Merge pull request #203 from Kuadrant/kuadrant-api-group

Change AuthConfig CRD group to `authorino.kuadrant.io`
Kuadrant · Dec 13, 2021 · dc811c4 · dc811c4
2 parents 1964c78 + d92792a
commit dc811c4
Show file tree

Hide file tree

Showing 42 changed files with 1,251 additions and 151 deletions.
diff --git a/PROJECT b/PROJECT
@@ -1,4 +1,4 @@
-domain: authorino.3scale.net
+domain: authorino.kuadrant.io
 layout: go.kubebuilder.io/v2
 projectName: authorino
 repo: github.com/kuadrant/authorino/

diff --git a/api/v1beta1/groupversion_info.go b/api/v1beta1/groupversion_info.go
@@ -16,7 +16,7 @@ limitations under the License.
 
 // Package v1beta1 contains API Schema definitions for the config v1beta1 API group
 // +kubebuilder:object:generate=true
-// +groupName=authorino.3scale.net
+// +groupName=authorino.kuadrant.io
 package v1beta1
 
 import (
@@ -26,7 +26,7 @@ import (
 
 var (
 	// GroupVersion is group version used to register these objects
-	GroupVersion = schema.GroupVersion{Group: "authorino.3scale.net", Version: "v1beta1"}
+	GroupVersion = schema.GroupVersion{Group: "authorino.kuadrant.io", Version: "v1beta1"}
 
 	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
 	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

diff --git a/controllers/auth_config_controller.go b/controllers/auth_config_controller.go
@@ -54,7 +54,7 @@ type AuthConfigReconciler struct {
 	LabelSelector labels.Selector
 }
 
-// +kubebuilder:rbac:groups=authorino.3scale.net,resources=authconfigs,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=authorino.kuadrant.io,resources=authconfigs,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=authentication.k8s.io,resources=tokenreviews,verbs=create
 // +kubebuilder:rbac:groups=authorization.k8s.io,resources=subjectaccessreviews,verbs=create
 

diff --git a/controllers/auth_config_controller_test.go b/controllers/auth_config_controller_test.go
@@ -41,7 +41,7 @@ func newTestAuthConfig(authConfigLabels map[string]string) v1beta1.AuthConfig {
 	return v1beta1.AuthConfig{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "AuthConfig",
-			APIVersion: "authorino.3scale.net/v1beta1",
+			APIVersion: "authorino.kuadrant.io/v1beta1",
 		},
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "auth-config-1",
@@ -211,7 +211,7 @@ func TestMissingWatchedAuthConfigLabels(t *testing.T) {
 	defer mockController.Finish()
 	cacheMock := mock_cache.NewMockCache(mockController)
 
-	authConfig := newTestAuthConfig(map[string]string{"authorino.3scale.net/managed-by": "authorino"})
+	authConfig := newTestAuthConfig(map[string]string{"authorino.kuadrant.io/managed-by": "authorino"})
 	authConfigName := types.NamespacedName{Name: authConfig.Name, Namespace: authConfig.Namespace}
 	secret := newTestOAuthClientSecret()
 	client := newTestK8sClient(&authConfig, &secret)
@@ -232,12 +232,12 @@ func TestMatchingAuthConfigLabels(t *testing.T) {
 	defer mockController.Finish()
 	cacheMock := mock_cache.NewMockCache(mockController)
 
-	authConfig := newTestAuthConfig(map[string]string{"authorino.3scale.net/managed-by": "authorino"})
+	authConfig := newTestAuthConfig(map[string]string{"authorino.kuadrant.io/managed-by": "authorino"})
 	authConfigName := types.NamespacedName{Name: authConfig.Name, Namespace: authConfig.Namespace}
 	secret := newTestOAuthClientSecret()
 	client := newTestK8sClient(&authConfig, &secret)
 	reconciler := newTestAuthConfigReconciler(client, cacheMock)
-	reconciler.LabelSelector = ToLabelSelector("authorino.3scale.net/managed-by=authorino")
+	reconciler.LabelSelector = ToLabelSelector("authorino.kuadrant.io/managed-by=authorino")
 
 	cacheMock.EXPECT().FindKeys(authConfigName.String()).Return([]string{})
 	cacheMock.EXPECT().FindId("echo-api").Return("", false)
@@ -254,12 +254,12 @@ func TestUnmatchingAuthConfigLabels(t *testing.T) {
 	defer mockController.Finish()
 	cacheMock := mock_cache.NewMockCache(mockController)
 
-	authConfig := newTestAuthConfig(map[string]string{"authorino.3scale.net/managed-by": "other"})
+	authConfig := newTestAuthConfig(map[string]string{"authorino.kuadrant.io/managed-by": "other"})
 	authConfigName := types.NamespacedName{Name: authConfig.Name, Namespace: authConfig.Namespace}
 	secret := newTestOAuthClientSecret()
 	client := newTestK8sClient(&authConfig, &secret)
 	reconciler := newTestAuthConfigReconciler(client, cacheMock)
-	reconciler.LabelSelector = ToLabelSelector("authorino.3scale.net/managed-by=authorino")
+	reconciler.LabelSelector = ToLabelSelector("authorino.kuadrant.io/managed-by=authorino")
 
 	cacheMock.EXPECT().FindKeys(authConfigName.String()).Return([]string{})
 	cacheMock.EXPECT().Delete(authConfigName.String())

diff --git a/controllers/auth_config_status_updater.go b/controllers/auth_config_status_updater.go
@@ -20,7 +20,7 @@ type AuthConfigStatusUpdater struct {
 	LabelSelector labels.Selector
 }
 
-// +kubebuilder:rbac:groups=authorino.3scale.net,resources=authconfigs/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=authorino.kuadrant.io,resources=authconfigs/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;create;update
 
 func (u *AuthConfigStatusUpdater) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {

diff --git a/controllers/auth_config_status_updater_test.go b/controllers/auth_config_status_updater_test.go
@@ -19,7 +19,7 @@ func newStatusUpdateAuthConfig(authConfigLabels map[string]string) v1beta1.AuthC
 	return v1beta1.AuthConfig{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "AuthConfig",
-			APIVersion: "authorino.3scale.net/v1beta1",
+			APIVersion: "authorino.kuadrant.io/v1beta1",
 		},
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "auth-config-1",
@@ -59,7 +59,7 @@ func TestAuthConfigStatusUpdater_Reconcile(t *testing.T) {
 }
 
 func TestAuthConfigStatusUpdater_MissingWatchedAuthConfigLabels(t *testing.T) {
-	authConfig := newTestAuthConfig(map[string]string{"authorino.3scale.net/managed-by": "authorino"})
+	authConfig := newTestAuthConfig(map[string]string{"authorino.kuadrant.io/managed-by": "authorino"})
 	resourceName := types.NamespacedName{Namespace: authConfig.Namespace, Name: authConfig.Name}
 	client := newTestK8sClient(&authConfig)
 	reconciler := newStatusUpdaterReconciler(client)
@@ -75,11 +75,11 @@ func TestAuthConfigStatusUpdater_MissingWatchedAuthConfigLabels(t *testing.T) {
 }
 
 func TestAuthConfigStatusUpdater_MatchingAuthConfigLabels(t *testing.T) {
-	authConfig := newTestAuthConfig(map[string]string{"authorino.3scale.net/managed-by": "authorino"})
+	authConfig := newTestAuthConfig(map[string]string{"authorino.kuadrant.io/managed-by": "authorino"})
 	resourceName := types.NamespacedName{Namespace: authConfig.Namespace, Name: authConfig.Name}
 	client := newTestK8sClient(&authConfig)
 	reconciler := newStatusUpdaterReconciler(client)
-	reconciler.LabelSelector = ToLabelSelector("authorino.3scale.net/managed-by=authorino")
+	reconciler.LabelSelector = ToLabelSelector("authorino.kuadrant.io/managed-by=authorino")
 
 	result, err := reconciler.Reconcile(context.Background(), controllerruntime.Request{NamespacedName: resourceName})
 
@@ -92,11 +92,11 @@ func TestAuthConfigStatusUpdater_MatchingAuthConfigLabels(t *testing.T) {
 }
 
 func TestAuthConfigStatusUpdater_UnmatchingAuthConfigLabels(t *testing.T) {
-	authConfig := newTestAuthConfig(map[string]string{"authorino.3scale.net/managed-by": "other"})
+	authConfig := newTestAuthConfig(map[string]string{"authorino.kuadrant.io/managed-by": "other"})
 	resourceName := types.NamespacedName{Namespace: authConfig.Namespace, Name: authConfig.Name}
 	client := newTestK8sClient(&authConfig)
 	reconciler := newStatusUpdaterReconciler(client)
-	reconciler.LabelSelector = ToLabelSelector("authorino.3scale.net/managed-by=authorino")
+	reconciler.LabelSelector = ToLabelSelector("authorino.kuadrant.io/managed-by=authorino")
 
 	result, err := reconciler.Reconcile(context.Background(), controllerruntime.Request{NamespacedName: resourceName})
 

diff --git a/controllers/label_selector_test.go b/controllers/label_selector_test.go
@@ -82,36 +82,36 @@ func TestToLabelSelector(t *testing.T) {
 	reqs, _ = selector.Requirements()
 	assert.Equal(t, len(reqs), 0)
 	assert.Check(t, selector.Matches(labels.Set{}))
-	assert.Check(t, selector.Matches(labels.Set{"authorino.3scale.net/managed-by": "authorino"}))
+	assert.Check(t, selector.Matches(labels.Set{"authorino.kuadrant.io/managed-by": "authorino"}))
 
-	selector = ToLabelSelector("authorino.3scale.net/managed-by=authorino")
+	selector = ToLabelSelector("authorino.kuadrant.io/managed-by=authorino")
 	reqs, _ = selector.Requirements()
 	assert.Equal(t, len(reqs), 1)
-	assert.Check(t, selector.Matches(labels.Set{"authorino.3scale.net/managed-by": "authorino"}))
+	assert.Check(t, selector.Matches(labels.Set{"authorino.kuadrant.io/managed-by": "authorino"}))
 
-	selector = ToLabelSelector("authorino.3scale.net/managed-by!=authorino")
+	selector = ToLabelSelector("authorino.kuadrant.io/managed-by!=authorino")
 	reqs, _ = selector.Requirements()
 	assert.Equal(t, len(reqs), 1)
-	assert.Check(t, !selector.Matches(labels.Set{"authorino.3scale.net/managed-by": "authorino"}))
+	assert.Check(t, !selector.Matches(labels.Set{"authorino.kuadrant.io/managed-by": "authorino"}))
 
-	selector = ToLabelSelector("!authorino.3scale.net/managed-by")
+	selector = ToLabelSelector("!authorino.kuadrant.io/managed-by")
 	reqs, _ = selector.Requirements()
 	assert.Equal(t, len(reqs), 1)
-	assert.Check(t, !selector.Matches(labels.Set{"authorino.3scale.net/managed-by": "authorino"}))
+	assert.Check(t, !selector.Matches(labels.Set{"authorino.kuadrant.io/managed-by": "authorino"}))
 
-	selector = ToLabelSelector("authorino.3scale.net/managed-by=authorino,other-label=other-value")
+	selector = ToLabelSelector("authorino.kuadrant.io/managed-by=authorino,other-label=other-value")
 	reqs, _ = selector.Requirements()
 	assert.Equal(t, len(reqs), 2)
 	assert.Check(t, selector.Matches(labels.Set{
-		"authorino.3scale.net/managed-by": "authorino",
-		"other-label":                     "other-value",
+		"authorino.kuadrant.io/managed-by": "authorino",
+		"other-label":                      "other-value",
 	}))
 
-	selector = ToLabelSelector("authorino.3scale.net/managed-by in (authorino,kuadrant)")
+	selector = ToLabelSelector("authorino.kuadrant.io/managed-by in (authorino,kuadrant)")
 	reqs, _ = selector.Requirements()
 	assert.Equal(t, len(reqs), 1)
-	assert.Check(t, selector.Matches(labels.Set{"authorino.3scale.net/managed-by": "authorino"}))
-	assert.Check(t, selector.Matches(labels.Set{"authorino.3scale.net/managed-by": "kuadrant"}))
+	assert.Check(t, selector.Matches(labels.Set{"authorino.kuadrant.io/managed-by": "authorino"}))
+	assert.Check(t, selector.Matches(labels.Set{"authorino.kuadrant.io/managed-by": "kuadrant"}))
 
 	selector = ToLabelSelector("inval*id-lab?el")
 	reqs, _ = selector.Requirements()

diff --git a/controllers/secret_controller_test.go b/controllers/secret_controller_test.go
@@ -74,7 +74,7 @@ func newSecretReconcilerTest(secretLabels map[string]string) secretReconcilerTes
 	authConfig := v1beta1.AuthConfig{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "AuthConfig",
-			APIVersion: "authorino.3scale.net/v1beta1",
+			APIVersion: "authorino.kuadrant.io/v1beta1",
 		},
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "auth-config-1",
@@ -87,8 +87,8 @@ func newSecretReconcilerTest(secretLabels map[string]string) secretReconcilerTes
 					Name: "friends",
 					APIKey: &v1beta1.Identity_APIKey{
 						LabelSelectors: map[string]string{
-							"authorino.3scale.net/managed-by": "authorino",
-							"target":                          "echo-api",
+							"authorino.kuadrant.io/managed-by": "authorino",
+							"target":                           "echo-api",
 						},
 					},
 				},
@@ -115,7 +115,7 @@ func newSecretReconcilerTest(secretLabels map[string]string) secretReconcilerTes
 		Client:               client,
 		Logger:               log.WithName("test").WithName("secretreconciler"),
 		Scheme:               nil,
-		LabelSelector:        ToLabelSelector("authorino.3scale.net/managed-by=authorino"),
+		LabelSelector:        ToLabelSelector("authorino.kuadrant.io/managed-by=authorino"),
 		AuthConfigReconciler: authConfigReconciler,
 	}
 
@@ -140,7 +140,7 @@ func (t *secretReconcilerTest) reconcile() (reconcile.Result, error) {
 
 func TestSetupSecretReconcilerWithManager(t *testing.T) {
 	reconcilerTest := newSecretReconcilerTest(map[string]string{
-		"authorino.3scale.net/managed-by": "authorino",
+		"authorino.kuadrant.io/managed-by": "authorino",
 	})
 	secretReconciler := reconcilerTest.secretReconciler
 
@@ -162,7 +162,7 @@ func TestSetupSecretReconcilerWithManager(t *testing.T) {
 func TestMissingWatchedSecretLabels(t *testing.T) {
 	// secret missing the authorino "managed-by" label
 	reconcilerTest := newSecretReconcilerTest(map[string]string{
-		"authorino.3scale.net/managed-by": "authorino",
+		"authorino.kuadrant.io/managed-by": "authorino",
 	})
 
 	_, err := reconcilerTest.reconcile()
@@ -174,8 +174,8 @@ func TestMissingWatchedSecretLabels(t *testing.T) {
 func TestMatchingSecretLabels(t *testing.T) {
 	// secret with the authorino "managed-by" label and the same labels as specified in the auth config
 	reconcilerTest := newSecretReconcilerTest(map[string]string{
-		"authorino.3scale.net/managed-by": "authorino",
-		"target":                          "echo-api",
+		"authorino.kuadrant.io/managed-by": "authorino",
+		"target":                           "echo-api",
 	})
 
 	_, err := reconcilerTest.reconcile()
@@ -190,7 +190,7 @@ func TestMatchingSecretLabels(t *testing.T) {
 func TestUnmatchingSecretLabels(t *testing.T) {
 	// secret with the authorino "managed-by" label but not the same labels as specified in the auth config
 	reconcilerTest := newSecretReconcilerTest(map[string]string{
-		"authorino.3scale.net/managed-by": "authorino",
+		"authorino.kuadrant.io/managed-by": "authorino",
 	})
 
 	_, err := reconcilerTest.reconcile()

diff --git a/docs/architecture.md b/docs/architecture.md
@@ -91,7 +91,7 @@ The desired protection for a service is declaratively stated by applying an `Aut
 An `AuthConfig` resource typically looks like the following:
 
 ```yaml
-apiVersion: authorino.3scale.net/v1beta1
+apiVersion: authorino.kuadrant.io/v1beta1
 kind: AuthConfig
 metadata:
   name: my-api-protection
@@ -140,7 +140,7 @@ spec:
     unauthorized: {…}
 ```
 
-Check out the [OAS](/install/crd/authorino.3scale.net_authconfigs.yaml) of the `AuthConfig` CRD for a formal specification of the options for `identity` verification, external `metadata` fetching, `authorization` policies, and dynamic `response`, as well as any other host protection capability implemented by Authorino.
+Check out the [OAS](/install/crd/authorino.kuadrant.io_authconfigs.yaml) of the `AuthConfig` CRD for a formal specification of the options for `identity` verification, external `metadata` fetching, `authorization` policies, and dynamic `response`, as well as any other host protection capability implemented by Authorino.
 
 You can also read the specification from the CLI using the [`kubectl explain`](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#explain) command. The Authorino CRD is required to have been installed in Kubernetes cluster. E.g. `kubectl explain authconfigs.spec.identity.extendedProperties`.
 
@@ -162,7 +162,7 @@ The status of an `AuthConfig` tells whether the resource is "ready" (i.e. cached
 
 Apart from watching events related to `AuthConfig` custom resources, Authorino also watches events related to Kubernetes `Secret`s, as part of Authorino's [API key authentication](./features.md#api-key-identityapikey) feature. `Secret` resources that store API keys are linked-cached to their corresponding `AuthConfig`s. Whenever the Authorino instance detects a change in the set of API key `Secret`s linked to an `AuthConfig`s, the instance reconciles the cache.
 
-Authorino only watches events related to `Secret`s whose `metadata.labels` match the label selector `SECRET_LABEL_SELECTOR` of the Authorino instance. The default values of the label selector for Kubernetes `Secret`s representing Authorino API keys is `authorino.3scale.net/managed-by=authorino`.
+Authorino only watches events related to `Secret`s whose `metadata.labels` match the label selector `SECRET_LABEL_SELECTOR` of the Authorino instance. The default values of the label selector for Kubernetes `Secret`s representing Authorino API keys is `authorino.kuadrant.io/managed-by=authorino`.
 
 ## The "Auth Pipeline" (_aka:_ enforcing protection in request-time)
 
@@ -317,10 +317,10 @@ Authorino's custom controllers filter the `AuthConfig`-related events to be reco
 The following are all valid examples of `AuthConfig` label selector filters:
 
 ```
-AUTH_CONFIG_LABEL_SELECTOR="authorino.3scale.net/managed-by=authorino"
-AUTH_CONFIG_LABEL_SELECTOR="authorino.3scale.net/managed-by=authorino,other-label=other-value"
-AUTH_CONFIG_LABEL_SELECTOR="authorino.3scale.net/managed-by in (authorino,kuadrant)"
-AUTH_CONFIG_LABEL_SELECTOR="authorino.3scale.net/managed-by!=authorino-v0.4"
+AUTH_CONFIG_LABEL_SELECTOR="authorino.kuadrant.io/managed-by=authorino"
+AUTH_CONFIG_LABEL_SELECTOR="authorino.kuadrant.io/managed-by=authorino,other-label=other-value"
+AUTH_CONFIG_LABEL_SELECTOR="authorino.kuadrant.io/managed-by in (authorino,kuadrant)"
+AUTH_CONFIG_LABEL_SELECTOR="authorino.kuadrant.io/managed-by!=authorino-v0.4"
 AUTH_CONFIG_LABEL_SELECTOR="!disabled"
 ```