Rename filters

Signed-off-by: Magnus Jungsbluth <[email protected]>

docs/operation/operation.md

@@ -493,17 +493,17 @@ See more details about rate limiting at [Rate limiting](../reference/filters.md#
 
 If Open Policy Agent filters are enabled, the following counters show up in the `/metrics` endpoint. The bundle-name is the first parameter of the filter so that for example increased error codes can be attributed to a specific source bundle / system. 
 
-- `skipper.authorizeWithRegoPolicy.custom.decision.allow.<bundle-name>`
-- `skipper.authorizeWithRegoPolicy.custom.decision.deny.<bundle-name>`
-- `skipper.authorizeWithRegoPolicy.custom.decision.err.<bundle-name>`
-- `skipper.serveResponseWithRegoPolicy.custom.decision.allow.<bundle-name>`
-- `skipper.serveResponseWithRegoPolicy.custom.decision.deny.<bundle-name>`
-- `skipper.serveResponseWithRegoPolicy.custom.decision.err.<bundle-name>`
+- `skipper.opaAuthorizeRequest.custom.decision.allow.<bundle-name>`
+- `skipper.opaAuthorizeRequest.custom.decision.deny.<bundle-name>`
+- `skipper.opaAuthorizeRequest.custom.decision.err.<bundle-name>`
+- `skipper.opaServeResponse.custom.decision.allow.<bundle-name>`
+- `skipper.opaServeResponse.custom.decision.deny.<bundle-name>`
+- `skipper.opaServeResponse.custom.decision.err.<bundle-name>`
 
 The following timer metrics are exposed per used bundle-name:
 
-- `skipper.authorizeWithRegoPolicy.custom.eval_time.<bundle-name>`
-- `skipper.serveResponseWithRegoPolicy.custom.eval_time.<bundle-name>`
+- `skipper.opaAuthorizeRequest.custom.eval_time.<bundle-name>`
+- `skipper.opaServeResponse.custom.eval_time.<bundle-name>`
 
 ## OpenTracing
 

docs/reference/filters.md

@@ -1723,19 +1723,19 @@ As of now there is no negative/deny rule possible. The first matching path is ev
 
 To get started with [Open Policy Agent](https://www.openpolicyagent.org/), also have a look at the [tutorial](../tutorials/auth.md#open-policy-agent). This section is only a reference for the implemented filters. 
 
-#### authorizeWithRegoPolicy
+#### opaAuthorizeRequest
 
 The canonical use case that is also implemented with [Envoy External Authorization](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/ext_authz_filter): Use the http request to evaluate if Skipper should deny the request (with customizable response) or let the request pass to the downstream service
 
 Example:
 
 ```
-authorizeWithRegoPolicy("my-app-id")
+opaAuthorizeRequest("my-app-id")
 ```
 
 Example (passing context):
 ```
-authorizeWithRegoPolicy("my-app-id", "com.mydomain.xxx.myprop: myvalue")
+opaAuthorizeRequest("my-app-id", "com.mydomain.xxx.myprop: myvalue")
 ```
 
 *Data Flows*
@@ -1798,7 +1798,7 @@ Headers both to the upstream and the downstream service can be manipulated the s
 
 This allows both to add and remove unwanted headers in allow/deny cases. 
 
-#### serveResponseWithRegoPolicy
+#### opaServeResponse
 
 Always serves the response even if the policy allows the request and can customize the response completely. Can be used to re-implement legacy authorization services by already using data in Open Policy Agent but implementing an old REST API. This can also be useful to support Single Page Applications to return the calling users' permissions.
 
@@ -1807,12 +1807,12 @@ Always serves the response even if the policy allows the request and can customi
 Example:
 
 ```
-serveResponseWithRegoPolicy("my-app-id")
+opaServeResponse("my-app-id")
 ```
 
 Example (passing context):
 ```
-serveResponseWithRegoPolicy("my-app-id", "com.mydomain.xxx.myprop: myvalue")
+opaServeResponse("my-app-id", "com.mydomain.xxx.myprop: myvalue")
 ```
 
 *Data Flows*

docs/tutorials/auth.md

@@ -455,8 +455,8 @@ Generally there are two ways to pass context to a policy:
 
 This context can be passed as second argument to filters: 
 
-`authorizeWithRegoPolicy("my-app-id", "com.mycompany.myprop: myvalue")` 
-or `authorizeWithRegoPolicy("my-app-id", "{'com.mycompany.myprop': 'my value'}")` 
+`opaAuthorizeRequest("my-app-id", "com.mycompany.myprop: myvalue")` 
+or `opaAuthorizeRequest("my-app-id", "{'com.mycompany.myprop': 'my value'}")` 
 
 The second argument is parsed as YAML, cannot be nested and values need to be strings. 
 
@@ -492,7 +492,7 @@ Start Skipper with
 
 ```
 skipper -enable-open-policy-agent -open-policy-agent-config-template opaconfig.yaml \
-  -inline-routes 'notfound: * -> authorizeWithRegoPolicy("<playground-bundle-id>") -> inlineContent("<h1>Authorized Hello</h1>") -> <shunt>'
+  -inline-routes 'notfound: * -> opaAuthorizeRequest("<playground-bundle-id>") -> inlineContent("<h1>Authorized Hello</h1>") -> <shunt>'
 ```
 
 You can test the policy with

filters/filters.go

@@ -341,8 +341,8 @@ const (
 	EndpointCreatedName                        = "endpointCreated"
 	ConsistentHashKeyName                      = "consistentHashKey"
 	ConsistentHashBalanceFactorName            = "consistentHashBalanceFactor"
-	AuthorizeWithRegoPolicyName                = "authorizeWithRegoPolicy"
-	ServeResponseWithRegoPolicyName            = "serveResponseWithRegoPolicy"
+	OpaAuthorizeRequestName                    = "opaAuthorizeRequest"
+	OpaServeResponseName                       = "opaServeResponse"
 
 	// Undocumented filters
 	HealthCheckName        = "healthcheck"

filters/openpolicyagent/authorizewithregopolicy/authorizewithregopolicy.go → filters/openpolicyagent/opaauthorizerequest/opaauthorizerequest.go

@@ -1,4 +1,4 @@
-package authorizewithregopolicy
+package opaauthorizerequest
 
 import (
 	"net/http"
@@ -16,15 +16,15 @@ type spec struct {
 	opts     []func(*openpolicyagent.OpenPolicyAgentInstanceConfig) error
 }
 
-func NewAuthorizeWithRegoPolicySpec(registry *openpolicyagent.OpenPolicyAgentRegistry, opts ...func(*openpolicyagent.OpenPolicyAgentInstanceConfig) error) filters.Spec {
+func NewOpaAuthorizeRequestSpec(registry *openpolicyagent.OpenPolicyAgentRegistry, opts ...func(*openpolicyagent.OpenPolicyAgentInstanceConfig) error) filters.Spec {
 	return &spec{
 		registry: registry,
 		opts:     opts,
 	}
 }
 
 func (s *spec) Name() string {
-	return filters.AuthorizeWithRegoPolicyName
+	return filters.OpaAuthorizeRequestName
 }
 
 func (s *spec) CreateFilter(args []interface{}) (filters.Filter, error) {
@@ -68,20 +68,20 @@ func (s *spec) CreateFilter(args []interface{}) (filters.Filter, error) {
 		return nil, err
 	}
 
-	return &authorizeWithRegoPolicyFilter{
+	return &opaAuthorizeRequestFilter{
 		opa:                    opa,
 		registry:               s.registry,
 		envoyContextExtensions: envoyContextExtensions,
 	}, nil
 }
 
-type authorizeWithRegoPolicyFilter struct {
+type opaAuthorizeRequestFilter struct {
 	opa                    *openpolicyagent.OpenPolicyAgentInstance
 	registry               *openpolicyagent.OpenPolicyAgentRegistry
 	envoyContextExtensions map[string]string
 }
 
-func (f *authorizeWithRegoPolicyFilter) Request(fc filters.FilterContext) {
+func (f *opaAuthorizeRequestFilter) Request(fc filters.FilterContext) {
 	req := fc.Request()
 	span, ctx := f.opa.StartSpanFromFilterContext(fc)
 	defer span.Finish()
@@ -144,8 +144,8 @@ func addRequestHeaders(fc filters.FilterContext, headers http.Header) {
 	}
 }
 
-func (*authorizeWithRegoPolicyFilter) Response(filters.FilterContext) {}
+func (*opaAuthorizeRequestFilter) Response(filters.FilterContext) {}
 
-func (f *authorizeWithRegoPolicyFilter) OpenPolicyAgent() *openpolicyagent.OpenPolicyAgentInstance {
+func (f *opaAuthorizeRequestFilter) OpenPolicyAgent() *openpolicyagent.OpenPolicyAgentInstance {
 	return f.opa
 }

filters/openpolicyagent/authorizewithregopolicy/authorizewithregopolicy_test.go → filters/openpolicyagent/opaauthorizerequest/opaauthorizerequest_test.go

@@ -1,4 +1,4 @@
-package authorizewithregopolicy
+package opaauthorizerequest
 
 import (
 	"fmt"
@@ -218,10 +218,10 @@ func TestAuthorizeRequestFilter(t *testing.T) {
 			}`, opaControlPlane.URL(), ti.regoQuery))
 
 			opaFactory := openpolicyagent.NewOpenPolicyAgentRegistry()
-			ftSpec := NewAuthorizeWithRegoPolicySpec(opaFactory, openpolicyagent.WithConfigTemplate(config))
+			ftSpec := NewOpaAuthorizeRequestSpec(opaFactory, openpolicyagent.WithConfigTemplate(config))
 			fr.Register(ftSpec)
 
-			r := eskip.MustParse(fmt.Sprintf(`* -> authorizeWithRegoPolicy("%s", "%s") -> "%s"`, ti.bundleName, ti.contextExtensions, clientServer.URL))
+			r := eskip.MustParse(fmt.Sprintf(`* -> opaAuthorizeRequest("%s", "%s") -> "%s"`, ti.bundleName, ti.contextExtensions, clientServer.URL))
 
 			proxy := proxytest.New(fr, r...)
 
@@ -251,7 +251,7 @@ func TestAuthorizeRequestFilter(t *testing.T) {
 
 func TestCreateFilterArguments(t *testing.T) {
 	opaRegistry := openpolicyagent.NewOpenPolicyAgentRegistry()
-	ftSpec := NewAuthorizeWithRegoPolicySpec(opaRegistry, openpolicyagent.WithConfigTemplate([]byte("")))
+	ftSpec := NewOpaAuthorizeRequestSpec(opaRegistry, openpolicyagent.WithConfigTemplate([]byte("")))
 
 	_, err := ftSpec.CreateFilter([]interface{}{})
 	assert.ErrorIs(t, err, filters.ErrInvalidFilterParameters)

filters/openpolicyagent/serveresponsewithregopolicy/serveresponsewithregopolicy.go → filters/openpolicyagent/opaserveresponse/opaserveresponse.go

@@ -1,4 +1,4 @@
-package serveresponsewithregopolicy
+package opaserveresponse
 
 import (
 	"time"
@@ -15,15 +15,15 @@ type spec struct {
 	opts     []func(*openpolicyagent.OpenPolicyAgentInstanceConfig) error
 }
 
-func NewServeResponseWithRegoPolicySpec(registry *openpolicyagent.OpenPolicyAgentRegistry, opts ...func(*openpolicyagent.OpenPolicyAgentInstanceConfig) error) filters.Spec {
+func NewOpaServeResponseSpec(registry *openpolicyagent.OpenPolicyAgentRegistry, opts ...func(*openpolicyagent.OpenPolicyAgentInstanceConfig) error) filters.Spec {
 	return &spec{
 		registry: registry,
 		opts:     opts,
 	}
 }
 
 func (s *spec) Name() string {
-	return filters.ServeResponseWithRegoPolicyName
+	return filters.OpaServeResponseName
 }
 
 func (s *spec) CreateFilter(args []interface{}) (filters.Filter, error) {
@@ -66,20 +66,20 @@ func (s *spec) CreateFilter(args []interface{}) (filters.Filter, error) {
 		return nil, err
 	}
 
-	return &serveResponseWithRegoPolicyFilter{
+	return &opaServeResponseFilter{
 		opa:                    opa,
 		registry:               s.registry,
 		envoyContextExtensions: envoyContextExtensions,
 	}, nil
 }
 
-type serveResponseWithRegoPolicyFilter struct {
+type opaServeResponseFilter struct {
 	opa                    *openpolicyagent.OpenPolicyAgentInstance
 	registry               *openpolicyagent.OpenPolicyAgentRegistry
 	envoyContextExtensions map[string]string
 }
 
-func (f *serveResponseWithRegoPolicyFilter) Request(fc filters.FilterContext) {
+func (f *opaServeResponseFilter) Request(fc filters.FilterContext) {
 	span, ctx := f.opa.StartSpanFromFilterContext(fc)
 	defer span.Finish()
 
@@ -97,8 +97,8 @@ func (f *serveResponseWithRegoPolicyFilter) Request(fc filters.FilterContext) {
 	f.opa.ServeResponse(fc, span, result)
 }
 
-func (f *serveResponseWithRegoPolicyFilter) Response(fc filters.FilterContext) {}
+func (f *opaServeResponseFilter) Response(fc filters.FilterContext) {}
 
-func (f *serveResponseWithRegoPolicyFilter) OpenPolicyAgent() *openpolicyagent.OpenPolicyAgentInstance {
+func (f *opaServeResponseFilter) OpenPolicyAgent() *openpolicyagent.OpenPolicyAgentInstance {
 	return f.opa
 }

filters/openpolicyagent/serveresponsewithregopolicy/serveresponsewithregopolicy_test.go → filters/openpolicyagent/opaserveresponse/opaserveresponse_test.go

@@ -1,4 +1,4 @@
-package serveresponsewithregopolicy
+package opaserveresponse
 
 import (
 	"fmt"
@@ -165,7 +165,7 @@ func TestAuthorizeRequestFilter(t *testing.T) {
 			}`, opaControlPlane.URL(), ti.regoQuery))
 
 			opaFactory := openpolicyagent.NewOpenPolicyAgentRegistry()
-			ftSpec := NewServeResponseWithRegoPolicySpec(opaFactory, openpolicyagent.WithConfigTemplate(config))
+			ftSpec := NewOpaServeResponseSpec(opaFactory, openpolicyagent.WithConfigTemplate(config))
 
 			filterArgs := []interface{}{ti.bundleName}
 			if ti.contextExtensions != "" {
@@ -177,7 +177,7 @@ func TestAuthorizeRequestFilter(t *testing.T) {
 
 			fr.Register(ftSpec)
 
-			r := eskip.MustParse(fmt.Sprintf(`* -> serveResponseWithRegoPolicy("%s", "%s") -> "%s"`, ti.bundleName, ti.contextExtensions, clientServer.URL))
+			r := eskip.MustParse(fmt.Sprintf(`* -> opaServeResponse("%s", "%s") -> "%s"`, ti.bundleName, ti.contextExtensions, clientServer.URL))
 
 			proxy := proxytest.New(fr, r...)
 			reqURL, err := url.Parse(proxy.URL)
@@ -209,7 +209,7 @@ func TestAuthorizeRequestFilter(t *testing.T) {
 
 func TestCreateFilterArguments(t *testing.T) {
 	opaRegistry := openpolicyagent.NewOpenPolicyAgentRegistry()
-	ftSpec := NewServeResponseWithRegoPolicySpec(opaRegistry, openpolicyagent.WithConfigTemplate([]byte("")))
+	ftSpec := NewOpaServeResponseSpec(opaRegistry, openpolicyagent.WithConfigTemplate([]byte("")))
 
 	_, err := ftSpec.CreateFilter([]interface{}{})
 	assert.ErrorIs(t, err, filters.ErrInvalidFilterParameters)

skipper.go

@@ -37,8 +37,8 @@ import (
 	"github.com/zalando/skipper/filters/fadein"
 	logfilter "github.com/zalando/skipper/filters/log"
 	"github.com/zalando/skipper/filters/openpolicyagent"
-	"github.com/zalando/skipper/filters/openpolicyagent/authorizewithregopolicy"
-	"github.com/zalando/skipper/filters/openpolicyagent/serveresponsewithregopolicy"
+	"github.com/zalando/skipper/filters/openpolicyagent/opaauthorizerequest"
+	"github.com/zalando/skipper/filters/openpolicyagent/opaserveresponse"
 	ratelimitfilters "github.com/zalando/skipper/filters/ratelimit"
 	"github.com/zalando/skipper/filters/shedder"
 	teefilters "github.com/zalando/skipper/filters/tee"
@@ -1773,8 +1773,8 @@ func run(o Options, sig chan os.Signal, idleConnsCH chan struct{}) error {
 		}
 
 		o.CustomFilters = append(o.CustomFilters,
-			authorizewithregopolicy.NewAuthorizeWithRegoPolicySpec(opaRegistry, opts...),
-			serveresponsewithregopolicy.NewServeResponseWithRegoPolicySpec(opaRegistry, opts...),
+			opaauthorizerequest.NewOpaAuthorizeRequestSpec(opaRegistry, opts...),
+			opaserveresponse.NewOpaServeResponseSpec(opaRegistry, opts...),
 		)
 	}