Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build: Update CRDs and k8s dependencies #48

Merged
merged 6 commits into from
May 7, 2021
Merged

build: Update CRDs and k8s dependencies #48

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
86ce11d
Update CRDs and k8s dependencies
colunira Apr 28, 2021
ff49e25
Update contract
colunira Apr 28, 2021
6952266
Update go version
colunira Apr 28, 2021
c708035
Update circleci config
colunira May 4, 2021
55c9386
Add preserve unknown fields
colunira May 5, 2021
a1e0077
Fixed problem with SelfLink
Tomasz-Smelcerz-SAP May 7, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# Image URL to use all building/pushing image targets
IMG ?= controller:latest
# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
CRD_OPTIONS ?= "crd:trivialVersions=true"
CRD_OPTIONS ?= "crd:trivialVersions=true,crdVersions=v1"

run-with-cleanup = $(1) && $(2) || (ret=$$?; $(2) && exit $$ret)

Expand Down Expand Up @@ -87,7 +87,7 @@ docker-push:
# download controller-gen if necessary
controller-gen:
ifeq (, $(shell which controller-gen))
go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.9
go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.5.0
CONTROLLER_GEN=$(shell which controller-gen)
else
CONTROLLER_GEN=$(shell which controller-gen)
Expand Down
216 changes: 116 additions & 100 deletions config/crd/bases/oathkeeper.ory.sh_rules.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@

---
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
Expand All @@ -15,119 +15,135 @@ spec:
plural: rules
singular: rule
scope: Namespaced
validation:
openAPIV3Schema:
description: Rule is the Schema for the rules API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: RuleSpec defines the desired state of Rule
properties:
authenticators:
items:
description: Authenticator represents a handler that authenticates provided credentials.
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Rule is the Schema for the rules API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: RuleSpec defines the desired state of Rule
properties:
authenticators:
items:
description: Authenticator represents a handler that authenticates
provided credentials.
properties:
config:
description: Config configures the handler. Configuration keys
vary per handler.
type: object
handler:
description: Name is the name of a handler
type: string
required:
- handler
type: object
type: array
authorizer:
description: Authorizer represents a handler that authorizes the subject
("user") from the previously validated credentials making the request.
properties:
config:
description: Config configures the handler. Configuration keys vary per handler.
description: Config configures the handler. Configuration keys
vary per handler.
type: object
handler:
description: Name is the name of a handler
type: string
required:
- handler
type: object
type: array
authorizer:
description: Authorizer represents a handler that authorizes the subject ("user") from the previously validated credentials making the request.
properties:
config:
description: Config configures the handler. Configuration keys vary per handler.
type: object
handler:
description: Name is the name of a handler
type: string
required:
- handler
type: object
configMapName:
description: ConfigMapName points to the K8s ConfigMap that contains these rules
maxLength: 253
minLength: 1
pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
type: string
match:
description: Match defines the URL(s) that an access rule should match.
properties:
methods:
description: Methods represent an array of HTTP methods (e.g. GET, POST, PUT, DELETE, ...)
items:
configMapName:
description: ConfigMapName points to the K8s ConfigMap that contains
these rules
maxLength: 253
minLength: 1
pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
type: string
match:
description: Match defines the URL(s) that an access rule should match.
properties:
methods:
description: Methods represent an array of HTTP methods (e.g.
GET, POST, PUT, DELETE, ...)
items:
type: string
type: array
url:
description: URL is the URL that should be matched. It supports
regex templates.
type: string
type: array
url:
description: URL is the URL that should be matched. It supports regex templates.
type: string
required:
- methods
- url
type: object
mutators:
items:
description: Mutator represents a handler that transforms the HTTP request before forwarding it.
required:
- methods
- url
type: object
mutators:
items:
description: Mutator represents a handler that transforms the HTTP
request before forwarding it.
properties:
config:
description: Config configures the handler. Configuration keys
vary per handler.
type: object
handler:
description: Name is the name of a handler
type: string
required:
- handler
type: object
type: array
upstream:
description: Upstream represents the location of a server where requests
matching a rule should be forwarded to.
properties:
config:
description: Config configures the handler. Configuration keys vary per handler.
type: object
handler:
description: Name is the name of a handler
preserveHost:
description: PreserveHost includes the host and port of the url
value if set to false. If true, the host and port of the ORY
Oathkeeper Proxy will be used instead.
type: boolean
stripPath:
description: StripPath replaces the provided path prefix when
forwarding the requested URL to the upstream URL.
type: string
url:
description: URL defines the target URL for incoming requests
maxLength: 256
minLength: 3
pattern: ^(?:https?:\/\/)?(?:[^@\/\n]+@)?(?:www\.)?([^:\/\n]+)
type: string
required:
- handler
- url
type: object
type: array
upstream:
description: Upstream represents the location of a server where requests matching a rule should be forwarded to.
properties:
preserveHost:
description: PreserveHost includes the host and port of the url value if set to false. If true, the host and port of the ORY Oathkeeper Proxy will be used instead.
type: boolean
stripPath:
description: StripPath replaces the provided path prefix when forwarding the requested URL to the upstream URL.
type: string
url:
description: URL defines the target URL for incoming requests
maxLength: 256
minLength: 3
pattern: ^(?:https?:\/\/)?(?:[^@\/\n]+@)?(?:www\.)?([^:\/\n]+)
type: string
required:
- url
type: object
required:
- match
type: object
status:
description: RuleStatus defines the observed state of Rule
properties:
validation:
description: Validation defines the validation state of Rule
properties:
valid:
type: boolean
validationError:
type: string
type: object
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
required:
- match
type: object
status:
description: RuleStatus defines the observed state of Rule
properties:
validation:
description: Validation defines the validation state of Rule
properties:
valid:
type: boolean
validationError:
type: string
type: object
type: object
type: object
served: true
storage: true
status:
Expand Down
3 changes: 1 addition & 2 deletions controllers/rule_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,9 +52,8 @@ type RuleReconciler struct {
// +kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete

// Reconcile main reconcile loop
func (r *RuleReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
func (r *RuleReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {

ctx := context.Background()
_ = r.Log.WithValues("rule", req.NamespacedName)

var rule oathkeeperv1alpha1.Rule
Expand Down
17 changes: 8 additions & 9 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,17 @@
module github.com/ory/oathkeeper-maester

go 1.12
go 1.15
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since you changed the required go version, please update it also in the CI config otherwise, it won't be able to run

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the advice ❤️
I will update kind, too


require (
github.com/avast/retry-go v2.4.1+incompatible
github.com/bitly/go-simplejson v0.5.0
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect
github.com/go-logr/logr v0.1.0
github.com/go-logr/logr v0.4.0
github.com/onsi/ginkgo v1.16.1
github.com/onsi/gomega v1.10.1
github.com/stretchr/testify v1.5.1
k8s.io/api v0.17.8
k8s.io/apimachinery v0.17.8
k8s.io/client-go v0.17.8
sigs.k8s.io/controller-runtime v0.5.8
sigs.k8s.io/kind v0.7.0 // indirect
github.com/onsi/gomega v1.10.2
github.com/stretchr/testify v1.6.1
k8s.io/api v0.20.2
k8s.io/apimachinery v0.20.2
k8s.io/client-go v0.20.2
sigs.k8s.io/controller-runtime v0.8.3
)
Loading