search

Kuadrant / kuadrantctl

Kuadrant configuration command line utility
Apache License 2.0
6 stars 13 forks source link

Generate istiointegration #36

Closed eguzki closed 2 years ago

eguzki commented 2 years ago

Generate VirtualService command

Command to generate VirtualService from OpenAPI

kuadrantctl generate istio virtualservice

Running example using the following OpenAPI:

---
openapi: "3.0.0"
info:
  title: "Pet Store API"
  version: "1.0.0"
servers:
  - url: https://toplevel.example.io/v1
paths:
  /cat:
    get:
      operationId: "getCat"
      responses:
        405:
          description: "invalid input"
    post:
      operationId: "postCat"
      responses:
        405:
          description: "invalid input"
  /dog:
    get:
      operationId: "getDog"
      responses:
        405:
          description: "invalid input"

Service being deployed with a service name petstore at the namespace petstore

kuadrantctl generate istio virtualservice --oas petstore.yaml --gateway kuadrant --public-host example.io --service-name petstore --service-namespace petstore

Genereted virtualservice

kind: VirtualService
apiVersion: networking.istio.io/v1beta1
metadata:
  name: petstoreapi
  creationTimestamp: null
spec:
  hosts:
    - example.io
  gateways:
    - kuadrant
  http:
    - name: getCat
      match:
        - uri:
            exact: /cat
          method:
            exact: GET
      route:
        - destination:
            host: petstore.petstore.svc
            port:
              number: 80
    - name: postCat
      match:
        - uri:
            exact: /cat
          method:
            exact: POST
      route:
        - destination:
            host: petstore.petstore.svc
            port:
              number: 80
    - name: getDog
      match:
        - uri:
            exact: /dog
          method:
            exact: GET
      route:
        - destination:
            host: petstore.petstore.svc
            port:
              number: 80

Generate AuthenticationPolicy command

Command to generate global AuthenticationPolicy

kuadrantctl generate istio authorizationpolicy

Running example Using the following OpenAPI spec that contains three operations:

---
openapi: "3.1.0"
info:
  title: "Pet Store API"
  version: "1.0.0"
servers:
  - url: https://toplevel.example.io/v1
paths:
  /cat:
    get:  # No sec requirements
      operationId: "getCat"
      responses:
        405:
          description: "invalid input"
    post:  # API key
      operationId: "postCat"
      security:
        - petstore_api_key: []
      responses:
        405:
          description: "invalid input"
  /dog:
    get:  # OIDC
      operationId: "getDog"
      security:
        - petstore_oidc:
          - read:dogs
      responses:
        405:
          description: "invalid input"
components:
  securitySchemes:
    petstore_api_key:
      type: apiKey
      name: api_key
      in: header
    petstore_oidc:
      type: openIdConnect
      openIdConnectUrl: http://example.org/auth/realms/myrealm
kuadrantctl generate istio authorizationpolicy --oas petstore.yaml --public-host example.io --gateway-label app=kuadrant

Genereted authorizationpolicy

kind: AuthorizationPolicy
apiVersion: security.istio.io/v1beta1
metadata:
  name: petstoreapi
  creationTimestamp: null
spec:
  selector:
    matchLabels:
      app: kuadrant
  rules:
    - to:
        - operation:
            hosts:
              - example.io
            methods:
              - POST
            paths:
              - /cat
    - to:
        - operation:
            hosts:
              - example.io
            methods:
              - GET
            paths:
              - /dog
  action: CUSTOM
  provider:
    name: kuadrant-authorization
codecov-commenter commented 2 years ago

Codecov Report

:exclamation: No coverage uploaded for pull request base (main@98434dc). Click here to learn what that means. The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             main      #36   +/-   ##
=======================================
  Coverage        ?   30.36%           
=======================================
  Files           ?       19           
  Lines           ?     1021           
  Branches        ?        0           
=======================================
  Hits            ?      310           
  Misses          ?      660           
  Partials        ?       51

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 98434dc...620baee. Read the comment docs.

eguzki commented 2 years ago

No review in 7 days... applying automerge if nobody reviews in 7 days well known merge policy