docs: fix typos across source code comments

Used https://github.com/crate-ci/typos locally to detect typos

README.md

@@ -199,7 +199,7 @@ Under the hood, Authorino is based on Kubernetes [Custom Resource Definitions](h
       <td><i>Ready</i></td>
     </tr>
     <tr>
-      <td>JSON Web Keys (JWKs) and JSON Web Ket Sets (JWKS)</td>
+      <td>JSON Web Keys (JWKs) and JSON Web Key Sets (JWKS)</td>
       <td><i>Ready</i></td>
     </tr>
     <tr>
@@ -279,7 +279,7 @@ For a detailed description of the features above, refer to the [Features](./docs
 
   Authorino does not store users, roles, role bindings, access control lists, or any raw authorization data. Authorino handles policies, where even these policies can be stored elsewhere (as opposed to stated inline inside of an Authorino `AuthConfig` CR).
 
-  Authorino evaluates policies for stateless authorization requests. Any additional context is either resolved from the provided payload or static definitions inside the policies. That includes extrating user information from a JWT or client TLS certificate, requesting user metadata from opaque authentication tokens (e.g. API keys) to the trusted sources actually storing that content, obtaining synchronous HTTP metadata from services, etc.
+  Authorino evaluates policies for stateless authorization requests. Any additional context is either resolved from the provided payload or static definitions inside the policies. That includes extracting user information from a JWT or client TLS certificate, requesting user metadata from opaque authentication tokens (e.g. API keys) to the trusted sources actually storing that content, obtaining synchronous HTTP metadata from services, etc.
 
   In the case of authentication with API keys, as well as its derivative to model HTTP Basic Auth, user data are stored in Kubernetes `Secret`s. The secret's keys, annotations and labels are usually the structures used to organize the data that later a policy evaluated in Authorino may require. Strictly, those are not Authorino data structures.
 </details>

api/v1beta1/auth_config_types.go

@@ -419,7 +419,7 @@ type OAuth2ClientAuthentication struct {
 	TokenUrl string `json:"tokenUrl"`
 	// OAuth2 Client ID.
 	ClientId string `json:"clientId"`
-	// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret.
+	// Reference to a Kubernetes Secret key that stores that OAuth2 Client Secret.
 	ClientSecret SecretKeyReference `json:"clientSecretRef"`
 	// Optional scopes for the client credentials grant, if supported by he OAuth2 server.
 	Scopes []string `json:"scopes,omitempty"`

controllers/auth_config_controller.go

@@ -87,7 +87,7 @@ func (r *AuthConfigReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		// could not get the resource but not because of a 404 Not found (some error must have happened)
 		return ctrl.Result{}, err
 	} else if errors.IsNotFound(err) || !Watched(&authConfig.ObjectMeta, r.LabelSelector) {
-		// could not find the resouce: 404 Not found (resouce must have been deleted)
+		// could not find the resource: 404 Not found (resource must have been deleted)
 		// or the resource misses required labels (i.e. not to be watched by this controller)
 
 		// clean all async workers of the config, i.e. shuts down channels and goroutines

controllers/auth_config_controller_test.go

@@ -188,8 +188,8 @@ func TestAuthConfigNotFound(t *testing.T) {
 	client := newTestK8sClient(&authConfig, &secret)
 	reconciler := newTestAuthConfigReconciler(client, index.NewIndex())
 
-	// Let's try to reconcile a non existing object.
-	result, err := reconciler.Reconcile(context.Background(), reconcile.Request{NamespacedName: types.NamespacedName{Name: "nonExistant", Namespace: authConfig.Namespace}})
+	// Let's try to reconcile a non-existing object.
+	result, err := reconciler.Reconcile(context.Background(), reconcile.Request{NamespacedName: types.NamespacedName{Name: "nonExistent", Namespace: authConfig.Namespace}})
 
 	assert.NilError(t, err)
 	assert.DeepEqual(t, result, ctrl.Result{}) // Result should be empty

controllers/auth_config_status_updater.go

@@ -39,7 +39,7 @@ func (u *AuthConfigStatusUpdater) Reconcile(ctx context.Context, req ctrl.Reques
 		// could not get the resource but not because of a 404 Not found (some error must have happened)
 		return ctrl.Result{}, err
 	} else if errors.IsNotFound(err) || !Watched(&authConfig.ObjectMeta, u.LabelSelector) {
-		// could not find the resouce: 404 Not found (resouce must have been deleted)
+		// could not find the resource: 404 Not found (resource must have been deleted)
 		// or the resource misses required labels (i.e. not to be watched by this controller)
 		// skip status update
 		return ctrl.Result{}, nil

docs/architecture.md

@@ -14,7 +14,7 @@
 - [Raw HTTP Authorization interface](#raw-http-authorization-interface)
 - [Caching](#caching)
   - [OpenID Connect and User-Managed Access configs](#openid-connect-and-user-managed-access-configs)
-  - [JSON Web Keys (JWKs) and JSON Web Ket Sets (JWKS)](#json-web-keys-jwks-and-json-web-ket-sets-jwks)
+  - [JSON Web Keys (JWKs) and JSON Web Key Sets (JWKS)](#json-web-keys-jwks-and-json-web-key-sets-jwks)
   - [Revoked access tokens](#revoked-access-tokens)
   - [External metadata](#external-metadata)
   - [Compiled Rego policies](#compiled-rego-policies)
@@ -304,7 +304,7 @@ OpenID Connect and User-Managed Access configurations, discovered usually at rec
 
 Cached individual OpenID Connect configurations discovered by Authorino can be configured to be auto-refreshed, by setting the corresponding `spec.identity.oidc.ttl` field in the AuthConfig (given in seconds, default: `0` – i.e. no cache update).
 
-### JSON Web Keys (JWKs) and JSON Web Ket Sets (JWKS)
+### JSON Web Keys (JWKs) and JSON Web Key Sets (JWKS)
 
 JSON signature verification certificates linked by discovered OpenID Connect configurations, fetched usually at reconciliation-time.
 

docs/features.md

@@ -222,7 +222,7 @@ The `kid` claim stated in the JWT header must match one of the keys cached by Au
 
 The decoded payload of the validated JWT is appended to the authorization JSON as the resolved identity.
 
-OpenID Connect configurations and linked JSON Web Ket Sets can be configured to be automatically refreshed (pull again from the OpenID Connect Discovery well-known endpoints), by setting the `identity.oidc.ttl` field (given in seconds, default: `0` – i.e. auto-refresh disabled).
+OpenID Connect configurations and linked JSON Web Key Sets can be configured to be automatically refreshed (pull again from the OpenID Connect Discovery well-known endpoints), by setting the `identity.oidc.ttl` field (given in seconds, default: `0` – i.e. auto-refresh disabled).
 
 For an excellent summary of the underlying concepts and standards that relate OpenID Connect and JSON Object Signing and Encryption (JOSE), see this [article](https://access.redhat.com/blogs/766093/posts/1976593) by Jan Rusnacko. For official specification and RFCs, see [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html), [OpenID Connect Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html), [JSON Web Token (JWT) (RFC7519)](https://datatracker.ietf.org/doc/html/rfc7519), and [JSON Object Signing and Encryption (JOSE)](http://www.iana.org/assignments/jose/jose.xhtml).
 

docs/user-guides/kubernetes-tokenreview.md

@@ -24,7 +24,7 @@ Validate Kubernetes Service Account tokens to authenticate requests to your prot
 ## Requirements
 
 - Kubernetes server
-- Kubernetes user with permission to create `TokenRequest`s (to consume the API from ouside the cluster)
+- Kubernetes user with permission to create `TokenRequest`s (to consume the API from outside the cluster)
 - [yq](https://github.com/mikefarah/yq) (to parse your `~/.kube/config` file to extract user authentication data)
 
 Create a containerized Kubernetes server locally using [Kind](https://kind.sigs.k8s.io):

docs/user-guides/validating-webhook.md

@@ -295,7 +295,7 @@ EOF
 # for: "STDIN": admission webhook "check-authconfig.authorino.kuadrant.io" denied the request: Unauthorized
 ```
 
-Kuberentes TokenReview:
+Kubernetes TokenReview:
 
 ```sh
 kubectl -n myapp apply -f -<<EOF

install/crd/authorino.kuadrant.io_authconfigs.yaml

@@ -847,7 +847,7 @@ spec:
                               description: OAuth2 Client ID.
                               type: string
                             clientSecretRef:
-                              description: Reference to a Kuberentes Secret key that
+                              description: Reference to a Kubernetes Secret key that
                                 stores that OAuth2 Client Secret.
                               properties:
                                 key:
@@ -1716,7 +1716,7 @@ spec:
                               description: OAuth2 Client ID.
                               type: string
                             clientSecretRef:
-                              description: Reference to a Kuberentes Secret key that
+                              description: Reference to a Kubernetes Secret key that
                                 stores that OAuth2 Client Secret.
                               properties:
                                 key:

install/manifests.yaml

@@ -897,7 +897,7 @@ spec:
                               description: OAuth2 Client ID.
                               type: string
                             clientSecretRef:
-                              description: Reference to a Kuberentes Secret key that
+                              description: Reference to a Kubernetes Secret key that
                                 stores that OAuth2 Client Secret.
                               properties:
                                 key:
@@ -1848,7 +1848,7 @@ spec:
                               description: OAuth2 Client ID.
                               type: string
                             clientSecretRef:
-                              description: Reference to a Kuberentes Secret key that
+                              description: Reference to a Kubernetes Secret key that
                                 stores that OAuth2 Client Secret.
                               properties:
                                 key:

pkg/evaluators/identity/mtls_test.go

@@ -169,7 +169,7 @@ func TestMTLSRevokeK8sSecretBasedIdentity(t *testing.T) {
 	mtls.RevokeK8sSecretBasedIdentity(context.TODO(), k8s_types.NamespacedName{Namespace: "ns1", Name: "foo"})
 	assert.Equal(t, len(mtls.rootCerts), 2)
 
-	// revoke trusted ca cert ot of scope
+	// revoke trusted ca cert out of scope
 	mtls.RevokeK8sSecretBasedIdentity(context.TODO(), k8s_types.NamespacedName{Namespace: "ns2", Name: "books"})
 	assert.Equal(t, len(mtls.rootCerts), 2)
 }

pkg/evaluators/identity/plain_test.go

@@ -51,12 +51,12 @@ func TestPlainCallWithInvalidPatttern(t *testing.T) {
 	assert.Check(t, id == nil)
 }
 
-func TestPlainGetCredentailsKeySelector(t *testing.T) {
+func TestPlainGetCredentialsKeySelector(t *testing.T) {
 	plain := &Plain{Pattern: "context.request.http.body.@fromstr"}
 	assert.Equal(t, plain.GetCredentialsKeySelector(), "context.request.http.body.@fromstr")
 }
 
-func TestPlainGetCredentailsIn(t *testing.T) {
+func TestPlainGetCredentialsIn(t *testing.T) {
 	plain := &Plain{Pattern: "context.request.http.body.@fromstr"}
 	assert.Equal(t, plain.GetCredentialsIn(), "context.request.http.body.@fromstr")
 }

pkg/health/health_test.go

@@ -53,13 +53,13 @@ func TestObserveHealthy(t *testing.T) {
 	assert.NilError(t, err)
 }
 
-func TestObserveUnealthy(t *testing.T) {
+func TestObserveUnhealthy(t *testing.T) {
 	h := NewHandler("foo", Observe(&FakeObservableUnhealthy{}))
 	err := h.HandleReadyzCheck(mockReq("http://localhost:8081/readyz"))
 	assert.ErrorContains(t, err, "unhealthy")
 }
 
-func TestObserveHeathyUnealthy(t *testing.T) {
+func TestObserveHealthyUnhealthy(t *testing.T) {
 	h := NewHandler("foo", Observe(&FakeObservableHealthy{}, &FakeObservableUnhealthy{}))
 	err := h.HandleReadyzCheck(mockReq("http://localhost:8081/readyz"))
 	assert.ErrorContains(t, err, "unhealthy")

pkg/log/logger_test.go

@@ -37,7 +37,7 @@ func TestToLogLevel(t *testing.T) {
 	assert.Equal(t, int(ToLogLevel("dpanic")), 3)
 	assert.Equal(t, int(ToLogLevel("panic")), 4)
 	assert.Equal(t, int(ToLogLevel("fatal")), 5)
-	assert.Equal(t, int(ToLogLevel("invalid")), 0) // falls back to default log level (info) without panicing
+	assert.Equal(t, int(ToLogLevel("invalid")), 0) // falls back to default log level (info) without panicking
 }
 
 func TestLogModeToString(t *testing.T) {