Update gatewayapi to v1.0.0

.github/workflows/build-images-base.yaml

@@ -108,10 +108,10 @@ jobs:
     name: Build Bundle
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go 1.20.x
+      - name: Set up Go 1.21.x
         uses: actions/setup-go@v4
         with:
-          go-version: 1.20.x
+          go-version: 1.21.x
         id: go
       - name: Check out code
         uses: actions/checkout@v3
@@ -156,10 +156,10 @@ jobs:
     needs: [build, build-bundle]
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go 1.20.x
+      - name: Set up Go 1.21.x
         uses: actions/setup-go@v4
         with:
-          go-version: 1.20.x
+          go-version: 1.21.x
         id: go
       - name: Check out code
         uses: actions/checkout@v3

.github/workflows/code-style.yaml

@@ -40,10 +40,10 @@ jobs:
             importpath: golang.org/x/tools/cmd/goimports@latest
 
     steps:
-      - name: Set up Go 1.20.x
+      - name: Set up Go 1.21.x
         uses: actions/setup-go@v4
         with:
-          go-version: 1.20.x
+          go-version: 1.21.x
         id: go
 
       - name: Check out code
@@ -90,10 +90,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Set up Go 1.20.x
+      - name: Set up Go 1.21.x
         uses: actions/setup-go@v4
         with:
-          go-version: 1.20.x
+          go-version: 1.21.x
         id: go
 
       - name: Check out code

.github/workflows/test.yaml

@@ -18,7 +18,7 @@ jobs:
     name: Unit Tests
     strategy:
       matrix:
-        go-version: [ 1.20.x ]
+        go-version: [ 1.21.x ]
         platform: [ ubuntu-latest ]
     runs-on: ${{ matrix.platform }}
     defaults:
@@ -53,10 +53,10 @@ jobs:
       run:
         shell: bash
     steps:
-      - name: Set up Go 1.20.x
+      - name: Set up Go 1.21.x
         uses: actions/setup-go@v4
         with:
-          go-version: 1.20.x
+          go-version: 1.21.x
         id: go
       - name: Check out code
         uses: actions/checkout@v3
@@ -94,10 +94,10 @@ jobs:
     name: Verify manifests
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go 1.20.x
+      - name: Set up Go 1.21.x
         uses: actions/setup-go@v4
         with:
-          go-version: 1.20.x
+          go-version: 1.21.x
         id: go
       - name: Check out code
         uses: actions/checkout@v3
@@ -109,10 +109,10 @@ jobs:
     name: Verify bundle
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go 1.20.x
+      - name: Set up Go 1.21.x
         uses: actions/setup-go@v4
         with:
-          go-version: 1.20.x
+          go-version: 1.21.x
         id: go
       - name: Check out code
         uses: actions/checkout@v3
@@ -124,10 +124,10 @@ jobs:
     name: Verify fmt
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go 1.20.x
+      - name: Set up Go 1.21.x
         uses: actions/setup-go@v4
         with:
-          go-version: 1.20.x
+          go-version: 1.21.x
         id: go
       - name: Check out code
         uses: actions/checkout@v3
@@ -139,7 +139,7 @@ jobs:
     name: Test Scripts
     strategy:
       matrix:
-        go-version: [ 1.20.x ]
+        go-version: [ 1.21.x ]
         platform: [ ubuntu-latest, macos-latest ]
     runs-on: ${{ matrix.platform }}
     defaults:

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.20 as builder
+FROM golang:1.21 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests

README.md

@@ -8,21 +8,23 @@
 The Operator to install and manage the lifecycle of the [Kuadrant](https://github.com/Kuadrant/) components deployments.
 
 <!--ts-->
-* [Overview](#overview)
-* [Architecture](#architecture)
-    * [Kuadrant components](#kuadrant-components)
-    * [Provided APIs](#provided-apis)
-* [Getting started](#getting-started)
-    * [Pre-requisites](#pre-requisites)
-    * [Installing Kuadrant](#installing-kuadrant)
-    * [Protect Your Service](#protect-your-service)
-      * [If you are an <em>API Provider</em>](#if-you-are-an-api-provider)
-      * [If you are a <em>Cluster Operator</em>](#if-you-are-a-cluster-operator)
-* [User guides](#user-guides)
-* [<a href="doc/rate-limiting.md">Kuadrant Rate Limiting</a>](#kuadrant-rate-limiting)
-* [Documentation](#documentation)
-* [Contributing](#contributing)
-* [Licensing](#licensing)
+- [Overview](#overview)
+- [Architecture](#architecture)
+  - [Kuadrant components](#kuadrant-components)
+  - [Provided APIs](#provided-apis)
+- [Getting started](#getting-started)
+  - [Pre-requisites](#pre-requisites)
+  - [Installing Kuadrant](#installing-kuadrant)
+    - [1. Install the Kuadrant Operator](#1-install-the-kuadrant-operator)
+    - [2. Request a Kuadrant instance](#2-request-a-kuadrant-instance)
+  - [Protect your service](#protect-your-service)
+    - [If you are an *API Provider*](#if-you-are-an-api-provider)
+    - [If you are a *Cluster Operator*](#if-you-are-a-cluster-operator)
+- [User guides](#user-guides)
+- [Kuadrant Rate Limiting](#kuadrant-rate-limiting)
+- [Documentation](#documentation)
+- [Contributing](#contributing)
+- [Licensing](#licensing)
 
 <!--te-->
 
@@ -144,15 +146,15 @@ EOF
 
 * Deploy the service/API to be protected ("Upstream")
 * Expose the service/API using the kubernetes Gateway API, ie
-  [HTTPRoute](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1beta1.HTTPRoute) object.
+  [HTTPRoute](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRoute) object.
 * Write and apply the Kuadrant's [RateLimitPolicy](doc/rate-limiting.md) and/or
   [AuthPolicy](doc/auth.md) custom resources targeting the HTTPRoute resource
   to have your API protected.
 
 #### If you are a *Cluster Operator*
 
 * (Optionally) deploy istio ingress gateway using the
-  [Gateway](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1beta1.Gateway) resource.
+  [Gateway](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Gateway) resource.
 * Write and apply the Kuadrant's [RateLimitPolicy](doc/rate-limiting.md) and/or
   [AuthPolicy](doc/auth.md) custom resources targeting the Gateway resource
   to have your gateway traffic protected.

api/v1beta2/authpolicy_types.go

@@ -7,8 +7,8 @@
 	"github.com/google/go-cmp/cmp"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 	gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
-	gatewayapiv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1"
 
 	authorinoapi "github.com/kuadrant/authorino/api/v1beta2"
 	"github.com/kuadrant/kuadrant-operator/pkg/common"
@@ -18,16 +18,19 @@
 	// Authentication configs.
 	// At least one config MUST evaluate to a valid identity object for the auth request to be successful.
 	// +optional
+	// +kubebuilder:validation:MaxProperties=14
 	Authentication map[string]AuthenticationSpec `json:"authentication,omitempty"`
 
 	// Metadata sources.
 	// Authorino fetches auth metadata as JSON from sources specified in this config.
 	// +optional
+	// +kubebuilder:validation:MaxProperties=14
 	Metadata map[string]MetadataSpec `json:"metadata,omitempty"`
 
 	// Authorization policies.
 	// All policies MUST evaluate to "allowed = true" for the auth request be successful.
 	// +optional
+	// +kubebuilder:validation:MaxProperties=14
 	Authorization map[string]AuthorizationSpec `json:"authorization,omitempty"`
 
 	// Response items.
@@ -38,6 +41,7 @@
 	// Callback functions.
 	// Authorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config.
 	// +optional
+	// +kubebuilder:validation:MaxProperties=14
 	Callbacks map[string]CallbackSpec `json:"callbacks,omitempty"`
 }
 
@@ -47,6 +51,7 @@
 	// At least one selected HTTPRoute rule must match to trigger the auth rule.
 	// If no route selectors are specified, the auth rule will be evaluated at all requests to the protected routes.
 	// +optional
+	// +kubebuilder:validation:MaxItems=15
 	RouteSelectors []RouteSelector `json:"routeSelectors,omitempty"`
 }
 
@@ -93,11 +98,13 @@
 type WrappedSuccessResponseSpec struct {
 	// Custom success response items wrapped as HTTP headers.
 	// For integration of Authorino via proxy, the proxy must use these settings to inject data in the request.
+	// +kubebuilder:validation:MaxProperties=14
 	Headers map[string]HeaderSuccessResponseSpec `json:"headers,omitempty"`
 
 	// Custom success response items wrapped as HTTP headers.
 	// For integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata.
 	// See https://www.envoyproxy.io/docs/envoy/latest/configuration/advanced/well_known_dynamic_metadata
+	// +kubebuilder:validation:MaxProperties=14
 	DynamicMetadata map[string]SuccessResponseSpec `json:"dynamicMetadata,omitempty"`
 }
 
@@ -133,6 +140,7 @@
 	// At least one selected HTTPRoute rule must match to trigger the AuthPolicy.
 	// If no route selectors are specified, the AuthPolicy will be enforced at all requests to the protected routes.
 	// +optional
+	// +kubebuilder:validation:MaxItems=15
 	RouteSelectors []RouteSelector `json:"routeSelectors,omitempty"`
 
 	// Named sets of patterns that can be referred in `when` conditions and in pattern-matching authorization policy rules.
@@ -266,8 +274,8 @@
 	return ap.Spec.TargetRef
 }
 
-func (ap *AuthPolicy) GetWrappedNamespace() gatewayapiv1beta1.Namespace {
-	return gatewayapiv1beta1.Namespace(ap.Namespace)
+func (ap *AuthPolicy) GetWrappedNamespace() gatewayapiv1.Namespace {
+	return gatewayapiv1.Namespace(ap.Namespace)
 }
 
 // GetRulesHostnames returns all hostnames referenced in the route selectors of the policy.

api/v1beta2/authpolicy_types_test.go

@@ -8,8 +8,8 @@ import (
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/utils/ptr"
+	gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 	gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
-	gatewayapiv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1"
 
 	authorinoapi "github.com/kuadrant/authorino/api/v1beta2"
 	"github.com/kuadrant/kuadrant-operator/pkg/common"
@@ -68,7 +68,7 @@ func TestAuthPolicyTargetKey(t *testing.T) {
 	}
 
 	// targetRef with namespace
-	policy.Spec.TargetRef.Namespace = ptr.To(gatewayapiv1beta1.Namespace("route-namespace"))
+	policy.Spec.TargetRef.Namespace = ptr.To(gatewayapiv1.Namespace("route-namespace"))
 	expected = "route-namespace/my-route"
 	if result := policy.TargetKey().String(); result != expected {
 		t.Errorf("Expected target key %s, got %s", expected, result)
@@ -113,7 +113,7 @@ func TestAuthPolicyGetRulesHostnames(t *testing.T) {
 	}
 	policy.Spec.RouteSelectors = []RouteSelector{
 		{
-			Hostnames: []gatewayapiv1beta1.Hostname{"*.kuadrant.io", "toystore.kuadrant.io"},
+			Hostnames: []gatewayapiv1.Hostname{"*.kuadrant.io", "toystore.kuadrant.io"},
 		},
 	}
 	// 1 top-level route selectors with 2 hostnames
@@ -190,7 +190,7 @@ func TestAuthPolicyGetRulesHostnames(t *testing.T) {
 						CommonAuthRuleSpec: CommonAuthRuleSpec{
 							RouteSelectors: []RouteSelector{
 								{
-									Hostnames: []gatewayapiv1beta1.Hostname{"*.kuadrant.io", "toystore.kuadrant.io"},
+									Hostnames: []gatewayapiv1.Hostname{"*.kuadrant.io", "toystore.kuadrant.io"},
 								},
 							},
 						},
@@ -202,7 +202,7 @@ func TestAuthPolicyGetRulesHostnames(t *testing.T) {
 					CommonAuthRuleSpec: CommonAuthRuleSpec{
 						RouteSelectors: []RouteSelector{
 							{
-								Hostnames: []gatewayapiv1beta1.Hostname{"*.kuadrant.io"},
+								Hostnames: []gatewayapiv1.Hostname{"*.kuadrant.io"},
 							},
 						},
 					},
@@ -330,10 +330,10 @@ func TestAuthPolicyValidate(t *testing.T) {
 					},
 					RouteSelectors: []RouteSelector{
 						{
-							Hostnames: []gatewayapiv1beta1.Hostname{"*.foo.io"},
-							Matches: []gatewayapiv1beta1.HTTPRouteMatch{
+							Hostnames: []gatewayapiv1.Hostname{"*.foo.io"},
+							Matches: []gatewayapiv1.HTTPRouteMatch{
 								{
-									Path: &gatewayapiv1beta1.HTTPPathMatch{
+									Path: &gatewayapiv1.HTTPPathMatch{
 										Value: ptr.To("/foo"),
 									},
 								},
@@ -368,10 +368,10 @@ func TestAuthPolicyValidate(t *testing.T) {
 								CommonAuthRuleSpec: CommonAuthRuleSpec{
 									RouteSelectors: []RouteSelector{
 										{
-											Hostnames: []gatewayapiv1beta1.Hostname{"*.foo.io"},
-											Matches: []gatewayapiv1beta1.HTTPRouteMatch{
+											Hostnames: []gatewayapiv1.Hostname{"*.foo.io"},
+											Matches: []gatewayapiv1.HTTPRouteMatch{
 												{
-													Path: &gatewayapiv1beta1.HTTPPathMatch{
+													Path: &gatewayapiv1.HTTPPathMatch{
 														Value: ptr.To("/foo"),
 													},
 												},
@@ -398,7 +398,7 @@ func TestAuthPolicyValidate(t *testing.T) {
 						Group:     "gateway.networking.k8s.io",
 						Kind:      "HTTPRoute",
 						Name:      "my-route",
-						Namespace: ptr.To(gatewayapiv1beta1.Namespace("other-namespace")),
+						Namespace: ptr.To(gatewayapiv1.Namespace("other-namespace")),
 					},
 					AuthScheme: AuthSchemeSpec{
 						Authentication: map[string]AuthenticationSpec{
@@ -411,10 +411,10 @@ func TestAuthPolicyValidate(t *testing.T) {
 								CommonAuthRuleSpec: CommonAuthRuleSpec{
 									RouteSelectors: []RouteSelector{
 										{
-											Hostnames: []gatewayapiv1beta1.Hostname{"*.foo.io"},
-											Matches: []gatewayapiv1beta1.HTTPRouteMatch{
+											Hostnames: []gatewayapiv1.Hostname{"*.foo.io"},
+											Matches: []gatewayapiv1.HTTPRouteMatch{
 												{
-													Path: &gatewayapiv1beta1.HTTPPathMatch{
+													Path: &gatewayapiv1.HTTPPathMatch{
 														Value: ptr.To("/foo"),
 													},
 												},
@@ -445,10 +445,10 @@ func TestAuthPolicyValidate(t *testing.T) {
 
 func testBuildRouteSelector() RouteSelector {
 	return RouteSelector{
-		Hostnames: []gatewayapiv1beta1.Hostname{"toystore.kuadrant.io"},
-		Matches: []gatewayapiv1beta1.HTTPRouteMatch{
+		Hostnames: []gatewayapiv1.Hostname{"toystore.kuadrant.io"},
+		Matches: []gatewayapiv1.HTTPRouteMatch{
 			{
-				Path: &gatewayapiv1beta1.HTTPPathMatch{
+				Path: &gatewayapiv1.HTTPPathMatch{
 					Value: ptr.To("/toy"),
 				},
 			},