From 78091867516ab70cf5a9d32dc3a6f79bf2ee2abe Mon Sep 17 00:00:00 2001 From: Ashera Silva Date: Tue, 24 Oct 2023 17:26:18 +0530 Subject: [PATCH] Read subscription validation enabled or disabled from APIPolicy and pass to enforcer --- .../api/proto/wso2/discovery/api/api.proto | 1 + .../internal/oasparser/config_generator.go | 5 +- .../oasparser/model/adapter_internal_api.go | 11 ++++ .../operator/controllers/dp/api_controller.go | 30 +++------ .../operator/synchronizer/api_state.go | 1 + .../operator/synchronizer/synchronizer.go | 1 + .../api/wso2/discovery/api/api.pb.go | 36 ++++++---- .../apk/enforcer/commons/model/APIConfig.java | 11 ++++ .../wso2/apk/enforcer/discovery/api/Api.java | 65 +++++++++++++++++++ .../enforcer/discovery/api/ApiOrBuilder.java | 6 ++ .../apk/enforcer/discovery/api/ApiProto.java | 12 ++-- .../security/jwt/JWTAuthenticator.java | 9 +-- 12 files changed, 138 insertions(+), 50 deletions(-) diff --git a/adapter/api/proto/wso2/discovery/api/api.proto b/adapter/api/proto/wso2/discovery/api/api.proto index ef315612a1..337e8b7780 100644 --- a/adapter/api/proto/wso2/discovery/api/api.proto +++ b/adapter/api/proto/wso2/discovery/api/api.proto @@ -54,4 +54,5 @@ message Api { bool systemAPI = 24; BackendJWTTokenInfo backendJWTTokenInfo = 25; bytes apiDefinitionFile = 26; + bool subscriptionValidation = 27; } diff --git a/adapter/internal/oasparser/config_generator.go b/adapter/internal/oasparser/config_generator.go index 14aac9338d..ce67676492 100644 --- a/adapter/internal/oasparser/config_generator.go +++ b/adapter/internal/oasparser/config_generator.go @@ -211,8 +211,9 @@ func GetEnforcerAPI(adapterInternalAPI model.AdapterInternalAPI, vhost string) * ApplicationSecurity: adapterInternalAPI.GetXWSO2ApplicationSecurity(), // GraphQLSchema: adapterInternalAPI.GraphQLSchema, // GraphqlComplexityInfo: adapterInternalAPI.GraphQLComplexities.Data.List, - SystemAPI: adapterInternalAPI.IsSystemAPI, - ApiDefinitionFile: adapterInternalAPI.GetAPIDefinitionFile(), + SystemAPI: adapterInternalAPI.IsSystemAPI, + ApiDefinitionFile: adapterInternalAPI.GetAPIDefinitionFile(), + SubscriptionValidation: adapterInternalAPI.GetSubscriptionValidation(), } } diff --git a/adapter/internal/oasparser/model/adapter_internal_api.go b/adapter/internal/oasparser/model/adapter_internal_api.go index 30371fbcb6..0ff62b646b 100644 --- a/adapter/internal/oasparser/model/adapter_internal_api.go +++ b/adapter/internal/oasparser/model/adapter_internal_api.go @@ -65,6 +65,7 @@ type AdapterInternalAPI struct { backendJWTTokenInfo *BackendJWTTokenInfo apiDefinitionFile []byte apiDefinitionEndpoint string + subscriptionValidation bool APIProperties []dpv1alpha1.Property // GraphQLSchema string // GraphQLComplexities GraphQLComplexityYaml @@ -231,6 +232,11 @@ func (swagger *AdapterInternalAPI) GetAPIDefinitionEndpoint() string { return swagger.apiDefinitionEndpoint } +// GetSubscriptionValidation returns the subscription validation status. +func (swagger *AdapterInternalAPI) GetSubscriptionValidation() bool { + return swagger.subscriptionValidation +} + // GetBackendJWTTokenInfo returns the BackendJWTTokenInfo Object. func (swagger *AdapterInternalAPI) GetBackendJWTTokenInfo() *BackendJWTTokenInfo { return swagger.backendJWTTokenInfo @@ -338,6 +344,11 @@ func (swagger *AdapterInternalAPI) SetAPIDefinitionEndpoint(endpoint string) { swagger.apiDefinitionEndpoint = endpoint } +// SetSubscriptionValidation sets the subscription validation status. +func (swagger *AdapterInternalAPI) SetSubscriptionValidation(subscriptionValidation bool) { + swagger.subscriptionValidation = subscriptionValidation +} + // SetName sets the name of the API func (swagger *AdapterInternalAPI) SetName(name string) { swagger.title = name diff --git a/adapter/internal/operator/controllers/dp/api_controller.go b/adapter/internal/operator/controllers/dp/api_controller.go index ef7a204ad0..85562c2908 100644 --- a/adapter/internal/operator/controllers/dp/api_controller.go +++ b/adapter/internal/operator/controllers/dp/api_controller.go @@ -314,10 +314,10 @@ func (apiReconciler *APIReconciler) resolveAPIRefs(ctx context.Context, api dpv1 return nil, fmt.Errorf("error while getting httproute resource apipolicy %s in namespace : %s with API UUID : %v, %s", apiRef.String(), namespace, string(api.ObjectMeta.UID), err.Error()) } - if apiState.InterceptorServiceMapping, apiState.BackendJWTMapping, err = + if apiState.InterceptorServiceMapping, apiState.BackendJWTMapping, apiState.SubscriptionValidation, err = apiReconciler.getAPIPolicyChildrenRefs(ctx, apiState.APIPolicies, apiState.ResourceAPIPolicies, api); err != nil { - return nil, fmt.Errorf("error while getting interceptor services %s in namespace : %s with API UUID : %v, %s", + return nil, fmt.Errorf("error while getting referenced policies in apipolicy %s in namespace : %s with API UUID : %v, %s", apiRef.String(), namespace, string(api.ObjectMeta.UID), err.Error()) } if api.Spec.DefinitionFileRef != "" { @@ -699,12 +699,14 @@ func (apiReconciler *APIReconciler) getAPIPoliciesForResources(ctx context.Conte // getAPIPolicyChildrenRefs gets all the referenced policies in apipolicy for the resolving API // - interceptor services // - backend JWTs +// - subscription validation func (apiReconciler *APIReconciler) getAPIPolicyChildrenRefs(ctx context.Context, apiPolicies, resourceAPIPolicies map[string]dpv1alpha2.APIPolicy, - api dpv1alpha1.API) (map[string]dpv1alpha1.InterceptorService, map[string]dpv1alpha1.BackendJWT, error) { + api dpv1alpha1.API) (map[string]dpv1alpha1.InterceptorService, map[string]dpv1alpha1.BackendJWT, bool, error) { allAPIPolicies := append(maps.Values(apiPolicies), maps.Values(resourceAPIPolicies)...) interceptorServices := make(map[string]dpv1alpha1.InterceptorService) backendJWTs := make(map[string]dpv1alpha1.BackendJWT) + subscriptionValidation := false for _, apiPolicy := range allAPIPolicies { if apiPolicy.Spec.Default != nil { if len(apiPolicy.Spec.Default.RequestInterceptors) > 0 { @@ -714,15 +716,6 @@ func (apiReconciler *APIReconciler) getAPIPolicyChildrenRefs(ctx context.Context interceptorServices[utils.NamespacedName(interceptorPtr).String()] = *interceptorPtr } } - if apiPolicy.Spec.Default.BackendJWTPolicy != nil { - backendJWTPtr := utils.GetBackendJWT(ctx, apiReconciler.client, apiPolicy.Namespace, - apiPolicy.Spec.Default.BackendJWTPolicy.Name, &api) - if backendJWTPtr != nil { - backendJWTs[utils.NamespacedName(backendJWTPtr).String()] = *backendJWTPtr - } - } - } - if apiPolicy.Spec.Default != nil { if len(apiPolicy.Spec.Default.ResponseInterceptors) > 0 { interceptorPtr := utils.GetInterceptorService(ctx, apiReconciler.client, apiPolicy.Namespace, &apiPolicy.Spec.Default.ResponseInterceptors[0], &api) @@ -737,6 +730,7 @@ func (apiReconciler *APIReconciler) getAPIPolicyChildrenRefs(ctx context.Context backendJWTs[utils.NamespacedName(backendJWTPtr).String()] = *backendJWTPtr } } + subscriptionValidation = apiPolicy.Spec.Default.SubscriptionValidation } if apiPolicy.Spec.Override != nil { if len(apiPolicy.Spec.Override.RequestInterceptors) > 0 { @@ -746,15 +740,6 @@ func (apiReconciler *APIReconciler) getAPIPolicyChildrenRefs(ctx context.Context interceptorServices[utils.NamespacedName(interceptorPtr).String()] = *interceptorPtr } } - if apiPolicy.Spec.Override.BackendJWTPolicy != nil { - backendJWTPtr := utils.GetBackendJWT(ctx, apiReconciler.client, apiPolicy.Namespace, - apiPolicy.Spec.Override.BackendJWTPolicy.Name, &api) - if backendJWTPtr != nil { - backendJWTs[utils.NamespacedName(backendJWTPtr).String()] = *backendJWTPtr - } - } - } - if apiPolicy.Spec.Override != nil { if len(apiPolicy.Spec.Override.ResponseInterceptors) > 0 { interceptorPtr := utils.GetInterceptorService(ctx, apiReconciler.client, apiPolicy.Namespace, &apiPolicy.Spec.Override.ResponseInterceptors[0], &api) @@ -769,9 +754,10 @@ func (apiReconciler *APIReconciler) getAPIPolicyChildrenRefs(ctx context.Context backendJWTs[utils.NamespacedName(backendJWTPtr).String()] = *backendJWTPtr } } + subscriptionValidation = apiPolicy.Spec.Override.SubscriptionValidation } } - return interceptorServices, backendJWTs, nil + return interceptorServices, backendJWTs, subscriptionValidation, nil } func (apiReconciler *APIReconciler) getResolvedBackendsMapping(ctx context.Context, diff --git a/adapter/internal/operator/synchronizer/api_state.go b/adapter/internal/operator/synchronizer/api_state.go index b1e30b4262..b92ac77de3 100644 --- a/adapter/internal/operator/synchronizer/api_state.go +++ b/adapter/internal/operator/synchronizer/api_state.go @@ -40,6 +40,7 @@ type APIState struct { BackendJWTMapping map[string]v1alpha1.BackendJWT APIDefinitionFile []byte OldOrganizationID string + SubscriptionValidation bool } // HTTPRouteState holds the state of the deployed httpRoutes. This state is compared with diff --git a/adapter/internal/operator/synchronizer/synchronizer.go b/adapter/internal/operator/synchronizer/synchronizer.go index 3b1ea19a6b..3c9f8663ff 100644 --- a/adapter/internal/operator/synchronizer/synchronizer.go +++ b/adapter/internal/operator/synchronizer/synchronizer.go @@ -157,6 +157,7 @@ func GenerateAdapterInternalAPI(apiState APIState, httpRoute *HTTPRouteState, en adapterInternalAPI.SetInfoAPICR(*apiState.APIDefinition) adapterInternalAPI.SetAPIDefinitionFile(apiState.APIDefinitionFile) adapterInternalAPI.SetAPIDefinitionEndpoint(apiState.APIDefinition.Spec.DefinitionPath) + adapterInternalAPI.SetSubscriptionValidation(apiState.SubscriptionValidation) adapterInternalAPI.EnvType = envType resourceParams := model.ResourceParams{ AuthSchemes: apiState.Authentications, diff --git a/adapter/pkg/discovery/api/wso2/discovery/api/api.pb.go b/adapter/pkg/discovery/api/wso2/discovery/api/api.pb.go index 25f867493e..9c5a0bf872 100644 --- a/adapter/pkg/discovery/api/wso2/discovery/api/api.pb.go +++ b/adapter/pkg/discovery/api/wso2/discovery/api/api.pb.go @@ -61,9 +61,10 @@ type Api struct { ApplicationSecurity bool `protobuf:"varint,16,opt,name=applicationSecurity,proto3" json:"applicationSecurity,omitempty"` /// string graphQLSchema = 22; // repeated GraphqlComplexity graphqlComplexityInfo = 23; - SystemAPI bool `protobuf:"varint,24,opt,name=systemAPI,proto3" json:"systemAPI,omitempty"` - BackendJWTTokenInfo *BackendJWTTokenInfo `protobuf:"bytes,25,opt,name=backendJWTTokenInfo,proto3" json:"backendJWTTokenInfo,omitempty"` - ApiDefinitionFile []byte `protobuf:"bytes,26,opt,name=apiDefinitionFile,proto3" json:"apiDefinitionFile,omitempty"` + SystemAPI bool `protobuf:"varint,24,opt,name=systemAPI,proto3" json:"systemAPI,omitempty"` + BackendJWTTokenInfo *BackendJWTTokenInfo `protobuf:"bytes,25,opt,name=backendJWTTokenInfo,proto3" json:"backendJWTTokenInfo,omitempty"` + ApiDefinitionFile []byte `protobuf:"bytes,26,opt,name=apiDefinitionFile,proto3" json:"apiDefinitionFile,omitempty"` + SubscriptionValidation bool `protobuf:"varint,27,opt,name=subscriptionValidation,proto3" json:"subscriptionValidation,omitempty"` } func (x *Api) Reset() { @@ -231,6 +232,13 @@ func (x *Api) GetApiDefinitionFile() []byte { return nil } +func (x *Api) GetSubscriptionValidation() bool { + if x != nil { + return x.SubscriptionValidation + } + return false +} + var File_wso2_discovery_api_api_proto protoreflect.FileDescriptor var file_wso2_discovery_api_api_proto_rawDesc = []byte{ @@ -244,7 +252,7 @@ var file_wso2_discovery_api_api_proto_rawDesc = []byte{ 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2c, 0x77, 0x73, 0x6f, 0x32, 0x2f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x4a, 0x57, 0x54, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x49, - 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf7, 0x05, 0x0a, 0x03, 0x41, 0x70, + 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xaf, 0x06, 0x0a, 0x03, 0x41, 0x70, 0x69, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, @@ -292,14 +300,18 @@ var file_wso2_discovery_api_api_proto_rawDesc = []byte{ 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x2c, 0x0a, 0x11, 0x61, 0x70, 0x69, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x69, 0x6c, 0x65, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x61, 0x70, 0x69, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x46, - 0x69, 0x6c, 0x65, 0x42, 0x70, 0x0a, 0x23, 0x6f, 0x72, 0x67, 0x2e, 0x77, 0x73, 0x6f, 0x32, 0x2e, - 0x61, 0x70, 0x6b, 0x2e, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x72, 0x2e, 0x64, 0x69, 0x73, - 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x42, 0x08, 0x41, 0x70, 0x69, 0x50, - 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x67, 0x6f, - 0x2d, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x2d, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2f, 0x77, - 0x73, 0x6f, 0x32, 0x2f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, - 0x69, 0x3b, 0x61, 0x70, 0x69, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x69, 0x6c, 0x65, 0x12, 0x36, 0x0a, 0x16, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x1b, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x16, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x70, 0x0a, 0x23, 0x6f, + 0x72, 0x67, 0x2e, 0x77, 0x73, 0x6f, 0x32, 0x2e, 0x61, 0x70, 0x6b, 0x2e, 0x65, 0x6e, 0x66, 0x6f, + 0x72, 0x63, 0x65, 0x72, 0x2e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2e, 0x61, + 0x70, 0x69, 0x42, 0x08, 0x41, 0x70, 0x69, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3d, + 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, + 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x67, 0x6f, 0x2d, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, + 0x2d, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2f, 0x77, 0x73, 0x6f, 0x32, 0x2f, 0x64, 0x69, 0x73, 0x63, + 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x3b, 0x61, 0x70, 0x69, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/gateway/enforcer/org.wso2.apk.enforcer.commons/src/main/java/org/wso2/apk/enforcer/commons/model/APIConfig.java b/gateway/enforcer/org.wso2.apk.enforcer.commons/src/main/java/org/wso2/apk/enforcer/commons/model/APIConfig.java index 3e9b5fc15e..62788903b6 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer.commons/src/main/java/org/wso2/apk/enforcer/commons/model/APIConfig.java +++ b/gateway/enforcer/org.wso2.apk.enforcer.commons/src/main/java/org/wso2/apk/enforcer/commons/model/APIConfig.java @@ -53,6 +53,7 @@ public class APIConfig { private JWTConfigurationDto jwtConfigurationDto; private boolean systemAPI; private byte[] apiDefinition; + private boolean subscriptionValidation; /** * getApiType returns the API type. This could be one of the following. * HTTP, WS, WEBHOOK @@ -231,6 +232,14 @@ public byte[] getApiDefinition() { return apiDefinition; } + /** + * Returns the subscription validation status. + * @return true if subscription validation is enabled. + */ + public boolean isSubscriptionValidation() { + return subscriptionValidation; + } + public JWTConfigurationDto getJwtConfigurationDto() { return jwtConfigurationDto; } @@ -261,6 +270,7 @@ public static class Builder { private GraphQLSchemaDTO graphQLSchemaDTO; private boolean systemAPI; private byte[] apiDefinition; + private boolean subscriptionValidation; private JWTConfigurationDto jwtConfigurationDto; public Builder(String name) { this.name = name; @@ -392,6 +402,7 @@ public APIConfig build() { apiConfig.systemAPI = this.systemAPI; apiConfig.jwtConfigurationDto = this.jwtConfigurationDto; apiConfig.apiDefinition = this.apiDefinition; + apiConfig.subscriptionValidation = this.subscriptionValidation; return apiConfig; } } diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/api/Api.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/api/Api.java index 0a9c010ab9..24f2f6fd0a 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/api/Api.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/api/Api.java @@ -189,6 +189,11 @@ private Api( apiDefinitionFile_ = input.readBytes(); break; } + case 216: { + + subscriptionValidation_ = input.readBool(); + break; + } default: { if (!parseUnknownField( input, unknownFields, extensionRegistry, tag)) { @@ -831,6 +836,17 @@ public com.google.protobuf.ByteString getApiDefinitionFile() { return apiDefinitionFile_; } + public static final int SUBSCRIPTIONVALIDATION_FIELD_NUMBER = 27; + private boolean subscriptionValidation_; + /** + * bool subscriptionValidation = 27; + * @return The subscriptionValidation. + */ + @java.lang.Override + public boolean getSubscriptionValidation() { + return subscriptionValidation_; + } + private byte memoizedIsInitialized = -1; @java.lang.Override public final boolean isInitialized() { @@ -902,6 +918,9 @@ public void writeTo(com.google.protobuf.CodedOutputStream output) if (!apiDefinitionFile_.isEmpty()) { output.writeBytes(26, apiDefinitionFile_); } + if (subscriptionValidation_ != false) { + output.writeBool(27, subscriptionValidation_); + } unknownFields.writeTo(output); } @@ -976,6 +995,10 @@ public int getSerializedSize() { size += com.google.protobuf.CodedOutputStream .computeBytesSize(26, apiDefinitionFile_); } + if (subscriptionValidation_ != false) { + size += com.google.protobuf.CodedOutputStream + .computeBoolSize(27, subscriptionValidation_); + } size += unknownFields.getSerializedSize(); memoizedSize = size; return size; @@ -1032,6 +1055,8 @@ public boolean equals(final java.lang.Object obj) { } if (!getApiDefinitionFile() .equals(other.getApiDefinitionFile())) return false; + if (getSubscriptionValidation() + != other.getSubscriptionValidation()) return false; if (!unknownFields.equals(other.unknownFields)) return false; return true; } @@ -1091,6 +1116,9 @@ public int hashCode() { } hash = (37 * hash) + APIDEFINITIONFILE_FIELD_NUMBER; hash = (53 * hash) + getApiDefinitionFile().hashCode(); + hash = (37 * hash) + SUBSCRIPTIONVALIDATION_FIELD_NUMBER; + hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean( + getSubscriptionValidation()); hash = (29 * hash) + unknownFields.hashCode(); memoizedHashCode = hash; return hash; @@ -1280,6 +1308,8 @@ public Builder clear() { } apiDefinitionFile_ = com.google.protobuf.ByteString.EMPTY; + subscriptionValidation_ = false; + return this; } @@ -1346,6 +1376,7 @@ public org.wso2.apk.enforcer.discovery.api.Api buildPartial() { result.backendJWTTokenInfo_ = backendJWTTokenInfoBuilder_.build(); } result.apiDefinitionFile_ = apiDefinitionFile_; + result.subscriptionValidation_ = subscriptionValidation_; onBuilt(); return result; } @@ -1508,6 +1539,9 @@ public Builder mergeFrom(org.wso2.apk.enforcer.discovery.api.Api other) { if (other.getApiDefinitionFile() != com.google.protobuf.ByteString.EMPTY) { setApiDefinitionFile(other.getApiDefinitionFile()); } + if (other.getSubscriptionValidation() != false) { + setSubscriptionValidation(other.getSubscriptionValidation()); + } this.mergeUnknownFields(other.unknownFields); onChanged(); return this; @@ -3217,6 +3251,37 @@ public Builder clearApiDefinitionFile() { onChanged(); return this; } + + private boolean subscriptionValidation_ ; + /** + * bool subscriptionValidation = 27; + * @return The subscriptionValidation. + */ + @java.lang.Override + public boolean getSubscriptionValidation() { + return subscriptionValidation_; + } + /** + * bool subscriptionValidation = 27; + * @param value The subscriptionValidation to set. + * @return This builder for chaining. + */ + public Builder setSubscriptionValidation(boolean value) { + + subscriptionValidation_ = value; + onChanged(); + return this; + } + /** + * bool subscriptionValidation = 27; + * @return This builder for chaining. + */ + public Builder clearSubscriptionValidation() { + + subscriptionValidation_ = false; + onChanged(); + return this; + } @java.lang.Override public final Builder setUnknownFields( final com.google.protobuf.UnknownFieldSet unknownFields) { diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/api/ApiOrBuilder.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/api/ApiOrBuilder.java index 891a11238a..21156acc37 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/api/ApiOrBuilder.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/api/ApiOrBuilder.java @@ -256,4 +256,10 @@ org.wso2.apk.enforcer.discovery.api.CertificateOrBuilder getClientCertificatesOr * @return The apiDefinitionFile. */ com.google.protobuf.ByteString getApiDefinitionFile(); + + /** + * bool subscriptionValidation = 27; + * @return The subscriptionValidation. + */ + boolean getSubscriptionValidation(); } diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/api/ApiProto.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/api/ApiProto.java index 9ea5a84357..e3c134b784 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/api/ApiProto.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/api/ApiProto.java @@ -32,7 +32,7 @@ public static void registerAllExtensions( "covery.api\032!wso2/discovery/api/Resource." + "proto\032$wso2/discovery/api/Certificate.pr" + "oto\032,wso2/discovery/api/BackendJWTTokenI" + - "nfo.proto\"\376\003\n\003Api\022\n\n\002id\030\001 \001(\t\022\r\n\005title\030\002" + + "nfo.proto\"\236\004\n\003Api\022\n\n\002id\030\001 \001(\t\022\r\n\005title\030\002" + " \001(\t\022\017\n\007version\030\003 \001(\t\022\017\n\007apiType\030\004 \001(\t\022\036" + "\n\026disableAuthentications\030\005 \001(\010\022\025\n\rdisabl" + "eScopes\030\006 \001(\010\022\017\n\007envType\030\007 \001(\t\022/\n\tresour" + @@ -45,10 +45,10 @@ public static void registerAllExtensions( "\030\020 \001(\010\022\021\n\tsystemAPI\030\030 \001(\010\022D\n\023backendJWTT" + "okenInfo\030\031 \001(\0132\'.wso2.discovery.api.Back" + "endJWTTokenInfo\022\031\n\021apiDefinitionFile\030\032 \001" + - "(\014Bp\n#org.wso2.apk.enforcer.discovery.ap" + - "iB\010ApiProtoP\001Z=github.com/envoyproxy/go-" + - "control-plane/wso2/discovery/api;apib\006pr" + - "oto3" + "(\014\022\036\n\026subscriptionValidation\030\033 \001(\010Bp\n#or" + + "g.wso2.apk.enforcer.discovery.apiB\010ApiPr" + + "otoP\001Z=github.com/envoyproxy/go-control-" + + "plane/wso2/discovery/api;apib\006proto3" }; descriptor = com.google.protobuf.Descriptors.FileDescriptor .internalBuildGeneratedFileFrom(descriptorData, @@ -62,7 +62,7 @@ public static void registerAllExtensions( internal_static_wso2_discovery_api_Api_fieldAccessorTable = new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( internal_static_wso2_discovery_api_Api_descriptor, - new java.lang.String[] { "Id", "Title", "Version", "ApiType", "DisableAuthentications", "DisableScopes", "EnvType", "Resources", "BasePath", "Tier", "ApiLifeCycleState", "Vhost", "OrganizationId", "ClientCertificates", "MutualSSL", "ApplicationSecurity", "SystemAPI", "BackendJWTTokenInfo", "ApiDefinitionFile", }); + new java.lang.String[] { "Id", "Title", "Version", "ApiType", "DisableAuthentications", "DisableScopes", "EnvType", "Resources", "BasePath", "Tier", "ApiLifeCycleState", "Vhost", "OrganizationId", "ClientCertificates", "MutualSSL", "ApplicationSecurity", "SystemAPI", "BackendJWTTokenInfo", "ApiDefinitionFile", "SubscriptionValidation", }); org.wso2.apk.enforcer.discovery.api.ResourceProto.getDescriptor(); org.wso2.apk.enforcer.discovery.api.CertificateProto.getDescriptor(); org.wso2.apk.enforcer.discovery.api.BackendJWTTokenInfoProto.getDescriptor(); diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java index a22ae53999..d4b84ee871 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java @@ -20,14 +20,11 @@ import com.nimbusds.jwt.JWTClaimsSet; import com.nimbusds.jwt.util.DateUtils; import io.opentelemetry.context.Scope; -import net.minidev.json.JSONArray; -import net.minidev.json.JSONObject; import org.apache.commons.lang3.StringUtils; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.ThreadContext; import org.wso2.apk.enforcer.common.CacheProviderUtil; -import org.wso2.apk.enforcer.commons.constants.GraphQLConstants; import org.wso2.apk.enforcer.commons.dto.ClaimValueDTO; import org.wso2.apk.enforcer.commons.dto.JWTConfigurationDto; import org.wso2.apk.enforcer.commons.dto.JWTInfoDto; @@ -42,14 +39,12 @@ import org.wso2.apk.enforcer.config.ConfigHolder; import org.wso2.apk.enforcer.constants.APIConstants; import org.wso2.apk.enforcer.constants.APISecurityConstants; -import org.wso2.apk.enforcer.constants.GeneralErrorCodeConstants; import org.wso2.apk.enforcer.dto.APIKeyValidationInfoDTO; import org.wso2.apk.enforcer.security.Authenticator; import org.wso2.apk.enforcer.security.KeyValidator; import org.wso2.apk.enforcer.security.TokenValidationContext; import org.wso2.apk.enforcer.security.jwt.validator.JWTConstants; import org.wso2.apk.enforcer.security.jwt.validator.RevokedJWTDataHolder; -import org.wso2.apk.enforcer.subscription.SubscriptionDataStoreImpl; import org.wso2.apk.enforcer.tracing.TracingConstants; import org.wso2.apk.enforcer.tracing.TracingSpan; import org.wso2.apk.enforcer.tracing.TracingTracer; @@ -74,7 +69,6 @@ public class JWTAuthenticator implements Authenticator { private static final Logger log = LogManager.getLogger(JWTAuthenticator.class); private final boolean isGatewayTokenCacheEnabled; private AbstractAPIMgtGatewayJWTGenerator jwtGenerator; - private SubscriptionDataStoreImpl subscriptionDataStore; public JWTAuthenticator(final JWTConfigurationDto jwtConfigurationDto, final boolean isGatewayTokenCacheEnabled) { @@ -83,7 +77,6 @@ public JWTAuthenticator(final JWTConfigurationDto jwtConfigurationDto, final boo this.jwtGenerator = BackendJwtUtils.getApiMgtGatewayJWTGenerator(jwtConfigurationDto); this.jwtGenerator.setJWTConfigurationDto(jwtConfigurationDto); } - this.subscriptionDataStore = SubscriptionDataStoreImpl.getInstance(); } @Override @@ -187,7 +180,7 @@ public AuthenticationContext authenticate(RequestContext requestContext) throws APIKeyValidationInfoDTO apiKeyValidationInfoDTO = new APIKeyValidationInfoDTO(); Scope validateSubscriptionSpanScope = null; try { - if (true) { // TODO(Ashera): Check if subscriptionValidation enabled + if (requestContext.getMatchedAPI().isSubscriptionValidation()) { if (Utils.tracingEnabled()) { validateSubscriptionSpan = Utils.startSpan(TracingConstants.SUBSCRIPTION_VALIDATION_SPAN, tracer);