envoyproxy · mathetake · Jan 8, 2025 · Dec 12, 2024 · Dec 12, 2024 · Dec 10, 2024
@@ -106,6 +106,12 @@ type LLMBackendSpec struct {
 	//
 	// +kubebuilder:validation:Required
 	BackendRef egv1a1.BackendRef `json:"backendRef"`
+
+	// SecurityPolicyName list the LLMSecurityPolicy that this backend will depend on.
+	//
+	// A SecurityPolicy specifies authentication, JWT, and API Key.
+	//
+	SecurityPolicyName *string `json:"securityPolicyName,omitempty"`
 }
 
 // LLMAPISchema defines the API schema of either LLMRoute (the input) or LLMBackend (the output).
@@ -144,3 +150,65 @@ const (
 	// This can be used to describe the routing behavior in HTTPRoute referenced by LLMRoute.
 	LLMModelHeaderKey = "x-envoy-ai-gateway-llm-model"
 )
+
+// LLMProviderType specifies the type of the LLMSecurityPolicy.
+type LLMProviderType string
+
+const (
+	LLMProviderTypeAPIKey LLMProviderType = "APIKey"
+)
+
+// +kubebuilder:object:root=true
+
+// LLMSecurityPolicy specifies the provider specific configuration like authorization, JWT, and API Key.
+type LLMSecurityPolicy struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec              LLMSecurityPolicySpec `json:"spec,omitempty"`
+}
+
+// LLMSecurityPolicySpec specifies a provider (e.g.AWS Bedrock, Azure etc.) specific-configuration like auth
+type LLMSecurityPolicySpec struct {
+	// Type specifies the type of the provider. Currently, only "APIKey" and "AWSBedrock" are supported.
+	//
+	// +kubebuilder:validation:Enum=APIKey;AWSBedrock
+	Type LLMProviderType `json:"type"`
+
+	// APIKey specific configuration. The API key will be injected into the Authorization header.
+	// +optional
+	APIKey *LLMProviderAPIKey `json:"apiKey,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// LLMSecurityPolicyList contains a list of LLMSecurityPolicy
+type LLMSecurityPolicyList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []LLMSecurityPolicy `json:"items"`
+}
+
+// LLMProviderAPIKey specifies the API key.
+type LLMProviderAPIKey struct {
+	// Type specifies the type of the API key. Currently, "SecretRef" and "Inline" are supported.
+	// This defaults to "SecretRef".
+	//
+	// +kubebuilder:validation:Enum=SecretRef;Inline
+	// +kubebuilder:default=SecretRef
+	Type LLMProviderAPIKeyType `json:"type"`
+
+	// SecretRef is the reference to the secret containing the API key.
+	// ai-gateway must be given the permission to read this secret.
+	// The key of the secret should be "apiKey".
+	//
+	// +optional
+	SecretRef *gwapiv1.SecretObjectReference `json:"secretRef"`
+
+	// Inline specifies the inline API key.
+	//
+	// +optional
+	Inline *string `json:"inline,omitempty"`
+}
+
+// LLMProviderAPIKeyType specifies the type of LLMProviderAPIKey.
+type LLMProviderAPIKeyType string
@@ -8,6 +8,7 @@ import (
 func init() {
 	SchemeBuilder.Register(&LLMRoute{}, &LLMRouteList{})
 	SchemeBuilder.Register(&LLMBackend{}, &LLMBackendList{})
+	SchemeBuilder.Register(&LLMSecurityPolicy{}, &LLMSecurityPolicyList{})
 }
 
 const GroupName = "aigateway.envoyproxy.io"

@@ -152,6 +152,12 @@ spec:
                 required:
                 - schema
                 type: object
+              securityPolicyName:
+                description: |-
+                  SecurityPolicyName list the LLMSecurityPolicy that this backend will depend on.
+
+                  A SecurityPolicy specifies authentication, JWT, and API Key.
+                type: string
             required:
             - backendRef
             - outputSchema

diff --git a/manifests/charts/ai-gateway-helm/crds/aigateway.envoyproxy.io_llmsecuritypolicies.yaml b/manifests/charts/ai-gateway-helm/crds/aigateway.envoyproxy.io_llmsecuritypolicies.yaml
@@ -0,0 +1,119 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.16.2
+  name: llmsecuritypolicies.aigateway.envoyproxy.io
+spec:
+  group: aigateway.envoyproxy.io
+  names:
+    kind: LLMSecurityPolicy
+    listKind: LLMSecurityPolicyList
+    plural: llmsecuritypolicies
+    singular: llmsecuritypolicy
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: LLMSecurityPolicy specifies the provider specific configuration
+          like authorization, JWT, and API Key.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: LLMSecurityPolicySpec specifies a provider (e.g.AWS Bedrock,
+              Azure etc.) specific-configuration like auth
+            properties:
+              apiKey:
+                description: APIKey specific configuration. The API key will be injected
+                  into the Authorization header.
+                properties:
+                  inline:
+                    description: Inline specifies the inline API key.
+                    type: string
+                  secretRef:
+                    description: |-
+                      SecretRef is the reference to the secret containing the API key.
+                      ai-gateway must be given the permission to read this secret.
+                      The key of the secret should be "apiKey".
+                    properties:
+                      group:
+                        default: ""
+                        description: |-
+                          Group is the group of the referent. For example, "gateway.networking.k8s.io".
+                          When unspecified or empty string, core API group is inferred.
+                        maxLength: 253
+                        pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                        type: string
+                      kind:
+                        default: Secret
+                        description: Kind is kind of the referent. For example "Secret".
+                        maxLength: 63
+                        minLength: 1
+                        pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+                        type: string
+                      name:
+                        description: Name is the name of the referent.
+                        maxLength: 253
+                        minLength: 1
+                        type: string
+                      namespace:
+                        description: |-
+                          Namespace is the namespace of the referenced object. When unspecified, the local
+                          namespace is inferred.
+
+                          Note that when a namespace different than the local namespace is specified,
+                          a ReferenceGrant object is required in the referent namespace to allow that
+                          namespace's owner to accept the reference. See the ReferenceGrant
+                          documentation for details.
+
+                          Support: Core
+                        maxLength: 63
+                        minLength: 1
+                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  type:
+                    default: SecretRef
+                    description: |-
+                      Type specifies the type of the API key. Currently, "SecretRef" and "Inline" are supported.
+                      This defaults to "SecretRef".
+                    enum:
+                    - SecretRef
+                    - Inline
+                    type: string
+                required:
+                - type
+                type: object
+              type:
+                description: Type specifies the type of the provider. Currently, only
+                  "APIKey" and "AWSBedrock" are supported.
+                enum:
+                - APIKey
+                - AWSBedrock
+                type: string
+            required:
+            - type
+            type: object
+        type: object
+    served: true
+    storage: true
@@ -37,6 +37,7 @@ func runTest(m *testing.M) int {
 	for _, crd := range []string{
 		"aigateway.envoyproxy.io_llmroutes.yaml",
 		"aigateway.envoyproxy.io_llmbackends.yaml",
+		"aigateway.envoyproxy.io_llmsecuritypolicies.yaml",
 	} {
 		crds = append(crds, filepath.Join(base, crd))
 	}
@@ -134,3 +135,35 @@ func TestLLMBackends(t *testing.T) {
 		})
 	}
 }
+
+func TestLLMSecurityPolicies(t *testing.T) {
+	ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(30*time.Second))
+	defer cancel()
+
+	for _, tc := range []struct {
+		name   string
+		expErr string
+	}{
+		{name: "basic.yaml"},
+		{
+			name:   "unknown_provider.yaml",
+			expErr: "spec.type: Unsupported value: \"UnknownType\": supported values: \"APIKey\", \"AWSBedrock\"",
+		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			data, err := tests.ReadFile(path.Join("testdata/llmsecuritypolicies", tc.name))
+			require.NoError(t, err)
+
+			llmSecurityPolicy := &aigv1a1.LLMSecurityPolicy{}
+			err = yaml.UnmarshalStrict(data, llmSecurityPolicy)
+			require.NoError(t, err)
+
+			if tc.expErr != "" {
+				require.ErrorContains(t, c.Create(ctx, llmSecurityPolicy), tc.expErr)
+			} else {
+				require.NoError(t, c.Create(ctx, llmSecurityPolicy))
+				require.NoError(t, c.Delete(ctx, llmSecurityPolicy))
+			}
+		})
+	}
+}