Skip to content

Commit

Permalink
Update examples
Browse files Browse the repository at this point in the history
Signed-off-by: Alex Snaps <[email protected]>
  • Loading branch information
alexsnaps committed Oct 18, 2024
1 parent a25343f commit a4a4236
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 60 deletions.
4 changes: 0 additions & 4 deletions api/v1beta3/auth_config_conversion.go

This file was deleted.

11 changes: 0 additions & 11 deletions api/v1beta3/auth_config_webhook.go

This file was deleted.

4 changes: 3 additions & 1 deletion tests/v1beta2/authconfig.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,9 @@ spec:
anonymous: {}
priority: 1
when:
- predicate: request.http.method == "GET"
- selector: context.request.http.method
operator: eq
value: GET
- selector: context.request.http.path
operator: matches
value: ^/$
Expand Down
71 changes: 27 additions & 44 deletions tests/v1beta3/authconfig.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,9 @@ spec:

patterns:
admin-path:
- selector: context.request.http.path
operator: matches
value: ^/admin(/.*)?$
- predicate: request.http.path.matches("^/admin(/.*)?$")
resource-path:
- selector: context.request.http.path
operator: matches
value: ^/greetings/\d+$
- predicate: request.http.path.matches("^/greetings/\d+$")

authentication:
k8s-auth:
Expand All @@ -25,8 +21,7 @@ spec:
kubernetes-rbac:
value: true
username:
selector: auth.identity.user.username
value: null
expression: auth.identity.user.username
api-key:
apiKey:
selector:
Expand All @@ -39,7 +34,7 @@ spec:
kubernetes-rbac:
value: true
username:
selector: auth.identity.metadata.annotations.username
expression: auth.identity.metadata.annotations.username
keycloak:
jwt:
issuerUrl: http://keycloak.authorino.svc.cluster.local:8080/realms/kuadrant
Expand All @@ -48,9 +43,9 @@ spec:
jwt-rbac:
value: true
roles:
selector: auth.identity.realm_access.roles
expression: auth.identity.realm_access.roles
username:
selector: auth.identity.preferred_username
expression: auth.identity.preferred_username
oauth2-introspection:
oauth2Introspection:
credentialsRef:
Expand All @@ -64,22 +59,18 @@ spec:
jwt-rbac:
value: true
roles:
selector: auth.identity.realm_access.roles
expression: auth.identity.realm_access.roles
username:
selector: auth.identity.preferred_username
expression: auth.identity.preferred_username
cache:
key:
selector: context.request.http.headers.authorization
expression: request.http.headers.authorization
anonymous:
anonymous: {}
priority: 1
when:
- selector: context.request.http.method
operator: eq
value: GET
- selector: context.request.http.path
operator: matches
value: ^/$
- predicate: request.http.method == "GET"
- predicate: request.http.path.matches("^/$")
defaults:
username:
value: global
Expand All @@ -95,13 +86,13 @@ spec:
url: http://ip-location.authorino.svc.cluster.local:3000/{context.request.http.headers.x-forwarded-for.@extract:{"sep":","}}
cache:
key:
selector: context.request.http.headers.x-forwarded-for.@extract:{"sep":","}
selector: request.http.headers.x-forwarded-for.@extract:{"sep":","}
user-info:
userInfo:
identitySource: keycloak
cache:
key:
selector: context.request.http.headers.authorization
expression: request.http.headers.authorization
resource-info:
when:
- patternRef: resource-path
Expand All @@ -111,7 +102,7 @@ spec:
endpoint: http://keycloak.authorino.svc.cluster.local:8080/realms/kuadrant
cache:
key:
selector: context.request.http.path
expression: request.http.path

authorization:
allowed-methods:
Expand All @@ -131,23 +122,17 @@ spec:
admin-kubernetes-rbac:
when:
- patternRef: admin-path
- selector: auth.identity.kubernetes-rbac
operator: eq
value: 'true'
- predicate: auth.identity.kubernetes-rbac
kubernetesSubjectAccessReview:
user:
selector: auth.identity.username
expression: auth.identity.username
admin-jwt-rbac:
when:
- patternRef: admin-path
- selector: auth.identity.jwt-rbac
operator: eq
value: 'true'
- predicate: auth.identity.jwt-rbac
patternMatching:
patterns:
- selector: auth.identity.roles
operator: incl
value: admin
- predicate: auth.identity.roles.exists("admin")
resource-owner:
when:
- patternRef: resource-path
Expand Down Expand Up @@ -180,40 +165,38 @@ spec:
value: Authorino
x-username:
plain:
selector: auth.identity.username
expression: auth.identity.username
x-auth-data:
json:
properties:
username:
selector: auth.identity.username
expression: auth.identity.username
geo:
selector: auth.metadata.geo-info
expression: auth.metadata.geo-info
timestamp:
selector: auth.authorization.timestamp.now
expression: auth.authorization.timestamp.now
wristband:
wristband:
issuer: https://authorino-authorino-oidc.authorino.svc.cluster.local:8083/authorino/e2e-test/wristband
tokenDuration: 300
customClaims:
username:
selector: auth.identity.username
expression: auth.identity.username
uri:
selector: context.request.http.path
expression: request.http.path
scope:
selector: context.request.http.method.@case:lower
selector: request.http.method.@case:lower
signingKeyRefs:
- name: wristband-signing-key
algorithm: ES256
when:
- selector: auth.identity.anonymous
operator: neq
value: 'true'
- predicate: auth.identity.anonymous == false
dynamicMetadata:
rate-limit-data:
json:
properties:
username:
selector: auth.identity.username
expression: auth.identity.username
key: ext_auth_data
---
apiVersion: v1
Expand Down

0 comments on commit a4a4236

Please sign in to comment.