From ad9ccb84cce48fdab0b79d0650316a32de65428c Mon Sep 17 00:00:00 2001 From: CrowleyRajapakse Date: Sun, 8 Sep 2024 11:10:35 +0530 Subject: [PATCH] adding API Provider CRD implementation --- .../oasparser/model/adapter_internal_api.go | 17 +- .../internal/oasparser/model/http_route.go | 13 +- .../oasparser/model/http_route_test.go | 116 +++---- .../operator/controllers/dp/api_controller.go | 153 ++++++++-- .../controllers/dp/gateway_controller.go | 21 +- adapter/internal/operator/operator.go | 3 + .../operator/synchronizer/api_state.go | 6 +- .../operator/synchronizer/gateway_state.go | 3 +- .../synchronizer/gateway_synchronizer.go | 11 +- .../internal/operator/synchronizer/gql_api.go | 5 + .../operator/synchronizer/rest_api.go | 5 + .../synchronizer/zz_generated.deepcopy.go | 7 +- adapter/internal/operator/utils/utils.go | 19 +- .../apis/dp/v1alpha2/apipolicy_types.go | 1 - .../apis/dp/v1alpha3/apipolicy_types.go | 2 +- .../crd/bases/dp.wso2.com_apipolicies.yaml | 2 +- helm-charts/crds/dp.wso2.com_aiproviders.yaml | 110 +++++++ .../crds/dp.wso2.com_apipolicies.yaml | 289 +++++++++++++++++- .../config-deployer/config-api-apipolicy.yaml | 2 +- .../serviceAccount/apk-cluster-role.yaml | 9 + .../cucumber-tests/CRs/artifacts.yaml | 2 +- test/cucumber-tests/CRs/agent-artifacts.yaml | 2 +- test/cucumber-tests/CRs/artifacts.yaml | 2 +- .../tests/api-policy-with-jwt-generator.yaml | 2 +- .../resources/tests/api-with-cors-policy.yaml | 4 +- .../tests/custom-policy-ratelimiting.yaml | 2 +- .../tests/interceptors-api-level.yaml | 2 +- .../tests/interceptors-resource-level.yaml | 2 +- test/k8s-resources/gw-interceptor.yaml | 2 +- test/performance/artifacts/api.yaml | 2 +- 30 files changed, 673 insertions(+), 143 deletions(-) create mode 100644 helm-charts/crds/dp.wso2.com_aiproviders.yaml diff --git a/adapter/internal/oasparser/model/adapter_internal_api.go b/adapter/internal/oasparser/model/adapter_internal_api.go index 3d7e4b838d..df3f17871d 100644 --- a/adapter/internal/oasparser/model/adapter_internal_api.go +++ b/adapter/internal/oasparser/model/adapter_internal_api.go @@ -33,6 +33,7 @@ import ( "github.com/wso2/apk/adapter/internal/operator/utils" dpv1alpha1 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha1" dpv1alpha2 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha2" + dpv1alpha3 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha3" "golang.org/x/exp/maps" "k8s.io/apimachinery/pkg/types" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" @@ -79,6 +80,7 @@ type AdapterInternalAPI struct { environment string Endpoints *EndpointCluster EndpointSecurity []*EndpointSecurity + AIProvider dpv1alpha3.AIProvider } // BackendJWTTokenInfo represents the object structure holding the information related to the JWT Generator @@ -425,6 +427,16 @@ func (adapterInternalAPI *AdapterInternalAPI) GetEnvironment() string { return adapterInternalAPI.environment } +// SetAIProvider sets the AIProvider of the API. +func (adapterInternalAPI *AdapterInternalAPI) SetAIProvider(aiProvider dpv1alpha3.AIProvider) { + adapterInternalAPI.AIProvider = aiProvider +} + +// GetAIProvider returns the AIProvider of the API +func (adapterInternalAPI *AdapterInternalAPI) GetAIProvider() dpv1alpha3.AIProvider { + return adapterInternalAPI.AIProvider +} + // Validate method confirms that the adapterInternalAPI has all required fields in the required format. // This needs to be checked prior to generate router/enforcer related resources. func (adapterInternalAPI *AdapterInternalAPI) Validate() error { @@ -459,7 +471,7 @@ func (adapterInternalAPI *AdapterInternalAPI) SetInfoHTTPRouteCR(httpRoute *gwap if outputAuthScheme != nil { authScheme = *outputAuthScheme } - var apiPolicy *dpv1alpha2.APIPolicy + var apiPolicy *dpv1alpha3.APIPolicy if outputAPIPolicy != nil { apiPolicy = *outputAPIPolicy } @@ -924,6 +936,7 @@ func (adapterInternalAPI *AdapterInternalAPI) SetInfoHTTPRouteCR(httpRoute *gwap }.String()].Spec adapterInternalAPI.backendJWTTokenInfo = parseBackendJWTTokenToInternal(backendJWTPolicy) } + return nil } @@ -942,7 +955,7 @@ func (adapterInternalAPI *AdapterInternalAPI) SetInfoGQLRouteCR(gqlRoute *dpv1al if outputAuthScheme != nil { authScheme = *outputAuthScheme } - var apiPolicy *dpv1alpha2.APIPolicy + var apiPolicy *dpv1alpha3.APIPolicy if outputAPIPolicy != nil { apiPolicy = *outputAPIPolicy } diff --git a/adapter/internal/oasparser/model/http_route.go b/adapter/internal/oasparser/model/http_route.go index 96c6293d82..ee9b1f8211 100644 --- a/adapter/internal/oasparser/model/http_route.go +++ b/adapter/internal/oasparser/model/http_route.go @@ -24,6 +24,7 @@ import ( "github.com/wso2/apk/adapter/internal/operator/utils" dpv1alpha1 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha1" dpv1alpha2 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha2" + dpv1alpha3 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha3" "k8s.io/apimachinery/pkg/types" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" ) @@ -32,8 +33,8 @@ import ( type ResourceParams struct { AuthSchemes map[string]dpv1alpha2.Authentication ResourceAuthSchemes map[string]dpv1alpha2.Authentication - APIPolicies map[string]dpv1alpha2.APIPolicy - ResourceAPIPolicies map[string]dpv1alpha2.APIPolicy + APIPolicies map[string]dpv1alpha3.APIPolicy + ResourceAPIPolicies map[string]dpv1alpha3.APIPolicy InterceptorServiceMapping map[string]dpv1alpha1.InterceptorService BackendJWTMapping map[string]dpv1alpha1.BackendJWT BackendMapping map[string]*dpv1alpha2.ResolvedBackend @@ -68,7 +69,7 @@ func parseBackendJWTTokenToInternal(backendJWTToken dpv1alpha1.BackendJWTSpec) * return backendJWTTokenInternal } -func getCorsConfigFromAPIPolicy(apiPolicy *dpv1alpha2.APIPolicy) *CorsConfig { +func getCorsConfigFromAPIPolicy(apiPolicy *dpv1alpha3.APIPolicy) *CorsConfig { globalCorsConfig := config.ReadConfigs().Enforcer.Cors var corsConfig = CorsConfig{ @@ -110,7 +111,7 @@ func parseRateLimitPolicyToInternal(ratelimitPolicy *dpv1alpha1.RateLimitPolicy) } // addOperationLevelInterceptors add the operation level interceptor policy to the policies -func addOperationLevelInterceptors(policies *OperationPolicies, apiPolicy *dpv1alpha2.APIPolicy, +func addOperationLevelInterceptors(policies *OperationPolicies, apiPolicy *dpv1alpha3.APIPolicy, interceptorServicesMapping map[string]dpv1alpha1.InterceptorService, backendMapping map[string]*dpv1alpha2.ResolvedBackend, namespace string) { if apiPolicy != nil && apiPolicy.Spec.Override != nil { @@ -203,8 +204,8 @@ func concatRateLimitPolicies(schemeUp *dpv1alpha1.RateLimitPolicy, schemeDown *d return &finalRateLimit } -func concatAPIPolicies(schemeUp *dpv1alpha2.APIPolicy, schemeDown *dpv1alpha2.APIPolicy) *dpv1alpha2.APIPolicy { - apiPolicy := dpv1alpha2.APIPolicy{} +func concatAPIPolicies(schemeUp *dpv1alpha3.APIPolicy, schemeDown *dpv1alpha3.APIPolicy) *dpv1alpha3.APIPolicy { + apiPolicy := dpv1alpha3.APIPolicy{} if schemeUp != nil && schemeDown != nil { apiPolicy.Spec.Override = utils.SelectPolicy(&schemeUp.Spec.Override, &schemeUp.Spec.Default, &schemeDown.Spec.Override, &schemeDown.Spec.Default) } else if schemeUp != nil { diff --git a/adapter/internal/oasparser/model/http_route_test.go b/adapter/internal/oasparser/model/http_route_test.go index 580ac9a48f..cd984206c9 100644 --- a/adapter/internal/oasparser/model/http_route_test.go +++ b/adapter/internal/oasparser/model/http_route_test.go @@ -22,7 +22,7 @@ import ( "github.com/stretchr/testify/assert" dpv1alpha1 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha1" - dpv1alpha2 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha2" + dpv1alpha3 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha3" ) func TestConcatRateLimitPolicies(t *testing.T) { @@ -199,35 +199,35 @@ func TestConcatRateLimitPolicies(t *testing.T) { func TestConcatAPIPolicies(t *testing.T) { type testItem struct { - schemeUpSpec dpv1alpha2.APIPolicySpec - schemeDownSpec dpv1alpha2.APIPolicySpec - result dpv1alpha2.APIPolicySpec + schemeUpSpec dpv1alpha3.APIPolicySpec + schemeDownSpec dpv1alpha3.APIPolicySpec + result dpv1alpha3.APIPolicySpec message string } - schemeUp := &dpv1alpha2.APIPolicy{} - schemeDown := &dpv1alpha2.APIPolicy{} - resultScheme := &dpv1alpha2.APIPolicy{} + schemeUp := &dpv1alpha3.APIPolicy{} + schemeDown := &dpv1alpha3.APIPolicy{} + resultScheme := &dpv1alpha3.APIPolicy{} dataItems := []testItem{ { - schemeUpSpec: dpv1alpha2.APIPolicySpec{ - Override: &dpv1alpha2.PolicySpec{ - RequestInterceptors: []dpv1alpha2.InterceptorReference{ + schemeUpSpec: dpv1alpha3.APIPolicySpec{ + Override: &dpv1alpha3.PolicySpec{ + RequestInterceptors: []dpv1alpha3.InterceptorReference{ {Name: "i1"}, }, }, }, - schemeDownSpec: dpv1alpha2.APIPolicySpec{ - Override: &dpv1alpha2.PolicySpec{ - RequestInterceptors: []dpv1alpha2.InterceptorReference{ + schemeDownSpec: dpv1alpha3.APIPolicySpec{ + Override: &dpv1alpha3.PolicySpec{ + RequestInterceptors: []dpv1alpha3.InterceptorReference{ {Name: "i2"}, }, }, }, - result: dpv1alpha2.APIPolicySpec{ - Override: &dpv1alpha2.PolicySpec{ - RequestInterceptors: []dpv1alpha2.InterceptorReference{ + result: dpv1alpha3.APIPolicySpec{ + Override: &dpv1alpha3.PolicySpec{ + RequestInterceptors: []dpv1alpha3.InterceptorReference{ {Name: "i1"}, }, }, @@ -235,23 +235,23 @@ func TestConcatAPIPolicies(t *testing.T) { message: "only schemeUp override policies should be provided", }, { - schemeUpSpec: dpv1alpha2.APIPolicySpec{ - Default: &dpv1alpha2.PolicySpec{ - RequestInterceptors: []dpv1alpha2.InterceptorReference{ + schemeUpSpec: dpv1alpha3.APIPolicySpec{ + Default: &dpv1alpha3.PolicySpec{ + RequestInterceptors: []dpv1alpha3.InterceptorReference{ {Name: "i1"}, }, }, }, - schemeDownSpec: dpv1alpha2.APIPolicySpec{ - Override: &dpv1alpha2.PolicySpec{ - RequestInterceptors: []dpv1alpha2.InterceptorReference{ + schemeDownSpec: dpv1alpha3.APIPolicySpec{ + Override: &dpv1alpha3.PolicySpec{ + RequestInterceptors: []dpv1alpha3.InterceptorReference{ {Name: "i2"}, }, }, }, - result: dpv1alpha2.APIPolicySpec{ - Override: &dpv1alpha2.PolicySpec{ - RequestInterceptors: []dpv1alpha2.InterceptorReference{ + result: dpv1alpha3.APIPolicySpec{ + Override: &dpv1alpha3.PolicySpec{ + RequestInterceptors: []dpv1alpha3.InterceptorReference{ {Name: "i2"}, }, }, @@ -259,23 +259,23 @@ func TestConcatAPIPolicies(t *testing.T) { message: "only schemeDown override policies should be provided", }, { - schemeUpSpec: dpv1alpha2.APIPolicySpec{ - Default: &dpv1alpha2.PolicySpec{ - RequestInterceptors: []dpv1alpha2.InterceptorReference{ + schemeUpSpec: dpv1alpha3.APIPolicySpec{ + Default: &dpv1alpha3.PolicySpec{ + RequestInterceptors: []dpv1alpha3.InterceptorReference{ {Name: "i1"}, }, }, }, - schemeDownSpec: dpv1alpha2.APIPolicySpec{ - Default: &dpv1alpha2.PolicySpec{ - RequestInterceptors: []dpv1alpha2.InterceptorReference{ + schemeDownSpec: dpv1alpha3.APIPolicySpec{ + Default: &dpv1alpha3.PolicySpec{ + RequestInterceptors: []dpv1alpha3.InterceptorReference{ {Name: "i2"}, }, }, }, - result: dpv1alpha2.APIPolicySpec{ - Override: &dpv1alpha2.PolicySpec{ - RequestInterceptors: []dpv1alpha2.InterceptorReference{ + result: dpv1alpha3.APIPolicySpec{ + Override: &dpv1alpha3.PolicySpec{ + RequestInterceptors: []dpv1alpha3.InterceptorReference{ {Name: "i2"}, }, }, @@ -283,16 +283,16 @@ func TestConcatAPIPolicies(t *testing.T) { message: "only schemeDown default policies should be provided", }, { - schemeUpSpec: dpv1alpha2.APIPolicySpec{ - Override: &dpv1alpha2.PolicySpec{ - RequestInterceptors: []dpv1alpha2.InterceptorReference{ + schemeUpSpec: dpv1alpha3.APIPolicySpec{ + Override: &dpv1alpha3.PolicySpec{ + RequestInterceptors: []dpv1alpha3.InterceptorReference{ {Name: "i1"}, }, }, }, - result: dpv1alpha2.APIPolicySpec{ - Override: &dpv1alpha2.PolicySpec{ - RequestInterceptors: []dpv1alpha2.InterceptorReference{ + result: dpv1alpha3.APIPolicySpec{ + Override: &dpv1alpha3.PolicySpec{ + RequestInterceptors: []dpv1alpha3.InterceptorReference{ {Name: "i1"}, }, }, @@ -300,16 +300,16 @@ func TestConcatAPIPolicies(t *testing.T) { message: "only schemeUp override policies is provided", }, { - schemeUpSpec: dpv1alpha2.APIPolicySpec{ - Default: &dpv1alpha2.PolicySpec{ - RequestInterceptors: []dpv1alpha2.InterceptorReference{ + schemeUpSpec: dpv1alpha3.APIPolicySpec{ + Default: &dpv1alpha3.PolicySpec{ + RequestInterceptors: []dpv1alpha3.InterceptorReference{ {Name: "i1"}, }, }, }, - result: dpv1alpha2.APIPolicySpec{ - Override: &dpv1alpha2.PolicySpec{ - RequestInterceptors: []dpv1alpha2.InterceptorReference{ + result: dpv1alpha3.APIPolicySpec{ + Override: &dpv1alpha3.PolicySpec{ + RequestInterceptors: []dpv1alpha3.InterceptorReference{ {Name: "i1"}, }, }, @@ -317,39 +317,39 @@ func TestConcatAPIPolicies(t *testing.T) { message: "only schemeUp default policies is provided", }, { - schemeUpSpec: dpv1alpha2.APIPolicySpec{ - Override: &dpv1alpha2.PolicySpec{ - RequestInterceptors: []dpv1alpha2.InterceptorReference{ + schemeUpSpec: dpv1alpha3.APIPolicySpec{ + Override: &dpv1alpha3.PolicySpec{ + RequestInterceptors: []dpv1alpha3.InterceptorReference{ { Name: "up-request-interceptor", }, }, }, }, - schemeDownSpec: dpv1alpha2.APIPolicySpec{ - Override: &dpv1alpha2.PolicySpec{ - RequestInterceptors: []dpv1alpha2.InterceptorReference{ + schemeDownSpec: dpv1alpha3.APIPolicySpec{ + Override: &dpv1alpha3.PolicySpec{ + RequestInterceptors: []dpv1alpha3.InterceptorReference{ { Name: "down-request-interceptor", }, }, }, - Default: &dpv1alpha2.PolicySpec{ - ResponseInterceptors: []dpv1alpha2.InterceptorReference{ + Default: &dpv1alpha3.PolicySpec{ + ResponseInterceptors: []dpv1alpha3.InterceptorReference{ { Name: "down-response-interceptor", }, }, }, }, - result: dpv1alpha2.APIPolicySpec{ - Override: &dpv1alpha2.PolicySpec{ - RequestInterceptors: []dpv1alpha2.InterceptorReference{ + result: dpv1alpha3.APIPolicySpec{ + Override: &dpv1alpha3.PolicySpec{ + RequestInterceptors: []dpv1alpha3.InterceptorReference{ { Name: "up-request-interceptor", }, }, - ResponseInterceptors: []dpv1alpha2.InterceptorReference{ + ResponseInterceptors: []dpv1alpha3.InterceptorReference{ { Name: "down-response-interceptor", }, diff --git a/adapter/internal/operator/controllers/dp/api_controller.go b/adapter/internal/operator/controllers/dp/api_controller.go index 9873e57541..b2f51f75e6 100644 --- a/adapter/internal/operator/controllers/dp/api_controller.go +++ b/adapter/internal/operator/controllers/dp/api_controller.go @@ -61,6 +61,8 @@ import ( dpv1alpha1 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha1" "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha2" dpv1alpha2 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha2" + "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha3" + dpv1alpha3 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha3" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -95,6 +97,7 @@ const ( interceptorServiceAPIPolicyIndex = "interceptorServiceAPIPolicyIndex" backendInterceptorServiceIndex = "backendInterceptorServiceIndex" backendJWTAPIPolicyIndex = "backendJWTAPIPolicyIndex" + aiProviderAPIPolicyIndex = "aiProviderAPIPolicyIndex" ) var ( @@ -186,7 +189,7 @@ func NewAPIController(mgr manager.Manager, operatorDataStore *synchronizer.Opera return err } - if err := c.Watch(source.Kind(mgr.GetCache(), &dpv1alpha2.APIPolicy{}), handler.EnqueueRequestsFromMapFunc(apiReconciler.populateAPIReconcileRequestsForAPIPolicy), + if err := c.Watch(source.Kind(mgr.GetCache(), &dpv1alpha3.APIPolicy{}), handler.EnqueueRequestsFromMapFunc(apiReconciler.populateAPIReconcileRequestsForAPIPolicy), predicates...); err != nil { loggers.LoggerAPKOperator.ErrorC(logging.PrintError(logging.Error2617, logging.BLOCKER, "Error watching APIPolicy resources: %v", err)) return err @@ -216,6 +219,12 @@ func NewAPIController(mgr manager.Manager, operatorDataStore *synchronizer.Opera return err } + if err := c.Watch(source.Kind(mgr.GetCache(), &dpv1alpha3.AIProvider{}), handler.EnqueueRequestsFromMapFunc(apiReconciler.populateAPIReconcileRequestsForAIProvider), + predicates...); err != nil { + loggers.LoggerAPKOperator.ErrorC(logging.PrintError(logging.Error2615, logging.BLOCKER, "Error watching AIPolicy resources: %v", err)) + return err + } + loggers.LoggerAPKOperator.Info("API Controller successfully started. Watching API Objects....") go apiReconciler.handleStatus() go apiReconciler.handleLabels(ctx) @@ -362,9 +371,8 @@ func (apiReconciler *APIReconciler) resolveAPIRefs(ctx context.Context, api dpv1 return nil, fmt.Errorf("error while getting httproute resource apipolicy %s in namespace : %s with API UUID : %v, %s", apiRef.String(), namespace, string(api.ObjectMeta.UID), err.Error()) } - if apiState.InterceptorServiceMapping, apiState.BackendJWTMapping, apiState.SubscriptionValidation, err = - apiReconciler.getAPIPolicyChildrenRefs(ctx, apiState.APIPolicies, apiState.ResourceAPIPolicies, - api); err != nil { + if apiState.InterceptorServiceMapping, apiState.BackendJWTMapping, apiState.SubscriptionValidation, apiState.AIProvider, err = + apiReconciler.getAPIPolicyChildrenRefs(ctx, apiState.APIPolicies, apiState.ResourceAPIPolicies, api); err != nil { return nil, fmt.Errorf("error while getting referenced policies in apipolicy %s in namespace : %s with API UUID : %v, %s", apiRef.String(), namespace, string(api.ObjectMeta.UID), err.Error()) } @@ -699,10 +707,10 @@ func (apiReconciler *APIReconciler) getRatelimitPoliciesForResources(ctx context return ratelimitpolicies, nil } -func (apiReconciler *APIReconciler) getAPIPoliciesForAPI(ctx context.Context, api dpv1alpha2.API) (map[string]dpv1alpha2.APIPolicy, error) { +func (apiReconciler *APIReconciler) getAPIPoliciesForAPI(ctx context.Context, api dpv1alpha2.API) (map[string]dpv1alpha3.APIPolicy, error) { nameSpacedName := utils.NamespacedName(&api).String() - apiPolicies := make(map[string]dpv1alpha2.APIPolicy) - apiPolicyList := &dpv1alpha2.APIPolicyList{} + apiPolicies := make(map[string]dpv1alpha3.APIPolicy) + apiPolicyList := &dpv1alpha3.APIPolicyList{} if err := apiReconciler.client.List(ctx, apiPolicyList, &k8client.ListOptions{ FieldSelector: fields.OneTermEqualSelector(apiAPIPolicyIndex, nameSpacedName), }); err != nil { @@ -733,10 +741,10 @@ func (apiReconciler *APIReconciler) getAPIDefinitionForAPI(ctx context.Context, } func (apiReconciler *APIReconciler) getAPIPoliciesForResources(ctx context.Context, - api dpv1alpha2.API) (map[string]dpv1alpha2.APIPolicy, error) { + api dpv1alpha2.API) (map[string]dpv1alpha3.APIPolicy, error) { nameSpacedName := utils.NamespacedName(&api).String() - apiPolicies := make(map[string]dpv1alpha2.APIPolicy) - apiPolicyList := &dpv1alpha2.APIPolicyList{} + apiPolicies := make(map[string]dpv1alpha3.APIPolicy) + apiPolicyList := &dpv1alpha3.APIPolicyList{} if err := apiReconciler.client.List(ctx, apiPolicyList, &k8client.ListOptions{ FieldSelector: fields.OneTermEqualSelector(apiAPIPolicyResourceIndex, nameSpacedName), }); err != nil { @@ -754,11 +762,12 @@ func (apiReconciler *APIReconciler) getAPIPoliciesForResources(ctx context.Conte // - backend JWTs // - subscription validation func (apiReconciler *APIReconciler) getAPIPolicyChildrenRefs(ctx context.Context, - apiPolicies, resourceAPIPolicies map[string]dpv1alpha2.APIPolicy, - api dpv1alpha2.API) (map[string]dpv1alpha1.InterceptorService, map[string]dpv1alpha1.BackendJWT, bool, error) { + apiPolicies, resourceAPIPolicies map[string]dpv1alpha3.APIPolicy, + api dpv1alpha2.API) (map[string]dpv1alpha1.InterceptorService, map[string]dpv1alpha1.BackendJWT, bool, *dpv1alpha3.AIProvider, error) { allAPIPolicies := append(maps.Values(apiPolicies), maps.Values(resourceAPIPolicies)...) interceptorServices := make(map[string]dpv1alpha1.InterceptorService) backendJWTs := make(map[string]dpv1alpha1.BackendJWT) + aiProvider := &dpv1alpha3.AIProvider{} subscriptionValidation := false for _, apiPolicy := range allAPIPolicies { if apiPolicy.Spec.Default != nil { @@ -783,6 +792,13 @@ func (apiReconciler *APIReconciler) getAPIPolicyChildrenRefs(ctx context.Context backendJWTs[utils.NamespacedName(backendJWTPtr).String()] = *backendJWTPtr } } + if apiPolicy.Spec.Default.AIProvider != nil { + aiProviderPtr := utils.GetAIProvider(ctx, apiReconciler.client, apiPolicy.Namespace, + apiPolicy.Spec.Default.AIProvider.Name, &api) + if aiProviderPtr != nil { + aiProvider = aiProviderPtr + } + } subscriptionValidation = apiPolicy.Spec.Default.SubscriptionValidation } if apiPolicy.Spec.Override != nil { @@ -807,10 +823,17 @@ func (apiReconciler *APIReconciler) getAPIPolicyChildrenRefs(ctx context.Context backendJWTs[utils.NamespacedName(backendJWTPtr).String()] = *backendJWTPtr } } + if apiPolicy.Spec.Override.AIProvider != nil { + aiProviderPtr := utils.GetAIProvider(ctx, apiReconciler.client, apiPolicy.Namespace, + apiPolicy.Spec.Override.AIProvider.Name, &api) + if aiProviderPtr != nil { + aiProvider = aiProviderPtr + } + } subscriptionValidation = apiPolicy.Spec.Override.SubscriptionValidation } } - return interceptorServices, backendJWTs, subscriptionValidation, nil + return interceptorServices, backendJWTs, subscriptionValidation, aiProvider, nil } func (apiReconciler *APIReconciler) resolveAuthentications(ctx context.Context, @@ -981,6 +1004,14 @@ func (apiReconciler *APIReconciler) populateAPIReconcileRequestsForBackend(ctx c return requests } +func (apiReconciler *APIReconciler) populateAPIReconcileRequestsForAIProvider(ctx context.Context, obj k8client.Object) []reconcile.Request { + requests := apiReconciler.getAPIsForAIProvider(ctx, obj) + if len(requests) > 0 { + apiReconciler.handleOwnerReference(ctx, obj, &requests) + } + return requests +} + func (apiReconciler *APIReconciler) traverseAPIStateAndUpdateOwnerReferences(ctx context.Context, apiState synchronizer.APIState) { // travserse through all the children of this API and trigger update owner reference if apiState.ProdHTTPRoute != nil { @@ -1055,6 +1086,9 @@ func (apiReconciler *APIReconciler) traverseAPIStateAndUpdateOwnerReferences(ctx for _, backendJwt := range apiState.BackendJWTMapping { apiReconciler.retriveParentAPIsAndUpdateOwnerReferene(ctx, &backendJwt) } + if apiState.AIProvider != nil && apiState.AIProvider.Name != "" { + apiReconciler.retriveParentAPIsAndUpdateOwnerReferene(ctx, apiState.AIProvider) + } } @@ -1121,8 +1155,8 @@ func (apiReconciler *APIReconciler) retriveParentAPIsAndUpdateOwnerReferene(ctx } requests = apiReconciler.getAPIsForInterceptorService(ctx, &interceptorService) apiReconciler.handleOwnerReference(ctx, &interceptorService, &requests) - case *dpv1alpha2.APIPolicy: - var apiPolicy dpv1alpha2.APIPolicy + case *dpv1alpha3.APIPolicy: + var apiPolicy dpv1alpha3.APIPolicy namesapcedName := types.NamespacedName{ Name: string(obj.GetName()), Namespace: string(obj.GetNamespace()), @@ -1193,6 +1227,18 @@ func (apiReconciler *APIReconciler) retriveParentAPIsAndUpdateOwnerReferene(ctx } requests = apiReconciler.getAPIForGQLRoute(ctx, &gqlRoute) apiReconciler.handleOwnerReference(ctx, &gqlRoute, &requests) + case *dpv1alpha3.AIProvider: + var aiProvider dpv1alpha3.AIProvider + namesapcedName := types.NamespacedName{ + Name: string(obj.GetName()), + Namespace: string(obj.GetNamespace()), + } + if err := apiReconciler.client.Get(ctx, namesapcedName, &aiProvider); err != nil { + loggers.LoggerAPKOperator.Errorf("Unexpected error occured while loading the cr object from cluster %+v", err) + return + } + requests = apiReconciler.getAPIsForAIProvider(ctx, &aiProvider) + apiReconciler.handleOwnerReference(ctx, &aiProvider, &requests) default: loggers.LoggerAPKOperator.Errorf("Unexpected type found while processing owner reference %+v", obj) } @@ -1379,7 +1425,7 @@ func (apiReconciler *APIReconciler) getAPIsForAuthentication(ctx context.Context // from APIPolicy objects. If the changes are done for an API stored in the Operator Data store, // a new reconcile event will be created and added to the reconcile event queue. func (apiReconciler *APIReconciler) getAPIsForAPIPolicy(ctx context.Context, obj k8client.Object) []reconcile.Request { - apiPolicy, ok := obj.(*dpv1alpha2.APIPolicy) + apiPolicy, ok := obj.(*dpv1alpha3.APIPolicy) requests := []reconcile.Request{} if !ok { loggers.LoggerAPKOperator.ErrorC(logging.PrintError(logging.Error2622, logging.TRIVIAL, "Unexpected object type, bypassing reconciliation: %v", apiPolicy)) @@ -1410,6 +1456,32 @@ func (apiReconciler *APIReconciler) getAPIsForAPIPolicy(ctx context.Context, obj return requests } +// getAPIsForAIProvider triggers the API controller reconcile method based on the changes detected +// from AIProvider objects. If the changes are done for an API stored in the Operator Data store, +// a new reconcile event will be created and added to the reconcile event queue. +func (apiReconciler *APIReconciler) getAPIsForAIProvider(ctx context.Context, obj k8client.Object) []reconcile.Request { + aiProvider, ok := obj.(*dpv1alpha3.AIProvider) + if !ok { + loggers.LoggerAPKOperator.ErrorC(logging.PrintError(logging.Error2622, logging.TRIVIAL, "Unexpected object type, bypassing reconciliation: %v", aiProvider)) + return []reconcile.Request{} + } + + apiPolicyList := &dpv1alpha3.APIPolicyList{} + if err := apiReconciler.client.List(ctx, apiPolicyList, &k8client.ListOptions{ + FieldSelector: fields.OneTermEqualSelector(aiProviderAPIPolicyIndex, utils.NamespacedName(aiProvider).String()), + }); err != nil { + loggers.LoggerAPKOperator.ErrorC(logging.PrintError(logging.Error2649, logging.CRITICAL, "Unable to find associated APIPolicies: %s, error: %v", utils.NamespacedName(aiProvider).String(), err.Error())) + return []reconcile.Request{} + } + + requests := []reconcile.Request{} + for item := range apiPolicyList.Items { + apiPolicy := apiPolicyList.Items[item] + requests = append(requests, apiReconciler.getAPIsForAPIPolicy(ctx, &apiPolicy)...) + } + return requests +} + // getAPIPoliciesForInterceptorService returns associated APIPolicies for the InterceptorService // when the changes detected in InterceptorService resoruces. func (apiReconciler *APIReconciler) getAPIsForInterceptorService(ctx context.Context, obj k8client.Object) []reconcile.Request { @@ -1419,7 +1491,7 @@ func (apiReconciler *APIReconciler) getAPIsForInterceptorService(ctx context.Con return []reconcile.Request{} } - apiPolicyList := &dpv1alpha2.APIPolicyList{} + apiPolicyList := &dpv1alpha3.APIPolicyList{} if err := apiReconciler.client.List(ctx, apiPolicyList, &k8client.ListOptions{ FieldSelector: fields.OneTermEqualSelector(interceptorServiceAPIPolicyIndex, utils.NamespacedName(interceptorService).String()), }); err != nil { @@ -1444,7 +1516,7 @@ func (apiReconciler *APIReconciler) getAPIsForBackendJWT(ctx context.Context, ob return []reconcile.Request{} } - apiPolicyList := &dpv1alpha2.APIPolicyList{} + apiPolicyList := &dpv1alpha3.APIPolicyList{} if err := apiReconciler.client.List(ctx, apiPolicyList, &k8client.ListOptions{ FieldSelector: fields.OneTermEqualSelector(backendJWTAPIPolicyIndex, utils.NamespacedName(backendJWT).String()), }); err != nil { @@ -2019,6 +2091,31 @@ func addIndexes(ctx context.Context, mgr manager.Manager) error { return err } + // AIProvider to APIPolicy indexer + if err := mgr.GetFieldIndexer().IndexField(ctx, &dpv1alpha3.APIPolicy{}, aiProviderAPIPolicyIndex, + func(rawObj k8client.Object) []string { + apiPolicy := rawObj.(*dpv1alpha3.APIPolicy) + var aiProviders []string + if apiPolicy.Spec.Default != nil && apiPolicy.Spec.Default.AIProvider != nil { + aiProviders = append(aiProviders, + types.NamespacedName{ + Namespace: apiPolicy.Namespace, + Name: string(apiPolicy.Spec.Default.AIProvider.Name), + }.String()) + } + if apiPolicy.Spec.Override != nil && apiPolicy.Spec.Override.AIProvider != nil { + aiProviders = append(aiProviders, + types.NamespacedName{ + Namespace: apiPolicy.Namespace, + Name: string(apiPolicy.Spec.Override.RequestInterceptors[0].Name), + }.String()) + } + + return aiProviders + }); err != nil { + return err + } + // Till the below is httproute rule name and targetref sectionname is supported, // https://gateway-api.sigs.k8s.io/geps/gep-713/?h=multiple+targetrefs#apply-policies-to-sections-of-a-resource-future-extension // we will use a temporary kindName called Resource for policy attachments @@ -2064,9 +2161,9 @@ func addIndexes(ctx context.Context, mgr manager.Manager) error { } // interceptorService to APIPolicy indexer - if err := mgr.GetFieldIndexer().IndexField(ctx, &dpv1alpha2.APIPolicy{}, interceptorServiceAPIPolicyIndex, + if err := mgr.GetFieldIndexer().IndexField(ctx, &dpv1alpha3.APIPolicy{}, interceptorServiceAPIPolicyIndex, func(rawObj k8client.Object) []string { - apiPolicy := rawObj.(*dpv1alpha2.APIPolicy) + apiPolicy := rawObj.(*dpv1alpha3.APIPolicy) var interceptorServices []string if apiPolicy.Spec.Default != nil && len(apiPolicy.Spec.Default.RequestInterceptors) > 0 { interceptorServices = append(interceptorServices, @@ -2102,9 +2199,9 @@ func addIndexes(ctx context.Context, mgr manager.Manager) error { } // backendjwt to APIPolicy indexer - if err := mgr.GetFieldIndexer().IndexField(ctx, &dpv1alpha2.APIPolicy{}, backendJWTAPIPolicyIndex, + if err := mgr.GetFieldIndexer().IndexField(ctx, &dpv1alpha3.APIPolicy{}, backendJWTAPIPolicyIndex, func(rawObj k8client.Object) []string { - apiPolicy := rawObj.(*dpv1alpha2.APIPolicy) + apiPolicy := rawObj.(*dpv1alpha3.APIPolicy) var backendJWTs []string if apiPolicy.Spec.Default != nil && apiPolicy.Spec.Default.BackendJWTPolicy != nil { backendJWTs = append(backendJWTs, @@ -2126,9 +2223,9 @@ func addIndexes(ctx context.Context, mgr manager.Manager) error { } // httpRoute to APIPolicy indexer - if err := mgr.GetFieldIndexer().IndexField(ctx, &dpv1alpha2.APIPolicy{}, apiAPIPolicyIndex, + if err := mgr.GetFieldIndexer().IndexField(ctx, &dpv1alpha3.APIPolicy{}, apiAPIPolicyIndex, func(rawObj k8client.Object) []string { - apiPolicy := rawObj.(*dpv1alpha2.APIPolicy) + apiPolicy := rawObj.(*dpv1alpha3.APIPolicy) var apis []string if apiPolicy.Spec.TargetRef.Kind == constants.KindAPI { @@ -2156,9 +2253,9 @@ func addIndexes(ctx context.Context, mgr manager.Manager) error { // https://gateway-api.sigs.k8s.io/geps/gep-713/?h=multiple+targetrefs#apply-policies-to-sections-of-a-resource-future-extension // we will use a temporary kindName called Resource for policy attachments // TODO(amali) Fix after the official support is available - err := mgr.GetFieldIndexer().IndexField(ctx, &dpv1alpha2.APIPolicy{}, apiAPIPolicyResourceIndex, + err := mgr.GetFieldIndexer().IndexField(ctx, &dpv1alpha3.APIPolicy{}, apiAPIPolicyResourceIndex, func(rawObj k8client.Object) []string { - apiPolicy := rawObj.(*dpv1alpha2.APIPolicy) + apiPolicy := rawObj.(*dpv1alpha3.APIPolicy) var apis []string if apiPolicy.Spec.TargetRef.Kind == constants.KindResource { @@ -2607,7 +2704,7 @@ func findProdSandEndpoints(apiState *synchronizer.APIState) (string, string, str } func pickOneCorsForCP(apiState *synchronizer.APIState) *controlplane.CORSPolicy { - apiPolicies := []v1alpha2.APIPolicy{} + apiPolicies := []v1alpha3.APIPolicy{} for _, apiPolicy := range apiState.APIPolicies { apiPolicies = append(apiPolicies, apiPolicy) } @@ -2615,7 +2712,7 @@ func pickOneCorsForCP(apiState *synchronizer.APIState) *controlplane.CORSPolicy apiPolicies = append(apiPolicies, apiPolicy) } for _, apiPolicy := range apiPolicies { - corsPolicy := v1alpha2.CORSPolicy{} + corsPolicy := v1alpha3.CORSPolicy{} found := false if apiPolicy.Spec.Override != nil && apiPolicy.Spec.Override.CORSPolicy != nil { corsPolicy = *apiPolicy.Spec.Override.CORSPolicy diff --git a/adapter/internal/operator/controllers/dp/gateway_controller.go b/adapter/internal/operator/controllers/dp/gateway_controller.go index 51c32b6618..4edc47f7fc 100644 --- a/adapter/internal/operator/controllers/dp/gateway_controller.go +++ b/adapter/internal/operator/controllers/dp/gateway_controller.go @@ -39,6 +39,7 @@ import ( "github.com/wso2/apk/adapter/internal/operator/utils" dpv1alpha1 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha1" dpv1alpha2 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha2" + dpv1alpha3 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha3" ctrl "sigs.k8s.io/controller-runtime" k8client "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" @@ -105,7 +106,7 @@ func NewGatewayController(mgr manager.Manager, operatorDataStore *synchronizer.O return err } - if err := c.Watch(source.Kind(mgr.GetCache(), &dpv1alpha2.APIPolicy{}), handler.EnqueueRequestsFromMapFunc(r.getGatewaysForAPIPolicy), + if err := c.Watch(source.Kind(mgr.GetCache(), &dpv1alpha3.APIPolicy{}), handler.EnqueueRequestsFromMapFunc(r.getGatewaysForAPIPolicy), predicates...); err != nil { loggers.LoggerAPKOperator.ErrorC(logging.PrintError(logging.Error3101, logging.BLOCKER, "Error watching APIPolicy resources: %v", err)) return err @@ -251,9 +252,9 @@ func (gatewayReconciler *GatewayReconciler) resolveGatewayState(ctx context.Cont } func (gatewayReconciler *GatewayReconciler) getAPIPoliciesForGateway(ctx context.Context, - gateway *gwapiv1.Gateway) (map[string]dpv1alpha2.APIPolicy, error) { - apiPolicies := make(map[string]dpv1alpha2.APIPolicy) - apiPolicyList := &dpv1alpha2.APIPolicyList{} + gateway *gwapiv1.Gateway) (map[string]dpv1alpha3.APIPolicy, error) { + apiPolicies := make(map[string]dpv1alpha3.APIPolicy) + apiPolicyList := &dpv1alpha3.APIPolicyList{} if err := gatewayReconciler.client.List(ctx, apiPolicyList, &k8client.ListOptions{ FieldSelector: fields.OneTermEqualSelector(gatewayAPIPolicyIndex, utils.NamespacedName(gateway).String()), }); err != nil { @@ -268,7 +269,7 @@ func (gatewayReconciler *GatewayReconciler) getAPIPoliciesForGateway(ctx context // getInterceptorServicesForGateway returns the list of interceptor services for the given gateway func (gatewayReconciler *GatewayReconciler) getInterceptorServicesForGateway(ctx context.Context, - gatewayAPIPolicies map[string]dpv1alpha2.APIPolicy) (map[string]dpv1alpha1.InterceptorService, error) { + gatewayAPIPolicies map[string]dpv1alpha3.APIPolicy) (map[string]dpv1alpha1.InterceptorService, error) { allGatewayAPIPolicies := maps.Values(gatewayAPIPolicies) interceptorServices := make(map[string]dpv1alpha1.InterceptorService) for _, apiPolicy := range allGatewayAPIPolicies { @@ -355,7 +356,7 @@ func (gatewayReconciler *GatewayReconciler) getAPIsForInterceptorService(ctx con requests := []reconcile.Request{} - apiPolicyList := &dpv1alpha2.APIPolicyList{} + apiPolicyList := &dpv1alpha3.APIPolicyList{} if err := gatewayReconciler.client.List(ctx, apiPolicyList, &k8client.ListOptions{ FieldSelector: fields.OneTermEqualSelector(interceptorServiceAPIPolicyIndex, utils.NamespacedName(interceptorService).String()), }); err != nil { @@ -382,7 +383,7 @@ func (gatewayReconciler *GatewayReconciler) getAPIsForBackendJWT(ctx context.Con requests := []reconcile.Request{} - apiPolicyList := &dpv1alpha2.APIPolicyList{} + apiPolicyList := &dpv1alpha3.APIPolicyList{} if err := gatewayReconciler.client.List(ctx, apiPolicyList, &k8client.ListOptions{ FieldSelector: fields.OneTermEqualSelector(backendJWTAPIPolicyIndex, utils.NamespacedName(backendJWT).String()), }); err != nil { @@ -540,7 +541,7 @@ func (gatewayReconciler *GatewayReconciler) getCustomRateLimitPoliciesForGateway // getGatewaysForAPIPolicy triggers the Gateway controller reconcile method // based on the changes detected from APIPolicy objects. func (gatewayReconciler *GatewayReconciler) getGatewaysForAPIPolicy(ctx context.Context, obj k8client.Object) []reconcile.Request { - apiPolicy, ok := obj.(*dpv1alpha2.APIPolicy) + apiPolicy, ok := obj.(*dpv1alpha3.APIPolicy) if !ok { loggers.LoggerAPKOperator.ErrorC(logging.PrintError(logging.Error3107, logging.TRIVIAL, "Unexpected object type, bypassing reconciliation: %v", apiPolicy)) return nil @@ -595,9 +596,9 @@ func addGatewayIndexes(ctx context.Context, mgr manager.Manager) error { } // Gateway to APIPolicy indexer - err := mgr.GetFieldIndexer().IndexField(ctx, &dpv1alpha2.APIPolicy{}, gatewayAPIPolicyIndex, + err := mgr.GetFieldIndexer().IndexField(ctx, &dpv1alpha3.APIPolicy{}, gatewayAPIPolicyIndex, func(rawObj k8client.Object) []string { - apiPolicy := rawObj.(*dpv1alpha2.APIPolicy) + apiPolicy := rawObj.(*dpv1alpha3.APIPolicy) var httpRoutes []string if apiPolicy.Spec.TargetRef.Kind == constants.KindGateway { diff --git a/adapter/internal/operator/operator.go b/adapter/internal/operator/operator.go index 87cf2bf916..afeb516220 100644 --- a/adapter/internal/operator/operator.go +++ b/adapter/internal/operator/operator.go @@ -49,6 +49,7 @@ import ( dpv1alpha1 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha1" dpv1alpha2 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha2" + dpv1alpha3 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha3" //+kubebuilder:scaffold:imports ) @@ -66,6 +67,8 @@ func init() { utilruntime.Must(gwapiv1a2.AddToScheme(scheme)) utilruntime.Must(dpv1alpha2.AddToScheme(scheme)) + + utilruntime.Must(dpv1alpha3.AddToScheme(scheme)) //+kubebuilder:scaffold:scheme } diff --git a/adapter/internal/operator/synchronizer/api_state.go b/adapter/internal/operator/synchronizer/api_state.go index 0b6654433e..1cff138485 100644 --- a/adapter/internal/operator/synchronizer/api_state.go +++ b/adapter/internal/operator/synchronizer/api_state.go @@ -20,6 +20,7 @@ package synchronizer import ( "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha1" "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha2" + "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha3" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" ) @@ -36,8 +37,9 @@ type APIState struct { RateLimitPolicies map[string]v1alpha1.RateLimitPolicy ResourceAuthentications map[string]v1alpha2.Authentication ResourceRateLimitPolicies map[string]v1alpha1.RateLimitPolicy - ResourceAPIPolicies map[string]v1alpha2.APIPolicy - APIPolicies map[string]v1alpha2.APIPolicy + ResourceAPIPolicies map[string]v1alpha3.APIPolicy + APIPolicies map[string]v1alpha3.APIPolicy + AIProvider *v1alpha3.AIProvider InterceptorServiceMapping map[string]v1alpha1.InterceptorService BackendJWTMapping map[string]v1alpha1.BackendJWT APIDefinitionFile []byte diff --git a/adapter/internal/operator/synchronizer/gateway_state.go b/adapter/internal/operator/synchronizer/gateway_state.go index 070466db84..31d92dcee4 100644 --- a/adapter/internal/operator/synchronizer/gateway_state.go +++ b/adapter/internal/operator/synchronizer/gateway_state.go @@ -20,6 +20,7 @@ package synchronizer import ( "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha1" "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha2" + "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha3" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" ) @@ -35,7 +36,7 @@ type GatewayState struct { // +k8s:deepcopy-gen=true type GatewayStateData struct { GatewayResolvedListenerCerts map[string]map[string][]byte - GatewayAPIPolicies map[string]v1alpha2.APIPolicy + GatewayAPIPolicies map[string]v1alpha3.APIPolicy GatewayBackendMapping map[string]*v1alpha2.ResolvedBackend GatewayInterceptorServiceMapping map[string]v1alpha1.InterceptorService GatewayCustomRateLimitPolicies map[string]*v1alpha1.RateLimitPolicy diff --git a/adapter/internal/operator/synchronizer/gateway_synchronizer.go b/adapter/internal/operator/synchronizer/gateway_synchronizer.go index a43ceaac17..aed7cd460e 100644 --- a/adapter/internal/operator/synchronizer/gateway_synchronizer.go +++ b/adapter/internal/operator/synchronizer/gateway_synchronizer.go @@ -32,6 +32,7 @@ import ( "github.com/wso2/apk/adapter/pkg/logging" dpv1alpha1 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha1" dpv1alpha2 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha2" + dpv1alpha3 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha3" "golang.org/x/exp/maps" "k8s.io/apimachinery/pkg/types" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" @@ -135,7 +136,7 @@ func getCustomRateLimitPolicies(customRateLimitPoliciesDef map[string]*dpv1alpha return customRateLimitPolicies } -func generateGlobalInterceptorResource(gatewayAPIPolicies map[string]dpv1alpha2.APIPolicy, +func generateGlobalInterceptorResource(gatewayAPIPolicies map[string]dpv1alpha3.APIPolicy, gatewayInterceptorServiceMapping map[string]dpv1alpha1.InterceptorService, gatewayBackendMapping map[string]*dpv1alpha2.ResolvedBackend) (string, *clusterv3.Cluster, []*corev3.Address, *clusterv3.Cluster, []*corev3.Address) { @@ -156,7 +157,7 @@ func generateGlobalInterceptorResource(gatewayAPIPolicies map[string]dpv1alpha2. return gwLuaScript, gwReqICluster, gwReqIAddresses, gwResICluster, gwResIAddresses } -func getGlobalInterceptorScript(gatewayAPIPolicies map[string]dpv1alpha2.APIPolicy, +func getGlobalInterceptorScript(gatewayAPIPolicies map[string]dpv1alpha3.APIPolicy, gatewayInterceptorServiceMapping map[string]dpv1alpha1.InterceptorService, gatewayBackendMapping map[string]*dpv1alpha2.ResolvedBackend) string { iInvCtx := &interceptor.InvocationContext{ @@ -183,13 +184,13 @@ end ` } -func createInterceptors(gatewayAPIPolicies map[string]dpv1alpha2.APIPolicy, +func createInterceptors(gatewayAPIPolicies map[string]dpv1alpha3.APIPolicy, gatewayInterceptorServiceMapping map[string]dpv1alpha1.InterceptorService, gatewayBackendMapping map[string]*dpv1alpha2.ResolvedBackend) (requestInterceptor map[string]model.InterceptEndpoint, responseInterceptor map[string]model.InterceptEndpoint) { requestInterceptorMap := make(map[string]model.InterceptEndpoint) responseInterceptorMap := make(map[string]model.InterceptEndpoint) - var apiPolicy *dpv1alpha2.APIPolicy + var apiPolicy *dpv1alpha3.APIPolicy outputAPIPolicy := utils.TieBreaker(utils.GetPtrSlice(maps.Values(gatewayAPIPolicies))) if outputAPIPolicy != nil { apiPolicy = *outputAPIPolicy @@ -226,7 +227,7 @@ func createInterceptors(gatewayAPIPolicies map[string]dpv1alpha2.APIPolicy, return requestInterceptorMap, responseInterceptorMap } -func getInterceptorEndpoint(namespace string, interceptorRef *dpv1alpha2.InterceptorReference, +func getInterceptorEndpoint(namespace string, interceptorRef *dpv1alpha3.InterceptorReference, gatewayInterceptorServiceMapping map[string]dpv1alpha1.InterceptorService, gatewayBackendMapping map[string]*dpv1alpha2.ResolvedBackend, isReq bool) *model.InterceptEndpoint { interceptor := gatewayInterceptorServiceMapping[types.NamespacedName{ Namespace: namespace, diff --git a/adapter/internal/operator/synchronizer/gql_api.go b/adapter/internal/operator/synchronizer/gql_api.go index 5f7cfef13a..c781ad3e0d 100644 --- a/adapter/internal/operator/synchronizer/gql_api.go +++ b/adapter/internal/operator/synchronizer/gql_api.go @@ -103,6 +103,11 @@ func generateGQLAdapterInternalAPI(apiState APIState, gqlRoute *GQLRouteState, e adapterInternalAPI.SetDisableMtls(true) } + if apiState.AIProvider != nil && apiState.AIProvider.Name != "" { + adapterInternalAPI.SetAIProvider(*apiState.AIProvider) + } + loggers.LoggerAPKOperator.Infof("Generated AdapterInternalAPI AI Provider for GQL API: %v", adapterInternalAPI.GetAIProvider()) + return &adapterInternalAPI, nil } diff --git a/adapter/internal/operator/synchronizer/rest_api.go b/adapter/internal/operator/synchronizer/rest_api.go index d16be379c2..9ca6f7c18c 100644 --- a/adapter/internal/operator/synchronizer/rest_api.go +++ b/adapter/internal/operator/synchronizer/rest_api.go @@ -125,6 +125,11 @@ func generateAdapterInternalAPI(apiState APIState, httpRoute *HTTPRouteState, en return nil, err } + if apiState.AIProvider != nil && apiState.AIProvider.Name != "" { + adapterInternalAPI.SetAIProvider(*apiState.AIProvider) + } + loggers.LoggerAPKOperator.Infof("AdapterInternalAPI AI Provider: %+v", adapterInternalAPI.GetAIProvider()) + return &adapterInternalAPI, nil } diff --git a/adapter/internal/operator/synchronizer/zz_generated.deepcopy.go b/adapter/internal/operator/synchronizer/zz_generated.deepcopy.go index ffe28ace55..04eda22932 100644 --- a/adapter/internal/operator/synchronizer/zz_generated.deepcopy.go +++ b/adapter/internal/operator/synchronizer/zz_generated.deepcopy.go @@ -25,6 +25,7 @@ package synchronizer import ( "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha1" "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha2" + "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha3" "sigs.k8s.io/gateway-api/apis/v1" ) @@ -86,14 +87,14 @@ func (in *APIState) DeepCopyInto(out *APIState) { } if in.ResourceAPIPolicies != nil { in, out := &in.ResourceAPIPolicies, &out.ResourceAPIPolicies - *out = make(map[string]v1alpha2.APIPolicy, len(*in)) + *out = make(map[string]v1alpha3.APIPolicy, len(*in)) for key, val := range *in { (*out)[key] = *val.DeepCopy() } } if in.APIPolicies != nil { in, out := &in.APIPolicies, &out.APIPolicies - *out = make(map[string]v1alpha2.APIPolicy, len(*in)) + *out = make(map[string]v1alpha3.APIPolicy, len(*in)) for key, val := range *in { (*out)[key] = *val.DeepCopy() } @@ -246,7 +247,7 @@ func (in *GatewayStateData) DeepCopyInto(out *GatewayStateData) { } if in.GatewayAPIPolicies != nil { in, out := &in.GatewayAPIPolicies, &out.GatewayAPIPolicies - *out = make(map[string]v1alpha2.APIPolicy, len(*in)) + *out = make(map[string]v1alpha3.APIPolicy, len(*in)) for key, val := range *in { (*out)[key] = *val.DeepCopy() } diff --git a/adapter/internal/operator/utils/utils.go b/adapter/internal/operator/utils/utils.go index 064c647f0b..bc6dd352fe 100644 --- a/adapter/internal/operator/utils/utils.go +++ b/adapter/internal/operator/utils/utils.go @@ -35,6 +35,7 @@ import ( "github.com/wso2/apk/adapter/pkg/utils/stringutils" dpv1alpha1 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha1" dpv1alpha2 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha2" + dpv1alpha3 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha3" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -594,7 +595,7 @@ func RetrieveNamespaceListOptions(namespaces []string) k8client.ListOptions { // GetInterceptorService reads InterceptorService when interceptorReference is given func GetInterceptorService(ctx context.Context, client k8client.Client, namespace string, - interceptorReference *dpv1alpha2.InterceptorReference, api *dpv1alpha2.API) *dpv1alpha1.InterceptorService { + interceptorReference *dpv1alpha3.InterceptorReference, api *dpv1alpha2.API) *dpv1alpha1.InterceptorService { interceptorService := &dpv1alpha1.InterceptorService{} interceptorRef := types.NamespacedName{ Namespace: namespace, @@ -624,6 +625,22 @@ func GetBackendJWT(ctx context.Context, client k8client.Client, namespace, return backendJWT } +// GetAIProvider reads AIProvider when aiProviderReference is given +func GetAIProvider(ctx context.Context, client k8client.Client, namespace string, + aiProviderReference string, api *dpv1alpha2.API) *dpv1alpha3.AIProvider { + aiProvider := &dpv1alpha3.AIProvider{} + aiProviderRef := types.NamespacedName{ + Namespace: namespace, + Name: aiProviderReference, + } + if err := ResolveRef(ctx, client, api, aiProviderRef, false, aiProvider); err != nil { + if !apierrors.IsNotFound(err) { + loggers.LoggerAPKOperator.ErrorC(logging.PrintError(logging.Error2663, logging.CRITICAL, "Error while getting aiProvider %s, error: %v", aiProviderRef, err.Error())) + } + } + return aiProvider +} + // RetrieveAPIList retrieves API list from the given kubernetes client func RetrieveAPIList(k8sclient k8client.Client) ([]dpv1alpha2.API, error) { ctx := context.Background() diff --git a/common-go-libs/apis/dp/v1alpha2/apipolicy_types.go b/common-go-libs/apis/dp/v1alpha2/apipolicy_types.go index 97058433ec..ae703e3702 100644 --- a/common-go-libs/apis/dp/v1alpha2/apipolicy_types.go +++ b/common-go-libs/apis/dp/v1alpha2/apipolicy_types.go @@ -130,7 +130,6 @@ type APIPolicyStatus struct { // +genclient //+kubebuilder:object:root=true //+kubebuilder:subresource:status -//+kubebuilder:storageversion // APIPolicy is the Schema for the apipolicies API type APIPolicy struct { diff --git a/common-go-libs/apis/dp/v1alpha3/apipolicy_types.go b/common-go-libs/apis/dp/v1alpha3/apipolicy_types.go index 79f042ee9a..3795b73e90 100644 --- a/common-go-libs/apis/dp/v1alpha3/apipolicy_types.go +++ b/common-go-libs/apis/dp/v1alpha3/apipolicy_types.go @@ -128,7 +128,7 @@ type InterceptorReference struct { // AIProviderReference holds reference to AIProvider resource type AIProviderReference struct { // Name is the referced CR's name of AIProvider resource. - Name string `json:"name"` + Name string `json:"name,omitempty"` } // APIPolicyStatus defines the observed state of APIPolicy diff --git a/common-go-libs/config/crd/bases/dp.wso2.com_apipolicies.yaml b/common-go-libs/config/crd/bases/dp.wso2.com_apipolicies.yaml index 393206df5b..e02b4d3aea 100644 --- a/common-go-libs/config/crd/bases/dp.wso2.com_apipolicies.yaml +++ b/common-go-libs/config/crd/bases/dp.wso2.com_apipolicies.yaml @@ -503,7 +503,7 @@ spec: type: object type: object served: true - storage: true + storage: false subresources: status: {} - name: v1alpha3 diff --git a/helm-charts/crds/dp.wso2.com_aiproviders.yaml b/helm-charts/crds/dp.wso2.com_aiproviders.yaml new file mode 100644 index 0000000000..7e3634e7a0 --- /dev/null +++ b/helm-charts/crds/dp.wso2.com_aiproviders.yaml @@ -0,0 +1,110 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: aiproviders.dp.wso2.com +spec: + group: dp.wso2.com + names: + kind: AIProvider + listKind: AIProviderList + plural: aiproviders + singular: aiprovider + scope: Namespaced + versions: + - name: v1alpha3 + schema: + openAPIV3Schema: + description: AIProvider is the Schema for the aiproviders API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AIProviderSpec defines the desired state of AIProvider + properties: + model: + description: ValueDetails defines the value details + properties: + in: + type: string + value: + type: string + required: + - in + - value + type: object + organization: + type: string + providerAPIVersion: + type: string + providerName: + minLength: 1 + type: string + rateLimitFields: + description: RateLimitFields defines the Rate Limit fields + properties: + completionToken: + description: ValueDetails defines the value details + properties: + in: + type: string + value: + type: string + required: + - in + - value + type: object + promptTokens: + description: ValueDetails defines the value details + properties: + in: + type: string + value: + type: string + required: + - in + - value + type: object + totalToken: + description: ValueDetails defines the value details + properties: + in: + type: string + value: + type: string + required: + - in + - value + type: object + required: + - completionToken + - promptTokens + - totalToken + type: object + required: + - model + - organization + - providerAPIVersion + - providerName + - rateLimitFields + type: object + status: + description: AIProviderStatus defines the observed state of AIProvider + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/helm-charts/templates/crds/dp.wso2.com_apipolicies.yaml b/helm-charts/templates/crds/dp.wso2.com_apipolicies.yaml index df7a7090d8..26cfbfab29 100644 --- a/helm-charts/templates/crds/dp.wso2.com_apipolicies.yaml +++ b/helm-charts/templates/crds/dp.wso2.com_apipolicies.yaml @@ -7,18 +7,6 @@ metadata: cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ template "apk-helm.resource.prefix" . }}-common-controller-server-cert name: apipolicies.dp.wso2.com spec: - {{- if .Values.wso2.apk.webhooks.conversionwebhookconfigurations }} - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: {{ template "apk-helm.resource.prefix" . }}-common-controller-service - namespace: {{ .Release.Namespace }} - path: /convert - conversionReviewVersions: - - v1 - {{- end }} group: dp.wso2.com names: kind: APIPolicy @@ -516,6 +504,283 @@ spec: type: object type: object served: true + storage: false + subresources: + status: {} + - name: v1alpha3 + schema: + openAPIV3Schema: + description: APIPolicy is the Schema for the apipolicies API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: APIPolicySpec defines the desired state of APIPolicy + properties: + default: + description: PolicySpec contains API policies + properties: + aiProvider: + description: AIProvider referenced to AIProvider resource to be + applied to the API. + properties: + name: + description: Name is the referced CR's name of AIProvider + resource. + type: string + required: + - name + type: object + backendJwtPolicy: + description: BackendJWTPolicy holds reference to backendJWT policy + configurations + properties: + name: + description: Name holds the name of the BackendJWT resource. + type: string + type: object + cORSPolicy: + description: CORS policy to be applied to the API. + properties: + accessControlAllowCredentials: + description: AllowCredentials indicates whether the request + can include user credentials like cookies, HTTP authentication + or client side SSL certificates. + type: boolean + accessControlAllowHeaders: + description: AccessControlAllowHeaders indicates which headers + can be used during the actual request. + items: + type: string + type: array + accessControlAllowMethods: + description: AccessControlAllowMethods indicates which methods + can be used during the actual request. + items: + type: string + type: array + accessControlAllowOrigins: + description: AccessControlAllowOrigins indicates which origins + can be used during the actual request. + items: + type: string + type: array + accessControlExposeHeaders: + description: AccessControlExposeHeaders indicates which headers + can be exposed as part of the response by listing their + names. + items: + type: string + type: array + accessControlMaxAge: + description: AccessControlMaxAge indicates how long the results + of a preflight request can be cached in a preflight result + cache. + type: integer + enabled: + default: true + description: Enabled is to enable CORs policy for the API. + type: boolean + type: object + requestInterceptors: + description: RequestInterceptors referenced to intercetor services + to be applied to the request flow. + items: + description: InterceptorReference holds InterceptorService reference + using name and namespace + properties: + name: + description: Name is the referced CR's name of InterceptorService + resource. + type: string + required: + - name + type: object + maxItems: 1 + nullable: true + type: array + responseInterceptors: + description: ResponseInterceptors referenced to intercetor services + to be applied to the response flow. + items: + description: InterceptorReference holds InterceptorService reference + using name and namespace + properties: + name: + description: Name is the referced CR's name of InterceptorService + resource. + type: string + required: + - name + type: object + maxItems: 1 + nullable: true + type: array + subscriptionValidation: + default: false + description: SubscriptionValidation denotes whether subscription + validation is enabled for the API + type: boolean + type: object + override: + description: PolicySpec contains API policies + properties: + aiProvider: + description: AIProvider referenced to AIProvider resource to be + applied to the API. + properties: + name: + description: Name is the referced CR's name of AIProvider + resource. + type: string + required: + - name + type: object + backendJwtPolicy: + description: BackendJWTPolicy holds reference to backendJWT policy + configurations + properties: + name: + description: Name holds the name of the BackendJWT resource. + type: string + type: object + cORSPolicy: + description: CORS policy to be applied to the API. + properties: + accessControlAllowCredentials: + description: AllowCredentials indicates whether the request + can include user credentials like cookies, HTTP authentication + or client side SSL certificates. + type: boolean + accessControlAllowHeaders: + description: AccessControlAllowHeaders indicates which headers + can be used during the actual request. + items: + type: string + type: array + accessControlAllowMethods: + description: AccessControlAllowMethods indicates which methods + can be used during the actual request. + items: + type: string + type: array + accessControlAllowOrigins: + description: AccessControlAllowOrigins indicates which origins + can be used during the actual request. + items: + type: string + type: array + accessControlExposeHeaders: + description: AccessControlExposeHeaders indicates which headers + can be exposed as part of the response by listing their + names. + items: + type: string + type: array + accessControlMaxAge: + description: AccessControlMaxAge indicates how long the results + of a preflight request can be cached in a preflight result + cache. + type: integer + enabled: + default: true + description: Enabled is to enable CORs policy for the API. + type: boolean + type: object + requestInterceptors: + description: RequestInterceptors referenced to intercetor services + to be applied to the request flow. + items: + description: InterceptorReference holds InterceptorService reference + using name and namespace + properties: + name: + description: Name is the referced CR's name of InterceptorService + resource. + type: string + required: + - name + type: object + maxItems: 1 + nullable: true + type: array + responseInterceptors: + description: ResponseInterceptors referenced to intercetor services + to be applied to the response flow. + items: + description: InterceptorReference holds InterceptorService reference + using name and namespace + properties: + name: + description: Name is the referced CR's name of InterceptorService + resource. + type: string + required: + - name + type: object + maxItems: 1 + nullable: true + type: array + subscriptionValidation: + default: false + description: SubscriptionValidation denotes whether subscription + validation is enabled for the API + type: boolean + type: object + targetRef: + description: PolicyTargetReference identifies an API object to apply + a direct or inherited policy to. This should be used as part of + Policy resources that can target Gateway API resources. For more + information on how this policy attachment model works, and a sample + Policy resource, refer to the policy attachment documentation for + Gateway API. + properties: + group: + description: Group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: Kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace is the namespace of the referent. When + unspecified, the local namespace is inferred. Even when policy + targets a resource in a different namespace, it MUST only apply + to traffic originating from the same namespace as the policy. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - group + - kind + - name + type: object + type: object + status: + description: APIPolicyStatus defines the observed state of APIPolicy + type: object + type: object + served: true storage: true subresources: status: {} diff --git a/helm-charts/templates/data-plane/config-deployer/config-api-apipolicy.yaml b/helm-charts/templates/data-plane/config-deployer/config-api-apipolicy.yaml index 16cef2323e..b3fec2db41 100644 --- a/helm-charts/templates/data-plane/config-deployer/config-api-apipolicy.yaml +++ b/helm-charts/templates/data-plane/config-deployer/config-api-apipolicy.yaml @@ -1,5 +1,5 @@ {{- if and .Values.wso2.apk.dp.enabled .Values.wso2.apk.dp.configdeployer.enabled }} -apiVersion: dp.wso2.com/v1alpha2 +apiVersion: dp.wso2.com/v1alpha3 kind: APIPolicy metadata: name: "{{ template "apk-helm.resource.prefix" . }}-config-api-api-policy" diff --git a/helm-charts/templates/serviceAccount/apk-cluster-role.yaml b/helm-charts/templates/serviceAccount/apk-cluster-role.yaml index ccbb849a5d..751434027b 100644 --- a/helm-charts/templates/serviceAccount/apk-cluster-role.yaml +++ b/helm-charts/templates/serviceAccount/apk-cluster-role.yaml @@ -122,6 +122,15 @@ rules: - apiGroups: ["dp.wso2.com"] resources: ["gqlroutes/status"] verbs: ["get","patch","update"] + - apiGroups: ["dp.wso2.com"] + resources: ["aiproviders"] + verbs: ["get","list","watch","update","delete","create"] + - apiGroups: ["dp.wso2.com"] + resources: ["aiproviders/status"] + verbs: ["get","patch","update"] + - apiGroups: ["dp.wso2.com"] + resources: ["aiproviders/finalizers"] + verbs: ["update"] - apiGroups: ["cp.wso2.com"] resources: ["applications"] verbs: ["get","list","watch","update","delete","create"] diff --git a/test/apim-apk-agent-test/cucumber-tests/CRs/artifacts.yaml b/test/apim-apk-agent-test/cucumber-tests/CRs/artifacts.yaml index aa3cac1cdf..b10ec7b270 100644 --- a/test/apim-apk-agent-test/cucumber-tests/CRs/artifacts.yaml +++ b/test/apim-apk-agent-test/cucumber-tests/CRs/artifacts.yaml @@ -225,7 +225,7 @@ spec: configMap: name: "interceptor-service-config-toml" --- -apiVersion: dp.wso2.com/v1alpha2 +apiVersion: dp.wso2.com/v1alpha3 kind: APIPolicy metadata: name: interceptor-policy-gateway-level diff --git a/test/cucumber-tests/CRs/agent-artifacts.yaml b/test/cucumber-tests/CRs/agent-artifacts.yaml index d758aa9f8b..d51179a225 100644 --- a/test/cucumber-tests/CRs/agent-artifacts.yaml +++ b/test/cucumber-tests/CRs/agent-artifacts.yaml @@ -222,7 +222,7 @@ spec: configMap: name: "interceptor-service-config-toml" --- -apiVersion: dp.wso2.com/v1alpha2 +apiVersion: dp.wso2.com/v1alpha3 kind: APIPolicy metadata: name: interceptor-policy-gateway-level diff --git a/test/cucumber-tests/CRs/artifacts.yaml b/test/cucumber-tests/CRs/artifacts.yaml index a1731fb900..5db4413511 100644 --- a/test/cucumber-tests/CRs/artifacts.yaml +++ b/test/cucumber-tests/CRs/artifacts.yaml @@ -222,7 +222,7 @@ spec: configMap: name: "interceptor-service-config-toml" --- -apiVersion: dp.wso2.com/v1alpha2 +apiVersion: dp.wso2.com/v1alpha3 kind: APIPolicy metadata: name: interceptor-policy-gateway-level diff --git a/test/integration/integration/tests/resources/tests/api-policy-with-jwt-generator.yaml b/test/integration/integration/tests/resources/tests/api-policy-with-jwt-generator.yaml index 4ae6e827e4..8f6d17f22c 100644 --- a/test/integration/integration/tests/resources/tests/api-policy-with-jwt-generator.yaml +++ b/test/integration/integration/tests/resources/tests/api-policy-with-jwt-generator.yaml @@ -55,7 +55,7 @@ spec: kind: Backend name: infra-backend-v1 --- -apiVersion: dp.wso2.com/v1alpha2 +apiVersion: dp.wso2.com/v1alpha3 kind: APIPolicy metadata: name: jwt-token-generator-policy diff --git a/test/integration/integration/tests/resources/tests/api-with-cors-policy.yaml b/test/integration/integration/tests/resources/tests/api-with-cors-policy.yaml index 09f80a2ce7..a1bff40bfc 100644 --- a/test/integration/integration/tests/resources/tests/api-with-cors-policy.yaml +++ b/test/integration/integration/tests/resources/tests/api-with-cors-policy.yaml @@ -61,7 +61,7 @@ spec: kind: Backend name: infra-backend-v1 --- -apiVersion: dp.wso2.com/v1alpha2 +apiVersion: dp.wso2.com/v1alpha3 kind: APIPolicy metadata: name: cors-policy @@ -140,7 +140,7 @@ spec: - host: infra-backend-v1.gateway-integration-test-infra port: 8080 --- -apiVersion: dp.wso2.com/v1alpha2 +apiVersion: dp.wso2.com/v1alpha3 kind: APIPolicy metadata: name: no-cors-policy diff --git a/test/integration/integration/tests/resources/tests/custom-policy-ratelimiting.yaml b/test/integration/integration/tests/resources/tests/custom-policy-ratelimiting.yaml index 8a18d9d328..dbaef720c5 100644 --- a/test/integration/integration/tests/resources/tests/custom-policy-ratelimiting.yaml +++ b/test/integration/integration/tests/resources/tests/custom-policy-ratelimiting.yaml @@ -31,7 +31,7 @@ spec: name: wso2-apk-default group: gateway.networking.k8s.io --- -apiVersion: dp.wso2.com/v1alpha2 +apiVersion: dp.wso2.com/v1alpha3 kind: APIPolicy metadata: name: interceptor-api-policy-api-level diff --git a/test/integration/integration/tests/resources/tests/interceptors-api-level.yaml b/test/integration/integration/tests/resources/tests/interceptors-api-level.yaml index af5d12643c..3c58fe9d56 100644 --- a/test/integration/integration/tests/resources/tests/interceptors-api-level.yaml +++ b/test/integration/integration/tests/resources/tests/interceptors-api-level.yaml @@ -66,7 +66,7 @@ spec: type: ReplaceFullPath replaceFullPath: /books --- -apiVersion: dp.wso2.com/v1alpha2 +apiVersion: dp.wso2.com/v1alpha3 kind: APIPolicy metadata: name: interceptor-api-policy-api-level diff --git a/test/integration/integration/tests/resources/tests/interceptors-resource-level.yaml b/test/integration/integration/tests/resources/tests/interceptors-resource-level.yaml index 06882d25a9..f6c3626346 100644 --- a/test/integration/integration/tests/resources/tests/interceptors-resource-level.yaml +++ b/test/integration/integration/tests/resources/tests/interceptors-resource-level.yaml @@ -81,7 +81,7 @@ spec: type: ReplaceFullPath replaceFullPath: /books --- -apiVersion: dp.wso2.com/v1alpha2 +apiVersion: dp.wso2.com/v1alpha3 kind: APIPolicy metadata: name: interceptor-api-policy-resource-level diff --git a/test/k8s-resources/gw-interceptor.yaml b/test/k8s-resources/gw-interceptor.yaml index 42d47c02e5..4146fe053b 100644 --- a/test/k8s-resources/gw-interceptor.yaml +++ b/test/k8s-resources/gw-interceptor.yaml @@ -1,4 +1,4 @@ -apiVersion: dp.wso2.com/v1alpha2 +apiVersion: dp.wso2.com/v1alpha3 kind: APIPolicy metadata: name: interceptor-policy-gateway-level diff --git a/test/performance/artifacts/api.yaml b/test/performance/artifacts/api.yaml index c30dd90f26..d2c5f15a0d 100644 --- a/test/performance/artifacts/api.yaml +++ b/test/performance/artifacts/api.yaml @@ -25,7 +25,7 @@ spec: status: null --- -apiVersion: dp.wso2.com/v1alpha2 +apiVersion: dp.wso2.com/v1alpha3 kind: APIPolicy metadata: name: default-api-policy