feat: OIDC Gateway API

internal/gatewayapi/securitypolicy.go

@@ -17,11 +17,12 @@
 	"k8s.io/apimachinery/pkg/types"
 	gwv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
 	gwv1b1 "sigs.k8s.io/gateway-api/apis/v1beta1"
 
 	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
 	"github.com/envoyproxy/gateway/internal/ir"
 	"github.com/envoyproxy/gateway/internal/status"
 	"github.com/envoyproxy/gateway/internal/utils/ptr"
+	"github.com/tetratelabs/multierror"
 )
 
 func (t *Translator) ProcessSecurityPolicies(securityPolicies []*egv1a1.SecurityPolicy,
@@ -255,16 +256,15 @@
 	resources *Resources, xdsIR XdsIRMap) error {
 	// Build IR
 	var (
-		cors *ir.CORS
-		jwt  *ir.JWT
-		oidc *ir.OIDC
-		err  error
+		cors      *ir.CORS
+		jwt       *ir.JWT
+		oidc      *ir.OIDC
+		err, errs error
 	)
 
 	if policy.Spec.CORS != nil {
-		cors, err = t.buildCORS(policy.Spec.CORS)
-		if err != nil {
-			return err
+		if cors, err = t.buildCORS(policy.Spec.CORS); err != nil {
+			errs = multierror.Append(errs, err)
 		}
 	}
 
@@ -273,16 +273,20 @@
 	}
 
 	if policy.Spec.OIDC != nil {
-		oidc, err = t.buildOIDC(policy, resources)
-		if err != nil {
-			return err
+		if oidc, err = t.buildOIDC(policy, resources); err != nil {
+			errs = multierror.Append(errs, err)
 		}
 	}
 
-	// Apply IR to all relevant routes
 	// It can be difficult to reason about the state of the system if we apply
 	// part of the policy and not the rest. Therefore, we either apply all of it
 	// or none of it (when get errors when translating the policy)
+
+	if errs != nil {
+		return errs
+	}
+
+	// Apply IR to all relevant routes
 	prefix := irRoutePrefix(route)
 	for _, ir := range xdsIR {
 		for _, http := range ir.HTTP {