Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate istiointegration #36

Merged
merged 6 commits into from
Jan 31, 2022
Merged

Generate istiointegration #36

merged 6 commits into from
Jan 31, 2022

Conversation

eguzki
Copy link
Collaborator

@eguzki eguzki commented Jan 24, 2022
edited
Loading

Generate VirtualService command

Command to generate VirtualService from OpenAPI

kuadrantctl generate istio virtualservice

Running example using the following OpenAPI:

---
openapi: "3.0.0"
info:
  title: "Pet Store API"
  version: "1.0.0"
servers:
  - url: https://toplevel.example.io/v1
paths:
  /cat:
    get:
      operationId: "getCat"
      responses:
        405:
          description: "invalid input"
    post:
      operationId: "postCat"
      responses:
        405:
          description: "invalid input"
  /dog:
    get:
      operationId: "getDog"
      responses:
        405:
          description: "invalid input"

Service being deployed with a service name petstore at the namespace petstore

kuadrantctl generate istio virtualservice --oas petstore.yaml --gateway kuadrant --public-host example.io --service-name petstore --service-namespace petstore

Genereted virtualservice

kind: VirtualService
apiVersion: networking.istio.io/v1beta1
metadata:
  name: petstoreapi
  creationTimestamp: null
spec:
  hosts:
    - example.io
  gateways:
    - kuadrant
  http:
    - name: getCat
      match:
        - uri:
            exact: /cat
          method:
            exact: GET
      route:
        - destination:
            host: petstore.petstore.svc
            port:
              number: 80
    - name: postCat
      match:
        - uri:
            exact: /cat
          method:
            exact: POST
      route:
        - destination:
            host: petstore.petstore.svc
            port:
              number: 80
    - name: getDog
      match:
        - uri:
            exact: /dog
          method:
            exact: GET
      route:
        - destination:
            host: petstore.petstore.svc
            port:
              number: 80

Generate AuthenticationPolicy command

Command to generate global AuthenticationPolicy

kuadrantctl generate istio authorizationpolicy

Running example Using the following OpenAPI spec that contains three operations:

  • one not secured
  • one with apiKey sec requirement
  • one with OIDC sec requirement
---
openapi: "3.1.0"
info:
  title: "Pet Store API"
  version: "1.0.0"
servers:
  - url: https://toplevel.example.io/v1
paths:
  /cat:
    get:  # No sec requirements
      operationId: "getCat"
      responses:
        405:
          description: "invalid input"
    post:  # API key
      operationId: "postCat"
      security:
        - petstore_api_key: []
      responses:
        405:
          description: "invalid input"
  /dog:
    get:  # OIDC
      operationId: "getDog"
      security:
        - petstore_oidc:
          - read:dogs
      responses:
        405:
          description: "invalid input"
components:
  securitySchemes:
    petstore_api_key:
      type: apiKey
      name: api_key
      in: header
    petstore_oidc:
      type: openIdConnect
      openIdConnectUrl: http://example.org/auth/realms/myrealm
kuadrantctl generate istio authorizationpolicy --oas petstore.yaml --public-host example.io --gateway-label app=kuadrant

Genereted authorizationpolicy

kind: AuthorizationPolicy
apiVersion: security.istio.io/v1beta1
metadata:
  name: petstoreapi
  creationTimestamp: null
spec:
  selector:
    matchLabels:
      app: kuadrant
  rules:
    - to:
        - operation:
            hosts:
              - example.io
            methods:
              - POST
            paths:
              - /cat
    - to:
        - operation:
            hosts:
              - example.io
            methods:
              - GET
            paths:
              - /dog
  action: CUSTOM
  provider:
    name: kuadrant-authorization

@eguzki eguzki force-pushed the generate-istiointegration branch from 9501b0a to 5be758d Compare January 24, 2022 17:17
@eguzki eguzki marked this pull request as ready for review January 24, 2022 17:19
@eguzki eguzki requested a review from a team January 24, 2022 17:19
@codecov-commenter
Copy link

Codecov Report

❗ No coverage uploaded for pull request base (main@98434dc). Click here to learn what that means.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             main      #36   +/-   ##
=======================================
  Coverage        ?   30.36%           
=======================================
  Files           ?       19           
  Lines           ?     1021           
  Branches        ?        0           
=======================================
  Hits            ?      310           
  Misses          ?      660           
  Partials        ?       51

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 98434dc...620baee. Read the comment docs.

@eguzki eguzki mentioned this pull request Jan 27, 2022
Merged
@eguzki
Copy link
Collaborator Author

eguzki commented Jan 31, 2022

No review in 7 days... applying automerge if nobody reviews in 7 days well known merge policy

@eguzki eguzki merged commit 6050b45 into main Jan 31, 2022
@eguzki eguzki deleted the generate-istiointegration branch January 31, 2022 13:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@eguzki @codecov-commenter