Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support secret for consumer.credential #82

Merged
merged 1 commit into from
Apr 7, 2025
Merged

feat: support secret for consumer.credential #82

merged 1 commit into from
Apr 7, 2025
+135 −88

Conversation

AlinsRan
Copy link
Contributor

@AlinsRan AlinsRan commented Apr 3, 2025
edited
Loading

Type of change:

  • Bugfix
  • New feature provided
  • Improve performance
  • Backport patches
  • Documentation
  • Refactor
  • Chore
  • CI/CD or Tests

What this PR does / why we need it:

apiVersion: v1
kind: Secret
metadata:
  name: key-auth-secret
data:
  key: c2FtcGxlLWtleQ==
---
apiVersion: v1
kind: Secret
metadata:
  name: basic-auth-secret
data:
  username: c2FtcGxlLXVzZXI=
  password: c2FtcGxlLXBhc3N3b3Jk
---
apiVersion: gateway.apisix.io/v1alpha1
kind: Consumer
metadata:
  name: consumer-sample
spec:
  gatewayRef:
    name: api7ee
  credentials:
    - type: basic-auth
      name: basic-auth-sample
      secretRef:
        name: basic-auth-secret
    - type: key-auth
      name: key-auth-sample
      secretRef:
        name: key-auth-secret
    - type: key-auth
      name: key-auth-sample2
      config:
        key: sample-key2

Pre-submission checklist:

  • Did you explain what problem does this PR solve? Or what new features have been added?
  • Have you added corresponding test cases?
  • Have you modified the corresponding document?
  • Is this PR backward compatible? If it is not backward compatible, please discuss on the mailing list first

@AlinsRan AlinsRan requested a review from Copilot April 3, 2025 10:38
Copilot
Copilot AI reviewed Apr 3, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for secrets in consumer credentials, updating both test cases and core logic to accommodate secret-based authentication configuration.

  • Updated e2e tests to use the new credentials and secretRef for basic-auth and key-auth.
  • Modified the translator to convert secret values from []byte to string.
  • Added secret indexer logic and updated consumer controller to watch and reconcile secrets.

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
test/e2e/crds/consumer.go Updated test cases to support secret-based credentials.
internal/provider/adc/translator/consumer.go Ensured secret data is converted to strings correctly.
internal/controller/indexer/indexer.go Added secret indexing for consumers.
internal/controller/consumer_controller.go Updated controller to watch secrets and adjusted key ordering.

@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 3, 2025
edited
Loading

conformance test report

apiVersion: gateway.networking.k8s.io/v1
date: "2025-04-07T00:23:36Z"
gatewayAPIChannel: standard
gatewayAPIVersion: v1.2.0
implementation:
  contact: null
  organization: API7
  project: api7-ingress-controller
  url: https://github.com/api7/api7-ingress-controller.git
  version: v2.0.0
kind: ConformanceReport
mode: default
profiles:
- core:
    failedTests:
    - HTTPRouteCrossNamespace
    - HTTPRoutePathMatchOrder
    result: failure
    skippedTests:
    - GatewayInvalidTLSConfiguration
    - GatewaySecretInvalidReferenceGrant
    - GatewaySecretMissingReferenceGrant
    - GatewaySecretReferenceGrantAllInNamespace
    - GatewaySecretReferenceGrantSpecific
    - HTTPRouteExactPathMatching
    - HTTPRouteHTTPSListener
    - HTTPRouteHeaderMatching
    - HTTPRouteHostnameIntersection
    - HTTPRouteInvalidBackendRefUnknownKind
    - HTTPRouteInvalidCrossNamespaceBackendRef
    - HTTPRouteInvalidCrossNamespaceParentRef
    - HTTPRouteInvalidNonExistentBackendRef
    - HTTPRouteInvalidParentRefNotMatchingSectionName
    - HTTPRouteInvalidReferenceGrant
    - HTTPRouteListenerHostnameMatching
    - HTTPRouteMatching
    - HTTPRouteMatchingAcrossRoutes
    - HTTPRoutePartiallyInvalidViaInvalidReferenceGrant
    - HTTPRouteReferenceGrant
    - HTTPRouteRequestHeaderModifier
    - HTTPRouteWeight
    statistics:
      Failed: 2
      Passed: 9
      Skipped: 22
  name: GATEWAY-HTTP
  summary: Core tests failed with 2 test failures.

@AlinsRan AlinsRan force-pushed the feat/consumer-secretref branch from 43e72c1 to 4334e6c Compare April 7, 2025 00:09
@AlinsRan AlinsRan changed the title feat: support secret for consumers feat: support secret for consumer.credential Apr 7, 2025
@AlinsRan AlinsRan requested review from dspo and ronething April 7, 2025 01:11
ronething
ronething approved these changes Apr 7, 2025
View reviewed changes
Copy link
Contributor

@ronething ronething left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@AlinsRan AlinsRan merged commit 414af9d into release-v2-dev Apr 7, 2025
8 checks passed
@AlinsRan AlinsRan deleted the feat/consumer-secretref branch April 7, 2025 06:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot

@ronething ronething

@dspo dspo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@AlinsRan @ronething