Fix type and add error check

kartverket · Feb 8, 2025 · 67e4e56 · 67e4e56
1 parent ce2b09c
commit 67e4e56
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 7 deletions.
diff --git a/api/v1alpha1/podtypes/gcp.go b/api/v1alpha1/podtypes/gcp.go
@@ -40,7 +40,7 @@ type CloudSQLProxySettings struct {
 	//+kubebuilder:validation:Pattern=`^[^:]+:[^:]+:[^:]+$`
 	ConnectionName string `json:"connectionName,omitempty"`
 
-	// Service account used by cloudsql jwtAuth proxy. This service account must have the roles/cloudsql.client role.
+	// Service account used by cloudsql auth proxy. This service account must have the roles/cloudsql.client role.
 	//+kubebuilder:validation:Required
 	ServiceAccount string `json:"serviceAccount,omitempty"`
 

diff --git a/pkg/jwtAuth/config.go b/pkg/jwtAuth/config.go
@@ -90,7 +90,7 @@ func GetAuthConfigsForApplication(k8sClient client.Client, ctx context.Context,
 	}
 }
 
-func (authConfigs AuthConfigs) GetAllowedPaths(authorizationSettings *skiperatorv1alpha1.AuthorizationSettings) []string {
+func (authConfigs *AuthConfigs) GetAllowedPaths(authorizationSettings *skiperatorv1alpha1.AuthorizationSettings) []string {
 	allowPaths := []string{}
 	if authorizationSettings != nil {
 		if authorizationSettings.AllowList != nil {
@@ -99,9 +99,11 @@ func (authConfigs AuthConfigs) GetAllowedPaths(authorizationSettings *skiperator
 			}
 		}
 	}
-	for _, config := range authConfigs {
-		if config.NotPaths != nil {
-			allowPaths = append(allowPaths, *config.NotPaths...)
+	if authConfigs != nil {
+		for _, config := range *authConfigs {
+			if config.NotPaths != nil {
+				allowPaths = append(allowPaths, *config.NotPaths...)
+			}
 		}
 	}
 	return allowPaths

diff --git a/pkg/resourcegenerator/istio/authorizationpolicy/jwt_auth/authorization_policy.go b/pkg/resourcegenerator/istio/authorizationpolicy/jwt_auth/authorization_policy.go
@@ -76,7 +76,7 @@ func getJwtValidationAuthPolicy(namespacedName types.NamespacedName, application
 			},
 			When: []*securityv1api.Condition{
 				{
-					Key:    "request.jwtAuth.claims[iss]",
+					Key:    "request.auth.claims[iss]",
 					Values: []string{authConfig.ProviderURIs.IssuerURI},
 				},
 			},

diff --git a/pkg/resourcegenerator/istio/requestauthentication/request_authentication.go b/pkg/resourcegenerator/istio/requestauthentication/request_authentication.go
@@ -31,7 +31,7 @@ func Generate(r reconciliation.Reconciliation) error {
 	authConfig := r.GetAuthConfigs()
 
 	if authConfig == nil {
-		ctxLog.Debug("No RequestAuthentication to generate. No jwtAuth config provided for", "application", application.Name)
+		ctxLog.Debug("No RequestAuthentication to generate. No auth config provided for", "application", application.Name)
 	} else {
 		requestAuthentication := getRequestAuthentication(application, *authConfig)
 		r.AddResource(&requestAuthentication)