[authpolicy-v2] AuthPolicy v1beta2

[guicassolato]

Base branch for the first chunk of #207.

Closes:

• Bump Authorino to v0.15.0 #262
• Straight port AuthPolicy's AuthScheme types to be based on AuthConfig v1beta2 types #253 → replaces version v1beta1 of the AuthPolicy CRD with new v1beta2 (based on Authorino's AuthConfig/v1beta2)

As well as:

• Via [authpolicy-v2] AuthConfig superseding of strict host subsets #266
  • Bump Authorino Operator to v0.9.0 #263
  • Enable superseding of strict host subsets between AuthConfigs #264
• Via [authpolicy-v2] route selectors #256
  • Add routeSelectors fields to the AuthPolicy #248
• Via [authpolicy-v2] Well-known attributes in the generated AuthConfigs #270
  • Use Well-known attributes in the generated AuthConfig #265
• Via [authpolicy-v2] docs #275
  • AuthPolicy v2 docs and user guides
• Via [authpolicy-v2] Add Gateway API label to the AuthPolicy CRD #279
  • Gateway API gateway.networking.k8s.io/policy label at the AuthPolicy CRD #278
• Via [authpolicy-v2] AuthPolicy validation rules #281
  • Validation rules (e.g. targetRef.group/kind, routeSelectors in gw policies)

How to review/verify this PR

• Learn the basis of it
  • we bumped the version of Authorino and Authorino Operator imported types
  • we migrated the core of the AuthPolicy spec from being based on AuthConfig v1beta1 to being AuthConfig v1beta2, without anything new (e.g. route selectors)
• Scan through the multiple PRs that added all the other incremental changes to the base branch
• Read some test cases
• Try make local-setuping this branch and running a user guide such as https://github.com/Kuadrant/kuadrant-operator/blob/authpolicy-v2/doc/user-guides/auth-for-app-devs-and-platform-engineers.md
• Try other stuff with AuthPolicies – Here's an inspiration for things you can try: https://github.com/Kuadrant/authorino/blob/main/docs/user-guides.md

[codecov]

Codecov Report

Merging #249 (c639e93) into main (4d38913) will increase coverage by 1.39%.
The diff coverage is 69.14%.

@@            Coverage Diff             @@
##             main     #249      +/-   ##
==========================================
+ Coverage   63.42%   64.81%   +1.39%     
==========================================
  Files          33       35       +2     
  Lines        3204     3806     +602     
==========================================
+ Hits         2032     2467     +435     
- Misses        999     1147     +148     
- Partials      173      192      +19     

Flag	Coverage Δ
integration	70.58% <69.31%> (+0.97%)	⬆️
unit	58.20% <68.49%> (+0.68%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
api/v1beta1 (u)	∅ <ø> (∅)
pkg/common (u)	73.92% <0.00%> (-1.98%)	⬇️
pkg/istio (u)	30.24% <ø> (ø)
pkg/log (u)	31.81% <ø> (ø)
pkg/reconcilers (u)	33.68% <ø> (ø)
pkg/rlptools (u)	56.41% <100.00%> (-1.23%)	⬇️
controllers (i)	70.58% <69.31%> (+0.97%)	⬆️

Files	Coverage Δ
api/v1beta2/ratelimitpolicy_types.go	26.86% <100.00%> (+4.64%)	⬆️
api/v1beta2/route_selectors.go	100.00% <100.00%> (ø)
controllers/kuadrant_controller.go	50.00% <100.00%> (-0.71%)	⬇️
pkg/common/common.go	88.39% <ø> (ø)
pkg/rlptools/wasm_utils.go	61.05% <100.00%> (-1.77%)	⬇️
controllers/authpolicy_status.go	94.44% <83.33%> (ø)
controllers/authpolicy_controller.go	74.32% <70.00%> (+4.01%)	⬆️
controllers/httprouteparentrefs_eventmapper.go	53.19% <53.19%> (ø)
pkg/common/gatewayapi_utils.go	62.82% <0.00%> (-3.11%)	⬇️
api/v1beta2/authpolicy_types.go	77.57% <77.57%> (ø)
... and 2 more

... and 2 files with indirect coverage changes

[Boomatang]

So far this is looking good. I am not sure if there are verification steps to be carried out right now.

[maleck13]

changes all look reasonable. Bit unsure as to why RLP changed in the PR though ( I am sure there is a good reason)

[maleck13]

/lgtm

[didierofrivia]

Quite an effort put on this one, thanks 🙏🏼

🥇 🥇 🥇