From bdfb97110a7f8cbeb81554258b1e8b0ad4d9782f Mon Sep 17 00:00:00 2001 From: KevFan Date: Thu, 10 Oct 2024 14:50:38 +0100 Subject: [PATCH] refactors: docs to v1beta3 Signed-off-by: KevFan --- api/v1beta3/groupversion_info.go | 2 +- controllers/auth_config_controller_test.go | 2 +- .../auth_config_status_updater_test.go | 2 +- docs/architecture.md | 2 +- docs/features.md | 14 ++--- docs/getting-started.md | 2 +- docs/user-guides/anonymous-access.md | 2 +- docs/user-guides/api-key-authentication.md | 2 +- ...ed-rate-limiting-envoy-dynamic-metadata.md | 2 +- docs/user-guides/authzed.md | 2 +- docs/user-guides/caching.md | 2 +- .../deny-with-redirect-to-login.md | 4 +- ...cation-architecture-festival-wristbands.md | 4 +- .../envoy-jwt-authn-and-authorino.md | 2 +- docs/user-guides/external-metadata.md | 2 +- docs/user-guides/host-override.md | 6 +- docs/user-guides/http-basic-authentication.md | 2 +- docs/user-guides/injecting-data.md | 2 +- .../json-pattern-matching-authorization.md | 2 +- .../keycloak-authorization-services.md | 2 +- .../kubernetes-subjectaccessreview.md | 2 +- docs/user-guides/kubernetes-tokenreview.md | 2 +- docs/user-guides/mtls-authentication.md | 2 +- .../user-guides/oauth2-token-introspection.md | 2 +- docs/user-guides/observability.md | 38 ++++++------- docs/user-guides/oidc-jwt-authentication.md | 2 +- docs/user-guides/oidc-rbac.md | 2 +- docs/user-guides/oidc-user-info.md | 2 +- docs/user-guides/opa-authorization.md | 2 +- docs/user-guides/passing-credentials.md | 2 +- .../resource-level-authorization-uma.md | 2 +- docs/user-guides/sharding.md | 4 +- docs/user-guides/token-normalization.md | 2 +- docs/user-guides/validating-webhook.md | 56 +++++++++---------- 34 files changed, 89 insertions(+), 91 deletions(-) diff --git a/api/v1beta3/groupversion_info.go b/api/v1beta3/groupversion_info.go index 09196aca..14081838 100644 --- a/api/v1beta3/groupversion_info.go +++ b/api/v1beta3/groupversion_info.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -// Package v1beta2 contains API Schema definitions for the config v1beta2 API group +// Package v1beta3 contains API Schema definitions for the config v1beta3 API group // +kubebuilder:object:generate=true // +groupName=authorino.kuadrant.io package v1beta3 diff --git a/controllers/auth_config_controller_test.go b/controllers/auth_config_controller_test.go index 14beb56e..8169a6d3 100644 --- a/controllers/auth_config_controller_test.go +++ b/controllers/auth_config_controller_test.go @@ -110,7 +110,7 @@ func newTestAuthConfig(authConfigLabels map[string]string) api.AuthConfig { return api.AuthConfig{ TypeMeta: metav1.TypeMeta{ Kind: "AuthConfig", - APIVersion: "authorino.kuadrant.io/v1beta2", + APIVersion: "authorino.kuadrant.io/v1beta3", }, ObjectMeta: metav1.ObjectMeta{ Name: "auth-config-1", diff --git a/controllers/auth_config_status_updater_test.go b/controllers/auth_config_status_updater_test.go index 915e0e10..787b64b9 100644 --- a/controllers/auth_config_status_updater_test.go +++ b/controllers/auth_config_status_updater_test.go @@ -176,7 +176,7 @@ func mockStatusUpdateAuthConfigWithLabelsAndHosts(labels map[string]string, host return api.AuthConfig{ TypeMeta: metav1.TypeMeta{ Kind: "AuthConfig", - APIVersion: "authorino.kuadrant.io/v1beta2", + APIVersion: "authorino.kuadrant.io/v1beta3", }, ObjectMeta: metav1.ObjectMeta{ Name: "auth-config-1", diff --git a/docs/architecture.md b/docs/architecture.md index ff12f91c..677de8ac 100644 --- a/docs/architecture.md +++ b/docs/architecture.md @@ -71,7 +71,7 @@ The desired protection for a service is declaratively stated by applying an `Aut An `AuthConfig` resource typically looks like the following: ```yaml -apiVersion: authorino.kuadrant.io/v1beta2 +apiVersion: authorino.kuadrant.io/v1beta3 kind: AuthConfig metadata: name: my-api-protection diff --git a/docs/features.md b/docs/features.md index 0b7201e8..4978dc39 100644 --- a/docs/features.md +++ b/docs/features.md @@ -89,7 +89,7 @@ Whenever an `AuthConfig` is indexed, Authorino will also index all matching API **Example.** For the following `AuthConfig`: ```yaml -apiVersion: authorino.kuadrant.io/v1beta2 +apiVersion: authorino.kuadrant.io/v1beta3 kind: AuthConfig metadata: name: my-api-protection @@ -135,7 +135,7 @@ The list of `audiences` of the token must include the requested host and port of For the following `AuthConfig` CR, the Kubernetes token must include the audience `my-api.io`: ```yaml -apiVersion: authorino.kuadrant.io/v1beta2 +apiVersion: authorino.kuadrant.io/v1beta3 kind: AuthConfig metadata: name: my-api-protection @@ -150,7 +150,7 @@ spec: Whereas for the following `AuthConfig` CR, the Kubernetes token audiences must include **foo** and **bar**: ```yaml -apiVersion: authorino.kuadrant.io/v1beta2 +apiVersion: authorino.kuadrant.io/v1beta3 kind: AuthConfig metadata: name: my-api-protection @@ -606,7 +606,7 @@ User-defined dynamic JSON objects generated by Authorino in the response phase, The following Authorino `AuthConfig` custom resource is an example that defines 3 dynamic JSON response items, where two items are returned to the client, stringified, in added HTTP headers, and the third as Envoy Dynamic Metadata. Envoy proxy can be configured to propagate the dynamic metadata emitted by Authorino into another filter – e.g. the rate limit filter. ```yaml -apiVersion: authorino.kuadrant.io/v1beta2 +apiVersion: authorino.kuadrant.io/v1beta3 kind: AuthConfig metadata: namespace: my-namespace @@ -656,7 +656,7 @@ Festival Wristbands are signed OpenID Connect JSON Web Tokens (JWTs) issued by A The Authorino `AuthConfig` custom resource below sets an API protection that issues a wristband after a successful authentication via API key. Apart from standard JWT claims, the wristband contains 2 custom claims: a static value `aud=internal` and a dynamic value `born` that fetches from the authorization JSON the date/time of creation of the secret that represents the API key used to authenticate. ```yaml -apiVersion: authorino.kuadrant.io/v1beta2 +apiVersion: authorino.kuadrant.io/v1beta3 kind: AuthConfig metadata: namespace: my-namespace @@ -750,7 +750,7 @@ Priorities can be set using the `priority` property available in all evaluator c Consider the following example to understand how priorities work: ```yaml -apiVersion: authorino.kuadrant.io/v1beta2 +apiVersion: authorino.kuadrant.io/v1beta3 kind: AuthConfig metadata: name: talker-api-protection @@ -1116,7 +1116,7 @@ By default, Authorino will only export metrics down to the level of the AuthConf E.g.: ```yaml -apiVersion: authorino.kuadrant.io/v1beta2 +apiVersion: authorino.kuadrant.io/v1beta3 kind: AuthConfig metadata: name: my-authconfig diff --git a/docs/getting-started.md b/docs/getting-started.md index 40fc1ae5..7c1af613 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -333,7 +333,7 @@ For authentication based on OpenID Connect (OIDC) JSON Web Tokens (JWT), plus on ```sh kubectl -n myapp apply -f -<&1 >/dev/null & ```sh kubectl -n internal apply -f -<Booting up the service ```jsonc - {"level":"info","ts":1669220526.929678,"logger":"authorino","msg":"setting instance base logger","min level":"debug","mode":"production"} - {"level":"info","ts":1669220526.929718,"logger":"authorino","msg":"booting up authorino","version":"7688cfa32317a49f0461414e741c980e9c05dba3"} - {"level":"debug","ts":1669220526.9297278,"logger":"authorino","msg":"setting up with options","auth-config-label-selector":"","deep-metrics-enabled":"false","enable-leader-election":"false","evaluator-cache-size":"1","ext-auth-grpc-port":"50051","ext-auth-http-port":"5001","health-probe-addr":":8081","log-level":"debug","log-mode":"production","max-http-request-body-size":"8192","metrics-addr":":8080","oidc-http-port":"8083","oidc-tls-cert":"/etc/ssl/certs/oidc.crt","oidc-tls-cert-key":"/etc/ssl/private/oidc.key","secret-label-selector":"authorino.kuadrant.io/managed-by=authorino","timeout":"0","tls-cert":"/etc/ssl/certs/tls.crt","tls-cert-key":"/etc/ssl/private/tls.key","watch-namespace":"default"} - {"level":"info","ts":1669220527.9816976,"logger":"authorino.controller-runtime.metrics","msg":"Metrics server is starting to listen","addr":":8080"} - {"level":"info","ts":1669220527.9823213,"logger":"authorino","msg":"starting grpc auth service","port":50051,"tls":true} - {"level":"info","ts":1669220527.9823658,"logger":"authorino","msg":"starting http auth service","port":5001,"tls":true} - {"level":"info","ts":1669220527.9824295,"logger":"authorino","msg":"starting http oidc service","port":8083,"tls":true} - {"level":"info","ts":1669220527.9825335,"logger":"authorino","msg":"starting manager"} - {"level":"info","ts":1669220527.982721,"logger":"authorino","msg":"Starting server","path":"/metrics","kind":"metrics","addr":"[::]:8080"} - {"level":"info","ts":1669220527.982766,"logger":"authorino","msg":"Starting server","kind":"health probe","addr":"[::]:8081"} - {"level":"info","ts":1669220527.9829438,"logger":"authorino.controller.secret","msg":"Starting EventSource","reconciler group":"","reconciler kind":"Secret","source":"kind source: *v1.Secret"} - {"level":"info","ts":1669220527.9829693,"logger":"authorino.controller.secret","msg":"Starting Controller","reconciler group":"","reconciler kind":"Secret"} - {"level":"info","ts":1669220527.9829714,"logger":"authorino.controller.authconfig","msg":"Starting EventSource","reconciler group":"authorino.kuadrant.io","reconciler kind":"AuthConfig","source":"kind source: *v1beta1.AuthConfig"} - {"level":"info","ts":1669220527.9830208,"logger":"authorino.controller.authconfig","msg":"Starting Controller","reconciler group":"authorino.kuadrant.io","reconciler kind":"AuthConfig"} - {"level":"info","ts":1669220528.0834699,"logger":"authorino.controller.authconfig","msg":"Starting workers","reconciler group":"authorino.kuadrant.io","reconciler kind":"AuthConfig","worker count":1} - {"level":"info","ts":1669220528.0836608,"logger":"authorino.controller.secret","msg":"Starting workers","reconciler group":"","reconciler kind":"Secret","worker count":1} - {"level":"info","ts":1669220529.041266,"logger":"authorino","msg":"starting status update manager"} - {"level":"info","ts":1669220529.0418258,"logger":"authorino.controller.authconfig","msg":"Starting EventSource","reconciler group":"authorino.kuadrant.io","reconciler kind":"AuthConfig","source":"kind source: *v1beta1.AuthConfig"} - {"level":"info","ts":1669220529.0418813,"logger":"authorino.controller.authconfig","msg":"Starting Controller","reconciler group":"authorino.kuadrant.io","reconciler kind":"AuthConfig"} - {"level":"info","ts":1669220529.1432905,"logger":"authorino.controller.authconfig","msg":"Starting workers","reconciler group":"authorino.kuadrant.io","reconciler kind":"AuthConfig","worker count":1} + {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"setting instance base logger","min level":"info","mode":"production"} + {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"build information","version":"v1beta3","commit":"ae2dc8150af2e6cdb35957ba7305c4c2a76d6149","dirty":"false","cmd":"server"} + {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"starting http auth service","port":5001,"tls":false} + {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"starting grpc auth service","port":50051,"tls":false} + {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"starting http oidc service","port":8083,"tls":false} + {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"starting reconciliation manager"} + {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"starting server","kind":"health probe","addr":"[::]:8081"} + {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino.controller-runtime.metrics","msg":"Starting metrics server"} + {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino.controller-runtime.metrics","msg":"Serving metrics server","bindAddress":":8080","secure":false} + {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"Starting EventSource","controller":"authconfig","controllerGroup":"authorino.kuadrant.io","controllerKind":"AuthConfig","source":"kind source: *v1beta3.AuthConfig"} + {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"Starting EventSource","controller":"secret","controllerGroup":"","controllerKind":"Secret","source":"kind source: *v1.Secret"} + {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"Starting Controller","controller":"secret","controllerGroup":"","controllerKind":"Secret"} + {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"Starting Controller","controller":"authconfig","controllerGroup":"authorino.kuadrant.io","controllerKind":"AuthConfig"} + {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"starting status update manager"} + {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"Starting EventSource","controller":"authconfig","controllerGroup":"authorino.kuadrant.io","controllerKind":"AuthConfig","source":"kind source: *v1beta3.AuthConfig"} + {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"Starting Controller","controller":"authconfig","controllerGroup":"authorino.kuadrant.io","controllerKind":"AuthConfig"} + {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"Starting workers","controller":"secret","controllerGroup":"","controllerKind":"Secret","worker count":1} + {"level":"info","ts":"2024-10-07T10:31:02+01:00","logger":"authorino","msg":"Starting workers","controller":"authconfig","controllerGroup":"authorino.kuadrant.io","controllerKind":"AuthConfig","worker count":1} ``` diff --git a/docs/user-guides/oidc-jwt-authentication.md b/docs/user-guides/oidc-jwt-authentication.md index 62bd3255..1b19cbd7 100644 --- a/docs/user-guides/oidc-jwt-authentication.md +++ b/docs/user-guides/oidc-jwt-authentication.md @@ -135,7 +135,7 @@ Create an Authorino `AuthConfig` custom resource declaring the auth rules to be ```sh kubectl apply -f -<