feat: add jwt-auth authorization method

pkg/kube/apisix/apis/config/v2/types.go

@@ -172,6 +172,7 @@ type ApisixRouteAuthentication struct {
 	Enable  bool                             `json:"enable" yaml:"enable"`
 	Type    string                           `json:"type" yaml:"type"`
 	KeyAuth ApisixRouteAuthenticationKeyAuth `json:"keyauth,omitempty" yaml:"keyauth,omitempty"`
+	JwtAuth ApisixRouteAuthenticationJwtAuth `json:"jwtAuth,omitempty" yaml:"jwtAuth,omitempty"`
 }
 
 // ApisixRouteAuthenticationKeyAuth is the keyAuth-related
@@ -180,6 +181,14 @@ type ApisixRouteAuthenticationKeyAuth struct {
 	Header string `json:"header,omitempty" yaml:"header,omitempty"`
 }
 
+// ApisixRouteAuthenticationJwtAuth is the jwtAuth-related
+// configuration in ApisixRouteAuthentication.
+type ApisixRouteAuthenticationJwtAuth struct {
+	Header string `json:"header,omitempty" yaml:"header,omitempty"`
+	Query  string `json:"query,omitempty" yaml:"query,omitempty"`
+	Cookie string `json:"cookie,omitempty" yaml:"cookie,omitempty"`
+}
+
 func (p ApisixRouteHTTPPluginConfig) DeepCopyInto(out *ApisixRouteHTTPPluginConfig) {
 	b, _ := json.Marshal(&p)
 	_ = json.Unmarshal(b, out)
@@ -330,6 +339,7 @@ type ApisixConsumerSpec struct {
 type ApisixConsumerAuthParameter struct {
 	BasicAuth *ApisixConsumerBasicAuth `json:"basicAuth,omitempty" yaml:"basicAuth"`
 	KeyAuth   *ApisixConsumerKeyAuth   `json:"keyAuth,omitempty" yaml:"keyAuth"`
+	JwtAuht   *ApisixConsumerJwtAuth   `json:"jwtAuth,omitempty" yaml:"jwtAuth"`
 }
 
 // ApisixConsumerBasicAuth defines the configuration for basic auth.
@@ -355,6 +365,23 @@ type ApisixConsumerKeyAuthValue struct {
 	Key string `json:"key" yaml:"key"`
 }
 
+// ApisixConsumerJwtAuth defines the configuration for the jwt auth.
+type ApisixConsumerJwtAuth struct {
+	SecretRef *corev1.LocalObjectReference `json:"secretRef,omitempty" yaml:"secretRef,omitempty"`
+	Value     *ApisixConsumerJwtAuthValue  `json:"value,omitempty" yaml:"value,omitempty"`
+}
+
+// ApisixConsumerJwtAuthValue defines the in-place configuration for jwt auth.
+type ApisixConsumerJwtAuthValue struct {
+	Key          string `json:"key" yaml:"key"`
+	Secret       string `json:"secret,omitempty" yaml:"secret,omitempty"`
+	PublicKey    string `json:"public_key,omitempty" yaml:"public_key,omitempty"`
+	PrivateKey   string `json:"private_key" yaml:"private_key,omitempty"`
+	Algorithm    string `json:"algorithm,omitempty" yaml:"algorithm,omitempty"`
+	Exp          int64  `json:"exp,omitempty" yaml:"exp,omitempty"`
+	Base64Secret bool   `json:"base64_secret,omitempty" yaml:"base64_secret,omitempty"`
+}
+
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // ApisixConsumerList contains a list of ApisixConsumer.

pkg/kube/apisix/apis/config/v2beta2/types.go

@@ -132,6 +132,7 @@ type ApisixRouteAuthentication struct {
 	Enable  bool                             `json:"enable" yaml:"enable"`
 	Type    string                           `json:"type" yaml:"type"`
 	KeyAuth ApisixRouteAuthenticationKeyAuth `json:"keyauth,omitempty" yaml:"keyauth,omitempty"`
+	JwtAuth ApisixRouteAuthenticationJwtAuth `json:"jwtAuth,omitempty" yaml:"jwtAuth,omitempty"`
 }
 
 // ApisixRouteAuthenticationKeyAuth is the keyAuth-related
@@ -140,6 +141,14 @@ type ApisixRouteAuthenticationKeyAuth struct {
 	Header string `json:"header,omitempty" yaml:"header,omitempty"`
 }
 
+// ApisixRouteAuthenticationJwtAuth is the jwtAuth-related
+// configuration in ApisixRouteAuthentication.
+type ApisixRouteAuthenticationJwtAuth struct {
+	Header string `json:"header,omitempty" yaml:"header,omitempty"`
+	Query  string `json:"query,omitempty" yaml:"query,omitempty"`
+	Cookie string `json:"cookie,omitempty" yaml:"cookie,omitempty"`
+}
+
 func (p ApisixRouteHTTPPluginConfig) DeepCopyInto(out *ApisixRouteHTTPPluginConfig) {
 	b, _ := json.Marshal(&p)
 	_ = json.Unmarshal(b, out)

pkg/kube/apisix/apis/config/v2beta3/types.go

@@ -173,6 +173,7 @@ type ApisixRouteAuthentication struct {
 	Enable  bool                             `json:"enable" yaml:"enable"`
 	Type    string                           `json:"type" yaml:"type"`
 	KeyAuth ApisixRouteAuthenticationKeyAuth `json:"keyauth,omitempty" yaml:"keyauth,omitempty"`
+	JwtAuth ApisixRouteAuthenticationJwtAuth `json:"jwtAuth,omitempty" yaml:"jwtAuth,omitempty"`
 }
 
 // ApisixRouteAuthenticationKeyAuth is the keyAuth-related
@@ -181,6 +182,14 @@ type ApisixRouteAuthenticationKeyAuth struct {
 	Header string `json:"header,omitempty" yaml:"header,omitempty"`
 }
 
+// ApisixRouteAuthenticationJwtAuth is the jwtAuth-related
+// configuration in ApisixRouteAuthentication.
+type ApisixRouteAuthenticationJwtAuth struct {
+	Header string `json:"header,omitempty" yaml:"header,omitempty"`
+	Query  string `json:"query,omitempty" yaml:"query,omitempty"`
+	Cookie string `json:"cookie,omitempty" yaml:"cookie,omitempty"`
+}
+
 func (p ApisixRouteHTTPPluginConfig) DeepCopyInto(out *ApisixRouteHTTPPluginConfig) {
 	b, _ := json.Marshal(&p)
 	_ = json.Unmarshal(b, out)
@@ -331,6 +340,7 @@ type ApisixConsumerSpec struct {
 type ApisixConsumerAuthParameter struct {
 	BasicAuth *ApisixConsumerBasicAuth `json:"basicAuth,omitempty" yaml:"basicAuth"`
 	KeyAuth   *ApisixConsumerKeyAuth   `json:"keyAuth,omitempty" yaml:"keyAuth"`
+	JwtAuth   *ApisixConsumerJwtAuth   `json:"jwtAuth,omitempty" yaml:"jwtAuth"`
 }
 
 // ApisixConsumerBasicAuth defines the configuration for basic auth.
@@ -356,6 +366,23 @@ type ApisixConsumerKeyAuthValue struct {
 	Key string `json:"key" yaml:"key"`
 }
 
+// ApisixConsumerJwtAuth defines the configuration for the jwt auth.
+type ApisixConsumerJwtAuth struct {
+	SecretRef *corev1.LocalObjectReference `json:"secretRef,omitempty" yaml:"secretRef,omitempty"`
+	Value     *ApisixConsumerJwtAuthValue  `json:"value,omitempty" yaml:"value,omitempty"`
+}
+
+// ApisixConsumerJwtAuthValue defines the in-place configuration for jwt auth.
+type ApisixConsumerJwtAuthValue struct {
+	Key          string `json:"key" yaml:"key"`
+	Secret       string `json:"secret,omitempty" yaml:"secret,omitempty"`
+	PublicKey    string `json:"public_key,omitempty" yaml:"public_key,omitempty"`
+	PrivateKey   string `json:"private_key" yaml:"private_key,omitempty"`
+	Algorithm    string `json:"algorithm,omitempty" yaml:"algorithm,omitempty"`
+	Exp          int64  `json:"exp,omitempty" yaml:"exp,omitempty"`
+	Base64Secret bool   `json:"base64_secret,omitempty" yaml:"base64_secret,omitempty"`
+}
+
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // ApisixConsumerList contains a list of ApisixConsumer.

pkg/kube/translation/apisix_consumer.go

@@ -38,6 +38,12 @@ func (t *translator) TranslateApisixConsumer(ac *configv2beta3.ApisixConsumer) (
 			return nil, fmt.Errorf("invalid basic auth config: %s", err)
 		}
 		plugins["basic-auth"] = cfg
+	} else if ac.Spec.AuthParameter.JwtAuth != nil {
+		cfg, err := t.translateConsumerJwtAuthPlugin(ac.Namespace, ac.Spec.AuthParameter.JwtAuth)
+		if err != nil {
+			return nil, fmt.Errorf("invalid jwt auth config: %s", err)
+		}
+		plugins["jwt-auth"] = cfg
 	}
 
 	consumer := apisixv1.NewDefaultConsumer()

pkg/kube/translation/apisix_consumer_test.go

@@ -69,6 +69,38 @@ func TestTranslateApisixConsumer(t *testing.T) {
 	cfg2 := consumer.Plugins["key-auth"].(*apisixv1.KeyAuthConsumerConfig)
 	assert.Equal(t, "qwerty", cfg2.Key)
 
+	ac = &configv2beta3.ApisixConsumer{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "jack",
+			Namespace: "qa",
+		},
+		Spec: configv2beta3.ApisixConsumerSpec{
+			AuthParameter: configv2beta3.ApisixConsumerAuthParameter{
+				JwtAuth: &configv2beta3.ApisixConsumerJwtAuth{
+					Value: &configv2beta3.ApisixConsumerJwtAuthValue{
+						Key:          "foo",
+						Secret:       "123",
+						PublicKey:    "public",
+						PrivateKey:   "private",
+						Algorithm:    "HS256",
+						Exp:          int64(1000),
+						Base64Secret: true,
+					},
+				},
+			},
+		},
+	}
+	consumer, err = (&translator{}).TranslateApisixConsumer(ac)
+	assert.Nil(t, err)
+	assert.Len(t, consumer.Plugins, 1)
+	cfg3 := consumer.Plugins["jwt-auth"].(*apisixv1.JwtAuthConsumerConfig)
+	assert.Equal(t, "foo", cfg3.Key)
+	assert.Equal(t, "123", cfg3.Secret)
+	assert.Equal(t, "public", cfg3.PublicKey)
+	assert.Equal(t, "private", cfg3.PrivateKey)
+	assert.Equal(t, "HS256", cfg3.Algorithm)
+	assert.Equal(t, int64(1000), cfg3.Exp)
+	assert.Equal(t, true, cfg3.Base64Secret)
 	// No test test cases for secret references as we already test them
 	// in plugin_test.go.
 }