feat(konnect): add KongCredentialHMAC

Kong · Oct 3, 2024 · 3b96e87 · 3b96e87
1 parent ac6dd7b
commit 3b96e87
Show file tree

Hide file tree

Showing 17 changed files with 768 additions and 3 deletions.
diff --git a/.mockery.yaml b/.mockery.yaml
@@ -25,6 +25,7 @@ packages:
       KongCredentialACLSDK:
       KongCredentialBasicAuthSDK:
       KongCredentialJWTSDK:
+      KongCredentialHMACSDK:
       CACertificatesSDK:
       CertificatesSDK:
       KeysSDK:

diff --git a/config/samples/konnect_kongconsumer_hmac.yaml b/config/samples/konnect_kongconsumer_hmac.yaml
@@ -0,0 +1,46 @@
+kind: KonnectAPIAuthConfiguration
+apiVersion: konnect.konghq.com/v1alpha1
+metadata:
+  name: konnect-api-auth-dev-1
+  namespace: default
+spec:
+  type: token
+  token: kpat_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+  serverURL: us.api.konghq.com
+---
+kind: KonnectGatewayControlPlane
+apiVersion: konnect.konghq.com/v1alpha1
+metadata:
+  name: test-cp-basic-auth
+  namespace: default
+spec:
+  name: test-cp-basic-auth
+  labels:
+    app: test-cp-basic-auth
+    key1: test-cp-basic-auth
+  konnect:
+    authRef:
+      name: konnect-api-auth-dev-1
+---
+kind: KongConsumer
+apiVersion: configuration.konghq.com/v1
+metadata:
+  name: consumer-hmac-1
+  namespace: default
+username: consumer1-hmac-1
+spec:
+  controlPlaneRef:
+    type: konnectNamespacedRef
+    konnectNamespacedRef:
+      name: test-cp-basic-auth
+---
+apiVersion: configuration.konghq.com/v1alpha1
+kind: KongCredentialHMAC
+metadata:
+  name: hmac-1
+  namespace: default
+spec:
+  consumerRef:
+    name: consumer-hmac-1
+  key: secretkey
+  username: consumer1-hmac-1
diff --git a/controller/konnect/constraints/constraints.go b/controller/konnect/constraints/constraints.go
@@ -23,6 +23,7 @@ type SupportedKonnectEntityType interface {
 		configurationv1alpha1.KongCredentialAPIKey |
 		configurationv1alpha1.KongCredentialACL |
 		configurationv1alpha1.KongCredentialJWT |
+		configurationv1alpha1.KongCredentialHMAC |
 		configurationv1alpha1.KongUpstream |
 		configurationv1alpha1.KongCACertificate |
 		configurationv1alpha1.KongCertificate |

diff --git a/controller/konnect/index_credentials_hmac.go b/controller/konnect/index_credentials_hmac.go
@@ -0,0 +1,32 @@
+package konnect
+
+import (
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1"
+)
+
+const (
+	// IndexFieldKongCredentialHMACReferencesKongConsumer is the index name for KongCredentialHMAC -> Consumer.
+	IndexFieldKongCredentialHMACReferencesKongConsumer = "kongCredentialsHMACConsumerRef"
+)
+
+// IndexOptionsForCredentialsHMAC returns required Index options for KongCredentialHMAC.
+func IndexOptionsForCredentialsHMAC() []ReconciliationIndexOption {
+	return []ReconciliationIndexOption{
+		{
+			IndexObject:  &configurationv1alpha1.KongCredentialHMAC{},
+			IndexField:   IndexFieldKongCredentialHMACReferencesKongConsumer,
+			ExtractValue: kongCredentialHMACReferencesConsumer,
+		},
+	}
+}
+
+// kongCredentialHMACReferencesConsumer returns the name of referenced Consumer.
+func kongCredentialHMACReferencesConsumer(obj client.Object) []string {
+	cred, ok := obj.(*configurationv1alpha1.KongCredentialHMAC)
+	if !ok {
+		return nil
+	}
+	return []string{cred.Spec.ConsumerRef.Name}
+}
diff --git a/controller/konnect/ops/credentialhmac.go b/controller/konnect/ops/credentialhmac.go
@@ -0,0 +1,14 @@
+package ops
+
+import (
+	"context"
+
+	sdkkonnectops "github.com/Kong/sdk-konnect-go/models/operations"
+)
+
+// KongCredentialHMACSDK is the interface for the Konnect KongCredentialHMACSDK.
+type KongCredentialHMACSDK interface {
+	CreateHmacAuthWithConsumer(ctx context.Context, req sdkkonnectops.CreateHmacAuthWithConsumerRequest, opts ...sdkkonnectops.Option) (*sdkkonnectops.CreateHmacAuthWithConsumerResponse, error)
+	DeleteHmacAuthWithConsumer(ctx context.Context, request sdkkonnectops.DeleteHmacAuthWithConsumerRequest, opts ...sdkkonnectops.Option) (*sdkkonnectops.DeleteHmacAuthWithConsumerResponse, error)
+	UpsertHmacAuthWithConsumer(ctx context.Context, request sdkkonnectops.UpsertHmacAuthWithConsumerRequest, opts ...sdkkonnectops.Option) (*sdkkonnectops.UpsertHmacAuthWithConsumerResponse, error)
+}
diff --git a/controller/konnect/ops/credentialhmac_mock.go b/controller/konnect/ops/credentialhmac_mock.go
diff --git a/controller/konnect/ops/ops.go b/controller/konnect/ops/ops.go
@@ -74,6 +74,8 @@ func Create[
 		return e, createKongCredentialACL(ctx, sdk.GetACLCredentialsSDK(), ent)
 	case *configurationv1alpha1.KongCredentialJWT:
 		return e, createKongCredentialJWT(ctx, sdk.GetJWTCredentialsSDK(), ent)
+	case *configurationv1alpha1.KongCredentialHMAC:
+		return e, createKongCredentialHMAC(ctx, sdk.GetHMACCredentialsSDK(), ent)
 	case *configurationv1alpha1.KongCACertificate:
 		return e, createCACertificate(ctx, sdk.GetCACertificatesSDK(), ent)
 	case *configurationv1alpha1.KongCertificate:
@@ -136,6 +138,8 @@ func Delete[
 		return deleteKongCredentialACL(ctx, sdk.GetACLCredentialsSDK(), ent)
 	case *configurationv1alpha1.KongCredentialJWT:
 		return deleteKongCredentialJWT(ctx, sdk.GetJWTCredentialsSDK(), ent)
+	case *configurationv1alpha1.KongCredentialHMAC:
+		return deleteKongCredentialHMAC(ctx, sdk.GetHMACCredentialsSDK(), ent)
 	case *configurationv1alpha1.KongCACertificate:
 		return deleteCACertificate(ctx, sdk.GetCACertificatesSDK(), ent)
 	case *configurationv1alpha1.KongCertificate:
@@ -243,6 +247,8 @@ func Update[
 		return ctrl.Result{}, updateKongCredentialACL(ctx, sdk.GetACLCredentialsSDK(), ent)
 	case *configurationv1alpha1.KongCredentialJWT:
 		return ctrl.Result{}, updateKongCredentialJWT(ctx, sdk.GetJWTCredentialsSDK(), ent)
+	case *configurationv1alpha1.KongCredentialHMAC:
+		return ctrl.Result{}, updateKongCredentialHMAC(ctx, sdk.GetHMACCredentialsSDK(), ent)
 	case *configurationv1alpha1.KongCACertificate:
 		return ctrl.Result{}, updateCACertificate(ctx, sdk.GetCACertificatesSDK(), ent)
 	case *configurationv1alpha1.KongCertificate: