formancehq · flemzord · Sep 13, 2024 · Sep 13, 2024 · Sep 13, 2024
@@ -60,17 +60,13 @@ type GatewayStatus struct {
 	// Detected http apis. See [GatewayHTTPAPI](#gatewayhttpapi)
 	//+optional
 	SyncHTTPAPIs []string `json:"syncHTTPAPIs"`
-	// +kubebuilder:default:=false
-	// Indicates if a [Auth](#auth) module has been detected.
-	AuthEnabled bool `json:"authEnabled"`
 }
 
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
 //+kubebuilder:resource:scope=Cluster
 //+kubebuilder:printcolumn:name="Stack",type=string,JSONPath=".spec.stack",description="Stack"
 //+kubebuilder:printcolumn:name="HTTP APIs",type=string,JSONPath=".status.syncHTTPAPIs",description="Synchronized http apis"
-//+kubebuilder:printcolumn:name="Auth enabled",type=string,JSONPath=".status.authEnabled",description="Is authentication enabled"
 //+kubebuilder:printcolumn:name="Ready",type=string,JSONPath=".status.ready",description="Is ready"
 //+kubebuilder:printcolumn:name="Info",type=string,JSONPath=".status.info",description="Info"
 //+kubebuilder:metadata:labels=formance.com/kind=module

@@ -25,10 +25,6 @@ spec:
       jsonPath: .status.syncHTTPAPIs
       name: HTTP APIs
       type: string
-    - description: Is authentication enabled
-      jsonPath: .status.authEnabled
-      name: Auth enabled
-      type: string
     - description: Is ready
       jsonPath: .status.ready
       name: Ready
@@ -119,10 +115,6 @@ spec:
             type: object
           status:
             properties:
-              authEnabled:
-                default: false
-                description: Indicates if a [Auth](#auth) module has been detected.
-                type: boolean
               conditions:
                 items:
                   description: "Condition contains details for one aspect of the current
@@ -202,8 +194,6 @@ spec:
                 items:
                   type: string
                 type: array
-            required:
-            - authEnabled
             type: object
         type: object
     served: true

@@ -731,7 +731,6 @@ Gateway is the Schema for the gateways API
 | `ready` _boolean_ | Ready indicates if the resource is seen as completely reconciled |  |  |
 | `info` _string_ | Info can contain any additional like reconciliation errors |  |  |
 | `syncHTTPAPIs` _string array_ | Detected http apis. See [GatewayHTTPAPI](#gatewayhttpapi) |  |  |
-| `authEnabled` _boolean_ | Indicates if a [Auth](#auth) module has been detected. | false |  |
 
 
 #### Ledger

@@ -25,10 +25,6 @@ spec:
       jsonPath: .status.syncHTTPAPIs
       name: HTTP APIs
       type: string
-    - description: Is authentication enabled
-      jsonPath: .status.authEnabled
-      name: Auth enabled
-      type: string
     - description: Is ready
       jsonPath: .status.ready
       name: Ready
@@ -119,10 +115,6 @@ spec:
             type: object
           status:
             properties:
-              authEnabled:
-                default: false
-                description: Indicates if a [Auth](#auth) module has been detected.
-                type: boolean
               conditions:
                 items:
                   description: "Condition contains details for one aspect of the current
@@ -202,8 +194,6 @@ spec:
                 items:
                   type: string
                 type: array
-            required:
-            - authEnabled
             type: object
         type: object
     served: true

@@ -7,20 +7,6 @@
 	}
 }
 {{- $values := . }}
-{{- if .Auth }}
-(auth) {
-	auth {
-		issuer {{ .Auth.Issuer }}
-
-		read_key_set_max_retries 10
-
-		{{- if .Auth.EnableScopes }}
-		check_scopes yes
-		service {args[0]}
-		{{- end }}
-	}
-}
-{{- end }}
 {{- if .EnableAudit }}
 (audit) {
 	audit {
@@ -58,9 +44,6 @@
 	# those directives are evaluated matters. So the jwtauth directive must be
 	# ordered.
 	# c.f. https://caddyserver.com/docs/caddyfile/directives#directive-order
-	{{- if .Auth }}
-	order auth before basicauth
-	{{- end }}
 	order versions after metrics
 	{{- if .EnableAudit }}
 	order audit after encode
@@ -92,9 +75,6 @@
 		{{- end }}
 		uri strip_prefix /api/{{ $service.Name }}
         import cors
-        {{- if and (not $rule.Secured) $values.Auth }}
-        import auth {{ $service.Name }}
-        {{- end }}
 		reverse_proxy {{ $service.Name }}:8080 {
             header_up Host {upstream_hostport}
         }

@@ -1,16 +1,14 @@
 package gateways
 
 import (
-	"fmt"
-
 	"github.com/formancehq/operator/api/formance.com/v1beta1"
 	"github.com/formancehq/operator/internal/core"
 	"github.com/formancehq/operator/internal/resources/caddy"
 	"github.com/formancehq/stack/libs/go-libs/collectionutils"
 )
 
 func CreateCaddyfile(ctx core.Context, stack *v1beta1.Stack,
-	gateway *v1beta1.Gateway, httpAPIs []*v1beta1.GatewayHTTPAPI, auth *v1beta1.Auth, broker *v1beta1.Broker) (string, error) {
+	gateway *v1beta1.Gateway, httpAPIs []*v1beta1.GatewayHTTPAPI, broker *v1beta1.Broker) (string, error) {
 
 	data := map[string]any{
 		"Services": collectionutils.Map(httpAPIs, func(from *v1beta1.GatewayHTTPAPI) v1beta1.GatewayHTTPAPISpec {
@@ -23,12 +21,6 @@ func CreateCaddyfile(ctx core.Context, stack *v1beta1.Stack,
 			"Version": gateway.Spec.Version,
 		},
 	}
-	if auth != nil {
-		data["Auth"] = map[string]any{
-			"Issuer":       fmt.Sprintf("%s/api/auth", URL(gateway)),
-			"EnableScopes": auth.Spec.EnableScopes,
-		}
-	}
 
 	// TODO(gfyrag): Check if search is enabled
 	if stack.Spec.EnableAudit && broker != nil {

@@ -8,9 +8,9 @@ import (
 )
 
 func createConfigMap(ctx core.Context, stack *v1beta1.Stack,
-	gateway *v1beta1.Gateway, httpAPIs []*v1beta1.GatewayHTTPAPI, auth *v1beta1.Auth, broker *v1beta1.Broker) (*v1.ConfigMap, error) {
+	gateway *v1beta1.Gateway, httpAPIs []*v1beta1.GatewayHTTPAPI, broker *v1beta1.Broker) (*v1.ConfigMap, error) {
 
-	caddyfile, err := CreateCaddyfile(ctx, stack, gateway, httpAPIs, auth, broker)
+	caddyfile, err := CreateCaddyfile(ctx, stack, gateway, httpAPIs, broker)
 	if err != nil {
 		return nil, err
 	}

@@ -48,15 +48,6 @@ func Reconcile(ctx Context, stack *v1beta1.Stack, gateway *v1beta1.Gateway, vers
 		return httpAPIs[i].Spec.Name < httpAPIs[j].Spec.Name
 	})
 
-	auth := &v1beta1.Auth{}
-	ok, err := GetIfExists(ctx, stack.Name, auth)
-	if err != nil {
-		return err
-	}
-	if !ok {
-		auth = nil
-	}
-
 	var broker *v1beta1.Broker
 	if t, err := brokertopics.Find(ctx, stack, "gateway"); err != nil {
 		return err
@@ -69,7 +60,7 @@ func Reconcile(ctx Context, stack *v1beta1.Stack, gateway *v1beta1.Gateway, vers
 		}
 	}
 
-	configMap, err := createConfigMap(ctx, stack, gateway, httpAPIs, auth, broker)
+	configMap, err := createConfigMap(ctx, stack, gateway, httpAPIs, broker)
 	if err != nil {
 		return err
 	}
@@ -89,7 +80,6 @@ func Reconcile(ctx Context, stack *v1beta1.Stack, gateway *v1beta1.Gateway, vers
 	gateway.Status.SyncHTTPAPIs = Map(httpAPIs, func(from *v1beta1.GatewayHTTPAPI) string {
 		return from.Spec.Name
 	})
-	gateway.Status.AuthEnabled = auth != nil
 
 	return nil
 }

@@ -182,40 +182,6 @@ var _ = Describe("GatewayController", func() {
 					MatchGoldenFile("gateway-controller", "configmap-with-ledger-and-another-service.yaml"))
 			})
 		})
-		Context("Then creating a Auth object", func() {
-			var (
-				databaseSettings *v1beta1.Settings
-				auth             *v1beta1.Auth
-			)
-			BeforeEach(func() {
-				auth = &v1beta1.Auth{
-					ObjectMeta: RandObjectMeta(),
-					Spec: v1beta1.AuthSpec{
-						StackDependency: v1beta1.StackDependency{
-							Stack: stack.Name,
-						},
-					},
-				}
-				databaseSettings = settings.New(uuid.NewString(), "postgres.*.uri", "postgresql://localhost", stack.Name)
-
-				Expect(Create(databaseSettings)).To(Succeed())
-				Expect(Create(auth)).To(Succeed())
-			})
-			AfterEach(func() {
-				Expect(Delete(auth)).To(Succeed())
-				Expect(Delete(databaseSettings)).To(Succeed())
-			})
-			It("Should redeploy the gateway with auth configuration", func() {
-				Eventually(func(g Gomega) []string {
-					g.Expect(LoadResource("", gateway.Name, gateway))
-					return gateway.Status.SyncHTTPAPIs
-				}).Should(ContainElements("ledger", "auth"))
-				cm := &corev1.ConfigMap{}
-				Expect(LoadResource(stack.Name, "gateway", cm)).To(Succeed())
-				Expect(cm.Data["Caddyfile"]).To(
-					MatchGoldenFile("gateway-controller", "configmap-with-ledger-and-auth.yaml"))
-			})
-		})
 		Context("With audit enabled", func() {
 			var (
 				brokerNatsDSNSettings *v1beta1.Settings

@@ -11,15 +11,14 @@ require (
 	github.com/ThreeDotsLabs/watermill-nats/v2 v2.0.2
 	github.com/caddyserver/caddy/v2 v2.7.5
 	github.com/golang-jwt/jwt/v5 v5.2.1
-	github.com/hashicorp/go-retryablehttp v0.7.7
 	github.com/nats-io/nats.go v1.37.0
 	github.com/xdg-go/scram v1.1.2
-	github.com/zitadel/oidc/v2 v2.12.0
 	go.uber.org/zap v1.27.0
 	golang.org/x/sync v0.8.0
 )
 
 require (
+	cloud.google.com/go/compute/metadata v0.3.0 // indirect
 	cloud.google.com/go/kms v1.15.7 // indirect
 	github.com/ThreeDotsLabs/watermill-http/v2 v2.3.0 // indirect
 	github.com/ajg/form v1.5.1 // indirect
@@ -51,11 +50,7 @@ require (
 	github.com/google/go-tpm v0.9.0 // indirect
 	github.com/google/go-tspi v0.3.0 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.3 // indirect
-	github.com/gorilla/mux v1.8.0 // indirect
-	github.com/gorilla/schema v1.2.0 // indirect
-	github.com/gorilla/securecookie v1.1.1 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
-	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/jcmturner/aescts/v2 v2.0.0 // indirect
@@ -67,14 +62,11 @@ require (
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/lithammer/shortuuid/v3 v3.0.7 // indirect
 	github.com/mastercactapus/proxyprotocol v0.0.4 // indirect
-	github.com/muhlemmer/gu v0.3.1 // indirect
-	github.com/muhlemmer/httpforwarded v0.1.0 // indirect
 	github.com/nats-io/nkeys v0.4.7 // indirect
 	github.com/nats-io/nuid v1.0.1 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/pierrec/lz4/v4 v4.1.21 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
-	github.com/rs/cors v1.10.1 // indirect
 	github.com/smallstep/go-attestation v0.4.4-0.20230627102604-cf579e53cbd2 // indirect
 	github.com/tmthrgd/go-hex v0.0.0-20190904060850-447a3041c3bc // indirect
 	github.com/uptrace/bun v1.2.1 // indirect
@@ -95,7 +87,6 @@ require (
 	go.uber.org/dig v1.18.0 // indirect
 	go.uber.org/fx v1.22.2 // indirect
 	go.uber.org/mock v0.4.0 // indirect
-	golang.org/x/oauth2 v0.20.0 // indirect
 	google.golang.org/api v0.171.0 // indirect
 	google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect