feat: support ingress annotations (#352)

Co-authored-by: Ashing Zheng <[email protected]>
Co-authored-by: AlinsRan <[email protected]>

Author: ronething

api/adc/types.go

@@ -658,6 +658,15 @@ type ResponseRewriteConfig struct {
 	Filters      []map[string]string `json:"filters,omitempty" yaml:"filters,omitempty"`
 }
 
+type FaultInjectionConfig struct {
+	Abort *FaultInjectionAbortConfig `json:"abort,omitempty" yaml:"abort,omitempty"`
+}
+
+type FaultInjectionAbortConfig struct {
+	HTTPStatus int           `json:"http_status" yaml:"http_status"`
+	Vars       [][]expr.Expr `json:"vars,omitempty" yaml:"vars,omitempty"`
+}
+
 type ResponseHeaders struct {
 	Set    map[string]string `json:"set,omitempty" yaml:"set,omitempty"`
 	Add    []string          `json:"add,omitempty" yaml:"add,omitempty"`

internal/adc/translator/annotations.go

@@ -21,17 +21,40 @@ import (
 
 	"github.com/imdario/mergo"
 
+	adctypes "github.com/apache/apisix-ingress-controller/api/adc"
 	"github.com/apache/apisix-ingress-controller/internal/adc/translator/annotations"
+	"github.com/apache/apisix-ingress-controller/internal/adc/translator/annotations/pluginconfig"
+	"github.com/apache/apisix-ingress-controller/internal/adc/translator/annotations/plugins"
+	"github.com/apache/apisix-ingress-controller/internal/adc/translator/annotations/regex"
+	"github.com/apache/apisix-ingress-controller/internal/adc/translator/annotations/servicenamespace"
+	"github.com/apache/apisix-ingress-controller/internal/adc/translator/annotations/upstream"
+	"github.com/apache/apisix-ingress-controller/internal/adc/translator/annotations/websocket"
 )
 
 // Structure extracted by Ingress Resource
-type Ingress struct{}
+type IngressConfig struct {
+	Upstream         upstream.Upstream
+	Plugins          adctypes.Plugins
+	EnableWebsocket  bool
+	ServiceNamespace string
+	PluginConfigName string
+	UseRegex         bool
+}
 
-// parsers registered for ingress annotations
-var ingressAnnotationParsers = map[string]annotations.IngressAnnotationsParser{}
+var ingressAnnotationParsers = map[string]annotations.IngressAnnotationsParser{
+	"upstream":         upstream.NewParser(),
+	"plugins":          plugins.NewParser(),
+	"EnableWebsocket":  websocket.NewParser(),
+	"PluginConfigName": pluginconfig.NewParser(),
+	"ServiceNamespace": servicenamespace.NewParser(),
+	"UseRegex":         regex.NewParser(),
+}
 
-func (t *Translator) TranslateIngressAnnotations(anno map[string]string) *Ingress {
-	ing := &Ingress{}
+func (t *Translator) TranslateIngressAnnotations(anno map[string]string) *IngressConfig {
+	if len(anno) == 0 {
+		return nil
+	}
+	ing := &IngressConfig{}
 	if err := translateAnnotations(anno, ing); err != nil {
 		t.Log.Error(err, "failed to translate ingress annotations", "annotations", anno)
 	}

internal/adc/translator/annotations/pluginconfig/pluginconfig.go

@@ -0,0 +1,27 @@
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements.  See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License.  You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package pluginconfig
+
+import "github.com/apache/apisix-ingress-controller/internal/adc/translator/annotations"
+
+type pluginconfig struct{}
+
+func NewParser() annotations.IngressAnnotationsParser {
+	return &pluginconfig{}
+}
+
+func (w *pluginconfig) Parse(e annotations.Extractor) (any, error) {
+	return e.GetStringAnnotation(annotations.AnnotationsPluginConfigName), nil
+}

internal/adc/translator/annotations/plugins/authorization.go

@@ -0,0 +1,61 @@
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements.  See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License.  You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package plugins
+
+import (
+	adctypes "github.com/apache/apisix-ingress-controller/api/adc"
+	"github.com/apache/apisix-ingress-controller/internal/adc/translator/annotations"
+)
+
+type basicAuth struct{}
+
+// NewkeyBasicHandler creates a handler to convert
+// annotations about basicAuth control to APISIX basic-auth plugin.
+func NewBasicAuthHandler() PluginAnnotationsHandler {
+	return &basicAuth{}
+}
+
+func (b *basicAuth) PluginName() string {
+	return "basic-auth"
+}
+
+func (b *basicAuth) Handle(e annotations.Extractor) (any, error) {
+	if e.GetStringAnnotation(annotations.AnnotationsAuthType) != "basicAuth" {
+		return nil, nil
+	}
+	plugin := adctypes.BasicAuthConfig{}
+	return &plugin, nil
+}
+
+type keyAuth struct{}
+
+// NewkeyAuthHandler creates a handler to convert
+// annotations about keyAuth control to APISIX key-auth plugin.
+func NewKeyAuthHandler() PluginAnnotationsHandler {
+	return &keyAuth{}
+}
+
+func (k *keyAuth) PluginName() string {
+	return "key-auth"
+}
+
+func (k *keyAuth) Handle(e annotations.Extractor) (any, error) {
+	if e.GetStringAnnotation(annotations.AnnotationsAuthType) != "keyAuth" {
+		return nil, nil
+	}
+	plugin := adctypes.KeyAuthConfig{}
+	return &plugin, nil
+}

internal/adc/translator/annotations/plugins/cors.go

@@ -0,0 +1,45 @@
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements.  See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License.  You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package plugins
+
+import (
+	adctypes "github.com/apache/apisix-ingress-controller/api/adc"
+	"github.com/apache/apisix-ingress-controller/internal/adc/translator/annotations"
+)
+
+type cors struct{}
+
+// NewCorsHandler creates a handler to convert annotations about
+// CORS to APISIX cors plugin.
+func NewCorsHandler() PluginAnnotationsHandler {
+	return &cors{}
+}
+
+func (c *cors) PluginName() string {
+	return "cors"
+}
+
+func (c *cors) Handle(e annotations.Extractor) (any, error) {
+	if !e.GetBoolAnnotation(annotations.AnnotationsEnableCors) {
+		return nil, nil
+	}
+
+	return &adctypes.CorsConfig{
+		AllowOrigins: e.GetStringAnnotation(annotations.AnnotationsCorsAllowOrigin),
+		AllowMethods: e.GetStringAnnotation(annotations.AnnotationsCorsAllowMethods),
+		AllowHeaders: e.GetStringAnnotation(annotations.AnnotationsCorsAllowHeaders),
+	}, nil
+}

internal/adc/translator/annotations/plugins/cors_test.go

@@ -0,0 +1,48 @@
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements.  See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License.  You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package plugins
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	adctypes "github.com/apache/apisix-ingress-controller/api/adc"
+	"github.com/apache/apisix-ingress-controller/internal/adc/translator/annotations"
+)
+
+func TestCorsHandler(t *testing.T) {
+	anno := map[string]string{
+		annotations.AnnotationsEnableCors:       "true",
+		annotations.AnnotationsCorsAllowHeaders: "abc,def",
+		annotations.AnnotationsCorsAllowOrigin:  "https://a.com",
+		annotations.AnnotationsCorsAllowMethods: "GET,HEAD",
+	}
+	p := NewCorsHandler()
+	out, err := p.Handle(annotations.NewExtractor(anno))
+	assert.Nil(t, err, "checking given error")
+	config := out.(*adctypes.CorsConfig)
+	assert.Equal(t, "abc,def", config.AllowHeaders)
+	assert.Equal(t, "https://a.com", config.AllowOrigins)
+	assert.Equal(t, "GET,HEAD", config.AllowMethods)
+
+	assert.Equal(t, "cors", p.PluginName())
+
+	anno[annotations.AnnotationsEnableCors] = "false"
+	out, err = p.Handle(annotations.NewExtractor(anno))
+	assert.Nil(t, err, "checking given error")
+	assert.Nil(t, out, "checking given output")
+}

internal/adc/translator/annotations/plugins/csrf.go

@@ -0,0 +1,48 @@
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements.  See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License.  You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package plugins
+
+import (
+	adctypes "github.com/apache/apisix-ingress-controller/api/adc"
+	"github.com/apache/apisix-ingress-controller/internal/adc/translator/annotations"
+)
+
+type csrf struct{}
+
+// NewCSRFHandler creates a handler to convert annotations about
+// CSRF to APISIX csrf plugin.
+func NewCSRFHandler() PluginAnnotationsHandler {
+	return &csrf{}
+}
+
+func (c *csrf) PluginName() string {
+	return "csrf"
+}
+
+func (c *csrf) Handle(e annotations.Extractor) (any, error) {
+	if !e.GetBoolAnnotation(annotations.AnnotationsEnableCsrf) {
+		return nil, nil
+	}
+
+	key := e.GetStringAnnotation(annotations.AnnotationsCsrfKey)
+	if key == "" {
+		return nil, nil
+	}
+
+	return &adctypes.CSRFConfig{
+		Key: key,
+	}, nil
+}

internal/adc/translator/annotations/plugins/csrf_test.go

@@ -0,0 +1,52 @@
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements.  See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License.  You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package plugins
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	adctypes "github.com/apache/apisix-ingress-controller/api/adc"
+	"github.com/apache/apisix-ingress-controller/internal/adc/translator/annotations"
+)
+
+func TestCSRFHandler(t *testing.T) {
+	anno := map[string]string{
+		annotations.AnnotationsEnableCsrf: "true",
+		annotations.AnnotationsCsrfKey:    "my-secret-key",
+	}
+	p := NewCSRFHandler()
+	out, err := p.Handle(annotations.NewExtractor(anno))
+	assert.Nil(t, err, "checking given error")
+	config := out.(*adctypes.CSRFConfig)
+	assert.Equal(t, "my-secret-key", config.Key)
+
+	assert.Equal(t, "csrf", p.PluginName())
+
+	// Test with enable-csrf set to false
+	anno[annotations.AnnotationsEnableCsrf] = "false"
+	out, err = p.Handle(annotations.NewExtractor(anno))
+	assert.Nil(t, err, "checking given error")
+	assert.Nil(t, out, "checking given output")
+
+	// Test with enable-csrf true but no key
+	anno[annotations.AnnotationsEnableCsrf] = "true"
+	delete(anno, annotations.AnnotationsCsrfKey)
+	out, err = p.Handle(annotations.NewExtractor(anno))
+	assert.Nil(t, err, "checking given error")
+	assert.Nil(t, out, "checking given output when key is missing")
+}