Custom policies added to the CRD

[eguzki]

https://issues.redhat.com/browse/THREESCALE-7031

Custom policies exposed in the CRD:

apiVersion: apps.3scale.net/v1alpha1       
kind: APIcast                              
metadata:                                  
  name: apicast1                           
spec:                                      
  customPolicies:                          
    - secretRef:
        name: cp-1                     
      name: Example                        
      version: "0.1"                       
    - secretRef:
        name: cp-1    
      name: Example                        
      version: "0.2"            
   - secretRef:
        name: cp-3                 
     name: OtherExample                        
     version: "0.1"                     

Each policy is defined by:

• Name
• Version
• Secret containing at least: "init.lua" and "apicast-policy.json" keys. Other lua files can also be included.

apiVersion: v1
data:
  apicast-policy.json:   CONTENT OF THE POLICY METADATA (required)
  init.lua: CODE OF THE POLICY (required)
  example.lua: CODE OF THE POLICY (optional)
  other.lua: CODE OF THE POLICY (optional)
kind: Secret
type: Opaque

All fields are mandatory.

Related liniks:

• https://github.com/3scale/APIcast/blob/master/doc/policies.md#write-your-own-policy

[eguzki]

When the mounted secret is updated externally, the container can automatically see the changes. However, apicast has the policy already loaded and does not change behavior. When redeployed, updating the replica field, the policy update is applied.

[miguelsorianod]

I'm wondering whether we should validate each secret first, when processing the options?
In the case of HTTPsCertificate we check that it exists beforehand(see getHTTPSCertificateSecret method). Maybe check that the specific required fields in the secret are there too?

What do you think?

[eguzki]

yes! additional check would be good

[eguzki]

implemented

[miguelsorianod]

Looks good to me. Great work 👍