From 12590ac39d517d06ce366caa491b54bcec4a9a68 Mon Sep 17 00:00:00 2001 From: sgayangi Date: Thu, 10 Oct 2024 10:03:23 +0530 Subject: [PATCH] Update implementation for GRPC API policies --- .../oasparser/model/adapter_internal_api.go | 88 ++++++++++++------- 1 file changed, 58 insertions(+), 30 deletions(-) diff --git a/adapter/internal/oasparser/model/adapter_internal_api.go b/adapter/internal/oasparser/model/adapter_internal_api.go index 3dab4a249..3cdfe66c9 100644 --- a/adapter/internal/oasparser/model/adapter_internal_api.go +++ b/adapter/internal/oasparser/model/adapter_internal_api.go @@ -26,6 +26,7 @@ import ( "time" "github.com/google/uuid" + "github.com/sirupsen/logrus" "github.com/wso2/apk/adapter/config" "github.com/wso2/apk/adapter/internal/interceptor" "github.com/wso2/apk/adapter/internal/loggers" @@ -1274,45 +1275,72 @@ func (adapterInternalAPI *AdapterInternalAPI) SetInfoGRPCRouteCR(grpcRoute *gwap var policies = OperationPolicies{} var endPoints []Endpoint resourceAuthScheme := authScheme + resourceAPIPolicy := apiPolicy resourceRatelimitPolicy := ratelimitPolicy var scopes []string for _, filter := range rule.Filters { - if filter.ExtensionRef != nil && filter.ExtensionRef.Kind == constants.KindAuthentication { - if ref, found := resourceParams.ResourceAuthSchemes[types.NamespacedName{ - Name: string(filter.ExtensionRef.Name), - Namespace: grpcRoute.Namespace, - }.String()]; found { - resourceAuthScheme = concatAuthSchemes(authScheme, &ref) - } else { - return fmt.Errorf(`auth scheme: %s has not been resolved, spec.targetRef.kind should be - 'Resource' in resource level Authentications`, filter.ExtensionRef.Name) + switch filter.Type { + case gwapiv1a2.GRPCRouteFilterExtensionRef: + if filter.ExtensionRef.Kind == constants.KindAuthentication { + if ref, found := resourceParams.ResourceAuthSchemes[types.NamespacedName{ + Name: string(filter.ExtensionRef.Name), + Namespace: grpcRoute.Namespace, + }.String()]; found { + resourceAuthScheme = concatAuthSchemes(authScheme, &ref) + } else { + return fmt.Errorf(`auth scheme: %s has not been resolved, spec.targetRef.kind should be + 'Resource' in resource level Authentications`, filter.ExtensionRef.Name) + } } - } - if filter.ExtensionRef != nil && filter.ExtensionRef.Kind == constants.KindScope { - if ref, found := resourceParams.ResourceScopes[types.NamespacedName{ - Name: string(filter.ExtensionRef.Name), - Namespace: grpcRoute.Namespace, - }.String()]; found { - scopes = ref.Spec.Names - disableScopes = false - } else { - return fmt.Errorf("scope: %s has not been resolved in namespace %s", filter.ExtensionRef.Name, grpcRoute.Namespace) + if filter.ExtensionRef.Kind == constants.KindAPIPolicy { + if ref, found := resourceParams.ResourceAPIPolicies[types.NamespacedName{ + Name: string(filter.ExtensionRef.Name), + Namespace: grpcRoute.Namespace, + }.String()]; found { + logrus.Info("filter.ExtensionRef.Kind == constants.KindAPIPolicy") + logrus.Info(apiPolicy.Name) + logrus.Info(apiPolicy.Name) + if apiPolicy.Spec.Default != nil { + logrus.Info(apiPolicy.Spec.Default.RequestInterceptors) + } + if apiPolicy.Spec.Default != nil { + logrus.Info(apiPolicy.Spec.Default.ResponseInterceptors) + } + resourceAPIPolicy = concatAPIPolicies(apiPolicy, &ref) + } else { + return fmt.Errorf(`apipolicy: %s has not been resolved, spec.targetRef.kind should be + 'Resource' in resource level APIPolicies`, filter.ExtensionRef.Name) + } } - } - if filter.ExtensionRef != nil && filter.ExtensionRef.Kind == constants.KindRateLimitPolicy { - if ref, found := resourceParams.ResourceRateLimitPolicies[types.NamespacedName{ - Name: string(filter.ExtensionRef.Name), - Namespace: grpcRoute.Namespace, - }.String()]; found { - resourceRatelimitPolicy = concatRateLimitPolicies(ratelimitPolicy, &ref) - } else { - return fmt.Errorf(`ratelimitpolicy: %s has not been resolved, spec.targetRef.kind should be - 'Resource' in resource level RateLimitPolicies`, filter.ExtensionRef.Name) + if filter.ExtensionRef.Kind == constants.KindScope { + if ref, found := resourceParams.ResourceScopes[types.NamespacedName{ + Name: string(filter.ExtensionRef.Name), + Namespace: grpcRoute.Namespace, + }.String()]; found { + scopes = ref.Spec.Names + disableScopes = false + } else { + return fmt.Errorf("scope: %s has not been resolved in namespace %s", filter.ExtensionRef.Name, grpcRoute.Namespace) + } + } + if filter.ExtensionRef.Kind == constants.KindRateLimitPolicy { + if ref, found := resourceParams.ResourceRateLimitPolicies[types.NamespacedName{ + Name: string(filter.ExtensionRef.Name), + Namespace: grpcRoute.Namespace, + }.String()]; found { + resourceRatelimitPolicy = concatRateLimitPolicies(ratelimitPolicy, &ref) + } else { + return fmt.Errorf(`ratelimitpolicy: %s has not been resolved, spec.targetRef.kind should be + 'Resource' in resource level RateLimitPolicies`, filter.ExtensionRef.Name) + } } } } + + resourceAPIPolicy = concatAPIPolicies(resourceAPIPolicy, nil) resourceAuthScheme = concatAuthSchemes(resourceAuthScheme, nil) resourceRatelimitPolicy = concatRateLimitPolicies(resourceRatelimitPolicy, nil) + addOperationLevelInterceptors(&policies, resourceAPIPolicy, resourceParams.InterceptorServiceMapping, resourceParams.BackendMapping, grpcRoute.Namespace) loggers.LoggerOasparser.Debugf("Calculating auths for API ..., API_UUID = %v", adapterInternalAPI.UUID) apiAuth := getSecurity(resourceAuthScheme) @@ -1321,7 +1349,7 @@ func (adapterInternalAPI *AdapterInternalAPI) SetInfoGRPCRouteCR(grpcRoute *gwap resourcePath := adapterInternalAPI.GetXWso2Basepath() + "." + *match.Method.Service + "/" + *match.Method.Method endPoints = append(endPoints, GetEndpoints(backendName, resourceParams.BackendMapping)...) resource := &Resource{path: resourcePath, pathMatchType: "Exact", - methods: []*Operation{{iD: uuid.New().String(), method: "GRPC", policies: policies, + methods: []*Operation{{iD: uuid.New().String(), method: "POST", policies: policies, auth: apiAuth, rateLimitPolicy: parseRateLimitPolicyToInternal(resourceRatelimitPolicy), scopes: scopes}}, iD: uuid.New().String(), }