chore: add authentication for ApisixRoute (#528)

apache · Jun 9, 2021 · fca6211 · fca6211
1 parent 28c584e
commit fca6211
Show file tree

Hide file tree

Showing 5 changed files with 456 additions and 9 deletions.
diff --git a/pkg/kube/apisix/apis/config/v2alpha1/types.go b/pkg/kube/apisix/apis/config/v2alpha1/types.go
@@ -96,9 +96,10 @@ type ApisixRouteHTTP struct {
 	// Backends represents potential backends to proxy after the route
 	// rule matched. When number of backends are more than one, traffic-split
 	// plugin in APISIX will be used to split traffic based on the backend weight.
-	Backends  []*ApisixRouteHTTPBackend `json:"backends" yaml:"backends"`
-	Websocket bool                      `json:"websocket" yaml:"websocket"`
-	Plugins   []*ApisixRouteHTTPPlugin  `json:"plugins,omitempty" yaml:"plugins,omitempty"`
+	Backends       []*ApisixRouteHTTPBackend  `json:"backends" yaml:"backends"`
+	Websocket      bool                       `json:"websocket" yaml:"websocket"`
+	Plugins        []*ApisixRouteHTTPPlugin   `json:"plugins,omitempty" yaml:"plugins,omitempty"`
+	Authentication *ApisixRouteAuthentication `json:"authentication,omitempty" yaml:"authentication,omitempty"`
 }
 
 // ApisixRouteHTTPMatch represents the match condition for hitting this route.
@@ -194,6 +195,20 @@ type ApisixRouteHTTPPlugin struct {
 // any plugins.
 type ApisixRouteHTTPPluginConfig map[string]interface{}
 
+// ApisixRouteAuthentication is the authentication-related
+// configuration in ApisixRoute.
+type ApisixRouteAuthentication struct {
+	Enable  bool                             `json:"enable" yaml:"enable"`
+	Type    string                           `json:"type" yaml:"type"`
+	KeyAuth ApisixRouteAuthenticationKeyAuth `json:"keyauth,omitempty" yaml:"keyauth,omitempty"`
+}
+
+// ApisixRouteAuthenticationKeyAuth is the keyAuth-related
+// configuration in ApisixRouteAuthentication.
+type ApisixRouteAuthenticationKeyAuth struct {
+	Header string `json:"header,omitempty" yaml:"header,omitempty"`
+}
+
 func (p ApisixRouteHTTPPluginConfig) DeepCopyInto(out *ApisixRouteHTTPPluginConfig) {
 	b, _ := json.Marshal(&p)
 	_ = json.Unmarshal(b, out)

diff --git a/pkg/kube/apisix/apis/config/v2alpha1/zz_generated.deepcopy.go b/pkg/kube/apisix/apis/config/v2alpha1/zz_generated.deepcopy.go
diff --git a/pkg/kube/translation/apisix_route.go b/pkg/kube/translation/apisix_route.go
@@ -130,6 +130,19 @@ func (t *translator) translateHTTPRoute(ctx *TranslateContext, ar *configv2alpha
 				pluginMap[plugin.Name] = make(map[string]interface{})
 			}
 		}
+
+		// add KeyAuth and basicAuth plugin
+		if part.Authentication != nil && part.Authentication.Enable {
+			switch part.Authentication.Type {
+			case "keyAuth":
+				pluginMap["key-auth"] = part.Authentication.KeyAuth
+			case "basicAuth":
+				pluginMap["basic-auth"] = make(map[string]interface{})
+			default:
+				pluginMap["basic-auth"] = make(map[string]interface{})
+			}
+		}
+
 		var exprs [][]apisixv1.StringOrSlice
 		if part.Match.NginxVars != nil {
 			exprs, err = t.translateRouteMatchExprs(part.Match.NginxVars)

diff --git a/samples/deploy/crd/v1beta1/ApisixRoute.yaml b/samples/deploy/crd/v1beta1/ApisixRoute.yaml
@@ -210,6 +210,21 @@ spec:
                     required:
                       - name
                       - enable
+                  authentication:
+                    type: object
+                    properties:
+                      enable:
+                        type: boolean
+                      type:
+                        type: string
+                        enum: ["basicAuth", "keyAuth"]
+                      keyAuth:
+                        type: object
+                        properties:
+                          header:
+                            type: string
+                    required:
+                      - enable
             tcp:
               type: array
               minItems: 1