Read subscription validation enabled or disabled from APIPolicy and p…

…ass to enforcer

adapter/api/proto/wso2/discovery/api/api.proto

@@ -54,4 +54,5 @@ message Api {
 	bool systemAPI = 24;
 	BackendJWTTokenInfo backendJWTTokenInfo = 25;
 	bytes apiDefinitionFile = 26;
+	bool subscriptionValidation = 27;
 }

adapter/internal/oasparser/config_generator.go

@@ -211,8 +211,9 @@ func GetEnforcerAPI(adapterInternalAPI model.AdapterInternalAPI, vhost string) *
 		ApplicationSecurity: adapterInternalAPI.GetXWSO2ApplicationSecurity(),
 		// GraphQLSchema:         adapterInternalAPI.GraphQLSchema,
 		// GraphqlComplexityInfo: adapterInternalAPI.GraphQLComplexities.Data.List,
-		SystemAPI:         adapterInternalAPI.IsSystemAPI,
-		ApiDefinitionFile: adapterInternalAPI.GetAPIDefinitionFile(),
+		SystemAPI:              adapterInternalAPI.IsSystemAPI,
+		ApiDefinitionFile:      adapterInternalAPI.GetAPIDefinitionFile(),
+		SubscriptionValidation: adapterInternalAPI.GetSubscriptionValidation(),
 	}
 }
 

adapter/internal/oasparser/model/adapter_internal_api.go

@@ -65,6 +65,7 @@ type AdapterInternalAPI struct {
 	backendJWTTokenInfo      *BackendJWTTokenInfo
 	apiDefinitionFile        []byte
 	apiDefinitionEndpoint    string
+	subscriptionValidation   bool
 	APIProperties            []dpv1alpha1.Property
 	// GraphQLSchema              string
 	// GraphQLComplexities        GraphQLComplexityYaml
@@ -231,6 +232,11 @@ func (swagger *AdapterInternalAPI) GetAPIDefinitionEndpoint() string {
 	return swagger.apiDefinitionEndpoint
 }
 
+// GetSubscriptionValidation returns the subscription validation status.
+func (swagger *AdapterInternalAPI) GetSubscriptionValidation() bool {
+	return swagger.subscriptionValidation
+}
+
 // GetBackendJWTTokenInfo returns the BackendJWTTokenInfo Object.
 func (swagger *AdapterInternalAPI) GetBackendJWTTokenInfo() *BackendJWTTokenInfo {
 	return swagger.backendJWTTokenInfo
@@ -338,6 +344,11 @@ func (swagger *AdapterInternalAPI) SetAPIDefinitionEndpoint(endpoint string) {
 	swagger.apiDefinitionEndpoint = endpoint
 }
 
+// SetSubscriptionValidation sets the subscription validation status.
+func (swagger *AdapterInternalAPI) SetSubscriptionValidation(subscriptionValidation bool) {
+	swagger.subscriptionValidation = subscriptionValidation
+}
+
 // SetName sets the name of the API
 func (swagger *AdapterInternalAPI) SetName(name string) {
 	swagger.title = name

adapter/internal/operator/controllers/dp/api_controller.go

@@ -314,10 +314,10 @@ func (apiReconciler *APIReconciler) resolveAPIRefs(ctx context.Context, api dpv1
 		return nil, fmt.Errorf("error while getting httproute resource apipolicy %s in namespace : %s with API UUID : %v, %s",
 			apiRef.String(), namespace, string(api.ObjectMeta.UID), err.Error())
 	}
-	if apiState.InterceptorServiceMapping, apiState.BackendJWTMapping, err =
+	if apiState.InterceptorServiceMapping, apiState.BackendJWTMapping, apiState.SubscriptionValidation, err =
 		apiReconciler.getAPIPolicyChildrenRefs(ctx, apiState.APIPolicies, apiState.ResourceAPIPolicies,
 			api); err != nil {
-		return nil, fmt.Errorf("error while getting interceptor services %s in namespace : %s with API UUID : %v, %s",
+		return nil, fmt.Errorf("error while getting referenced policies in apipolicy %s in namespace : %s with API UUID : %v, %s",
 			apiRef.String(), namespace, string(api.ObjectMeta.UID), err.Error())
 	}
 	if api.Spec.DefinitionFileRef != "" {
@@ -699,12 +699,14 @@ func (apiReconciler *APIReconciler) getAPIPoliciesForResources(ctx context.Conte
 // getAPIPolicyChildrenRefs gets all the referenced policies in apipolicy for the resolving API
 // - interceptor services
 // - backend JWTs
+// - subscription validation
 func (apiReconciler *APIReconciler) getAPIPolicyChildrenRefs(ctx context.Context,
 	apiPolicies, resourceAPIPolicies map[string]dpv1alpha2.APIPolicy,
-	api dpv1alpha1.API) (map[string]dpv1alpha1.InterceptorService, map[string]dpv1alpha1.BackendJWT, error) {
+	api dpv1alpha1.API) (map[string]dpv1alpha1.InterceptorService, map[string]dpv1alpha1.BackendJWT, bool, error) {
 	allAPIPolicies := append(maps.Values(apiPolicies), maps.Values(resourceAPIPolicies)...)
 	interceptorServices := make(map[string]dpv1alpha1.InterceptorService)
 	backendJWTs := make(map[string]dpv1alpha1.BackendJWT)
+	subscriptionValidation := false
 	for _, apiPolicy := range allAPIPolicies {
 		if apiPolicy.Spec.Default != nil {
 			if len(apiPolicy.Spec.Default.RequestInterceptors) > 0 {
@@ -714,15 +716,6 @@ func (apiReconciler *APIReconciler) getAPIPolicyChildrenRefs(ctx context.Context
 					interceptorServices[utils.NamespacedName(interceptorPtr).String()] = *interceptorPtr
 				}
 			}
-			if apiPolicy.Spec.Default.BackendJWTPolicy != nil {
-				backendJWTPtr := utils.GetBackendJWT(ctx, apiReconciler.client, apiPolicy.Namespace,
-					apiPolicy.Spec.Default.BackendJWTPolicy.Name, &api)
-				if backendJWTPtr != nil {
-					backendJWTs[utils.NamespacedName(backendJWTPtr).String()] = *backendJWTPtr
-				}
-			}
-		}
-		if apiPolicy.Spec.Default != nil {
 			if len(apiPolicy.Spec.Default.ResponseInterceptors) > 0 {
 				interceptorPtr := utils.GetInterceptorService(ctx, apiReconciler.client, apiPolicy.Namespace,
 					&apiPolicy.Spec.Default.ResponseInterceptors[0], &api)
@@ -737,6 +730,7 @@ func (apiReconciler *APIReconciler) getAPIPolicyChildrenRefs(ctx context.Context
 					backendJWTs[utils.NamespacedName(backendJWTPtr).String()] = *backendJWTPtr
 				}
 			}
+			subscriptionValidation = apiPolicy.Spec.Default.SubscriptionValidation
 		}
 		if apiPolicy.Spec.Override != nil {
 			if len(apiPolicy.Spec.Override.RequestInterceptors) > 0 {
@@ -746,15 +740,6 @@ func (apiReconciler *APIReconciler) getAPIPolicyChildrenRefs(ctx context.Context
 					interceptorServices[utils.NamespacedName(interceptorPtr).String()] = *interceptorPtr
 				}
 			}
-			if apiPolicy.Spec.Override.BackendJWTPolicy != nil {
-				backendJWTPtr := utils.GetBackendJWT(ctx, apiReconciler.client, apiPolicy.Namespace,
-					apiPolicy.Spec.Override.BackendJWTPolicy.Name, &api)
-				if backendJWTPtr != nil {
-					backendJWTs[utils.NamespacedName(backendJWTPtr).String()] = *backendJWTPtr
-				}
-			}
-		}
-		if apiPolicy.Spec.Override != nil {
 			if len(apiPolicy.Spec.Override.ResponseInterceptors) > 0 {
 				interceptorPtr := utils.GetInterceptorService(ctx, apiReconciler.client, apiPolicy.Namespace,
 					&apiPolicy.Spec.Override.ResponseInterceptors[0], &api)
@@ -769,9 +754,10 @@ func (apiReconciler *APIReconciler) getAPIPolicyChildrenRefs(ctx context.Context
 					backendJWTs[utils.NamespacedName(backendJWTPtr).String()] = *backendJWTPtr
 				}
 			}
+			subscriptionValidation = apiPolicy.Spec.Override.SubscriptionValidation
 		}
 	}
-	return interceptorServices, backendJWTs, nil
+	return interceptorServices, backendJWTs, subscriptionValidation, nil
 }
 
 func (apiReconciler *APIReconciler) getResolvedBackendsMapping(ctx context.Context,

adapter/internal/operator/synchronizer/api_state.go

@@ -40,6 +40,7 @@ type APIState struct {
 	BackendJWTMapping         map[string]v1alpha1.BackendJWT
 	APIDefinitionFile         []byte
 	OldOrganizationID         string
+	SubscriptionValidation	  bool
 }
 
 // HTTPRouteState holds the state of the deployed httpRoutes. This state is compared with

adapter/internal/operator/synchronizer/synchronizer.go

@@ -157,6 +157,7 @@ func GenerateAdapterInternalAPI(apiState APIState, httpRoute *HTTPRouteState, en
 	adapterInternalAPI.SetInfoAPICR(*apiState.APIDefinition)
 	adapterInternalAPI.SetAPIDefinitionFile(apiState.APIDefinitionFile)
 	adapterInternalAPI.SetAPIDefinitionEndpoint(apiState.APIDefinition.Spec.DefinitionPath)
+	adapterInternalAPI.SetSubscriptionValidation(apiState.SubscriptionValidation)
 	adapterInternalAPI.EnvType = envType
 	resourceParams := model.ResourceParams{
 		AuthSchemes:               apiState.Authentications,

gateway/enforcer/org.wso2.apk.enforcer.commons/src/main/java/org/wso2/apk/enforcer/commons/model/APIConfig.java

@@ -53,6 +53,7 @@ public class APIConfig {
     private JWTConfigurationDto jwtConfigurationDto;
     private boolean systemAPI;
     private byte[] apiDefinition;
+    private boolean subscriptionValidation;
     /**
      * getApiType returns the API type. This could be one of the following.
      * HTTP, WS, WEBHOOK
@@ -231,6 +232,14 @@ public byte[] getApiDefinition() {
         return apiDefinition;
     }
 
+    /**
+     * Returns the subscription validation status.
+     * @return true if subscription validation is enabled.
+     */
+    public boolean isSubscriptionValidation() {
+        return subscriptionValidation;
+    }
+
     public JWTConfigurationDto getJwtConfigurationDto() {
         return jwtConfigurationDto;
     }
@@ -261,6 +270,7 @@ public static class Builder {
         private GraphQLSchemaDTO graphQLSchemaDTO;
         private boolean systemAPI;
         private byte[] apiDefinition;
+        private boolean subscriptionValidation;
         private JWTConfigurationDto jwtConfigurationDto;
         public Builder(String name) {
             this.name = name;
@@ -392,6 +402,7 @@ public APIConfig build() {
             apiConfig.systemAPI  = this.systemAPI;
             apiConfig.jwtConfigurationDto = this.jwtConfigurationDto;
             apiConfig.apiDefinition = this.apiDefinition;
+            apiConfig.subscriptionValidation = this.subscriptionValidation;
             return apiConfig;
         }
     }