-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generate Authpolicy from OpenAPI 3.0.X #46
Conversation
name: "petstore" | ||
namespace: "petstore" | ||
hostnames: | ||
- example.com |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not getting from servers
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, it could be. But I can see it broken because some host rewrite happens for some reasons. It should default to servers
and be overridden somehow IMO. I will implement reading from servers and override from hostnames
if the field exists.
8186bce
to
64db41b
Compare
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## httproute-kuadrant-extensions #46 +/- ##
================================================================
- Coverage 0.42% 0.38% -0.04%
================================================================
Files 15 16 +1
Lines 708 774 +66
================================================================
Hits 3 3
- Misses 705 771 +66 ☔ View full report in Codecov by Sentry. |
👀 |
seeing a panic - wondered if it was the spec, or something environmental. kuadrantctl generate kuadrant authpolicy --oas ./openapi.yaml
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x78 pc=0x1039eea74]
goroutine 1 [running]:
github.com/kuadrant/kuadrantctl/pkg/kuadrantapi.AuthPolicyAuthenticationSchemeFromOAS(0x140000be3f0)
/Users/jmadigan/Work/kuadrantctl/pkg/kuadrantapi/authpolicy.go:136 +0x344
github.com/kuadrant/kuadrantctl/cmd.buildAuthPolicy(0x140000be3f0?)
/Users/jmadigan/Work/kuadrantctl/cmd/generate_kuadrant_authpolicy.go:84 +0xa4
github.com/kuadrant/kuadrantctl/cmd.runGenerateKuadrantAuthPolicy(0x140002c3e00?, {0x103a257ca?, 0x4?, 0x103a257ce?})
/Users/jmadigan/Work/kuadrantctl/cmd/generate_kuadrant_authpolicy.go:56 +0xf0
github.com/spf13/cobra.(*Command).execute(0x14000400f00, {0x14000310180, 0x2, 0x2})
/Users/jmadigan/go/pkg/mod/github.com/spf13/cobra@v1.7.0/command.go:940 +0x658
github.com/spf13/cobra.(*Command).ExecuteC(0x14000209800)
/Users/jmadigan/go/pkg/mod/github.com/spf13/cobra@v1.7.0/command.go:1068 +0x320
github.com/spf13/cobra.(*Command).Execute(0x140001be130?)
/Users/jmadigan/go/pkg/mod/github.com/spf13/cobra@v1.7.0/command.go:992 +0x1c
main.main()
/Users/jmadigan/Work/kuadrantctl/main.go:27 +0x58 spec: https://gist.github.com/jasonmadigan/6e1eae05423d7012a26eb0cc6a751b22 |
Ok, sorry about that. I fixed it. However, even if your OAS is syntactically correct, it does not specify what you aim to represent. The Now, it should not panic, just return an authpolicy without rules. |
Ran through the comprehensive steps (thank you for including) and this worked good |
What
New command
kuadrantctl generate kuadrant authpolicy
to create kuadrant Auth Policy from OpenAPI Specification (OAS) 3.x powered with kuadrant extensionsopenIdConnect type
This initial version of the command only generates AuhPolicy when there is at least one security requirement referencing the Security Scheme Object which type is
openIdConnect
.Example
Running the command
The generated authpolicy
Verification Steps
petstore
petstore
. In the Client Protocol field, selectopenid-connect
.bob
, set the Email Verified switch to ON, and click Save.p
. Enter the password in both the fields, set the Temporary switch to OFF to avoid the password reset at the next login, and clickSet Password
.Now, let's run local cluster to test the kuadrantctl new command to generate authpolicy.
authpolicy
bin/kuadrantctl
pathGET /api/v1/cat
GET /api/v1/dog
bin/kuadrantctl generate gatewayapi httproute --oas petstore-openapi.yaml | kubectl apply -n petstore -f -
bin/kuadrantctl generate kuadrant authpolicy --oas petstore-openapi.yaml | kubectl apply -n petstore -f -
Now, we are ready to test OpenAPI endpoints ❗
GET /api/v1/cat
-> It's a public endpoint, hence should return 200 OkGET /api/v1/dog
-> It's a secured endpoint, hence, without credentials, it should return 401bob
user withp
password. We previously createdbob
user in Keycloak in thepetstore
realm.With the access token in place, let's try to get those puppies
should return 200 Ok