From 89ee946cbbe63dc49cf57578072696df603d0cd0 Mon Sep 17 00:00:00 2001 From: Choo Date: Thu, 12 Dec 2024 14:35:51 -0500 Subject: [PATCH] updating test-cel Signed-off-by: Choo --- api/v1alpha1/api.go | 7 +- api/v1alpha1/zz_generated.deepcopy.go | 40 +- ...way.envoyproxy.io_llmproviderpolicies.yaml | 350 +++++++++--------- tests/cel-validation/main_test.go | 2 +- .../testdata/llmproviderpolicy/basic.yaml | 3 +- .../llmproviderpolicy/unknown_provider.yaml | 3 +- 6 files changed, 214 insertions(+), 191 deletions(-) diff --git a/api/v1alpha1/api.go b/api/v1alpha1/api.go index d67f0ad23..bf296b81e 100644 --- a/api/v1alpha1/api.go +++ b/api/v1alpha1/api.go @@ -155,11 +155,14 @@ const ( // +kubebuilder:object:root=true // LLMProviderPolicy specifies the provider specific configuration. -// -// This is a provider specific-configuration, e.g.AWS Bedrock, Azure etc. type LLMProviderPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` + Spec LLMProviderPolicySpec `json:"spec,omitempty"` +} + +// LLMProviderPolicySpec specifies a provider (e.g.AWS Bedrock, Azure etc.) specific-configuration like auth +type LLMProviderPolicySpec struct { // BackendRefs lists the LLMBackends that this provider policy will apply // The namespace is "local", i.e. the same namespace as the LLMRoute. // diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 178315246..d7eb36f02 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -137,18 +137,7 @@ func (in *LLMProviderPolicy) DeepCopyInto(out *LLMProviderPolicy) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.BackendRefs != nil { - in, out := &in.BackendRefs, &out.BackendRefs - *out = make([]apiv1alpha1.BackendRef, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.APIKey != nil { - in, out := &in.APIKey, &out.APIKey - *out = new(LLMProviderAPIKey) - (*in).DeepCopyInto(*out) - } + in.Spec.DeepCopyInto(&out.Spec) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LLMProviderPolicy. @@ -201,6 +190,33 @@ func (in *LLMProviderPolicyList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LLMProviderPolicySpec) DeepCopyInto(out *LLMProviderPolicySpec) { + *out = *in + if in.BackendRefs != nil { + in, out := &in.BackendRefs, &out.BackendRefs + *out = make([]apiv1alpha1.BackendRef, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.APIKey != nil { + in, out := &in.APIKey, &out.APIKey + *out = new(LLMProviderAPIKey) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LLMProviderPolicySpec. +func (in *LLMProviderPolicySpec) DeepCopy() *LLMProviderPolicySpec { + if in == nil { + return nil + } + out := new(LLMProviderPolicySpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LLMRoute) DeepCopyInto(out *LLMRoute) { *out = *in diff --git a/manifests/charts/ai-gateway-helm/crds/aigateway.envoyproxy.io_llmproviderpolicies.yaml b/manifests/charts/ai-gateway-helm/crds/aigateway.envoyproxy.io_llmproviderpolicies.yaml index fb2a3d2bd..61b225a34 100644 --- a/manifests/charts/ai-gateway-helm/crds/aigateway.envoyproxy.io_llmproviderpolicies.yaml +++ b/manifests/charts/ai-gateway-helm/crds/aigateway.envoyproxy.io_llmproviderpolicies.yaml @@ -17,18 +17,181 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: |- - LLMProviderPolicy specifies the provider specific configuration. - - This is a provider specific-configuration, e.g.AWS Bedrock, Azure etc. + description: LLMProviderPolicy specifies the provider specific configuration. properties: - apiKey: - description: APIKey specific configuration. The API key will be injected - into the Authorization header. + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: LLMProviderPolicySpec specifies a provider (e.g.AWS Bedrock, + Azure etc.) specific-configuration like auth properties: + apiKey: + description: APIKey specific configuration. The API key will be injected + into the Authorization header. + properties: + backendRefs: + description: BackendRefs lists the LLMBackends that this API Key + will apply + items: + description: BackendRef defines how an ObjectReference that + is specific to BackendRef. + properties: + fallback: + description: |- + Fallback indicates whether the backend is designated as a fallback. + Multiple fallback backends can be configured. + It is highly recommended to configure active or passive health checks to ensure that failover can be detected + when the active backends become unhealthy and to automatically readjust once the primary backends are healthy again. + The overprovisioning factor is set to 1.4, meaning the fallback backends will only start receiving traffic when + the health of the active backends falls below 72%. + type: boolean + group: + default: "" + description: |- + Group is the group of the referent. For example, "gateway.networking.k8s.io". + When unspecified or empty string, core API group is inferred. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Service + description: |- + Kind is the Kubernetes resource kind of the referent. For example + "Service". + + Defaults to "Service" when not specified. + + ExternalName services can refer to CNAME DNS records that may live + outside of the cluster and as such are difficult to reason about in + terms of conformance. They also may not be safe to forward to (see + CVE-2021-25740 for more information). Implementations SHOULD NOT + support ExternalName Services. + + Support: Core (Services with a type other than ExternalName) + + Support: Implementation-specific (Services with type ExternalName) + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: |- + Namespace is the namespace of the backend. When unspecified, the local + namespace is inferred. + + Note that when a namespace different than the local namespace is specified, + a ReferenceGrant object is required in the referent namespace to allow that + namespace's owner to accept the reference. See the ReferenceGrant + documentation for details. + + Support: Core + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: |- + Port specifies the destination port number to use for this resource. + Port is required when the referent is a Kubernetes Service. In this + case, the port number is the service port number, not the target port. + For other resources, destination port might be derived from the referent + resource or this field. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - name + type: object + x-kubernetes-validations: + - message: Must have port for Service reference + rule: '(size(self.group) == 0 && self.kind == ''Service'') + ? has(self.port) : true' + type: array + inline: + description: Inline specifies the inline API key. + type: string + secretRef: + description: |- + SecretRef is the reference to the secret containing the API key. + ai-gateway must be given the permission to read this secret. + The key of the secret should be "apiKey". + properties: + group: + default: "" + description: |- + Group is the group of the referent. For example, "gateway.networking.k8s.io". + When unspecified or empty string, core API group is inferred. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Secret + description: Kind is kind of the referent. For example "Secret". + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: |- + Namespace is the namespace of the referenced object. When unspecified, the local + namespace is inferred. + + Note that when a namespace different than the local namespace is specified, + a ReferenceGrant object is required in the referent namespace to allow that + namespace's owner to accept the reference. See the ReferenceGrant + documentation for details. + + Support: Core + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + type: + default: SecretRef + description: |- + Type specifies the type of the API key. Currently, "SecretRef" and "Inline" are supported. + This defaults to "SecretRef". + enum: + - SecretRef + - Inline + type: string + required: + - backendRefs + - type + type: object backendRefs: - description: BackendRefs lists the LLMBackends that this API Key will - apply + description: |- + BackendRefs lists the LLMBackends that this provider policy will apply + The namespace is "local", i.e. the same namespace as the LLMRoute. items: description: BackendRef defines how an ObjectReference that is specific to BackendRef. @@ -110,177 +273,16 @@ spec: rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' type: array - inline: - description: Inline specifies the inline API key. - type: string - secretRef: - description: |- - SecretRef is the reference to the secret containing the API key. - ai-gateway must be given the permission to read this secret. - The key of the secret should be "apiKey". - properties: - group: - default: "" - description: |- - Group is the group of the referent. For example, "gateway.networking.k8s.io". - When unspecified or empty string, core API group is inferred. - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Secret - description: Kind is kind of the referent. For example "Secret". - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: Name is the name of the referent. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: |- - Namespace is the namespace of the referenced object. When unspecified, the local - namespace is inferred. - - Note that when a namespace different than the local namespace is specified, - a ReferenceGrant object is required in the referent namespace to allow that - namespace's owner to accept the reference. See the ReferenceGrant - documentation for details. - - Support: Core - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object type: - default: SecretRef - description: |- - Type specifies the type of the API key. Currently, "SecretRef" and "Inline" are supported. - This defaults to "SecretRef". + description: Type specifies the type of the provider. Currently, only + "APIKey" and "AWSBedrock" are supported. enum: - - SecretRef - - Inline + - APIKey + - AWSBedrock type: string required: - - backendRefs - type type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - backendRefs: - description: |- - BackendRefs lists the LLMBackends that this provider policy will apply - The namespace is "local", i.e. the same namespace as the LLMRoute. - items: - description: BackendRef defines how an ObjectReference that is specific - to BackendRef. - properties: - fallback: - description: |- - Fallback indicates whether the backend is designated as a fallback. - Multiple fallback backends can be configured. - It is highly recommended to configure active or passive health checks to ensure that failover can be detected - when the active backends become unhealthy and to automatically readjust once the primary backends are healthy again. - The overprovisioning factor is set to 1.4, meaning the fallback backends will only start receiving traffic when - the health of the active backends falls below 72%. - type: boolean - group: - default: "" - description: |- - Group is the group of the referent. For example, "gateway.networking.k8s.io". - When unspecified or empty string, core API group is inferred. - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Service - description: |- - Kind is the Kubernetes resource kind of the referent. For example - "Service". - - Defaults to "Service" when not specified. - - ExternalName services can refer to CNAME DNS records that may live - outside of the cluster and as such are difficult to reason about in - terms of conformance. They also may not be safe to forward to (see - CVE-2021-25740 for more information). Implementations SHOULD NOT - support ExternalName Services. - - Support: Core (Services with a type other than ExternalName) - - Support: Implementation-specific (Services with type ExternalName) - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: Name is the name of the referent. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: |- - Namespace is the namespace of the backend. When unspecified, the local - namespace is inferred. - - Note that when a namespace different than the local namespace is specified, - a ReferenceGrant object is required in the referent namespace to allow that - namespace's owner to accept the reference. See the ReferenceGrant - documentation for details. - - Support: Core - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: |- - Port specifies the destination port number to use for this resource. - Port is required when the referent is a Kubernetes Service. In this - case, the port number is the service port number, not the target port. - For other resources, destination port might be derived from the referent - resource or this field. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - name - type: object - x-kubernetes-validations: - - message: Must have port for Service reference - rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) - : true' - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - type: - description: Type specifies the type of the provider. Currently, only - "APIKey" and "AWSBedrock" are supported. - enum: - - APIKey - - AWSBedrock - type: string - required: - - type type: object served: true storage: true diff --git a/tests/cel-validation/main_test.go b/tests/cel-validation/main_test.go index e133bf964..d0888ee8f 100644 --- a/tests/cel-validation/main_test.go +++ b/tests/cel-validation/main_test.go @@ -153,7 +153,7 @@ func TestLLMProviderPolicy(t *testing.T) { data, err := tests.ReadFile(path.Join("testdata/llmproviderpolicy", tc.name)) require.NoError(t, err) - llmRoute := &aigv1a1.LLMRoute{} + llmRoute := &aigv1a1.LLMProviderPolicy{} err = yaml.UnmarshalStrict(data, llmRoute) require.NoError(t, err) diff --git a/tests/cel-validation/testdata/llmproviderpolicy/basic.yaml b/tests/cel-validation/testdata/llmproviderpolicy/basic.yaml index 8c6a8fdc2..773e374fd 100644 --- a/tests/cel-validation/testdata/llmproviderpolicy/basic.yaml +++ b/tests/cel-validation/testdata/llmproviderpolicy/basic.yaml @@ -3,4 +3,5 @@ kind: LLMProviderPolicy metadata: name: dog-provider-policy namespace: default -type: AWSBedrock +spec: + type: AWSBedrock diff --git a/tests/cel-validation/testdata/llmproviderpolicy/unknown_provider.yaml b/tests/cel-validation/testdata/llmproviderpolicy/unknown_provider.yaml index 16e362a4f..2fc0bac31 100644 --- a/tests/cel-validation/testdata/llmproviderpolicy/unknown_provider.yaml +++ b/tests/cel-validation/testdata/llmproviderpolicy/unknown_provider.yaml @@ -3,4 +3,5 @@ kind: LLMProviderPolicy metadata: name: dog-provider-policy namespace: default -type: UnknownType +spec: + type: UnknownType