Skip to content

Commit

Permalink
docs: fix typos across source code comments
Browse files Browse the repository at this point in the history
Used https://github.com/crate-ci/typos locally to detect typos
  • Loading branch information
KevFan committed Jul 24, 2023
1 parent 2f651b4 commit 1e624e0
Show file tree
Hide file tree
Showing 15 changed files with 22 additions and 22 deletions.
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,7 @@ Under the hood, Authorino is based on Kubernetes [Custom Resource Definitions](h
<td><i>Ready</i></td>
</tr>
<tr>
<td>JSON Web Keys (JWKs) and JSON Web Ket Sets (JWKS)</td>
<td>JSON Web Keys (JWKs) and JSON Web Key Sets (JWKS)</td>
<td><i>Ready</i></td>
</tr>
<tr>
Expand Down Expand Up @@ -279,7 +279,7 @@ For a detailed description of the features above, refer to the [Features](./docs

Authorino does not store users, roles, role bindings, access control lists, or any raw authorization data. Authorino handles policies, where even these policies can be stored elsewhere (as opposed to stated inline inside of an Authorino `AuthConfig` CR).

Authorino evaluates policies for stateless authorization requests. Any additional context is either resolved from the provided payload or static definitions inside the policies. That includes extrating user information from a JWT or client TLS certificate, requesting user metadata from opaque authentication tokens (e.g. API keys) to the trusted sources actually storing that content, obtaining synchronous HTTP metadata from services, etc.
Authorino evaluates policies for stateless authorization requests. Any additional context is either resolved from the provided payload or static definitions inside the policies. That includes extracting user information from a JWT or client TLS certificate, requesting user metadata from opaque authentication tokens (e.g. API keys) to the trusted sources actually storing that content, obtaining synchronous HTTP metadata from services, etc.

In the case of authentication with API keys, as well as its derivative to model HTTP Basic Auth, user data are stored in Kubernetes `Secret`s. The secret's keys, annotations and labels are usually the structures used to organize the data that later a policy evaluated in Authorino may require. Strictly, those are not Authorino data structures.
</details>
Expand Down
2 changes: 1 addition & 1 deletion api/v1beta1/auth_config_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -419,7 +419,7 @@ type OAuth2ClientAuthentication struct {
TokenUrl string `json:"tokenUrl"`
// OAuth2 Client ID.
ClientId string `json:"clientId"`
// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret.
// Reference to a Kubernetes Secret key that stores that OAuth2 Client Secret.
ClientSecret SecretKeyReference `json:"clientSecretRef"`
// Optional scopes for the client credentials grant, if supported by he OAuth2 server.
Scopes []string `json:"scopes,omitempty"`
Expand Down
2 changes: 1 addition & 1 deletion controllers/auth_config_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ func (r *AuthConfigReconciler) Reconcile(ctx context.Context, req ctrl.Request)
// could not get the resource but not because of a 404 Not found (some error must have happened)
return ctrl.Result{}, err
} else if errors.IsNotFound(err) || !Watched(&authConfig.ObjectMeta, r.LabelSelector) {
// could not find the resouce: 404 Not found (resouce must have been deleted)
// could not find the resource: 404 Not found (resource must have been deleted)
// or the resource misses required labels (i.e. not to be watched by this controller)

// clean all async workers of the config, i.e. shuts down channels and goroutines
Expand Down
4 changes: 2 additions & 2 deletions controllers/auth_config_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -188,8 +188,8 @@ func TestAuthConfigNotFound(t *testing.T) {
client := newTestK8sClient(&authConfig, &secret)
reconciler := newTestAuthConfigReconciler(client, index.NewIndex())

// Let's try to reconcile a non existing object.
result, err := reconciler.Reconcile(context.Background(), reconcile.Request{NamespacedName: types.NamespacedName{Name: "nonExistant", Namespace: authConfig.Namespace}})
// Let's try to reconcile a non-existing object.
result, err := reconciler.Reconcile(context.Background(), reconcile.Request{NamespacedName: types.NamespacedName{Name: "nonExistent", Namespace: authConfig.Namespace}})

assert.NilError(t, err)
assert.DeepEqual(t, result, ctrl.Result{}) // Result should be empty
Expand Down
2 changes: 1 addition & 1 deletion controllers/auth_config_status_updater.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ func (u *AuthConfigStatusUpdater) Reconcile(ctx context.Context, req ctrl.Reques
// could not get the resource but not because of a 404 Not found (some error must have happened)
return ctrl.Result{}, err
} else if errors.IsNotFound(err) || !Watched(&authConfig.ObjectMeta, u.LabelSelector) {
// could not find the resouce: 404 Not found (resouce must have been deleted)
// could not find the resource: 404 Not found (resource must have been deleted)
// or the resource misses required labels (i.e. not to be watched by this controller)
// skip status update
return ctrl.Result{}, nil
Expand Down
4 changes: 2 additions & 2 deletions docs/architecture.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
- [Raw HTTP Authorization interface](#raw-http-authorization-interface)
- [Caching](#caching)
- [OpenID Connect and User-Managed Access configs](#openid-connect-and-user-managed-access-configs)
- [JSON Web Keys (JWKs) and JSON Web Ket Sets (JWKS)](#json-web-keys-jwks-and-json-web-ket-sets-jwks)
- [JSON Web Keys (JWKs) and JSON Web Key Sets (JWKS)](#json-web-keys-jwks-and-json-web-key-sets-jwks)
- [Revoked access tokens](#revoked-access-tokens)
- [External metadata](#external-metadata)
- [Compiled Rego policies](#compiled-rego-policies)
Expand Down Expand Up @@ -304,7 +304,7 @@ OpenID Connect and User-Managed Access configurations, discovered usually at rec

Cached individual OpenID Connect configurations discovered by Authorino can be configured to be auto-refreshed, by setting the corresponding `spec.identity.oidc.ttl` field in the AuthConfig (given in seconds, default: `0` – i.e. no cache update).

### JSON Web Keys (JWKs) and JSON Web Ket Sets (JWKS)
### JSON Web Keys (JWKs) and JSON Web Key Sets (JWKS)

JSON signature verification certificates linked by discovered OpenID Connect configurations, fetched usually at reconciliation-time.

Expand Down
2 changes: 1 addition & 1 deletion docs/features.md
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,7 @@ The `kid` claim stated in the JWT header must match one of the keys cached by Au

The decoded payload of the validated JWT is appended to the authorization JSON as the resolved identity.

OpenID Connect configurations and linked JSON Web Ket Sets can be configured to be automatically refreshed (pull again from the OpenID Connect Discovery well-known endpoints), by setting the `identity.oidc.ttl` field (given in seconds, default: `0` – i.e. auto-refresh disabled).
OpenID Connect configurations and linked JSON Web Key Sets can be configured to be automatically refreshed (pull again from the OpenID Connect Discovery well-known endpoints), by setting the `identity.oidc.ttl` field (given in seconds, default: `0` – i.e. auto-refresh disabled).

For an excellent summary of the underlying concepts and standards that relate OpenID Connect and JSON Object Signing and Encryption (JOSE), see this [article](https://access.redhat.com/blogs/766093/posts/1976593) by Jan Rusnacko. For official specification and RFCs, see [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html), [OpenID Connect Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html), [JSON Web Token (JWT) (RFC7519)](https://datatracker.ietf.org/doc/html/rfc7519), and [JSON Object Signing and Encryption (JOSE)](http://www.iana.org/assignments/jose/jose.xhtml).

Expand Down
2 changes: 1 addition & 1 deletion docs/user-guides/kubernetes-tokenreview.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Validate Kubernetes Service Account tokens to authenticate requests to your prot
## Requirements

- Kubernetes server
- Kubernetes user with permission to create `TokenRequest`s (to consume the API from ouside the cluster)
- Kubernetes user with permission to create `TokenRequest`s (to consume the API from outside the cluster)
- [yq](https://github.com/mikefarah/yq) (to parse your `~/.kube/config` file to extract user authentication data)

Create a containerized Kubernetes server locally using [Kind](https://kind.sigs.k8s.io):
Expand Down
2 changes: 1 addition & 1 deletion docs/user-guides/validating-webhook.md
Original file line number Diff line number Diff line change
Expand Up @@ -295,7 +295,7 @@ EOF
# for: "STDIN": admission webhook "check-authconfig.authorino.kuadrant.io" denied the request: Unauthorized
```

Kuberentes TokenReview:
Kubernetes TokenReview:

```sh
kubectl -n myapp apply -f -<<EOF
Expand Down
4 changes: 2 additions & 2 deletions install/crd/authorino.kuadrant.io_authconfigs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -847,7 +847,7 @@ spec:
description: OAuth2 Client ID.
type: string
clientSecretRef:
description: Reference to a Kuberentes Secret key that
description: Reference to a Kubernetes Secret key that
stores that OAuth2 Client Secret.
properties:
key:
Expand Down Expand Up @@ -1716,7 +1716,7 @@ spec:
description: OAuth2 Client ID.
type: string
clientSecretRef:
description: Reference to a Kuberentes Secret key that
description: Reference to a Kubernetes Secret key that
stores that OAuth2 Client Secret.
properties:
key:
Expand Down
4 changes: 2 additions & 2 deletions install/manifests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -897,7 +897,7 @@ spec:
description: OAuth2 Client ID.
type: string
clientSecretRef:
description: Reference to a Kuberentes Secret key that
description: Reference to a Kubernetes Secret key that
stores that OAuth2 Client Secret.
properties:
key:
Expand Down Expand Up @@ -1848,7 +1848,7 @@ spec:
description: OAuth2 Client ID.
type: string
clientSecretRef:
description: Reference to a Kuberentes Secret key that
description: Reference to a Kubernetes Secret key that
stores that OAuth2 Client Secret.
properties:
key:
Expand Down
2 changes: 1 addition & 1 deletion pkg/evaluators/identity/mtls_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ func TestMTLSRevokeK8sSecretBasedIdentity(t *testing.T) {
mtls.RevokeK8sSecretBasedIdentity(context.TODO(), k8s_types.NamespacedName{Namespace: "ns1", Name: "foo"})
assert.Equal(t, len(mtls.rootCerts), 2)

// revoke trusted ca cert ot of scope
// revoke trusted ca cert out of scope
mtls.RevokeK8sSecretBasedIdentity(context.TODO(), k8s_types.NamespacedName{Namespace: "ns2", Name: "books"})
assert.Equal(t, len(mtls.rootCerts), 2)
}
Expand Down
4 changes: 2 additions & 2 deletions pkg/evaluators/identity/plain_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,12 +51,12 @@ func TestPlainCallWithInvalidPatttern(t *testing.T) {
assert.Check(t, id == nil)
}

func TestPlainGetCredentailsKeySelector(t *testing.T) {
func TestPlainGetCredentialsKeySelector(t *testing.T) {
plain := &Plain{Pattern: "context.request.http.body.@fromstr"}
assert.Equal(t, plain.GetCredentialsKeySelector(), "context.request.http.body.@fromstr")
}

func TestPlainGetCredentailsIn(t *testing.T) {
func TestPlainGetCredentialsIn(t *testing.T) {
plain := &Plain{Pattern: "context.request.http.body.@fromstr"}
assert.Equal(t, plain.GetCredentialsIn(), "context.request.http.body.@fromstr")
}
Expand Down
4 changes: 2 additions & 2 deletions pkg/health/health_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,13 +53,13 @@ func TestObserveHealthy(t *testing.T) {
assert.NilError(t, err)
}

func TestObserveUnealthy(t *testing.T) {
func TestObserveUnhealthy(t *testing.T) {
h := NewHandler("foo", Observe(&FakeObservableUnhealthy{}))
err := h.HandleReadyzCheck(mockReq("http://localhost:8081/readyz"))
assert.ErrorContains(t, err, "unhealthy")
}

func TestObserveHeathyUnealthy(t *testing.T) {
func TestObserveHealthyUnhealthy(t *testing.T) {
h := NewHandler("foo", Observe(&FakeObservableHealthy{}, &FakeObservableUnhealthy{}))
err := h.HandleReadyzCheck(mockReq("http://localhost:8081/readyz"))
assert.ErrorContains(t, err, "unhealthy")
Expand Down
2 changes: 1 addition & 1 deletion pkg/log/logger_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ func TestToLogLevel(t *testing.T) {
assert.Equal(t, int(ToLogLevel("dpanic")), 3)
assert.Equal(t, int(ToLogLevel("panic")), 4)
assert.Equal(t, int(ToLogLevel("fatal")), 5)
assert.Equal(t, int(ToLogLevel("invalid")), 0) // falls back to default log level (info) without panicing
assert.Equal(t, int(ToLogLevel("invalid")), 0) // falls back to default log level (info) without panicking
}

func TestLogModeToString(t *testing.T) {
Expand Down

0 comments on commit 1e624e0

Please sign in to comment.