From a4a42365a87844fcaa96560d06819f75dffd5ca9 Mon Sep 17 00:00:00 2001
From: Alex Snaps <alex@wcgw.dev>
Date: Fri, 18 Oct 2024 08:48:12 -0400
Subject: [PATCH] Update examples

Signed-off-by: Alex Snaps <alex@wcgw.dev>
---
 api/v1beta3/auth_config_conversion.go |  4 --
 api/v1beta3/auth_config_webhook.go    | 11 -----
 tests/v1beta2/authconfig.yaml         |  4 +-
 tests/v1beta3/authconfig.yaml         | 71 ++++++++++-----------------
 4 files changed, 30 insertions(+), 60 deletions(-)
 delete mode 100644 api/v1beta3/auth_config_conversion.go
 delete mode 100644 api/v1beta3/auth_config_webhook.go

diff --git a/api/v1beta3/auth_config_conversion.go b/api/v1beta3/auth_config_conversion.go
deleted file mode 100644
index 418e7a5c..00000000
--- a/api/v1beta3/auth_config_conversion.go
+++ /dev/null
@@ -1,4 +0,0 @@
-package v1beta3
-
-// Hub marks this version as a conversion hub.
-func (a *AuthConfig) Hub() {}
diff --git a/api/v1beta3/auth_config_webhook.go b/api/v1beta3/auth_config_webhook.go
deleted file mode 100644
index 4946921f..00000000
--- a/api/v1beta3/auth_config_webhook.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package v1beta3
-
-import (
-	ctrl "sigs.k8s.io/controller-runtime"
-)
-
-func (a *AuthConfig) SetupWebhookWithManager(mgr ctrl.Manager) error {
-	return ctrl.NewWebhookManagedBy(mgr).
-		For(a).
-		Complete()
-}
diff --git a/tests/v1beta2/authconfig.yaml b/tests/v1beta2/authconfig.yaml
index ede157d4..93114dc8 100644
--- a/tests/v1beta2/authconfig.yaml
+++ b/tests/v1beta2/authconfig.yaml
@@ -74,7 +74,9 @@ spec:
       anonymous: {}
       priority: 1
       when:
-      - predicate: request.http.method == "GET"
+      - selector: context.request.http.method
+        operator: eq
+        value: GET
       - selector: context.request.http.path
         operator: matches
         value: ^/$
diff --git a/tests/v1beta3/authconfig.yaml b/tests/v1beta3/authconfig.yaml
index 6a6c067a..c10fdc6d 100644
--- a/tests/v1beta3/authconfig.yaml
+++ b/tests/v1beta3/authconfig.yaml
@@ -8,13 +8,9 @@ spec:
 
   patterns:
     admin-path:
-    - selector: context.request.http.path
-      operator: matches
-      value: ^/admin(/.*)?$
+    - predicate: request.http.path.matches("^/admin(/.*)?$")
     resource-path:
-    - selector: context.request.http.path
-      operator: matches
-      value: ^/greetings/\d+$
+    - predicate: request.http.path.matches("^/greetings/\d+$")
 
   authentication:
     k8s-auth:
@@ -25,8 +21,7 @@ spec:
         kubernetes-rbac:
           value: true
         username:
-          selector: auth.identity.user.username
-          value: null
+          expression: auth.identity.user.username
     api-key:
       apiKey:
         selector:
@@ -39,7 +34,7 @@ spec:
         kubernetes-rbac:
           value: true
         username:
-          selector: auth.identity.metadata.annotations.username
+          expression: auth.identity.metadata.annotations.username
     keycloak:
       jwt:
         issuerUrl: http://keycloak.authorino.svc.cluster.local:8080/realms/kuadrant
@@ -48,9 +43,9 @@ spec:
         jwt-rbac:
           value: true
         roles:
-          selector: auth.identity.realm_access.roles
+          expression: auth.identity.realm_access.roles
         username:
-          selector: auth.identity.preferred_username
+          expression: auth.identity.preferred_username
     oauth2-introspection:
       oauth2Introspection:
         credentialsRef:
@@ -64,22 +59,18 @@ spec:
         jwt-rbac:
           value: true
         roles:
-          selector: auth.identity.realm_access.roles
+          expression: auth.identity.realm_access.roles
         username:
-          selector: auth.identity.preferred_username
+          expression: auth.identity.preferred_username
       cache:
         key:
-          selector: context.request.http.headers.authorization
+          expression: request.http.headers.authorization
     anonymous:
       anonymous: {}
       priority: 1
       when:
-      - selector: context.request.http.method
-        operator: eq
-        value: GET
-      - selector: context.request.http.path
-        operator: matches
-        value: ^/$
+      - predicate: request.http.method == "GET"
+      - predicate: request.http.path.matches("^/$")
       defaults:
         username:
           value: global
@@ -95,13 +86,13 @@ spec:
         url: http://ip-location.authorino.svc.cluster.local:3000/{context.request.http.headers.x-forwarded-for.@extract:{"sep":","}}
       cache:
         key:
-          selector: context.request.http.headers.x-forwarded-for.@extract:{"sep":","}
+          selector: request.http.headers.x-forwarded-for.@extract:{"sep":","}
     user-info:
       userInfo:
         identitySource: keycloak
       cache:
         key:
-          selector: context.request.http.headers.authorization
+          expression: request.http.headers.authorization
     resource-info:
       when:
       - patternRef: resource-path
@@ -111,7 +102,7 @@ spec:
         endpoint: http://keycloak.authorino.svc.cluster.local:8080/realms/kuadrant
       cache:
         key:
-          selector: context.request.http.path
+          expression: request.http.path
 
   authorization:
     allowed-methods:
@@ -131,23 +122,17 @@ spec:
     admin-kubernetes-rbac:
       when:
       - patternRef: admin-path
-      - selector: auth.identity.kubernetes-rbac
-        operator: eq
-        value: 'true'
+      - predicate: auth.identity.kubernetes-rbac
       kubernetesSubjectAccessReview:
         user:
-          selector: auth.identity.username
+          expression: auth.identity.username
     admin-jwt-rbac:
       when:
       - patternRef: admin-path
-      - selector: auth.identity.jwt-rbac
-        operator: eq
-        value: 'true'
+      - predicate: auth.identity.jwt-rbac
       patternMatching:
         patterns:
-        - selector: auth.identity.roles
-          operator: incl
-          value: admin
+        - predicate: auth.identity.roles.exists("admin")
     resource-owner:
       when:
       - patternRef: resource-path
@@ -180,40 +165,38 @@ spec:
             value: Authorino
         x-username:
           plain:
-            selector: auth.identity.username
+            expression: auth.identity.username
         x-auth-data:
           json:
             properties:
               username:
-                selector: auth.identity.username
+                expression: auth.identity.username
               geo:
-                selector: auth.metadata.geo-info
+                expression: auth.metadata.geo-info
               timestamp:
-                selector: auth.authorization.timestamp.now
+                expression: auth.authorization.timestamp.now
         wristband:
           wristband:
             issuer: https://authorino-authorino-oidc.authorino.svc.cluster.local:8083/authorino/e2e-test/wristband
             tokenDuration: 300
             customClaims:
               username:
-                selector: auth.identity.username
+                expression: auth.identity.username
               uri:
-                selector: context.request.http.path
+                expression: request.http.path
               scope:
-                selector: context.request.http.method.@case:lower
+                selector: request.http.method.@case:lower
             signingKeyRefs:
             - name: wristband-signing-key
               algorithm: ES256
           when:
-          - selector: auth.identity.anonymous
-            operator: neq
-            value: 'true'
+          - predicate: auth.identity.anonymous == false
       dynamicMetadata:
         rate-limit-data:
           json:
             properties:
               username:
-                selector: auth.identity.username
+                expression: auth.identity.username
           key: ext_auth_data
 ---
 apiVersion: v1