Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Implementation of API Key Auth #125

Merged
merged 70 commits into from
Jan 21, 2025
Merged

feat: Implementation of API Key Auth #125

merged 70 commits into from
Jan 21, 2025

Conversation

aabchoo
Copy link
Contributor

@aabchoo aabchoo commented Jan 17, 2025

This PR implements APIKey Auth for backendSecurityPolicy. The api key stored in a secret will be mounted to the extproc's pod, and later extracted by the appropriate AuthHandler.

Moved extprocDeployment into the sink as we need to tinker with the deployment if backend/backendSecurityPolicy is updated.

Removed the envoy config yaml's field add_request_header and replaced it with new API Key Auth implementation. CI passes which means that API Key mounted to extproc + specified on backend auth works.

Will work on adding AWS Credential file after this.

aabchoo added 30 commits January 12, 2025 22:52
@aabchoo
llmroute to append secret file to extproc deployment for backend secu…
8dcdc3a 
…rity use

Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
Merge branch 'main' into aaron/apikey-auth
d7b4bed
@aabchoo
update auth in filter config for api key
6dc6415 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
add backendsecuritypolicy and move extproc deployment to sink
b1a5da4 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
mount secret file based on backend + backendsecuritypolicies
6fbdd05 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
add api key as header
2d21435 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
add calls to sync extproc deployment
55bd150 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
Merge remote-tracking branch 'origin/main' into aaron/apikey-auth
8fe3dd6 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
add back accidental change
9845736 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
update PR to use indexer func instead of internal cache
5456c70 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
Merge remote-tracking branch 'origin/main' into aaron/apikey-auth
15adf8a 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
mount secret file onto extproc deployment
f09e082 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
account for duplicates, already mounted files and files to unmount
082da92 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
add testing for backend security policy controller
40e38d6 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
remove extproc deployment tests
40ab582 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
update tests
f543c7b 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
create new sink
481647d 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
export config sink
0136281 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
fix tests
5ddd4ff 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
fix api key tests
2ee446c 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
add tests for mount backend security policy
4acddb2 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
add extproc deployment tests
8c65660 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
attempt to add api key as part of e2e test
fdffb47 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
Merge remote-tracking branch 'origin/main' into aaron/apikey-auth
4869fce 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
fixing up references
f789899 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
fixing up tests
9523364 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
update e2e tests
68e1d01 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
add perm to write file
c10d861 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
fix return typing
a8eb88d 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
update perm to allow read access
83e5910 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
aabchoo and others added 6 commits January 21, 2025 10:25
@aabchoo @mathetake
Update filterconfig/filterconfig.go
67ac960 
Co-authored-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
Merge remote-tracking branch 'origin/main' into aaron/auth-apikey
2fbc860 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
remove unused test
ba790b7 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
update router logger name
fa08f56 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
fixing tests
b5e9b08 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
fixing tests
e13393a 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo aabchoo changed the title Implementation of API Key Auth feat: Implementation of API Key Auth Jan 21, 2025
@aabchoo
fix code style
420f212 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
fixing testing
6ac681e 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
code style
078c92b 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
revert t use ai-eg-route-extproc
514169d 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
add kind
d122a62 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo
check if values are assigned internally
03d929b 
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo aabchoo requested review from yuzisun and mathetake January 21, 2025 20:08
mathetake
mathetake reviewed Jan 21, 2025
View reviewed changes
Copy link
Member

@mathetake mathetake left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor comments, but LGTM

aabchoo and others added 4 commits January 21, 2025 15:42
@aabchoo @mathetake
Update internal/controller/ai_service_backend_test.go
e08898d 
Co-authored-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo @mathetake
Update internal/controller/ai_service_backend_test.go
3f131ea 
Co-authored-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo @mathetake
Update internal/controller/sink.go
e2e95cb 
Co-authored-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
@aabchoo @mathetake
Update tests/extproc/extproc_test.go
1d151de 
Co-authored-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
Signed-off-by: Aaron Choo <achoo30@bloomberg.net>
mathetake
mathetake approved these changes Jan 21, 2025
View reviewed changes
Copy link
Member

@mathetake mathetake left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work!! Thank you for multiple iterations!

@mathetake mathetake enabled auto-merge (squash) January 21, 2025 20:48
@mathetake mathetake merged commit 7dc91db into main Jan 21, 2025
22 checks passed
@mathetake mathetake deleted the aaron/auth-apikey branch January 21, 2025 20:49
@mathetake mathetake mentioned this pull request Jan 23, 2025
Merged
mathetake added a commit that referenced this pull request Jan 23, 2025
@mathetake
extproc: load APIKey on load time (#169)
0d3eb36 
**Commit Message**:

Previously, the API was read on the request path,
which is left to be fixed and left as TODO in #125.
This fixes it and makes extproc load the APIKey
at the config load time.

**Related Issues/PRs (if applicable)**:

Follow up on #125 

---------

Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
@mathetake mathetake mentioned this pull request Jan 27, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mathetake mathetake mathetake approved these changes

@yuzisun yuzisun Awaiting requested review from yuzisun

Assignees

@mathetake mathetake

Labels
safe to test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aabchoo @mathetake @yuzisun