add jwt-auth authorized

apache · May 9, 2022 · ce0c5bf · ce0c5bf
1 parent 795be22
commit ce0c5bf
Show file tree

Hide file tree

Showing 15 changed files with 544 additions and 2 deletions.
diff --git a/pkg/kube/apisix/apis/config/v2/types.go b/pkg/kube/apisix/apis/config/v2/types.go
@@ -172,6 +172,7 @@ type ApisixRouteAuthentication struct {
 	Enable  bool                             `json:"enable" yaml:"enable"`
 	Type    string                           `json:"type" yaml:"type"`
 	KeyAuth ApisixRouteAuthenticationKeyAuth `json:"keyauth,omitempty" yaml:"keyauth,omitempty"`
+	JwtAuth ApisixRouteAuthenticationJwtAuth `json:"jwtAuth,omitempty" yaml:"jwtAuth,omitempty"`
 }
 
 // ApisixRouteAuthenticationKeyAuth is the keyAuth-related
@@ -180,6 +181,14 @@ type ApisixRouteAuthenticationKeyAuth struct {
 	Header string `json:"header,omitempty" yaml:"header,omitempty"`
 }
 
+// ApisixRouteAuthenticationJwtAuth is the jwtAuth-related
+// configuration in ApisixRouteAuthentication.
+type ApisixRouteAuthenticationJwtAuth struct {
+	Header string `json:"header,omitempty" yaml:"header,omitempty"`
+	Query  string `json:"query,omitempty" yaml:"query,omitempty"`
+	Cookie string `json:"cookie,omitempty" yaml:"cookie,omitempty"`
+}
+
 func (p ApisixRouteHTTPPluginConfig) DeepCopyInto(out *ApisixRouteHTTPPluginConfig) {
 	b, _ := json.Marshal(&p)
 	_ = json.Unmarshal(b, out)
@@ -330,6 +339,7 @@ type ApisixConsumerSpec struct {
 type ApisixConsumerAuthParameter struct {
 	BasicAuth *ApisixConsumerBasicAuth `json:"basicAuth,omitempty" yaml:"basicAuth"`
 	KeyAuth   *ApisixConsumerKeyAuth   `json:"keyAuth,omitempty" yaml:"keyAuth"`
+	JwtAuht   *ApisixConsumerJwtAuth   `json:"jwtAuth,omitempty" yaml:"jwtAuth"`
 }
 
 // ApisixConsumerBasicAuth defines the configuration for basic auth.
@@ -355,6 +365,23 @@ type ApisixConsumerKeyAuthValue struct {
 	Key string `json:"key" yaml:"key"`
 }
 
+// ApisixConsumerJwtAuth defines the configuration for the jwt auth.
+type ApisixConsumerJwtAuth struct {
+	SecretRef *corev1.LocalObjectReference `json:"secretRef,omitempty" yaml:"secretRef,omitempty"`
+	Value     *ApisixConsumerJwtAuthValue  `json:"value,omitempty" yaml:"value,omitempty"`
+}
+
+// ApisixConsumerJwtAuthValue defines the in-place configuration for jwt auth.
+type ApisixConsumerJwtAuthValue struct {
+	Key          string `json:"key" yaml:"key"`
+	Secret       string `json:"secret,omitempty" yaml:"secret,omitempty"`
+	PublicKey    string `json:"public_key,omitempty" yaml:"public_key,omitempty"`
+	PrivateKey   string `json:"private_key" yaml:"private_key,omitempty"`
+	Algorithm    string `json:"algorithm,omitempty" yaml:"algorithm,omitempty"`
+	Exp          int64  `json:"exp,omitempty" yaml:"exp,omitempty"`
+	Base64Secret bool   `json:"base64_secret,omitempty" yaml:"base64_secret,omitempty"`
+}
+
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // ApisixConsumerList contains a list of ApisixConsumer.

diff --git a/pkg/kube/apisix/apis/config/v2/zz_generated.deepcopy.go b/pkg/kube/apisix/apis/config/v2/zz_generated.deepcopy.go
diff --git a/pkg/kube/apisix/apis/config/v2beta2/types.go b/pkg/kube/apisix/apis/config/v2beta2/types.go
@@ -132,6 +132,7 @@ type ApisixRouteAuthentication struct {
 	Enable  bool                             `json:"enable" yaml:"enable"`
 	Type    string                           `json:"type" yaml:"type"`
 	KeyAuth ApisixRouteAuthenticationKeyAuth `json:"keyauth,omitempty" yaml:"keyauth,omitempty"`
+	JwtAuth ApisixRouteAuthenticationJwtAuth `json:"jwtAuth,omitempty" yaml:"jwtAuth,omitempty"`
 }
 
 // ApisixRouteAuthenticationKeyAuth is the keyAuth-related
@@ -140,6 +141,14 @@ type ApisixRouteAuthenticationKeyAuth struct {
 	Header string `json:"header,omitempty" yaml:"header,omitempty"`
 }
 
+// ApisixRouteAuthenticationJwtAuth is the jwtAuth-related
+// configuration in ApisixRouteAuthentication.
+type ApisixRouteAuthenticationJwtAuth struct {
+	Header string `json:"header,omitempty" yaml:"header,omitempty"`
+	Query  string `json:"query,omitempty" yaml:"query,omitempty"`
+	Cookie string `json:"cookie,omitempty" yaml:"cookie,omitempty"`
+}
+
 func (p ApisixRouteHTTPPluginConfig) DeepCopyInto(out *ApisixRouteHTTPPluginConfig) {
 	b, _ := json.Marshal(&p)
 	_ = json.Unmarshal(b, out)

diff --git a/pkg/kube/apisix/apis/config/v2beta2/zz_generated.deepcopy.go b/pkg/kube/apisix/apis/config/v2beta2/zz_generated.deepcopy.go
diff --git a/pkg/kube/apisix/apis/config/v2beta3/types.go b/pkg/kube/apisix/apis/config/v2beta3/types.go
@@ -173,6 +173,7 @@ type ApisixRouteAuthentication struct {
 	Enable  bool                             `json:"enable" yaml:"enable"`
 	Type    string                           `json:"type" yaml:"type"`
 	KeyAuth ApisixRouteAuthenticationKeyAuth `json:"keyauth,omitempty" yaml:"keyauth,omitempty"`
+	JwtAuth ApisixRouteAuthenticationJwtAuth `json:"jwtAuth,omitempty" yaml:"jwtAuth,omitempty"`
 }
 
 // ApisixRouteAuthenticationKeyAuth is the keyAuth-related
@@ -181,6 +182,14 @@ type ApisixRouteAuthenticationKeyAuth struct {
 	Header string `json:"header,omitempty" yaml:"header,omitempty"`
 }
 
+// ApisixRouteAuthenticationJwtAuth is the jwtAuth-related
+// configuration in ApisixRouteAuthentication.
+type ApisixRouteAuthenticationJwtAuth struct {
+	Header string `json:"header,omitempty" yaml:"header,omitempty"`
+	Query  string `json:"query,omitempty" yaml:"query,omitempty"`
+	Cookie string `json:"cookie,omitempty" yaml:"cookie,omitempty"`
+}
+
 func (p ApisixRouteHTTPPluginConfig) DeepCopyInto(out *ApisixRouteHTTPPluginConfig) {
 	b, _ := json.Marshal(&p)
 	_ = json.Unmarshal(b, out)
@@ -331,6 +340,7 @@ type ApisixConsumerSpec struct {
 type ApisixConsumerAuthParameter struct {
 	BasicAuth *ApisixConsumerBasicAuth `json:"basicAuth,omitempty" yaml:"basicAuth"`
 	KeyAuth   *ApisixConsumerKeyAuth   `json:"keyAuth,omitempty" yaml:"keyAuth"`
+	JwtAuth   *ApisixConsumerJwtAuth   `json:"jwtAuth,omitempty" yaml:"jwtAuth"`
 }
 
 // ApisixConsumerBasicAuth defines the configuration for basic auth.
@@ -356,6 +366,23 @@ type ApisixConsumerKeyAuthValue struct {
 	Key string `json:"key" yaml:"key"`
 }
 
+// ApisixConsumerJwtAuth defines the configuration for the jwt auth.
+type ApisixConsumerJwtAuth struct {
+	SecretRef *corev1.LocalObjectReference `json:"secretRef,omitempty" yaml:"secretRef,omitempty"`
+	Value     *ApisixConsumerJwtAuthValue  `json:"value,omitempty" yaml:"value,omitempty"`
+}
+
+// ApisixConsumerJwtAuthValue defines the in-place configuration for jwt auth.
+type ApisixConsumerJwtAuthValue struct {
+	Key          string `json:"key" yaml:"key"`
+	Secret       string `json:"secret,omitempty" yaml:"secret,omitempty"`
+	PublicKey    string `json:"public_key,omitempty" yaml:"public_key,omitempty"`
+	PrivateKey   string `json:"private_key" yaml:"private_key,omitempty"`
+	Algorithm    string `json:"algorithm,omitempty" yaml:"algorithm,omitempty"`
+	Exp          int64  `json:"exp,omitempty" yaml:"exp,omitempty"`
+	Base64Secret bool   `json:"base64_secret,omitempty" yaml:"base64_secret,omitempty"`
+}
+
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // ApisixConsumerList contains a list of ApisixConsumer.

diff --git a/pkg/kube/apisix/apis/config/v2beta3/zz_generated.deepcopy.go b/pkg/kube/apisix/apis/config/v2beta3/zz_generated.deepcopy.go
diff --git a/pkg/kube/translation/apisix_consumer.go b/pkg/kube/translation/apisix_consumer.go
@@ -38,6 +38,12 @@ func (t *translator) TranslateApisixConsumer(ac *configv2beta3.ApisixConsumer) (
 			return nil, fmt.Errorf("invalid basic auth config: %s", err)
 		}
 		plugins["basic-auth"] = cfg
+	} else if ac.Spec.AuthParameter.JwtAuth != nil {
+		cfg, err := t.translateConsumerJwtAuthPlugin(ac.Namespace, ac.Spec.AuthParameter.JwtAuth)
+		if err != nil {
+			return nil, fmt.Errorf("invalid jwt auth config: %s", err)
+		}
+		plugins["jwt-auth"] = cfg
 	}
 
 	consumer := apisixv1.NewDefaultConsumer()