Change field names in TrafficPolicy to be more consistent before release

api/v1alpha1/kgateway/jwt_types.go

@@ -8,9 +8,9 @@ import (
 	"github.com/kgateway-dev/kgateway/v2/api/v1alpha1/shared"
 )
 
-// JWTAuthentication defines the providers used to configure JWT authentication
+// JWTAuth defines the providers used to configure JWT authentication
 // +kubebuilder:validation:ExactlyOneOf=extensionRef;disable
-type JWTAuthentication struct {
+type JWTAuth struct {
 	// ExtensionRef references a GatewayExtension that provides the jwt providers
 	// +optional
 	ExtensionRef *shared.NamespacedObjectReference `json:"extensionRef,omitempty"`

api/v1alpha1/kgateway/traffic_policy_types.go

@@ -122,7 +122,7 @@ type TrafficPolicySpec struct {
 	// JWT specifies the JWT authentication configuration for the policy.
 	// This defines the JWT providers and their configurations.
 	// +optional
-	JWT *JWTAuthentication `json:"jwt,omitempty"`
+	JWTAuth *JWTAuth `json:"jwtAuth,omitempty"`
 
 	// UrlRewrite specifies URL rewrite rules for matching requests.
 	// NOTE: This field is only honored for HTTPRoute targets.
@@ -140,9 +140,9 @@ type TrafficPolicySpec struct {
 	// +optional
 	BasicAuth *BasicAuthPolicy `json:"basicAuth,omitempty"`
 
-	// APIKeyAuthentication authenticates users based on a configured API Key.
+	// APIKeyAuth authenticates users based on a configured API Key.
 	// +optional
-	APIKeyAuthentication *APIKeyAuthentication `json:"apiKeyAuthentication,omitempty"`
+	APIKeyAuth *APIKeyAuth `json:"apiKeyAuth,omitempty"`
 
 	// OAuth2 specifies the configuration to use for OAuth2/OIDC.
 	// Note: the OAuth2 filter does not protect against Cross-Site-Request-Forgery attacks on domains with cached
@@ -454,7 +454,7 @@ type APIKeySource struct {
 }
 
 // +kubebuilder:validation:ExactlyOneOf=secretRef;secretSelector;disable
-type APIKeyAuthentication struct {
+type APIKeyAuth struct {
 	// keySources specifies the list of key sources to extract the API key from.
 	// Key sources are processed in array order and the first one that successfully
 	// extracts a key is used. Within each key source, if multiple types (header, query, cookie) are

install/helm/kgateway-crds/templates/gateway.kgateway.dev_trafficpolicies.yaml

@@ -54,8 +54,8 @@ spec:
             description: TrafficPolicySpec defines the desired state of a traffic
               policy.
             properties:
-              apiKeyAuthentication:
-                description: APIKeyAuthentication authenticates users based on a configured
+              apiKeyAuth:
+                description: APIKeyAuth authenticates users based on a configured
                   API Key.
                 properties:
                   clientIdHeader:
@@ -1149,7 +1149,7 @@ spec:
                     set
                   rule: '[has(self.request),has(self.response)].filter(x,x==true).size()
                     >= 1'
-              jwt:
+              jwtAuth:
                 description: |-
                   JWT specifies the JWT authentication configuration for the policy.
                   This defines the JWT providers and their configurations.

pkg/kgateway/extensions2/plugins/trafficpolicy/api_key_auth.go

@@ -65,11 +65,11 @@ func constructAPIKeyAuth(
 	out *trafficPolicySpecIr,
 ) error {
 	spec := policy.Spec
-	if spec.APIKeyAuthentication == nil {
+	if spec.APIKeyAuth == nil {
 		return nil
 	}
 
-	ak := spec.APIKeyAuthentication
+	ak := spec.APIKeyAuth
 
 	// Handle disable case
 	if ak.Disable != nil {

pkg/kgateway/extensions2/plugins/trafficpolicy/jwt.go

@@ -107,7 +107,7 @@ func constructJwt(
 	out *trafficPolicySpecIr,
 	fetchGatewayExtension FetchGatewayExtensionFunc,
 ) error {
-	spec := in.Spec.JWT
+	spec := in.Spec.JWTAuth
 	if spec == nil {
 		return nil
 	}

pkg/kgateway/translator/gateway/testutils/inputs/jwt/cross-namespace.yaml

@@ -93,7 +93,7 @@ spec:
     - kind: HTTPRoute
       group: gateway.networking.k8s.io
       name: cross-namespace-allowed
-  jwt:
+  jwtAuth:
     extensionRef:
       name: allowed-jwt-ext
 ---
@@ -106,7 +106,7 @@ spec:
     - kind: HTTPRoute
       group: gateway.networking.k8s.io
       name: cross-namespace-denied
-  jwt:
+  jwtAuth:
     extensionRef:
       name: denied-jwt-ext
       namespace: denied

pkg/kgateway/translator/gateway/testutils/inputs/jwt/gateway-and-route.yaml

@@ -55,7 +55,7 @@ spec:
     - kind: Gateway
       group: gateway.networking.k8s.io
       name: example-gateway
-  jwt:
+  jwtAuth:
     extensionRef:
       name: jwt-ext-3
 ---
@@ -68,7 +68,7 @@ spec:
     - kind: HTTPRoute
       group: gateway.networking.k8s.io
       name: example-route
-  jwt:
+  jwtAuth:
     extensionRef:
       name: jwt-ext-2
 ---

pkg/kgateway/translator/gateway/testutils/inputs/jwt/gateway-configmap.yaml

@@ -55,7 +55,7 @@ spec:
     - kind: Gateway
       group: gateway.networking.k8s.io
       name: example-gateway
-  jwt:
+  jwtAuth:
     extensionRef:
       name: jwt-ext-1
 ---

pkg/kgateway/translator/gateway/testutils/inputs/jwt/gateway-disable.yaml

@@ -55,7 +55,7 @@ spec:
     - kind: Gateway
       group: gateway.networking.k8s.io
       name: example-gateway
-  jwt:
+  jwtAuth:
     extensionRef:
       name: jwt-ext-3
 ---
@@ -68,7 +68,7 @@ spec:
     - kind: HTTPRoute
       group: gateway.networking.k8s.io
       name: example-route
-  jwt:
+  jwtAuth:
     disable: {}
 ---
 apiVersion: gateway.kgateway.dev/v1alpha1

pkg/kgateway/translator/gateway/testutils/inputs/jwt/gateway-listener.yaml

@@ -59,7 +59,7 @@ spec:
       group: gateway.networking.k8s.io
       name: example-gateway
       sectionName: http
-  jwt:
+  jwtAuth:
     extensionRef:
       name: jwt-ext
 ---

pkg/kgateway/translator/gateway/testutils/inputs/jwt/gateway-validation-mode.yaml

@@ -55,7 +55,7 @@ spec:
     - kind: Gateway
       group: gateway.networking.k8s.io
       name: example-gateway
-  jwt:
+  jwtAuth:
     extensionRef:
       name: jwt-ext-allow-missing
 ---

pkg/kgateway/translator/gateway/testutils/inputs/jwt/gateway.yaml

@@ -55,7 +55,7 @@ spec:
     - kind: Gateway
       group: gateway.networking.k8s.io
       name: example-gateway
-  jwt:
+  jwtAuth:
     extensionRef:
       name: jwt-ext-3
 ---

pkg/kgateway/translator/gateway/testutils/inputs/jwt/httproute-remote-jwks.yaml

@@ -57,7 +57,7 @@ kind: TrafficPolicy
 metadata:
   name: route-test
 spec:
-  jwt:
+  jwtAuth:
     extensionRef:
       name: jwt-ext-2
 ---

pkg/kgateway/translator/gateway/testutils/inputs/jwt/httproute.yaml

@@ -55,7 +55,7 @@ spec:
     - kind: HTTPRoute
       group: gateway.networking.k8s.io
       name: example-route
-  jwt:
+  jwtAuth:
     extensionRef:
       name: jwt-ext-1
 ---

pkg/kgateway/translator/gateway/testutils/inputs/jwt/listenerset.yaml

@@ -77,7 +77,7 @@ spec:
     - name: example-listenerset
       group: gateway.networking.x-k8s.io
       kind: XListenerSet
-  jwt:
+  jwtAuth:
     extensionRef:
       name: jwt-ext
 ---

pkg/kgateway/translator/gateway/testutils/inputs/jwt/rbac.yaml

@@ -75,7 +75,7 @@ spec:
     policy:
       matchExpressions:
           - "metadata.filter_metadata['envoy.filters.http.jwt_authn']['payload']['email'] == '[email protected]'"
-  jwt:
+  jwtAuth:
     extensionRef:
       name: basic-jwt-provider
 ---

pkg/kgateway/translator/gateway/testutils/inputs/jwt/route.yaml

@@ -57,7 +57,7 @@ kind: TrafficPolicy
 metadata:
   name: route-test
 spec:
-  jwt:
+  jwtAuth:
     extensionRef:
       name: jwt-ext-2
 ---

pkg/kgateway/translator/gateway/testutils/inputs/traffic-policy/api-key-auth-gateway.yaml

@@ -52,7 +52,7 @@ spec:
   - group: gateway.networking.k8s.io
     kind: Gateway
     name: example-gateway
-  apiKeyAuthentication:
+  apiKeyAuth:
     keySources:
     - header: "api-key"
       query: "api-key-query"

pkg/kgateway/translator/gateway/testutils/inputs/traffic-policy/api-key-auth-httproute.yaml

@@ -59,7 +59,7 @@ spec:
   - group: gateway.networking.k8s.io
     kind: HTTPRoute
     name: example-route
-  apiKeyAuthentication:
+  apiKeyAuth:
     keySources:
     - header: "x-api-key"
     secretRef:

pkg/kgateway/translator/gateway/testutils/inputs/traffic-policy/api-key-auth-override-section.yaml

@@ -72,7 +72,7 @@ spec:
   - group: gateway.networking.k8s.io
     kind: Gateway
     name: example-gateway
-  apiKeyAuthentication:
+  apiKeyAuth:
     keySources:
     - header: "api-key"
     forwardCredential: false
@@ -91,7 +91,7 @@ spec:
     kind: HTTPRoute
     name: example-route
     sectionName: rule-get
-  apiKeyAuthentication:
+  apiKeyAuth:
     keySources:
     - header: "x-api-key"
     forwardCredential: true

pkg/kgateway/translator/gateway/testutils/inputs/traffic-policy/api-key-auth-override.yaml

@@ -70,7 +70,7 @@ spec:
   - group: gateway.networking.k8s.io
     kind: Gateway
     name: example-gateway
-  apiKeyAuthentication:
+  apiKeyAuth:
     keySources:
     - header: "api-key"
     forwardCredential: false
@@ -88,7 +88,7 @@ spec:
   - group: gateway.networking.k8s.io
     kind: HTTPRoute
     name: example-route
-  apiKeyAuthentication:
+  apiKeyAuth:
     keySources:
     - header: "x-api-key"
     forwardCredential: true

pkg/kgateway/translator/gateway/testutils/inputs/traffic-policy/api-key-auth-route.yaml

@@ -61,7 +61,7 @@ metadata:
   name: api-key-auth-route
   namespace: default
 spec:
-  apiKeyAuthentication:
+  apiKeyAuth:
     keySources:
     - header: "x-api-key"
     forwardCredential: false

pkg/kgateway/translator/gateway/testutils/inputs/traffic-policy/api-key-auth-secretref-with-refgrant.yaml

@@ -73,7 +73,7 @@ spec:
   - name: example-route
     kind: HTTPRoute
     group: gateway.networking.k8s.io
-  apiKeyAuthentication:
+  apiKeyAuth:
     keySources:
     - header: "x-api-key"
     forwardCredential: false

pkg/kgateway/translator/gateway/testutils/inputs/traffic-policy/api-key-auth-secretref.yaml

@@ -58,7 +58,7 @@ spec:
   - name: example-route
     kind: HTTPRoute
     group: gateway.networking.k8s.io
-  apiKeyAuthentication:
+  apiKeyAuth:
     keySources:
     - header: "x-api-key"
     forwardCredential: false

pkg/kgateway/translator/gateway/testutils/inputs/traffic-policy/api-key-auth-selector-no-matching-secret.yaml

@@ -74,7 +74,7 @@ spec:
   - name: example-route
     kind: HTTPRoute
     group: gateway.networking.k8s.io
-  apiKeyAuthentication:
+  apiKeyAuth:
     keySources:
     - header: "x-api-key"
     forwardCredential: false

pkg/kgateway/translator/gateway/testutils/inputs/traffic-policy/api-key-auth-selector-with-refgrant.yaml

@@ -87,7 +87,7 @@ spec:
   - name: example-route
     kind: HTTPRoute
     group: gateway.networking.k8s.io
-  apiKeyAuthentication:
+  apiKeyAuth:
     keySources:
     - header: "x-api-key"
     forwardCredential: false