From d51ceaa1ed1a0b6623c94c7eb12da4b2d7b98c60 Mon Sep 17 00:00:00 2001 From: AmaliMatharaarachchi Date: Wed, 10 Jan 2024 15:06:37 +0530 Subject: [PATCH 1/9] temp --- test/integration/integration/tests/gql-api.go | 108 ++++++++++++++++++ .../tests/resources/base/manifests.yaml | 48 +++++++- .../tests/all-http-methods-for-wildcard.yaml | 2 +- .../tests/api-different-listener.yaml | 2 +- .../tests/api-policy-with-jwt-generator.yaml | 2 +- .../tests/api-with-backend-base-path.yaml | 2 +- .../resources/tests/api-with-cors-policy.yaml | 4 +- .../tests/api-with-operational-policy.yaml | 2 +- .../resources/tests/api-with-path-params.yaml | 2 +- .../tests/api-with-request-header-modify.yaml | 2 +- .../api-with-response-header-modify.yaml | 2 +- .../tests/api-without-backend-base-path.yaml | 2 +- .../resources/tests/custom-auth-header.yaml | 2 +- .../tests/custom-policy-ratelimiting.yaml | 2 +- ...-api-version-ratelimit-resource-level.yaml | 2 +- .../tests/default-api-version-ratelimit.yaml | 2 +- .../resources/tests/default-api-version.yaml | 2 +- .../different-endpoint-with-same-route.yaml | 2 +- .../tests/disable-api-level-jwt.yaml | 6 +- .../tests/disable-api-level-security.yaml | 2 +- .../tests/disable-resource-level-jwt.yaml | 6 +- .../disable-resource-level-security.yaml | 2 +- .../resources/tests/fetch-api-definition.yaml | 2 +- .../fetch-non-existing-api-definition.yaml | 2 +- .../tests/resources/tests/gql-api.yaml | 108 ++++++++++++++++++ .../tests/interceptors-api-level.yaml | 2 +- .../tests/interceptors-resource-level.yaml | 2 +- .../tests/multiple_port_listener.yaml | 4 +- .../resources/tests/prod-and-sand-apis.yaml | 4 +- .../resources/tests/ratelimit-priority.yaml | 2 +- .../resources/tests/resource-scopes.yaml | 2 +- .../tests/resources/tests/trailing-slash.yaml | 2 +- test/integration/integration_test.go | 2 +- 33 files changed, 300 insertions(+), 38 deletions(-) create mode 100644 test/integration/integration/tests/gql-api.go create mode 100644 test/integration/integration/tests/resources/tests/gql-api.yaml diff --git a/test/integration/integration/tests/gql-api.go b/test/integration/integration/tests/gql-api.go new file mode 100644 index 000000000..a9bcd2bfb --- /dev/null +++ b/test/integration/integration/tests/gql-api.go @@ -0,0 +1,108 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package tests + +import ( + "testing" + + "github.com/wso2/apk/test/integration/integration/utils/http" + "github.com/wso2/apk/test/integration/integration/utils/suite" +) + +func init() { + IntegrationTests = append(IntegrationTests, GQLAPI) +} + +// DisableAPISecurity test +var GQLAPI = suite.IntegrationTest{ + ShortName: "GQLAPI", + Description: "Tests GraphQL API", + Manifests: []string{"tests/gql-api.yaml"}, + Test: func(t *testing.T, suite *suite.IntegrationTestSuite) { + ns := "gateway-integration-test-infra" + gwAddr := "gql.test.gw.wso2.com:9095" + + testCases := []http.ExpectedResponse{ + { + Request: http.Request{ + Host: "gql.test.gw.wso2.com", + Path: "/gql/v1", + Headers: map[string]string{ + "Content-Type": "application/json", + }, + Body: `{"query":"query{\n human(id:1000){\n id\n name\n }\n droid(id:2000){\n name\n friends{\n name\n appearsIn\n }\n }\n}","variables":{}}`, + }, + ExpectedRequest: &http.ExpectedRequest{ + Request: http.Request{ + Path: "/graphql", + Body: `{"query":"query{\n human(id:1000){\n id\n name\n }\n droid(id:2000){\n name\n friends{\n name\n appearsIn\n }\n }\n}","variables":{}}`, + }, + }, + Backend: "gql-backend-v1", + Namespace: ns, + }, + // { + // Request: http.Request{ + // Host: "disable-api-security.test.gw.wso2.com", + // Path: "/disable-api-security/v1/orders", + // }, + // ExpectedRequest: &http.ExpectedRequest{ + // Request: http.Request{ + // Path: "/orders", + // }, + // }, + // Backend: "infra-backend-v1", + // Namespace: ns, + // }, + // { + // Request: http.Request{ + // Host: "disable-api-security.test.gw.wso2.com", + // Path: "/disable-api-security/users", + // }, + // ExpectedRequest: &http.ExpectedRequest{ + // Request: http.Request{ + // Path: "/users", + // }, + // }, + // Backend: "infra-backend-v1", + // Namespace: ns, + // }, + // { + // Request: http.Request{ + // Host: "disable-api-security.test.gw.wso2.com", + // Path: "/disable-api-security/orders", + // }, + // ExpectedRequest: &http.ExpectedRequest{ + // Request: http.Request{ + // Path: "/orders", + // }, + // }, + // Backend: "infra-backend-v1", + // Namespace: ns, + // }, + } + for i := range testCases { + tc := testCases[i] + // No test token added to the request header + t.Run(tc.GetTestCaseName(i), func(t *testing.T) { + t.Parallel() + http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, tc) + }) + } + }, +} diff --git a/test/integration/integration/tests/resources/base/manifests.yaml b/test/integration/integration/tests/resources/base/manifests.yaml index 602dcd5fa..0d378f948 100644 --- a/test/integration/integration/tests/resources/base/manifests.yaml +++ b/test/integration/integration/tests/resources/base/manifests.yaml @@ -67,6 +67,52 @@ spec: --- apiVersion: v1 kind: Service +metadata: + name: gql-backend-v1 + namespace: gateway-integration-test-infra +spec: + selector: + app: gql-v1 + ports: + - protocol: TCP + port: 8080 + targetPort: 8080 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gql-backend-v1 + namespace: gateway-integration-test-infra + labels: + app: gql-backend-v1 +spec: + replicas: 1 + selector: + matchLabels: + app: gql-backend-v1 + template: + metadata: + labels: + app: gql-backend-v1 + spec: + containers: + - name: gql-backend-v1 + image: amalim/gql:v1 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + requests: + cpu: 10m +--- +apiVersion: v1 +kind: Service metadata: name: infra-backend-v2 namespace: gateway-integration-test-infra @@ -368,7 +414,7 @@ spec: --- # This is a API with wrong organization(jwt issuer not set). # When test cases apply the correct API it should overrite the wrong value to correct value -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: all-http-methods-for-wildcard diff --git a/test/integration/integration/tests/resources/tests/all-http-methods-for-wildcard.yaml b/test/integration/integration/tests/resources/tests/all-http-methods-for-wildcard.yaml index 63cb6eeda..df18361b0 100644 --- a/test/integration/integration/tests/resources/tests/all-http-methods-for-wildcard.yaml +++ b/test/integration/integration/tests/resources/tests/all-http-methods-for-wildcard.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: all-http-methods-for-wildcard diff --git a/test/integration/integration/tests/resources/tests/api-different-listener.yaml b/test/integration/integration/tests/resources/tests/api-different-listener.yaml index 3a3f62195..756d9b209 100644 --- a/test/integration/integration/tests/resources/tests/api-different-listener.yaml +++ b/test/integration/integration/tests/resources/tests/api-different-listener.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: test-api-with-different-listener diff --git a/test/integration/integration/tests/resources/tests/api-policy-with-jwt-generator.yaml b/test/integration/integration/tests/resources/tests/api-policy-with-jwt-generator.yaml index 5f5df53bd..b832d1df8 100644 --- a/test/integration/integration/tests/resources/tests/api-policy-with-jwt-generator.yaml +++ b/test/integration/integration/tests/resources/tests/api-policy-with-jwt-generator.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: api-policy-with-jwt-generator diff --git a/test/integration/integration/tests/resources/tests/api-with-backend-base-path.yaml b/test/integration/integration/tests/resources/tests/api-with-backend-base-path.yaml index 254f4ae4a..dcb1177d0 100644 --- a/test/integration/integration/tests/resources/tests/api-with-backend-base-path.yaml +++ b/test/integration/integration/tests/resources/tests/api-with-backend-base-path.yaml @@ -25,7 +25,7 @@ spec: - host: infra-backend-v1.gateway-integration-test-infra port: 8080 --- -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: test-api-with-backend-base-path diff --git a/test/integration/integration/tests/resources/tests/api-with-cors-policy.yaml b/test/integration/integration/tests/resources/tests/api-with-cors-policy.yaml index 086ba3053..fff054f94 100644 --- a/test/integration/integration/tests/resources/tests/api-with-cors-policy.yaml +++ b/test/integration/integration/tests/resources/tests/api-with-cors-policy.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: cors-policy-api @@ -85,7 +85,7 @@ spec: kind: API name: cors-policy-api --- -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: no-cors-policy-api diff --git a/test/integration/integration/tests/resources/tests/api-with-operational-policy.yaml b/test/integration/integration/tests/resources/tests/api-with-operational-policy.yaml index af293ceba..2e50d394d 100644 --- a/test/integration/integration/tests/resources/tests/api-with-operational-policy.yaml +++ b/test/integration/integration/tests/resources/tests/api-with-operational-policy.yaml @@ -30,7 +30,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: test-api-with-operatinal-policy diff --git a/test/integration/integration/tests/resources/tests/api-with-path-params.yaml b/test/integration/integration/tests/resources/tests/api-with-path-params.yaml index f6006668f..f67f17967 100644 --- a/test/integration/integration/tests/resources/tests/api-with-path-params.yaml +++ b/test/integration/integration/tests/resources/tests/api-with-path-params.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: test-api-with-path-params diff --git a/test/integration/integration/tests/resources/tests/api-with-request-header-modify.yaml b/test/integration/integration/tests/resources/tests/api-with-request-header-modify.yaml index 7d7611c35..4f7626319 100644 --- a/test/integration/integration/tests/resources/tests/api-with-request-header-modify.yaml +++ b/test/integration/integration/tests/resources/tests/api-with-request-header-modify.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: test-api-with-request-header-modify diff --git a/test/integration/integration/tests/resources/tests/api-with-response-header-modify.yaml b/test/integration/integration/tests/resources/tests/api-with-response-header-modify.yaml index 55b5c9d11..1af53f1aa 100644 --- a/test/integration/integration/tests/resources/tests/api-with-response-header-modify.yaml +++ b/test/integration/integration/tests/resources/tests/api-with-response-header-modify.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: test-api-with-response-header-modify diff --git a/test/integration/integration/tests/resources/tests/api-without-backend-base-path.yaml b/test/integration/integration/tests/resources/tests/api-without-backend-base-path.yaml index 9b4416a92..975d1fbd4 100644 --- a/test/integration/integration/tests/resources/tests/api-without-backend-base-path.yaml +++ b/test/integration/integration/tests/resources/tests/api-without-backend-base-path.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: no-backend-base-path diff --git a/test/integration/integration/tests/resources/tests/custom-auth-header.yaml b/test/integration/integration/tests/resources/tests/custom-auth-header.yaml index 36fae7825..01ababa07 100644 --- a/test/integration/integration/tests/resources/tests/custom-auth-header.yaml +++ b/test/integration/integration/tests/resources/tests/custom-auth-header.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: custom-auth-header diff --git a/test/integration/integration/tests/resources/tests/custom-policy-ratelimiting.yaml b/test/integration/integration/tests/resources/tests/custom-policy-ratelimiting.yaml index 505c5f157..8e148b85c 100644 --- a/test/integration/integration/tests/resources/tests/custom-policy-ratelimiting.yaml +++ b/test/integration/integration/tests/resources/tests/custom-policy-ratelimiting.yaml @@ -61,7 +61,7 @@ spec: - request_headers - invocation_context --- -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: http-bin-api-basic diff --git a/test/integration/integration/tests/resources/tests/default-api-version-ratelimit-resource-level.yaml b/test/integration/integration/tests/resources/tests/default-api-version-ratelimit-resource-level.yaml index fc8a313e0..798365849 100644 --- a/test/integration/integration/tests/resources/tests/default-api-version-ratelimit-resource-level.yaml +++ b/test/integration/integration/tests/resources/tests/default-api-version-ratelimit-resource-level.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: default-api-version-ratelimit-resource-level diff --git a/test/integration/integration/tests/resources/tests/default-api-version-ratelimit.yaml b/test/integration/integration/tests/resources/tests/default-api-version-ratelimit.yaml index 2acfe5cbb..0ebaef968 100644 --- a/test/integration/integration/tests/resources/tests/default-api-version-ratelimit.yaml +++ b/test/integration/integration/tests/resources/tests/default-api-version-ratelimit.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: default-api-version-ratelimit diff --git a/test/integration/integration/tests/resources/tests/default-api-version.yaml b/test/integration/integration/tests/resources/tests/default-api-version.yaml index 197046976..9fc3c0ebe 100644 --- a/test/integration/integration/tests/resources/tests/default-api-version.yaml +++ b/test/integration/integration/tests/resources/tests/default-api-version.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: default-api-version diff --git a/test/integration/integration/tests/resources/tests/different-endpoint-with-same-route.yaml b/test/integration/integration/tests/resources/tests/different-endpoint-with-same-route.yaml index d47e59773..01392bcbf 100644 --- a/test/integration/integration/tests/resources/tests/different-endpoint-with-same-route.yaml +++ b/test/integration/integration/tests/resources/tests/different-endpoint-with-same-route.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: different-endpoint-with-same-route diff --git a/test/integration/integration/tests/resources/tests/disable-api-level-jwt.yaml b/test/integration/integration/tests/resources/tests/disable-api-level-jwt.yaml index d234ee160..515474b12 100644 --- a/test/integration/integration/tests/resources/tests/disable-api-level-jwt.yaml +++ b/test/integration/integration/tests/resources/tests/disable-api-level-jwt.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: disable-api-level-jwt @@ -75,7 +75,7 @@ spec: namespace: gateway-integration-test-infra name: disable-api-level-jwt --- -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: disable-api-level-jwt1 @@ -146,7 +146,7 @@ spec: - host: infra-backend-v1.gateway-integration-test-infra port: 8080 --- -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: disable-api-level-jwt2 diff --git a/test/integration/integration/tests/resources/tests/disable-api-level-security.yaml b/test/integration/integration/tests/resources/tests/disable-api-level-security.yaml index d5997769a..f52b796d3 100644 --- a/test/integration/integration/tests/resources/tests/disable-api-level-security.yaml +++ b/test/integration/integration/tests/resources/tests/disable-api-level-security.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: disable-api-security diff --git a/test/integration/integration/tests/resources/tests/disable-resource-level-jwt.yaml b/test/integration/integration/tests/resources/tests/disable-resource-level-jwt.yaml index cba7cf245..831bf726e 100644 --- a/test/integration/integration/tests/resources/tests/disable-resource-level-jwt.yaml +++ b/test/integration/integration/tests/resources/tests/disable-resource-level-jwt.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: disable-resource-level-jwt @@ -81,7 +81,7 @@ spec: group: gateway.networking.k8s.io namespace: gateway-integration-test-infra --- -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: disable-resource-level-jwt1 @@ -158,7 +158,7 @@ spec: - host: infra-backend-v1.gateway-integration-test-infra port: 8080 --- -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: disable-resource-level-jwt2 diff --git a/test/integration/integration/tests/resources/tests/disable-resource-level-security.yaml b/test/integration/integration/tests/resources/tests/disable-resource-level-security.yaml index c1eeaee43..d6c476421 100644 --- a/test/integration/integration/tests/resources/tests/disable-resource-level-security.yaml +++ b/test/integration/integration/tests/resources/tests/disable-resource-level-security.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: disable-resoruce-security diff --git a/test/integration/integration/tests/resources/tests/fetch-api-definition.yaml b/test/integration/integration/tests/resources/tests/fetch-api-definition.yaml index 7df676d2e..23a2d10b5 100644 --- a/test/integration/integration/tests/resources/tests/fetch-api-definition.yaml +++ b/test/integration/integration/tests/resources/tests/fetch-api-definition.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: fetch-api-definition diff --git a/test/integration/integration/tests/resources/tests/fetch-non-existing-api-definition.yaml b/test/integration/integration/tests/resources/tests/fetch-non-existing-api-definition.yaml index bfc8e2224..4766ddd69 100644 --- a/test/integration/integration/tests/resources/tests/fetch-non-existing-api-definition.yaml +++ b/test/integration/integration/tests/resources/tests/fetch-non-existing-api-definition.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: fetch-non-api-definition diff --git a/test/integration/integration/tests/resources/tests/gql-api.yaml b/test/integration/integration/tests/resources/tests/gql-api.yaml new file mode 100644 index 000000000..c8c1b9088 --- /dev/null +++ b/test/integration/integration/tests/resources/tests/gql-api.yaml @@ -0,0 +1,108 @@ +# Copyright (c) 2023, WSO2 LLC. (https://www.wso2.com) All Rights Reserved. +# +# WSO2 LLC. licenses this file to you under the Apache License, +# Version 2.0 (the "License"); you may not use this file except +# in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +apiVersion: dp.wso2.com/v1alpha2 +kind: API +metadata: + name: gql-api + namespace: gateway-integration-test-infra +spec: + apiName: GraphQL API + apiType: GraphQL + apiVersion: v1 + basePath: /gql/v1 + isDefaultVersion: true + definitionFileRef: gql-sdl + production: + - httpRouteRefs: + - gql-api-gqlroute + organization: wso2-org +--- +apiVersion: dp.wso2.com/v1alpha2 +kind: GQLRoute +metadata: + name: gql-api-gqlroute + namespace: gateway-integration-test-infra +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: default + namespace: apk-integration-test + sectionName: httpslistener + hostnames: + - gql.test.gw.wso2.com + backendRefs: + - group: dp.wso2.com + kind: Backend + name: gql-backend-v1 + rules: + - matches: + - path: hero + type: QUERY + - path: reviews + type: QUERY + - path: search + type: QUERY + - path: character + type: QUERY + - path: droid + type: QUERY + - path: human + type: QUERY + - path: allHumans + type: QUERY + - path: allDroids + type: QUERY + - path: allCharacters + type: QUERY + - path: starship + type: QUERY + - path: createReview + type: MUTATION +# --- +# apiVersion: dp.wso2.com/v1alpha1 +# kind: Authentication +# metadata: +# name: disable-api-security +# namespace: gateway-integration-test-infra +# spec: +# override: +# disabled: true +# targetRef: +# group: gateway.networking.k8s.io +# kind: API +# namespace: gateway-integration-test-infra +# name: disable-api-security +--- +apiVersion: dp.wso2.com/v1alpha1 +kind: Backend +metadata: + name: gql-backend-v1 + namespace: gateway-integration-test-infra +spec: + basePath: /graphql + services: + - host: gql-backend-v1.gateway-integration-test-infra + port: 8080 +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: gql-sdl + namespace: gateway-integration-test-infra +binaryData: + definition: H4sICOKtQGUAA3NjaGVtYV9ncmFwaHFsLmdyYXBocWwAxVhZb9w2EH7fXzFGHuoCm8BpEaRdoA+OvYYV1Edtt3kIjIKWZlesJVKlKK8XSf97Z4bUsYevhyAvXpEczvnNQddpjqWCLyOAfxt0ywn8wT+0LBuvvLZmAifxizbr5qZOna7CweVgNfpvNHoFVzkGPuCXFY7BYeWwRuNrUEUBdgaeKGhNFJXVvE9/LNjGgb35B1MPc6eqfMTXgyqiW47O7mKla5vhBKbh48cJHOTKqdSjIxqHdxoX9QbZDtF9vpDDazYBlUvzXY/3nizwTps5E1zK9gXWTeGZLG057+psAsnhzpq0zFmdDc4Oec2aNqUyg/1jXtM+mS+f9e5Mu5pEJ8azXNm8DgTCY51ANiNBp8A6UXcgFnrl6lxXAy0u41YfpTa82wPVVJnyWMMCIVUGSnWLEMNEByqEp8WFRCh1SDeCmzdCMI7BmUAgSEzVeNYrLHuthvjartmQ4gn9hvAUHYMS+1mG2TYwrSsTSRiiAlt2InwiRwKhprDz5QhNU7YMRMKrAVG7n/w1gX04xQUc22BQgarGjNm+/fX9+zd073T66fjsfDp6gAVxYIWmZaUdCmhvSa0PKr1dZ/fLHrObnpwnFw9zS9hW3zjTJuRHzPQGp5+Z08fpYfIQnyQRRndo5thyutQ+X+X0097eO2JwmVwdB9fu97kFM2fLNd82Rt8RwHFEhQHdTKXY5130MfsiOWxFpoOsjIgfdWRGlbiNkPfb9B+Qz5xGk9UbN8ZgHRDQsKz8Egpde9BCsoRc3ZEYa5CYxOurCfkkc8D7yrK3FEEcUmsM1UHG7IKcCZjNse55H3THgxIwBjUjRmw74fhonXJgYGkJ4wTgXNcDBVRVIfteS6UKi4QK/OcY6uudELo/jfaif456nvuA/98p/j7no0F4qAaZTLmMw+lBOduYTKxeWFdwnTyZXk0vgl7nTpeKMmoJTcQMEzJDWhEwvNh/dHZ21QJIiiyVxVB1GoePAkmKgdRZ0GVVYCnF5HFQ5bFsrwDqU658cJ0cU+kpCvYlljUWd6LlA7jKLcGwKpRBvyJBcGUaqmsEp8bcGrtgqUx+LtQtr8DqWNzeeojq4gydw+DkMWQ4U9S9gPQrkZuENE6+scsEk2GkfgsBYLQUVvnA/kTVUuxuubo5VdYPqFcS3crFq84nP9QtUL9FygS3f6d0CcKfkSpyez+YTIq37TiyqSgwpGxO2lfkZ8L4dk9F/3S3eUaJ39cxD0ibxltjS9twyCmfjSZMDhJ7o3OtJoXMFs9PiizOOJtJYemYuHNCBCtb0q350J5/W7CIiO8FliD8uWBZcUkl5XAJs8akceyOW0dxpysKbT/tzYpD9Izd2eOgd3SI+4YVg3B76wlCVNhvCAXkyvYihJMDquTBMb3h4kaRiSrNN/pbL50nCiEmF0QdprS8Xk8Z30dz3EWO5gzaoXFgkaOJMpVjbHgwiDTUvXkUIokhDcswsbKulZprQ0szj+2w8wZ7XM2RL0zgPH7tdEnHol/maDYyupii1VABcKHXDfUQueFwbYjp87kbhunuzTLoHQVSXRDNOOlksO1fK6L4C8wX1Vu7RW+uQv6g043DaLKVNdWzU3pS8a0JfLCWBkATXXYxmODjDB79JhkTxIXhe4DDcAawPqgPZrsOo1IkgxmR/5yqxhjevn7XllCBbPTpgS253IG6sY0XsLXC0nCi+CE8zDEWp/nR0sadzQlArKlXU3XirivTCDtUESAXUZVRuDd4+EQj916/C6q9QEWqk/KcUcV2ZeXukbqzjoYnIiisW7kyi0d/yxFhhH9EqSftrKjps23UUlTgHC3recRHVhYNAXrLI5pudVM0GBckLDzRYkfb2m7a1vfUXD+g29JuwtCzTktlpbACfQT+QCo86l5zLAq58KyRKbXWZZxFUtE+y/7O9Y70Z7pPmTb8twJxCFPo19h4v/bv8v8BbkW2Y4gRAAA= diff --git a/test/integration/integration/tests/resources/tests/interceptors-api-level.yaml b/test/integration/integration/tests/resources/tests/interceptors-api-level.yaml index e8ab3dfb1..568189850 100644 --- a/test/integration/integration/tests/resources/tests/interceptors-api-level.yaml +++ b/test/integration/integration/tests/resources/tests/interceptors-api-level.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: api-interceptor-test-api diff --git a/test/integration/integration/tests/resources/tests/interceptors-resource-level.yaml b/test/integration/integration/tests/resources/tests/interceptors-resource-level.yaml index 632257ca4..ad8dc46ea 100644 --- a/test/integration/integration/tests/resources/tests/interceptors-resource-level.yaml +++ b/test/integration/integration/tests/resources/tests/interceptors-resource-level.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: resource-interceptor-test-api diff --git a/test/integration/integration/tests/resources/tests/multiple_port_listener.yaml b/test/integration/integration/tests/resources/tests/multiple_port_listener.yaml index 72ada918d..ea159aac9 100644 --- a/test/integration/integration/tests/resources/tests/multiple_port_listener.yaml +++ b/test/integration/integration/tests/resources/tests/multiple_port_listener.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: test-multiple-port-listener @@ -30,7 +30,7 @@ spec: - test-api-with-multiple-port-listener-httproute organization: wso2-org --- -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: test-multiple-port-listener-1 diff --git a/test/integration/integration/tests/resources/tests/prod-and-sand-apis.yaml b/test/integration/integration/tests/resources/tests/prod-and-sand-apis.yaml index 8ff881f4e..19aa5273a 100644 --- a/test/integration/integration/tests/resources/tests/prod-and-sand-apis.yaml +++ b/test/integration/integration/tests/resources/tests/prod-and-sand-apis.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: prod-and-sand-apis @@ -116,7 +116,7 @@ spec: port: 8080 --- # To test whether we can successfully update already existing API with sandbox endpoints. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: prod-and-sand-apis diff --git a/test/integration/integration/tests/resources/tests/ratelimit-priority.yaml b/test/integration/integration/tests/resources/tests/ratelimit-priority.yaml index 224ddf9e8..fbf834c24 100644 --- a/test/integration/integration/tests/resources/tests/ratelimit-priority.yaml +++ b/test/integration/integration/tests/resources/tests/ratelimit-priority.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: ratelimit-priority diff --git a/test/integration/integration/tests/resources/tests/resource-scopes.yaml b/test/integration/integration/tests/resources/tests/resource-scopes.yaml index 6db6d955b..78db77d16 100644 --- a/test/integration/integration/tests/resources/tests/resource-scopes.yaml +++ b/test/integration/integration/tests/resources/tests/resource-scopes.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: resource-scopes diff --git a/test/integration/integration/tests/resources/tests/trailing-slash.yaml b/test/integration/integration/tests/resources/tests/trailing-slash.yaml index 04ac4a887..c2b65f840 100644 --- a/test/integration/integration/tests/resources/tests/trailing-slash.yaml +++ b/test/integration/integration/tests/resources/tests/trailing-slash.yaml @@ -14,7 +14,7 @@ # specific language governing permissions and limitations # under the License. -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: API metadata: name: trailing-slash diff --git a/test/integration/integration_test.go b/test/integration/integration_test.go index 35c2273ce..8660e4298 100644 --- a/test/integration/integration_test.go +++ b/test/integration/integration_test.go @@ -50,5 +50,5 @@ func TestIntegration(t *testing.T) { CleanupBaseResources: true, }) cSuite.Setup(t) - cSuite.Run(t, tests.IntegrationTests) + cSuite.Run(t, []suite.IntegrationTest{tests.GQLAPI}) } From 907882c5288a152335653d987cd4daa8310eadb8 Mon Sep 17 00:00:00 2001 From: AmaliMatharaarachchi Date: Tue, 16 Jan 2024 12:32:26 +0530 Subject: [PATCH 2/9] add gql test --- .../operator/controllers/dp/api_controller.go | 2 +- .../internal/operator/synchronizer/gql_api.go | 8 +-- .../operator/synchronizer/rest_api.go | 7 +- common-go-libs/go.mod | 2 - .../org/wso2/apk/enforcer/api/GraphQLAPI.java | 1 - .../org/wso2/apk/enforcer/api/RestAPI.java | 5 -- test/integration/integration/tests/gql-api.go | 70 +++++++++---------- .../tests/resources/base/manifests.yaml | 3 +- .../tests/resources/tests/gql-api.yaml | 44 +++++++----- .../integration/utils/http/http.go | 7 +- 10 files changed, 63 insertions(+), 86 deletions(-) diff --git a/adapter/internal/operator/controllers/dp/api_controller.go b/adapter/internal/operator/controllers/dp/api_controller.go index cb0524359..0d856ac0c 100644 --- a/adapter/internal/operator/controllers/dp/api_controller.go +++ b/adapter/internal/operator/controllers/dp/api_controller.go @@ -1549,7 +1549,7 @@ func addIndexes(ctx context.Context, mgr manager.Manager) error { func(rawObj k8client.Object) []string { api := rawObj.(*dpv1alpha2.API) var configMaps []string - if api.Spec.DefinitionFileRef == "" { + if api.Spec.DefinitionFileRef != "" { configMaps = append(configMaps, types.NamespacedName{ Name: string(api.Spec.DefinitionFileRef), diff --git a/adapter/internal/operator/synchronizer/gql_api.go b/adapter/internal/operator/synchronizer/gql_api.go index bae3652f2..95d986fda 100644 --- a/adapter/internal/operator/synchronizer/gql_api.go +++ b/adapter/internal/operator/synchronizer/gql_api.go @@ -19,7 +19,6 @@ package synchronizer import ( "errors" - "fmt" "github.com/wso2/apk/adapter/config" "github.com/wso2/apk/adapter/internal/dataholder" @@ -49,7 +48,7 @@ func generateGQLAdapterInternalAPI(apiState APIState, gqlRoute *GQLRouteState, e environment = conf.Adapter.Environment } adapterInternalAPI.SetEnvironment(environment) - + adapterInternalAPI.SetXWso2RequestBodyPass(true) resourceParams := model.ResourceParams{ AuthSchemes: apiState.Authentications, ResourceAuthSchemes: apiState.ResourceAuthentications, @@ -66,10 +65,6 @@ func generateGQLAdapterInternalAPI(apiState APIState, gqlRoute *GQLRouteState, e loggers.LoggerAPKOperator.ErrorC(logging.PrintError(logging.Error2631, logging.MAJOR, "Error setting GQLRoute CR info to adapterInternalAPI. %v", err)) return nil, nil, err } - if err := adapterInternalAPI.Validate(); err != nil { - loggers.LoggerAPKOperator.ErrorC(logging.PrintError(logging.Error2632, logging.MAJOR, "Error validating adapterInternalAPI intermediate representation. %v", err)) - return nil, nil, err - } vHosts := getVhostsForGQLAPI(gqlRoute.GQLRouteCombined) labels := getLabelsForGQLAPI(gqlRoute.GQLRouteCombined) listeners, relativeSectionNames := getListenersForGQLAPI(gqlRoute.GQLRouteCombined, adapterInternalAPI.UUID) @@ -104,7 +99,6 @@ func getVhostsForGQLAPI(gqlRoute *v1alpha2.GQLRoute) []string { for _, hostName := range gqlRoute.Spec.Hostnames { vHosts = append(vHosts, string(hostName)) } - fmt.Println("vhosts size: ", len(vHosts)) return vHosts } diff --git a/adapter/internal/operator/synchronizer/rest_api.go b/adapter/internal/operator/synchronizer/rest_api.go index 666fcc003..38e5b218c 100644 --- a/adapter/internal/operator/synchronizer/rest_api.go +++ b/adapter/internal/operator/synchronizer/rest_api.go @@ -19,7 +19,6 @@ package synchronizer import ( "errors" - "fmt" "github.com/wso2/apk/adapter/config" "github.com/wso2/apk/adapter/internal/dataholder" @@ -131,7 +130,6 @@ func getVhostsForAPI(httpRoute *gwapiv1b1.HTTPRoute) []string { for _, hostName := range httpRoute.Spec.Hostnames { vHosts = append(vHosts, string(hostName)) } - fmt.Println("vhosts size: ", len(vHosts)) return vHosts } @@ -166,10 +164,7 @@ func getListenersForAPI(httpRoute *gwapiv1b1.HTTPRoute, apiUUID string) ([]strin if found { // find the matching listener matchedListener, listenerFound := common.FindElement(gateway.Spec.Listeners, func(listener gwapiv1b1.Listener) bool { - if string(listener.Name) == string(*parentRef.SectionName) { - return true - } - return false + return string(listener.Name) == string(*parentRef.SectionName) }) if listenerFound { sectionNames = append(sectionNames, string(matchedListener.Name)) diff --git a/common-go-libs/go.mod b/common-go-libs/go.mod index 91267481f..d3f1f662d 100644 --- a/common-go-libs/go.mod +++ b/common-go-libs/go.mod @@ -2,8 +2,6 @@ module github.com/wso2/apk/common-go-libs go 1.19 -replace github.com/wso2/apk/adapter => ../adapter - require ( github.com/envoyproxy/go-control-plane v0.11.2-0.20230802074621-eea0b3bd0f81 github.com/onsi/ginkgo/v2 v2.9.5 diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/api/GraphQLAPI.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/api/GraphQLAPI.java index 065016446..8552f909d 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/api/GraphQLAPI.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/api/GraphQLAPI.java @@ -31,7 +31,6 @@ import org.wso2.apk.enforcer.config.EnforcerConfig; import org.wso2.apk.enforcer.discovery.api.Api; import org.wso2.apk.enforcer.discovery.api.BackendJWTTokenInfo; -import org.wso2.apk.enforcer.discovery.api.Certificate; import org.wso2.apk.enforcer.discovery.api.Claim; import org.wso2.apk.enforcer.discovery.api.Operation; import org.wso2.apk.enforcer.discovery.api.Resource; diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/api/RestAPI.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/api/RestAPI.java index 069a2ea35..0502b7fbc 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/api/RestAPI.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/api/RestAPI.java @@ -28,13 +28,11 @@ import org.wso2.apk.enforcer.commons.model.ResourceConfig; import org.wso2.apk.enforcer.config.ConfigHolder; import org.wso2.apk.enforcer.config.EnforcerConfig; -import org.wso2.apk.enforcer.config.dto.FilterDTO; import org.wso2.apk.enforcer.constants.APIConstants; import org.wso2.apk.enforcer.constants.HttpConstants; import org.wso2.apk.enforcer.cors.CorsFilter; import org.wso2.apk.enforcer.discovery.api.Api; import org.wso2.apk.enforcer.discovery.api.BackendJWTTokenInfo; -import org.wso2.apk.enforcer.discovery.api.Certificate; import org.wso2.apk.enforcer.discovery.api.Claim; import org.wso2.apk.enforcer.discovery.api.Operation; import org.wso2.apk.enforcer.discovery.api.Resource; @@ -48,12 +46,9 @@ import java.security.KeyStore; import java.security.KeyStoreException; import java.util.ArrayList; -import java.util.Arrays; -import java.util.Comparator; import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.ServiceLoader; /** * Specific implementation for a Rest API type APIs. diff --git a/test/integration/integration/tests/gql-api.go b/test/integration/integration/tests/gql-api.go index a9bcd2bfb..b3f4dc1c4 100644 --- a/test/integration/integration/tests/gql-api.go +++ b/test/integration/integration/tests/gql-api.go @@ -34,14 +34,31 @@ var GQLAPI = suite.IntegrationTest{ Description: "Tests GraphQL API", Manifests: []string{"tests/gql-api.yaml"}, Test: func(t *testing.T, suite *suite.IntegrationTestSuite) { - ns := "gateway-integration-test-infra" gwAddr := "gql.test.gw.wso2.com:9095" + // token := http.GetTestToken(t) testCases := []http.ExpectedResponse{ { Request: http.Request{ - Host: "gql.test.gw.wso2.com", - Path: "/gql/v1", + Host: "gql.test.gw.wso2.com", + Path: "/gql/v1", + Method: "POST", + Headers: map[string]string{ + "Content-Type": "application/json", + }, + Body: `{"query":"query{\n human(id:1000){\n id\n name\n }\n}","variables":{}}`, + }, + ExpectedRequest: &http.ExpectedRequest{ + Request: http.Request{ + Method: ""}, + }, + Response: http.Response{StatusCode: 200}, + }, + { + Request: http.Request{ + Host: "gql.test.gw.wso2.com", + Path: "/gql/v1", + Method: "POST", Headers: map[string]string{ "Content-Type": "application/json", }, @@ -49,56 +66,33 @@ var GQLAPI = suite.IntegrationTest{ }, ExpectedRequest: &http.ExpectedRequest{ Request: http.Request{ - Path: "/graphql", - Body: `{"query":"query{\n human(id:1000){\n id\n name\n }\n droid(id:2000){\n name\n friends{\n name\n appearsIn\n }\n }\n}","variables":{}}`, + Method: "", }, }, - Backend: "gql-backend-v1", - Namespace: ns, + Response: http.Response{StatusCode: 401}, }, + // TODO(amali) enable this test case after fixing the issue https://github.com/wso2/apk/issues/1960 // { // Request: http.Request{ - // Host: "disable-api-security.test.gw.wso2.com", - // Path: "/disable-api-security/v1/orders", - // }, - // ExpectedRequest: &http.ExpectedRequest{ - // Request: http.Request{ - // Path: "/orders", + // Host: "gql.test.gw.wso2.com", + // Path: "/gql/v1", + // Method: "POST", + // Headers: map[string]string{ + // "Content-Type": "application/json", + // "Authorization": "Bearer " + token, // }, - // }, - // Backend: "infra-backend-v1", - // Namespace: ns, - // }, - // { - // Request: http.Request{ - // Host: "disable-api-security.test.gw.wso2.com", - // Path: "/disable-api-security/users", - // }, - // ExpectedRequest: &http.ExpectedRequest{ - // Request: http.Request{ - // Path: "/users", - // }, - // }, - // Backend: "infra-backend-v1", - // Namespace: ns, - // }, - // { - // Request: http.Request{ - // Host: "disable-api-security.test.gw.wso2.com", - // Path: "/disable-api-security/orders", + // Body: `{"query":"query{\n human(id:1000){\n id\n name\n }\n droid(id:2000){\n name\n friends{\n name\n appearsIn\n }\n }\n}","variables":{}}`, // }, // ExpectedRequest: &http.ExpectedRequest{ // Request: http.Request{ - // Path: "/orders", + // Method: "", // }, // }, - // Backend: "infra-backend-v1", - // Namespace: ns, + // Response: http.Response{StatusCode: 200}, // }, } for i := range testCases { tc := testCases[i] - // No test token added to the request header t.Run(tc.GetTestCaseName(i), func(t *testing.T) { t.Parallel() http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, tc) diff --git a/test/integration/integration/tests/resources/base/manifests.yaml b/test/integration/integration/tests/resources/base/manifests.yaml index 0d378f948..79387a511 100644 --- a/test/integration/integration/tests/resources/base/manifests.yaml +++ b/test/integration/integration/tests/resources/base/manifests.yaml @@ -72,7 +72,7 @@ metadata: namespace: gateway-integration-test-infra spec: selector: - app: gql-v1 + app: gql-backend-v1 ports: - protocol: TCP port: 8080 @@ -368,7 +368,6 @@ spec: group: gateway.networking.k8s.io kind: Gateway name: default - --- apiVersion: dp.wso2.com/v1alpha1 kind: TokenIssuer diff --git a/test/integration/integration/tests/resources/tests/gql-api.yaml b/test/integration/integration/tests/resources/tests/gql-api.yaml index c8c1b9088..923079794 100644 --- a/test/integration/integration/tests/resources/tests/gql-api.yaml +++ b/test/integration/integration/tests/resources/tests/gql-api.yaml @@ -24,7 +24,7 @@ spec: apiType: GraphQL apiVersion: v1 basePath: /gql/v1 - isDefaultVersion: true + isDefaultVersion: false definitionFileRef: gql-sdl production: - httpRouteRefs: @@ -53,16 +53,14 @@ spec: - matches: - path: hero type: QUERY + - path: droid + type: QUERY - path: reviews type: QUERY - path: search type: QUERY - path: character type: QUERY - - path: droid - type: QUERY - - path: human - type: QUERY - path: allHumans type: QUERY - path: allDroids @@ -73,20 +71,28 @@ spec: type: QUERY - path: createReview type: MUTATION -# --- -# apiVersion: dp.wso2.com/v1alpha1 -# kind: Authentication -# metadata: -# name: disable-api-security -# namespace: gateway-integration-test-infra -# spec: -# override: -# disabled: true -# targetRef: -# group: gateway.networking.k8s.io -# kind: API -# namespace: gateway-integration-test-infra -# name: disable-api-security + - matches: + - path: human + type: QUERY + filters: + - extensionRef: + group: dp.wso2.com + kind: Authentication + name: disable-gql-api-security +--- +apiVersion: dp.wso2.com/v1alpha1 +kind: Authentication +metadata: + name: disable-gql-api-security + namespace: gateway-integration-test-infra +spec: + override: + disabled: true + targetRef: + group: gateway.networking.k8s.io + kind: Resource + namespace: gateway-integration-test-infra + name: gql-api --- apiVersion: dp.wso2.com/v1alpha1 kind: Backend diff --git a/test/integration/integration/utils/http/http.go b/test/integration/integration/utils/http/http.go index 6e4d387f5..e193ad91e 100644 --- a/test/integration/integration/utils/http/http.go +++ b/test/integration/integration/utils/http/http.go @@ -261,10 +261,6 @@ func CompareRequest(req *roundtripper.Request, cReq *roundtripper.CapturedReques return nil } - if expected.ExpectedRequest.Method == "" { - expected.ExpectedRequest.Method = "GET" - } - if expected.ExpectedRequest.Host != "" && expected.ExpectedRequest.Host != cReq.Host { return fmt.Errorf("expected host to be %s, got %s", expected.ExpectedRequest.Host, cReq.Host) } @@ -272,7 +268,8 @@ func CompareRequest(req *roundtripper.Request, cReq *roundtripper.CapturedReques if expected.ExpectedRequest.Path != cReq.Path { return fmt.Errorf("expected path to be %s, got %s", expected.ExpectedRequest.Path, cReq.Path) } - if expected.ExpectedRequest.Method != "OPTIONS" && expected.ExpectedRequest.Method != cReq.Method { + if expected.ExpectedRequest.Method != "OPTIONS" && expected.ExpectedRequest.Method != cReq.Method && + !(expected.ExpectedRequest.Method == "" && cReq.Method == "GET") { return fmt.Errorf("expected method to be %s, got %s", expected.ExpectedRequest.Method, cReq.Method) } if expected.Namespace != cReq.Namespace { From 28931dc4f520e4ec62479c59c2ec7844d88ab152 Mon Sep 17 00:00:00 2001 From: AmaliMatharaarachchi Date: Tue, 16 Jan 2024 15:05:14 +0530 Subject: [PATCH 3/9] update amd64 image --- .../integration/integration/tests/resources/base/manifests.yaml | 2 +- test/integration/integration_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/integration/tests/resources/base/manifests.yaml b/test/integration/integration/tests/resources/base/manifests.yaml index 79387a511..52f2e64c2 100644 --- a/test/integration/integration/tests/resources/base/manifests.yaml +++ b/test/integration/integration/tests/resources/base/manifests.yaml @@ -97,7 +97,7 @@ spec: spec: containers: - name: gql-backend-v1 - image: amalim/gql:v1 + image: tharsanan/gq:1.0.0 env: - name: POD_NAME valueFrom: diff --git a/test/integration/integration_test.go b/test/integration/integration_test.go index 8660e4298..35c2273ce 100644 --- a/test/integration/integration_test.go +++ b/test/integration/integration_test.go @@ -50,5 +50,5 @@ func TestIntegration(t *testing.T) { CleanupBaseResources: true, }) cSuite.Setup(t) - cSuite.Run(t, []suite.IntegrationTest{tests.GQLAPI}) + cSuite.Run(t, tests.IntegrationTests) } From 3fa861104e91ec33675c9e2308c48213e921ab2e Mon Sep 17 00:00:00 2001 From: AmaliMatharaarachchi Date: Tue, 16 Jan 2024 15:40:12 +0530 Subject: [PATCH 4/9] add host entries --- test/integration/scripts/run-tests.sh | 1 + test/integration/scripts/setup-hosts.sh | 1 + 2 files changed, 2 insertions(+) diff --git a/test/integration/scripts/run-tests.sh b/test/integration/scripts/run-tests.sh index c07db3f5f..43d1a89ba 100644 --- a/test/integration/scripts/run-tests.sh +++ b/test/integration/scripts/run-tests.sh @@ -78,6 +78,7 @@ sudo echo "$IP default-api-version-ratelimit-resource-level.test.gw.wso2.com" | sudo echo "$IP ratelimit-priority.test.gw.wso2.com" | sudo tee -a /etc/hosts sudo echo "$IP different-endpoint-with-same-route.test.gw.wso2.com" | sudo tee -a /etc/hosts sudo echo "$IP custom-auth-header.test.gw.wso2.com" | sudo tee -a /etc/hosts +sudo echo "$IP gql.test.gw.wso2.com" | sudo tee -a /etc/hosts sudo echo "255.255.255.255 broadcasthost" | sudo tee -a /etc/hosts sudo echo "::1 localhost" | sudo tee -a /etc/hosts diff --git a/test/integration/scripts/setup-hosts.sh b/test/integration/scripts/setup-hosts.sh index 207028d0d..c74feb92d 100644 --- a/test/integration/scripts/setup-hosts.sh +++ b/test/integration/scripts/setup-hosts.sh @@ -37,6 +37,7 @@ sudo echo "$IP default-api-version-ratelimit-resource-level.test.gw.wso2.com" | sudo echo "$IP ratelimit-priority.test.gw.wso2.com" | sudo tee -a /etc/hosts sudo echo "$IP different-endpoint-with-same-route.test.gw.wso2.com" | sudo tee -a /etc/hosts sudo echo "$IP custom-auth-header.test.gw.wso2.com" | sudo tee -a /etc/hosts +sudo echo "$IP gql.test.gw.wso2.com" | sudo tee -a /etc/hosts sudo echo "255.255.255.255 broadcasthost" | sudo tee -a /etc/hosts sudo echo "::1 localhost" | sudo tee -a /etc/hosts From 8922b33fc399688947471995273976d8359188d6 Mon Sep 17 00:00:00 2001 From: AmaliMatharaarachchi Date: Thu, 18 Jan 2024 12:04:06 +0530 Subject: [PATCH 5/9] update and fix go integration crs --- adapter/internal/discovery/xds/server.go | 15 +++++++++------ .../tryout/samples/sample-api-policy.yaml | 2 +- .../config-deployer/config-api-apipolicy.yaml | 2 +- .../api-interceptor/interceptor-policy.yaml | 2 +- .../interceptor-policy.yaml | 2 +- .../interceptor-policy.yaml | 2 +- .../k8s-resources/api-policy.yaml | 2 +- test/cucumber-tests/CRs/artifacts.yaml | 2 +- .../tests/api-policy-with-jwt-generator.yaml | 19 +++++++++++++------ .../resources/tests/api-with-cors-policy.yaml | 3 +-- .../tests/custom-policy-ratelimiting.yaml | 11 ++++------- .../fetch-non-existing-api-definition.yaml | 2 +- .../tests/interceptors-api-level.yaml | 4 +--- .../tests/interceptors-resource-level.yaml | 4 +--- test/k8s-resources/gw-interceptor.yaml | 2 +- 15 files changed, 38 insertions(+), 36 deletions(-) diff --git a/adapter/internal/discovery/xds/server.go b/adapter/internal/discovery/xds/server.go index e12fb0010..5a9f77e5a 100644 --- a/adapter/internal/discovery/xds/server.go +++ b/adapter/internal/discovery/xds/server.go @@ -393,13 +393,19 @@ func GenerateEnvoyResoucesForGateway(gatewayName string) ([]types.Resource, } envoyGatewayConfig, gwFound := gatewayLabelConfigMap[gatewayName] + // gwFound means that the gateway is configured in the gateway cr. listeners := envoyGatewayConfig.listeners if !gwFound || listeners == nil || len(listeners) == 0 { return nil, nil, nil, nil, nil } routeConfigs := make([]*routev3.RouteConfiguration, 0) + // TODO(amali) Revisit the following + // Find the matching listener for each vhost and then only add the routes to the routeConfigs for _, listener := range listeners { for vhost, routes := range vhostToRouteArrayMap { + // listener match pass in the following cases + // 1. vhost matches to a hostname in gateway + // 2. listener name matches matchedListener, found := common.FindElement(dataholder.GetAllGatewayListeners(), func(listenerLocal gwapiv1b1.Listener) bool { if listenerLocal.Hostname != nil && common.MatchesHostname(vhost, string(*listenerLocal.Hostname)) { if listener.Name == common.GetEnvoyListenerName(string(listenerLocal.Protocol), uint32(listenerLocal.Port)) { @@ -414,19 +420,16 @@ func GenerateEnvoyResoucesForGateway(gatewayName string) ([]types.Resource, routesConfig := oasParser.GetRouteConfigs(map[string][]*routev3.Route{vhost: routes}, routeConfigName, envoyGatewayConfig.customRateLimitPolicies) routeConfigMatched, alreadyExistsInRouteConfigList := common.FindElement(routeConfigs, func(routeConf *routev3.RouteConfiguration) bool { - if routeConf.Name == routesConfig.Name { - return true - } - return false + return routeConf.Name == routesConfig.Name }) if alreadyExistsInRouteConfigList { - logger.LoggerAPKOperator.Debugf("Route already exists. %+v", routesConfig.Name) + logger.LoggerAPKOperator.Debugf("Route already exists. %v", routesConfig.Name) routeConfigMatched.VirtualHosts = append(routeConfigMatched.VirtualHosts, routesConfig.VirtualHosts...) } else { routeConfigs = append(routeConfigs, routesConfig) } } else { - logger.LoggerAPKOperator.Errorf("Failed to find a matching gateway listener for this vhost: %s", vhost) + logger.LoggerAPKOperator.Errorf("Failed to find a matching gateway listener for this vhost: %s in %v", vhost, listener.Name) } } } diff --git a/developer/tryout/samples/sample-api-policy.yaml b/developer/tryout/samples/sample-api-policy.yaml index 56deb546d..51c368efb 100644 --- a/developer/tryout/samples/sample-api-policy.yaml +++ b/developer/tryout/samples/sample-api-policy.yaml @@ -1,4 +1,4 @@ -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: APIPolicy metadata: name: backend-jwt-token-policy diff --git a/helm-charts/templates/data-plane/config-deployer/config-api-apipolicy.yaml b/helm-charts/templates/data-plane/config-deployer/config-api-apipolicy.yaml index 877c6c25a..e6c820084 100644 --- a/helm-charts/templates/data-plane/config-deployer/config-api-apipolicy.yaml +++ b/helm-charts/templates/data-plane/config-deployer/config-api-apipolicy.yaml @@ -1,5 +1,5 @@ {{- if and .Values.wso2.apk.dp.enabled .Values.wso2.apk.dp.configdeployer.enabled }} -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: APIPolicy metadata: name: "{{ template "apk-helm.resource.prefix" . }}-config-api-api-policy" diff --git a/samples/custom-ratelimit-interceptor-service/api-interceptor/interceptor-policy.yaml b/samples/custom-ratelimit-interceptor-service/api-interceptor/interceptor-policy.yaml index 585b10f1f..0dcc5b7ab 100644 --- a/samples/custom-ratelimit-interceptor-service/api-interceptor/interceptor-policy.yaml +++ b/samples/custom-ratelimit-interceptor-service/api-interceptor/interceptor-policy.yaml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ----------------------------------------------------------------------- -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: APIPolicy metadata: name: interceptor-policy-api-level diff --git a/samples/custom-ratelimit-interceptor-service/gateway-interceptor/interceptor-policy.yaml b/samples/custom-ratelimit-interceptor-service/gateway-interceptor/interceptor-policy.yaml index e44030ecb..88e6e9885 100644 --- a/samples/custom-ratelimit-interceptor-service/gateway-interceptor/interceptor-policy.yaml +++ b/samples/custom-ratelimit-interceptor-service/gateway-interceptor/interceptor-policy.yaml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ----------------------------------------------------------------------- -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: APIPolicy metadata: name: interceptor-policy-gateway-level diff --git a/samples/custom-ratelimit-interceptor-service/resource-interceptor/interceptor-policy.yaml b/samples/custom-ratelimit-interceptor-service/resource-interceptor/interceptor-policy.yaml index 80eb4e6a9..b3466848d 100644 --- a/samples/custom-ratelimit-interceptor-service/resource-interceptor/interceptor-policy.yaml +++ b/samples/custom-ratelimit-interceptor-service/resource-interceptor/interceptor-policy.yaml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ----------------------------------------------------------------------- -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: APIPolicy metadata: name: interceptor-policy-resource-level diff --git a/samples/request-response-mediation-interceptors/k8s-resources/api-policy.yaml b/samples/request-response-mediation-interceptors/k8s-resources/api-policy.yaml index f261eb14d..c7a2fff25 100644 --- a/samples/request-response-mediation-interceptors/k8s-resources/api-policy.yaml +++ b/samples/request-response-mediation-interceptors/k8s-resources/api-policy.yaml @@ -14,7 +14,7 @@ # limitations under the License. # ----------------------------------------------------------------------- -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: APIPolicy metadata: name: sample-api-policy diff --git a/test/cucumber-tests/CRs/artifacts.yaml b/test/cucumber-tests/CRs/artifacts.yaml index b1292f343..a9ae0b918 100644 --- a/test/cucumber-tests/CRs/artifacts.yaml +++ b/test/cucumber-tests/CRs/artifacts.yaml @@ -222,7 +222,7 @@ spec: configMap: name: "interceptor-service-config-toml" --- -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: APIPolicy metadata: name: interceptor-policy-gateway-level diff --git a/test/integration/integration/tests/resources/tests/api-policy-with-jwt-generator.yaml b/test/integration/integration/tests/resources/tests/api-policy-with-jwt-generator.yaml index b832d1df8..69175f6cb 100644 --- a/test/integration/integration/tests/resources/tests/api-policy-with-jwt-generator.yaml +++ b/test/integration/integration/tests/resources/tests/api-policy-with-jwt-generator.yaml @@ -55,24 +55,31 @@ spec: kind: Backend name: infra-backend-v1 --- -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: APIPolicy metadata: name: jwt-token-generator-policy namespace: gateway-integration-test-infra spec: override: - backendJwtToken: - enabled: true - encoding: "Base64" - signingAlgorithm: "SHA256withRSA" - header: "X-JWT-Assertion" + backendJwtPolicy: + name: backend-jwt targetRef: group: gateway.networking.k8s.io kind: API name: api-policy-with-jwt-generator --- apiVersion: dp.wso2.com/v1alpha1 +kind: BackendJWT +metadata: + name: backend-jwt + namespace: gateway-integration-test-infra +spec: + encoding: "Base64" + signingAlgorithm: "SHA256withRSA" + header: "X-JWT-Assertion" +--- +apiVersion: dp.wso2.com/v1alpha1 kind: Backend metadata: name: infra-backend-v1 diff --git a/test/integration/integration/tests/resources/tests/api-with-cors-policy.yaml b/test/integration/integration/tests/resources/tests/api-with-cors-policy.yaml index fff054f94..c2007e95a 100644 --- a/test/integration/integration/tests/resources/tests/api-with-cors-policy.yaml +++ b/test/integration/integration/tests/resources/tests/api-with-cors-policy.yaml @@ -61,7 +61,7 @@ spec: kind: Backend name: infra-backend-v1 --- -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: APIPolicy metadata: name: cors-policy @@ -69,7 +69,6 @@ metadata: spec: override: cORSPolicy: - enabled: true accessControlAllowCredentials: true accessControlAllowOrigins: - "*.wso2.com" diff --git a/test/integration/integration/tests/resources/tests/custom-policy-ratelimiting.yaml b/test/integration/integration/tests/resources/tests/custom-policy-ratelimiting.yaml index 8e148b85c..28255c2fa 100644 --- a/test/integration/integration/tests/resources/tests/custom-policy-ratelimiting.yaml +++ b/test/integration/integration/tests/resources/tests/custom-policy-ratelimiting.yaml @@ -20,20 +20,18 @@ metadata: namespace: gateway-integration-test-infra spec: override: - type: Custom custom: key: rlkey_user value: bob - rateLimit: - requestsPerUnit: 4 - unit: Minute - organization: default + requestsPerUnit: 4 + unit: Minute + organization: default targetRef: kind: Gateway name: default group: gateway.networking.k8s.io --- -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: APIPolicy metadata: name: interceptor-api-policy-api-level @@ -42,7 +40,6 @@ spec: override: requestInterceptors: - name: request-ratelimit-interceptor-api-level - namespace: gateway-integration-test-infra targetRef: group: gateway.networking.k8s.io kind: API diff --git a/test/integration/integration/tests/resources/tests/fetch-non-existing-api-definition.yaml b/test/integration/integration/tests/resources/tests/fetch-non-existing-api-definition.yaml index 4766ddd69..d8377f85b 100644 --- a/test/integration/integration/tests/resources/tests/fetch-non-existing-api-definition.yaml +++ b/test/integration/integration/tests/resources/tests/fetch-non-existing-api-definition.yaml @@ -23,7 +23,7 @@ spec: apiName: API with Swagger Definition apiType: REST apiVersion: v1.0.0 - basePath: /fetch-api-definition/v1.0.0 + basePath: /fetch-non-existing-api-definition/v1.0.0 production: - httpRouteRefs: - fetch-non-api-definition-httproute diff --git a/test/integration/integration/tests/resources/tests/interceptors-api-level.yaml b/test/integration/integration/tests/resources/tests/interceptors-api-level.yaml index 568189850..09ffcdc10 100644 --- a/test/integration/integration/tests/resources/tests/interceptors-api-level.yaml +++ b/test/integration/integration/tests/resources/tests/interceptors-api-level.yaml @@ -66,7 +66,7 @@ spec: type: ReplaceFullPath replaceFullPath: /books --- -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: APIPolicy metadata: name: interceptor-api-policy-api-level @@ -75,10 +75,8 @@ spec: override: requestInterceptors: - name: request-interceptor-api-level - namespace: gateway-integration-test-infra responseInterceptors: - name: response-interceptor-api-level - namespace: gateway-integration-test-infra targetRef: group: gateway.networking.k8s.io kind: API diff --git a/test/integration/integration/tests/resources/tests/interceptors-resource-level.yaml b/test/integration/integration/tests/resources/tests/interceptors-resource-level.yaml index ad8dc46ea..3578cce5c 100644 --- a/test/integration/integration/tests/resources/tests/interceptors-resource-level.yaml +++ b/test/integration/integration/tests/resources/tests/interceptors-resource-level.yaml @@ -81,7 +81,7 @@ spec: type: ReplaceFullPath replaceFullPath: /books --- -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: APIPolicy metadata: name: interceptor-api-policy-resource-level @@ -90,10 +90,8 @@ spec: override: requestInterceptors: - name: request-interceptor-api-level - namespace: gateway-integration-test-infra responseInterceptors: - name: response-interceptor-api-level - namespace: gateway-integration-test-infra targetRef: group: gateway.networking.k8s.io kind: Resource diff --git a/test/k8s-resources/gw-interceptor.yaml b/test/k8s-resources/gw-interceptor.yaml index 3d751d8a3..5b648256a 100644 --- a/test/k8s-resources/gw-interceptor.yaml +++ b/test/k8s-resources/gw-interceptor.yaml @@ -1,4 +1,4 @@ -apiVersion: dp.wso2.com/v1alpha1 +apiVersion: dp.wso2.com/v1alpha2 kind: APIPolicy metadata: name: interceptor-policy-gateway-level From ca527475d56af7f7e828e251d7a38ac808bd913f Mon Sep 17 00:00:00 2001 From: AmaliMatharaarachchi Date: Thu, 18 Jan 2024 17:13:54 +0530 Subject: [PATCH 6/9] fix resorce level jwt auth --- .../oasparser/model/adapter_internal_api.go | 1 - .../operator/controllers/dp/api_controller.go | 120 ++++++++---------- .../security/jwt/JWTAuthenticator.java | 14 +- 3 files changed, 66 insertions(+), 69 deletions(-) diff --git a/adapter/internal/oasparser/model/adapter_internal_api.go b/adapter/internal/oasparser/model/adapter_internal_api.go index 5a8595d02..906f909bf 100644 --- a/adapter/internal/oasparser/model/adapter_internal_api.go +++ b/adapter/internal/oasparser/model/adapter_internal_api.go @@ -926,7 +926,6 @@ func (adapterInternalAPI *AdapterInternalAPI) SetInfoGQLRouteCR(gqlRoute *dpv1al resourceAuthScheme = concatAuthSchemes(resourceAuthScheme, nil) resourceRatelimitPolicy = concatRateLimitPolicies(resourceRatelimitPolicy, nil) - loggers.LoggerOasparser.Debugf("Calculating auths for API ..., API_UUID = %v", adapterInternalAPI.UUID) apiAuth := getSecurity(resourceAuthScheme) for _, match := range rule.Matches { diff --git a/adapter/internal/operator/controllers/dp/api_controller.go b/adapter/internal/operator/controllers/dp/api_controller.go index 0d856ac0c..2428efdc0 100644 --- a/adapter/internal/operator/controllers/dp/api_controller.go +++ b/adapter/internal/operator/controllers/dp/api_controller.go @@ -421,7 +421,7 @@ func (apiReconciler *APIReconciler) resolveAPIRefs(ctx context.Context, api dpv1 } else if cachedAPI, events, updated := apiReconciler.ods.UpdateAPIState(apiRef, apiState); updated { apiReconciler.traverseAPIStateAndUpdateOwnerReferences(ctx, *apiState) - loggers.LoggerAPI.Infof("API CR %s with API UUID : %v is updated on %v", apiRef.String(), + loggers.LoggerAPKOperator.Infof("API CR %s with API UUID : %v is updated on %v", apiRef.String(), string(api.ObjectMeta.UID), events) return &synchronizer.APIEvent{EventType: constants.Update, Events: []synchronizer.APIState{cachedAPI}, UpdatedEvents: events}, nil } @@ -778,12 +778,11 @@ func (apiReconciler *APIReconciler) getResolvedBackendsMapping(ctx context.Conte return backendMapping } - -// These proxy methods are designed as intermediaries for the getAPIsFor methods. -// Their purpose is to encapsulate the process of updating owner references within the reconciliation watch methods. +// These proxy methods are designed as intermediaries for the getAPIsFor methods. +// Their purpose is to encapsulate the process of updating owner references within the reconciliation watch methods. // By employing these proxies, we prevent redundant owner reference updates for the same object due to the hierarchical structure of these functions. func (apiReconciler *APIReconciler) populateAPIReconcileRequestsForGQLRoute(ctx context.Context, obj k8client.Object) []reconcile.Request { - requests := apiReconciler.getAPIForGQLRoute(ctx, obj) + requests := apiReconciler.getAPIForGQLRoute(ctx, obj) apiReconciler.handleOwnerReference(ctx, obj, &requests) return requests } @@ -848,32 +847,25 @@ func (apiReconciler *APIReconciler) populateAPIReconcileRequestsForBackend(ctx c return requests } -func (apiReconciler *APIReconciler) populateAPIReconcileRequestsForGateway(ctx context.Context, obj k8client.Object) []reconcile.Request { - requests := apiReconciler.getAPIsForGateway(ctx, obj) - apiReconciler.handleOwnerReference(ctx, obj, &requests) - return requests -} - - func (apiReconciler *APIReconciler) traverseAPIStateAndUpdateOwnerReferences(ctx context.Context, apiState synchronizer.APIState) { - loggers.LoggerAPI.Infof("Ready to traverse the apistate : %+v", apiState) + loggers.LoggerAPKOperator.Debugf("Ready to traverse the apistate : %+v", apiState) // travserse through all the children of this API and trigger update owner reference - if (apiState.ProdHTTPRoute != nil) { + if apiState.ProdHTTPRoute != nil { for _, httpRoute := range apiState.ProdHTTPRoute.HTTPRoutePartitions { apiReconciler.retriveParentAPIsAndUpdateOwnerReferene(ctx, httpRoute) } } - if (apiState.SandHTTPRoute != nil) { + if apiState.SandHTTPRoute != nil { for _, httpRoute := range apiState.SandHTTPRoute.HTTPRoutePartitions { apiReconciler.retriveParentAPIsAndUpdateOwnerReferene(ctx, httpRoute) } } - if (apiState.ProdGQLRoute != nil) { + if apiState.ProdGQLRoute != nil { for _, gqlRoute := range apiState.ProdGQLRoute.GQLRoutePartitions { apiReconciler.retriveParentAPIsAndUpdateOwnerReferene(ctx, gqlRoute) } } - if (apiState.SandGQLRoute != nil) { + if apiState.SandGQLRoute != nil { for _, gqlRoute := range apiState.SandGQLRoute.GQLRoutePartitions { apiReconciler.retriveParentAPIsAndUpdateOwnerReferene(ctx, gqlRoute) } @@ -899,35 +891,35 @@ func (apiReconciler *APIReconciler) traverseAPIStateAndUpdateOwnerReferences(ctx for _, interceptorService := range apiState.InterceptorServiceMapping { apiReconciler.retriveParentAPIsAndUpdateOwnerReferene(ctx, &interceptorService) } - if (apiState.ProdHTTPRoute != nil) { - for _, backend := range apiState.ProdHTTPRoute.BackendMapping{ - if (&backend != nil) { + if apiState.ProdHTTPRoute != nil { + for _, backend := range apiState.ProdHTTPRoute.BackendMapping { + if backend != nil { apiReconciler.retriveParentAPIsAndUpdateOwnerReferene(ctx, &backend.Backend) } } } - if (apiState.SandHTTPRoute != nil) { - for _, backend := range apiState.SandHTTPRoute.BackendMapping{ - if (&backend != nil) { + if apiState.SandHTTPRoute != nil { + for _, backend := range apiState.SandHTTPRoute.BackendMapping { + if backend != nil { apiReconciler.retriveParentAPIsAndUpdateOwnerReferene(ctx, &backend.Backend) } } } - if (apiState.ProdGQLRoute != nil) { - for _, backend := range apiState.ProdGQLRoute.BackendMapping{ - if (&backend != nil) { + if apiState.ProdGQLRoute != nil { + for _, backend := range apiState.ProdGQLRoute.BackendMapping { + if backend != nil { apiReconciler.retriveParentAPIsAndUpdateOwnerReferene(ctx, &backend.Backend) } } } - if (apiState.SandGQLRoute != nil) { - for _, backend := range apiState.SandGQLRoute.BackendMapping{ - if (&backend != nil) { + if apiState.SandGQLRoute != nil { + for _, backend := range apiState.SandGQLRoute.BackendMapping { + if backend != nil { apiReconciler.retriveParentAPIsAndUpdateOwnerReferene(ctx, &backend.Backend) } } } - for _, backendJwt := range apiState.BackendJWTMapping{ + for _, backendJwt := range apiState.BackendJWTMapping { apiReconciler.retriveParentAPIsAndUpdateOwnerReferene(ctx, &backendJwt) } @@ -935,8 +927,8 @@ func (apiReconciler *APIReconciler) traverseAPIStateAndUpdateOwnerReferences(ctx func (apiReconciler *APIReconciler) retriveParentAPIsAndUpdateOwnerReferene(ctx context.Context, obj k8client.Object) { var requests []reconcile.Request - switch obj.(type){ - case *dpv1alpha1.Backend: + switch obj.(type) { + case *dpv1alpha1.Backend: var backend dpv1alpha1.Backend namesapcedName := types.NamespacedName{ Name: string(obj.GetName()), @@ -948,7 +940,7 @@ func (apiReconciler *APIReconciler) retriveParentAPIsAndUpdateOwnerReferene(ctx } requests = apiReconciler.getAPIsForBackend(ctx, &backend) apiReconciler.handleOwnerReference(ctx, &backend, &requests) - case *dpv1alpha1.Scope: + case *dpv1alpha1.Scope: var scope dpv1alpha1.Scope namesapcedName := types.NamespacedName{ Name: string(obj.GetName()), @@ -960,7 +952,7 @@ func (apiReconciler *APIReconciler) retriveParentAPIsAndUpdateOwnerReferene(ctx } requests = apiReconciler.getAPIsForScope(ctx, &scope) apiReconciler.handleOwnerReference(ctx, &scope, &requests) - case *dpv1alpha1.RateLimitPolicy: + case *dpv1alpha1.RateLimitPolicy: var rl dpv1alpha1.RateLimitPolicy namesapcedName := types.NamespacedName{ Name: string(obj.GetName()), @@ -972,7 +964,7 @@ func (apiReconciler *APIReconciler) retriveParentAPIsAndUpdateOwnerReferene(ctx } requests = apiReconciler.getAPIsForRateLimitPolicy(ctx, &rl) apiReconciler.handleOwnerReference(ctx, &rl, &requests) - case *dpv1alpha1.BackendJWT: + case *dpv1alpha1.BackendJWT: var backendJWT dpv1alpha1.BackendJWT namesapcedName := types.NamespacedName{ Name: string(obj.GetName()), @@ -984,7 +976,7 @@ func (apiReconciler *APIReconciler) retriveParentAPIsAndUpdateOwnerReferene(ctx } requests = apiReconciler.getAPIsForBackendJWT(ctx, &backendJWT) apiReconciler.handleOwnerReference(ctx, &backendJWT, &requests) - case *dpv1alpha1.InterceptorService: + case *dpv1alpha1.InterceptorService: var interceptorService dpv1alpha1.InterceptorService namesapcedName := types.NamespacedName{ Name: string(obj.GetName()), @@ -996,7 +988,7 @@ func (apiReconciler *APIReconciler) retriveParentAPIsAndUpdateOwnerReferene(ctx } requests = apiReconciler.getAPIsForInterceptorService(ctx, &interceptorService) apiReconciler.handleOwnerReference(ctx, &interceptorService, &requests) - case *dpv1alpha1.APIPolicy: + case *dpv1alpha1.APIPolicy: var apiPolicy dpv1alpha1.APIPolicy namesapcedName := types.NamespacedName{ Name: string(obj.GetName()), @@ -1020,7 +1012,7 @@ func (apiReconciler *APIReconciler) retriveParentAPIsAndUpdateOwnerReferene(ctx } requests = apiReconciler.getAPIsForAuthentication(ctx, &auth) apiReconciler.handleOwnerReference(ctx, &auth, &requests) - case *corev1.Secret: + case *corev1.Secret: var secret corev1.Secret namesapcedName := types.NamespacedName{ Name: string(obj.GetName()), @@ -1032,7 +1024,7 @@ func (apiReconciler *APIReconciler) retriveParentAPIsAndUpdateOwnerReferene(ctx } requests = apiReconciler.getAPIsForSecret(ctx, &secret) apiReconciler.handleOwnerReference(ctx, &secret, &requests) - case *corev1.ConfigMap: + case *corev1.ConfigMap: var cm corev1.ConfigMap namesapcedName := types.NamespacedName{ Name: string(obj.GetName()), @@ -1044,7 +1036,7 @@ func (apiReconciler *APIReconciler) retriveParentAPIsAndUpdateOwnerReferene(ctx } requests = apiReconciler.getAPIsForConfigMap(ctx, &cm) apiReconciler.handleOwnerReference(ctx, &cm, &requests) - case *gwapiv1b1.HTTPRoute: + case *gwapiv1b1.HTTPRoute: var httpRoute gwapiv1b1.HTTPRoute namesapcedName := types.NamespacedName{ Name: string(obj.GetName()), @@ -1071,7 +1063,7 @@ func (apiReconciler *APIReconciler) retriveParentAPIsAndUpdateOwnerReferene(ctx default: loggers.LoggerAPKOperator.Errorf("Unexpected type found while processing owner reference %+v", obj) } - + } // getAPIForGQLRoute triggers the API controller reconcile method based on the changes detected @@ -1102,8 +1094,8 @@ func (apiReconciler *APIReconciler) getAPIForGQLRoute(ctx context.Context, obj k Namespace: api.Namespace}, } requests = append(requests, req) - loggers.LoggerAPKOperator.Infof("Adding reconcile request for API: %s/%s with API UUID: %v", api.Namespace, api.Name, - string(api.ObjectMeta.UID)) + loggers.LoggerAPKOperator.Infof("Adding reconcile request for API: %s/%s with API UUID: %v due to change in GQLRoute: %v", api.Namespace, api.Name, + string(api.ObjectMeta.UID), utils.NamespacedName(gqlRoute).String()) } return requests } @@ -1139,8 +1131,8 @@ func (apiReconciler *APIReconciler) getAPIForHTTPRoute(ctx context.Context, obj Namespace: api.Namespace}, } requests = append(requests, req) - loggers.LoggerAPKOperator.Infof("Adding reconcile request for API: %s/%s with API UUID: %v", api.Namespace, api.Name, - string(api.ObjectMeta.UID)) + loggers.LoggerAPKOperator.Infof("Adding reconcile request for API: %s/%s with API UUID: %v due to HTTPRoute change: %v", + api.Namespace, api.Name, string(api.ObjectMeta.UID), utils.NamespacedName(httpRoute).String()) } return requests } @@ -1150,7 +1142,8 @@ func (apiReconciler *APIReconciler) getAPIForHTTPRoute(ctx context.Context, obj func (apiReconciler *APIReconciler) getAPIsForConfigMap(ctx context.Context, obj k8client.Object) []reconcile.Request { configMap, ok := obj.(*corev1.ConfigMap) if !ok { - loggers.LoggerAPKOperator.ErrorC(logging.PrintError(logging.Error2622, logging.TRIVIAL, "Unexpected object type, bypassing reconciliation: %v", configMap)) + loggers.LoggerAPKOperator.ErrorC(logging.PrintError(logging.Error2622, logging.TRIVIAL, + "Unexpected object type, bypassing reconciliation: %v", configMap)) return []reconcile.Request{} } @@ -1180,13 +1173,14 @@ func (apiReconciler *APIReconciler) getAPIsForConfigMap(ctx context.Context, obj Namespace: api.Namespace}, } requests = append(requests, req) - loggers.LoggerAPKOperator.Infof("Adding reconcile request for API: %s/%s with API UUID: %v", api.Namespace, api.Name, - string(api.ObjectMeta.UID)) + loggers.LoggerAPKOperator.Infof("Adding reconcile request for API: %s/%s with API UUID: %v due to configmap change: %v", + api.Namespace, api.Name, string(api.ObjectMeta.UID), utils.NamespacedName(configMap).String()) } return requests } - loggers.LoggerAPKOperator.ErrorC(logging.PrintError(logging.Error2647, logging.MINOR, "Unable to find associated APIs for ConfigMap: %s", utils.NamespacedName(configMap).String())) + loggers.LoggerAPKOperator.ErrorC(logging.PrintError(logging.Error2647, logging.MINOR, + "Unable to find associated APIs for ConfigMap: %s", utils.NamespacedName(configMap).String())) return []reconcile.Request{} } @@ -1242,7 +1236,8 @@ func (apiReconciler *APIReconciler) getAPIsForAuthentication(ctx context.Context }, } requests = append(requests, req) - loggers.LoggerAPKOperator.Infof("Adding reconcile request for API: %s/%s", string(authentication.Spec.TargetRef.Name), namespace) + loggers.LoggerAPKOperator.Infof("Adding reconcile request for API: %s/%s due to Authentication change: %v", + string(authentication.Spec.TargetRef.Name), namespace, utils.NamespacedName(authentication).String()) return requests } @@ -1276,7 +1271,8 @@ func (apiReconciler *APIReconciler) getAPIsForAPIPolicy(ctx context.Context, obj Namespace: namespace}, } requests = append(requests, req) - loggers.LoggerAPKOperator.Infof("Adding reconcile request for API: %s/%s", string(apiPolicy.Spec.TargetRef.Name), namespace) + loggers.LoggerAPKOperator.Infof("Adding reconcile request for API: %s/%s due to APIPolicy change: %v", + string(apiPolicy.Spec.TargetRef.Name), namespace, utils.NamespacedName(apiPolicy).String()) return requests } @@ -1360,7 +1356,8 @@ func (apiReconciler *APIReconciler) getAPIsForRateLimitPolicy(ctx context.Contex Namespace: namespace}, } requests = append(requests, req) - loggers.LoggerAPKOperator.Infof("Adding reconcile request for API: %s/%s", string(ratelimitPolicy.Spec.TargetRef.Name), namespace) + loggers.LoggerAPKOperator.Infof("Adding reconcile request for API: %s/%s due to RateLimitPolicy change: %v", + string(ratelimitPolicy.Spec.TargetRef.Name), namespace, utils.NamespacedName(ratelimitPolicy).String()) return requests } @@ -2012,8 +2009,6 @@ func (apiReconciler *APIReconciler) handleStatus() { } } - - func (apiReconciler *APIReconciler) handleOwnerReference(ctx context.Context, obj k8client.Object, apiRequests *[]reconcile.Request) { apis := []dpv1alpha2.API{} for _, req := range *apiRequests { @@ -2028,23 +2023,20 @@ func (apiReconciler *APIReconciler) handleOwnerReference(ctx context.Context, ob preparedOwnerReferences := prepareOwnerReference(apis) // Decide whether we need an update updateRequired := false - if (len(obj.GetOwnerReferences()) != len(preparedOwnerReferences)) { + if len(obj.GetOwnerReferences()) != len(preparedOwnerReferences) { updateRequired = true } else { for _, ref := range preparedOwnerReferences { _, found := common.FindElement(obj.GetOwnerReferences(), func(refLocal metav1.OwnerReference) bool { - if (refLocal.UID == ref.UID && refLocal.Name == ref.Name && refLocal.APIVersion == ref.APIVersion && refLocal.Kind == ref.Kind){ - return true - } - return false + return refLocal.UID == ref.UID && refLocal.Name == ref.Name && refLocal.APIVersion == ref.APIVersion && refLocal.Kind == ref.Kind }) - if (!found) { + if !found { updateRequired = true break } } } - if (updateRequired) { + if updateRequired { obj.SetOwnerReferences(preparedOwnerReferences) utils.UpdateCR(ctx, apiReconciler.client, obj) } @@ -2057,9 +2049,9 @@ func prepareOwnerReference(apiItems []dpv1alpha2.API) []metav1.OwnerReference { if _, exists := uidMap[string(ref.UID)]; !exists { ownerReferences = append(ownerReferences, metav1.OwnerReference{ APIVersion: ref.APIVersion, - Kind: ref.Kind, - Name: ref.Name, - UID: ref.UID, + Kind: ref.Kind, + Name: ref.Name, + UID: ref.UID, }) uidMap[string(ref.UID)] = true } diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java index c9e8a1e0d..da145804e 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java @@ -86,10 +86,16 @@ public JWTAuthenticator(final JWTConfigurationDto jwtConfigurationDto, final boo @Override public boolean canAuthenticate(RequestContext requestContext) { - // only getting first operation is enough as all matched resource configs have the same security schemes - // i.e. graphQL apis do not support resource level security yet - JWTAuthenticationConfig jwtAuthenticationConfig = - requestContext.getMatchedResourcePaths().get(0).getAuthenticationConfig().getJwtAuthenticationConfig(); + JWTAuthenticationConfig jwtAuthenticationConfig = null; + // only getting first operation is enough as all matched resource configs have the same security header + for (ResourceConfig resourceConfig : requestContext.getMatchedResourcePaths()) { + if (resourceConfig.getAuthenticationConfig() != null && + resourceConfig.getAuthenticationConfig().getJwtAuthenticationConfig() != null) { + jwtAuthenticationConfig = resourceConfig.getAuthenticationConfig().getJwtAuthenticationConfig(); + break; + } + } + if (jwtAuthenticationConfig != null) { String authHeaderValue = retrieveAuthHeaderValue(requestContext, jwtAuthenticationConfig); From 94f024198ebbd5871dc5345047d3019238e69dca Mon Sep 17 00:00:00 2001 From: AmaliMatharaarachchi Date: Thu, 18 Jan 2024 17:59:24 +0530 Subject: [PATCH 7/9] fix cm reconcile issue --- adapter/internal/operator/controllers/dp/api_controller.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/adapter/internal/operator/controllers/dp/api_controller.go b/adapter/internal/operator/controllers/dp/api_controller.go index 2428efdc0..9de15fcec 100644 --- a/adapter/internal/operator/controllers/dp/api_controller.go +++ b/adapter/internal/operator/controllers/dp/api_controller.go @@ -1151,7 +1151,7 @@ func (apiReconciler *APIReconciler) getAPIsForConfigMap(ctx context.Context, obj err := apiReconciler.client.List(ctx, backendList, &k8client.ListOptions{ FieldSelector: fields.OneTermEqualSelector(configMapBackend, utils.NamespacedName(configMap).String()), }) - if err == nil { + if err == nil && len(backendList.Items) > 0 { requests := []reconcile.Request{} for item := range backendList.Items { backend := backendList.Items[item] @@ -1544,6 +1544,7 @@ func addIndexes(ctx context.Context, mgr manager.Manager) error { if err := mgr.GetFieldIndexer().IndexField(ctx, &dpv1alpha2.API{}, configMapAPIDefinition, func(rawObj k8client.Object) []string { + loggers.LoggerAPI.Error("AMALIII configMapAPIDefinition: ", configMapAPIDefinition) api := rawObj.(*dpv1alpha2.API) var configMaps []string if api.Spec.DefinitionFileRef != "" { @@ -1553,6 +1554,7 @@ func addIndexes(ctx context.Context, mgr manager.Manager) error { Namespace: api.Namespace, }.String()) } + loggers.LoggerAPI.Error("AMALIII configMaps: ", configMaps) return configMaps }); err != nil { return err From 6cf5e158810bc75cb5bb415a1ea33a8e5f97a05a Mon Sep 17 00:00:00 2001 From: AmaliMatharaarachchi Date: Thu, 18 Jan 2024 18:07:24 +0530 Subject: [PATCH 8/9] add gql jwt test --- test/integration/integration/tests/gql-api.go | 38 +++++++++---------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/test/integration/integration/tests/gql-api.go b/test/integration/integration/tests/gql-api.go index b3f4dc1c4..0527226a2 100644 --- a/test/integration/integration/tests/gql-api.go +++ b/test/integration/integration/tests/gql-api.go @@ -35,7 +35,7 @@ var GQLAPI = suite.IntegrationTest{ Manifests: []string{"tests/gql-api.yaml"}, Test: func(t *testing.T, suite *suite.IntegrationTestSuite) { gwAddr := "gql.test.gw.wso2.com:9095" - // token := http.GetTestToken(t) + token := http.GetTestToken(t) testCases := []http.ExpectedResponse{ { @@ -70,26 +70,24 @@ var GQLAPI = suite.IntegrationTest{ }, }, Response: http.Response{StatusCode: 401}, + }, { + Request: http.Request{ + Host: "gql.test.gw.wso2.com", + Path: "/gql/v1", + Method: "POST", + Headers: map[string]string{ + "Content-Type": "application/json", + "Authorization": "Bearer " + token, + }, + Body: `{"query":"query{\n human(id:1000){\n id\n name\n }\n droid(id:2000){\n name\n friends{\n name\n appearsIn\n }\n }\n}","variables":{}}`, + }, + ExpectedRequest: &http.ExpectedRequest{ + Request: http.Request{ + Method: "", + }, + }, + Response: http.Response{StatusCode: 200}, }, - // TODO(amali) enable this test case after fixing the issue https://github.com/wso2/apk/issues/1960 - // { - // Request: http.Request{ - // Host: "gql.test.gw.wso2.com", - // Path: "/gql/v1", - // Method: "POST", - // Headers: map[string]string{ - // "Content-Type": "application/json", - // "Authorization": "Bearer " + token, - // }, - // Body: `{"query":"query{\n human(id:1000){\n id\n name\n }\n droid(id:2000){\n name\n friends{\n name\n appearsIn\n }\n }\n}","variables":{}}`, - // }, - // ExpectedRequest: &http.ExpectedRequest{ - // Request: http.Request{ - // Method: "", - // }, - // }, - // Response: http.Response{StatusCode: 200}, - // }, } for i := range testCases { tc := testCases[i] From f07876c2e45669847d72bb95dd7a46e428b9080e Mon Sep 17 00:00:00 2001 From: AmaliMatharaarachchi Date: Fri, 19 Jan 2024 10:26:14 +0530 Subject: [PATCH 9/9] fix auth header issue --- .../security/jwt/JWTAuthenticator.java | 35 +++++++++---------- 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java index da145804e..6e3c52c35 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java @@ -35,7 +35,6 @@ import org.wso2.apk.enforcer.commons.exception.EnforcerException; import org.wso2.apk.enforcer.commons.model.APIConfig; import org.wso2.apk.enforcer.commons.model.AuthenticationContext; -import org.wso2.apk.enforcer.commons.model.JWTAuthenticationConfig; import org.wso2.apk.enforcer.commons.model.RequestContext; import org.wso2.apk.enforcer.commons.model.ResourceConfig; import org.wso2.apk.enforcer.config.ConfigHolder; @@ -86,18 +85,10 @@ public JWTAuthenticator(final JWTConfigurationDto jwtConfigurationDto, final boo @Override public boolean canAuthenticate(RequestContext requestContext) { - JWTAuthenticationConfig jwtAuthenticationConfig = null; - // only getting first operation is enough as all matched resource configs have the same security header - for (ResourceConfig resourceConfig : requestContext.getMatchedResourcePaths()) { - if (resourceConfig.getAuthenticationConfig() != null && - resourceConfig.getAuthenticationConfig().getJwtAuthenticationConfig() != null) { - jwtAuthenticationConfig = resourceConfig.getAuthenticationConfig().getJwtAuthenticationConfig(); - break; - } - } + String authHeader = getTokenHeader(requestContext.getMatchedResourcePaths()); - if (jwtAuthenticationConfig != null) { - String authHeaderValue = retrieveAuthHeaderValue(requestContext, jwtAuthenticationConfig); + if (!StringUtils.equals(authHeader, "")) { + String authHeaderValue = retrieveAuthHeaderValue(requestContext, authHeader); // Check keyword bearer in header to prevent conflicts with custom authentication // (that maybe added with custom filters / interceptors / opa) @@ -128,8 +119,8 @@ public AuthenticationContext authenticate(RequestContext requestContext) throws Utils.setTag(jwtAuthenticatorInfoSpan, APIConstants.LOG_TRACE_ID, ThreadContext.get(APIConstants.LOG_TRACE_ID)); } - String jwtToken = retrieveAuthHeaderValue(requestContext, - requestContext.getMatchedResourcePaths().get(0).getAuthenticationConfig().getJwtAuthenticationConfig()); + String authHeader = getTokenHeader(requestContext.getMatchedResourcePaths()); + String jwtToken = retrieveAuthHeaderValue(requestContext, authHeader); String[] splitToken = jwtToken.split("\\s"); // Extract the token when it is sent as bearer token. i.e Authorization: Bearer if (splitToken.length > 1) { @@ -273,6 +264,16 @@ public AuthenticationContext authenticate(RequestContext requestContext) throws } + private String getTokenHeader(ArrayList matchedResourceConfigs) { + for (ResourceConfig resourceConfig : matchedResourceConfigs) { + if (resourceConfig.getAuthenticationConfig() != null && + resourceConfig.getAuthenticationConfig().getJwtAuthenticationConfig() != null) { + return resourceConfig.getAuthenticationConfig().getJwtAuthenticationConfig().getHeader(); + } + } + return ""; + } + @Override public String getChallengeString() { @@ -291,11 +292,9 @@ public int getPriority() { return 10; } - private String retrieveAuthHeaderValue(RequestContext requestContext, - JWTAuthenticationConfig jwtAuthenticationConfig) { - + private String retrieveAuthHeaderValue(RequestContext requestContext, String header) { Map headers = requestContext.getHeaders(); - return headers.get(jwtAuthenticationConfig.getHeader()); + return headers.get(header); } /**