ -551,6 +603,11 @@ spec:
nullable: true
type: boolean
type: object
x-kubernetes-validations:
- message: Either clientSecretRef must be set or
disableClientSecret must be true
rule: has(self.clientSecretRef) || (has(self.disableClientSecret)
&& self.disableClientSecret)
privateKeyJwt:
properties:
signingKeyRef:
Expand All @@ -562,9 +619,15 @@ spec:
type: object
validFor:
type: string
required:
- signingKeyRef
type: object
type: object
x-kubernetes-validations:
- message: Must specify clientSecret or privateKeyJwt
rule: has(self.clientSecret) || has(self.privateKeyJwt)
clientId:
minLength: 1
type: string
clientSecretRef:
properties:
Expand Down Expand Up @@ -652,6 +715,7 @@ spec:
type: array
type: object
issuerUrl:
minLength: 1
type: string
jwksCacheRefreshPolicy:
properties:
Expand Down Expand Up @@ -758,7 +822,19 @@ spec:
additionalProperties:
type: string
type: object
required:
- clientId
- issuerUrl
- appUrl
- callbackPath
type: object
x-kubernetes-validations:
- message: If clientAuthentication is set, neither clientSecretRef
nor disableClientSecret may be set. Otherwise, clientSecretRef
must be set or disableClientSecret must be true.
rule: 'has(self.clientAuthentication) ? !has(self.clientSecretRef)
&& !has(self.disableClientSecret) : has(self.clientSecretRef)
|| (has(self.disableClientSecret) && self.disableClientSecret)'
type: object
opaAuth:
properties:
Expand All @@ -779,7 +855,10 @@ spec:
type: boolean
type: object
query:
minLength: 1
type: string
required:
- query
type: object
opaServerAuth:
properties:
Expand All @@ -791,11 +870,14 @@ spec:
type: boolean
type: object
package:
minLength: 1
type: string
ruleName:
type: string
serverAddr:
type: string
required:
- package
type: object
passThroughAuth:
properties:
Expand All @@ -807,6 +889,7 @@ spec:
grpc:
properties:
address:
minLength: 1
type: string
connectionTimeout:
type: string
Expand All @@ -827,6 +910,8 @@ spec:
type: object
tlsConfig:
type: object
required:
- address
type: object
http:
properties:
Expand Down Expand Up @@ -867,9 +952,15 @@ spec:
type: boolean
type: object
url:
minLength: 1
type: string
required:
- url
type: object
type: object
x-kubernetes-validations:
- message: Must specify grpc or http
rule: has(self.grpc) || has(self.http)
pluginAuth:
properties:
config:
Expand All @@ -881,8 +972,11 @@ spec:
type: string
pluginFileName:
type: string
required:
- config
type: object
type: object
minItems: 1
type: array
failOnRedirect:
type: boolean
Expand All @@ -894,6 +988,8 @@ spec:
x-kubernetes-preserve-unknown-fields: true
type: object
type: object
required:
- configs
type: object
status:
default: {}
Expand Down
38 changes: 0 additions & 38 deletions projects/envoyinit/hack/filter_types/filter_types.gen.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -313,43 +313,5 @@ import (
_ "github.com/envoyproxy/go-control-plane/pkg/test/v3"
_ "github.com/envoyproxy/go-control-plane/ratelimit/config/ratelimit/v3"
_ "github.com/envoyproxy/go-control-plane/ratelimit/service/ratelimit/v3"

// gloo filter types
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/annotations"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/api/v2/cluster"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/api/v2/core"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/api/v2/route"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/config/common/mutation_rules/v3"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/config/core/v3"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/config/filter/http/gzip/v2"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/config/filter/listener/tls_cipher_inspector/v3"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/config/matching/custom_matchers/server_name/v3"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/config/matching/inputs/cipher_detection_input/v3"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/config/route/v3"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/config/trace/v3"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/advanced_http"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/aws"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/cache/grpc"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/extauth"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/filters/http/buffer/v3"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/filters/http/csrf/v3"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/filters/http/ext_proc/v3"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/filters/http/graphql/v2"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/filters/http/jwt_authn/v3"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/filters/http/wasm/v3"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/http_path"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/jwt"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/proxylatency"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/transformation"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/transformation_ee"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/transformers/xslt"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/upstream_wait"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/waf"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/wasm/v3"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/extensions/xff_offset"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/type"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/type/matcher/v3"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/type/metadata/v3"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/type/tracing/v3"
_ "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/type/v3"
)
Loading
Loading