chore(operator): remove auth configuration from Caddyfile templates

Remove the auth configuration and related logic from the Caddyfile
templates and Go source files. This includes the deletion of the
auth block in the Caddyfile template, the removal of auth
parameters and related logic in the Go source files, and updates
to function signatures accordingly.

components/operator/api/formance.com/v1beta1/gateway_types.go

@@ -60,17 +60,13 @@ type GatewayStatus struct {
 	// Detected http apis. See [GatewayHTTPAPI](#gatewayhttpapi)
 	//+optional
 	SyncHTTPAPIs []string `json:"syncHTTPAPIs"`
-	// +kubebuilder:default:=false
-	// Indicates if a [Auth](#auth) module has been detected.
-	AuthEnabled bool `json:"authEnabled"`
 }
 
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
 //+kubebuilder:resource:scope=Cluster
 //+kubebuilder:printcolumn:name="Stack",type=string,JSONPath=".spec.stack",description="Stack"
 //+kubebuilder:printcolumn:name="HTTP APIs",type=string,JSONPath=".status.syncHTTPAPIs",description="Synchronized http apis"
-//+kubebuilder:printcolumn:name="Auth enabled",type=string,JSONPath=".status.authEnabled",description="Is authentication enabled"
 //+kubebuilder:printcolumn:name="Ready",type=string,JSONPath=".status.ready",description="Is ready"
 //+kubebuilder:printcolumn:name="Info",type=string,JSONPath=".status.info",description="Info"
 //+kubebuilder:metadata:labels=formance.com/kind=module

components/operator/config/crd/bases/formance.com_gateways.yaml

@@ -25,10 +25,6 @@ spec:
       jsonPath: .status.syncHTTPAPIs
       name: HTTP APIs
       type: string
-    - description: Is authentication enabled
-      jsonPath: .status.authEnabled
-      name: Auth enabled
-      type: string
     - description: Is ready
       jsonPath: .status.ready
       name: Ready
@@ -119,10 +115,6 @@ spec:
             type: object
           status:
             properties:
-              authEnabled:
-                default: false
-                description: Indicates if a [Auth](#auth) module has been detected.
-                type: boolean
               conditions:
                 items:
                   description: "Condition contains details for one aspect of the current
@@ -202,8 +194,6 @@ spec:
                 items:
                   type: string
                 type: array
-            required:
-            - authEnabled
             type: object
         type: object
     served: true

components/operator/docs/09-Configuration reference/02-Custom Resource Definitions.md

@@ -731,7 +731,6 @@ Gateway is the Schema for the gateways API
 | `ready` _boolean_ | Ready indicates if the resource is seen as completely reconciled |  |  |
 | `info` _string_ | Info can contain any additional like reconciliation errors |  |  |
 | `syncHTTPAPIs` _string array_ | Detected http apis. See [GatewayHTTPAPI](#gatewayhttpapi) |  |  |
-| `authEnabled` _boolean_ | Indicates if a [Auth](#auth) module has been detected. | false |  |
 
 
 #### Ledger

components/operator/helm/crds/templates/crds/apiextensions.k8s.io_v1_customresourcedefinition_gateways.formance.com.yaml

@@ -25,10 +25,6 @@ spec:
       jsonPath: .status.syncHTTPAPIs
       name: HTTP APIs
       type: string
-    - description: Is authentication enabled
-      jsonPath: .status.authEnabled
-      name: Auth enabled
-      type: string
     - description: Is ready
       jsonPath: .status.ready
       name: Ready
@@ -119,10 +115,6 @@ spec:
             type: object
           status:
             properties:
-              authEnabled:
-                default: false
-                description: Indicates if a [Auth](#auth) module has been detected.
-                type: boolean
               conditions:
                 items:
                   description: "Condition contains details for one aspect of the current
@@ -202,8 +194,6 @@ spec:
                 items:
                   type: string
                 type: array
-            required:
-            - authEnabled
             type: object
         type: object
     served: true

components/operator/internal/resources/gateways/Caddyfile.gotpl

@@ -7,20 +7,6 @@
 	}
 }
 {{- $values := . }}
-{{- if .Auth }}
-(auth) {
-	auth {
-		issuer {{ .Auth.Issuer }}
-
-		read_key_set_max_retries 10
-
-		{{- if .Auth.EnableScopes }}
-		check_scopes yes
-		service {args[0]}
-		{{- end }}
-	}
-}
-{{- end }}
 {{- if .EnableAudit }}
 (audit) {
 	audit {
@@ -58,9 +44,6 @@
 	# those directives are evaluated matters. So the jwtauth directive must be
 	# ordered.
 	# c.f. https://caddyserver.com/docs/caddyfile/directives#directive-order
-	{{- if .Auth }}
-	order auth before basicauth
-	{{- end }}
 	order versions after metrics
 	{{- if .EnableAudit }}
 	order audit after encode
@@ -92,9 +75,6 @@
 		{{- end }}
 		uri strip_prefix /api/{{ $service.Name }}
         import cors
-        {{- if and (not $rule.Secured) $values.Auth }}
-        import auth {{ $service.Name }}
-        {{- end }}
 		reverse_proxy {{ $service.Name }}:8080 {
             header_up Host {upstream_hostport}
         }

components/operator/internal/resources/gateways/caddyfile.go

@@ -1,16 +1,14 @@
 package gateways
 
 import (
-	"fmt"
-
 	"github.com/formancehq/operator/api/formance.com/v1beta1"
 	"github.com/formancehq/operator/internal/core"
 	"github.com/formancehq/operator/internal/resources/caddy"
 	"github.com/formancehq/stack/libs/go-libs/collectionutils"
 )
 
 func CreateCaddyfile(ctx core.Context, stack *v1beta1.Stack,
-	gateway *v1beta1.Gateway, httpAPIs []*v1beta1.GatewayHTTPAPI, auth *v1beta1.Auth, broker *v1beta1.Broker) (string, error) {
+	gateway *v1beta1.Gateway, httpAPIs []*v1beta1.GatewayHTTPAPI, broker *v1beta1.Broker) (string, error) {
 
 	data := map[string]any{
 		"Services": collectionutils.Map(httpAPIs, func(from *v1beta1.GatewayHTTPAPI) v1beta1.GatewayHTTPAPISpec {
@@ -23,12 +21,6 @@ func CreateCaddyfile(ctx core.Context, stack *v1beta1.Stack,
 			"Version": gateway.Spec.Version,
 		},
 	}
-	if auth != nil {
-		data["Auth"] = map[string]any{
-			"Issuer":       fmt.Sprintf("%s/api/auth", URL(gateway)),
-			"EnableScopes": auth.Spec.EnableScopes,
-		}
-	}
 
 	// TODO(gfyrag): Check if search is enabled
 	if stack.Spec.EnableAudit && broker != nil {

components/operator/internal/resources/gateways/configuration.go

@@ -8,9 +8,9 @@ import (
 )
 
 func createConfigMap(ctx core.Context, stack *v1beta1.Stack,
-	gateway *v1beta1.Gateway, httpAPIs []*v1beta1.GatewayHTTPAPI, auth *v1beta1.Auth, broker *v1beta1.Broker) (*v1.ConfigMap, error) {
+	gateway *v1beta1.Gateway, httpAPIs []*v1beta1.GatewayHTTPAPI, broker *v1beta1.Broker) (*v1.ConfigMap, error) {
 
-	caddyfile, err := CreateCaddyfile(ctx, stack, gateway, httpAPIs, auth, broker)
+	caddyfile, err := CreateCaddyfile(ctx, stack, gateway, httpAPIs, broker)
 	if err != nil {
 		return nil, err
 	}

components/operator/internal/resources/gateways/init.go

@@ -48,15 +48,6 @@ func Reconcile(ctx Context, stack *v1beta1.Stack, gateway *v1beta1.Gateway, vers
 		return httpAPIs[i].Spec.Name < httpAPIs[j].Spec.Name
 	})
 
-	auth := &v1beta1.Auth{}
-	ok, err := GetIfExists(ctx, stack.Name, auth)
-	if err != nil {
-		return err
-	}
-	if !ok {
-		auth = nil
-	}
-
 	var broker *v1beta1.Broker
 	if t, err := brokertopics.Find(ctx, stack, "gateway"); err != nil {
 		return err
@@ -69,7 +60,7 @@ func Reconcile(ctx Context, stack *v1beta1.Stack, gateway *v1beta1.Gateway, vers
 		}
 	}
 
-	configMap, err := createConfigMap(ctx, stack, gateway, httpAPIs, auth, broker)
+	configMap, err := createConfigMap(ctx, stack, gateway, httpAPIs, broker)
 	if err != nil {
 		return err
 	}
@@ -89,7 +80,6 @@ func Reconcile(ctx Context, stack *v1beta1.Stack, gateway *v1beta1.Gateway, vers
 	gateway.Status.SyncHTTPAPIs = Map(httpAPIs, func(from *v1beta1.GatewayHTTPAPI) string {
 		return from.Spec.Name
 	})
-	gateway.Status.AuthEnabled = auth != nil
 
 	return nil
 }

components/operator/internal/tests/gateway_controller_test.go

@@ -182,40 +182,6 @@ var _ = Describe("GatewayController", func() {
 					MatchGoldenFile("gateway-controller", "configmap-with-ledger-and-another-service.yaml"))
 			})
 		})
-		Context("Then creating a Auth object", func() {
-			var (
-				databaseSettings *v1beta1.Settings
-				auth             *v1beta1.Auth
-			)
-			BeforeEach(func() {
-				auth = &v1beta1.Auth{
-					ObjectMeta: RandObjectMeta(),
-					Spec: v1beta1.AuthSpec{
-						StackDependency: v1beta1.StackDependency{
-							Stack: stack.Name,
-						},
-					},
-				}
-				databaseSettings = settings.New(uuid.NewString(), "postgres.*.uri", "postgresql://localhost", stack.Name)
-
-				Expect(Create(databaseSettings)).To(Succeed())
-				Expect(Create(auth)).To(Succeed())
-			})
-			AfterEach(func() {
-				Expect(Delete(auth)).To(Succeed())
-				Expect(Delete(databaseSettings)).To(Succeed())
-			})
-			It("Should redeploy the gateway with auth configuration", func() {
-				Eventually(func(g Gomega) []string {
-					g.Expect(LoadResource("", gateway.Name, gateway))
-					return gateway.Status.SyncHTTPAPIs
-				}).Should(ContainElements("ledger", "auth"))
-				cm := &corev1.ConfigMap{}
-				Expect(LoadResource(stack.Name, "gateway", cm)).To(Succeed())
-				Expect(cm.Data["Caddyfile"]).To(
-					MatchGoldenFile("gateway-controller", "configmap-with-ledger-and-auth.yaml"))
-			})
-		})
 		Context("With audit enabled", func() {
 			var (
 				brokerNatsDSNSettings *v1beta1.Settings