diff --git a/common-go-libs/apis/dp/v1alpha2/authentication_webhook.go b/common-go-libs/apis/dp/v1alpha2/authentication_webhook.go index 8d97c7588..c51e44f8f 100644 --- a/common-go-libs/apis/dp/v1alpha2/authentication_webhook.go +++ b/common-go-libs/apis/dp/v1alpha2/authentication_webhook.go @@ -69,60 +69,38 @@ func (r *Authentication) ValidateAuthentication() error { if r.Spec.TargetRef.Name == "" { allErrs = append(allErrs, field.Required(field.NewPath("spec").Child("targetRef").Child("name"), "Name is required")) } + if !(r.Spec.TargetRef.Kind == constants.KindAPI || r.Spec.TargetRef.Kind == constants.KindResource) { allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("targetRef").Child("kind"), r.Spec.TargetRef.Kind, "Invalid Kind is provided")) } - var mutualSSL *MutualSSLConfig - var authTypes *APIAuth - - isOAuthEnabled := true - isOAuthMandatory := true - - isMTLSEnabled := false - isMTLSMandatory := false - - isAPIKeyEnabled := false - isAPIKeyMandatory := false - if r.Spec.Default != nil && r.Spec.Default.AuthTypes != nil { - authTypes = r.Spec.Default.AuthTypes - - isOAuthEnabled = !authTypes.OAuth2.Disabled - isOAuthMandatory = authTypes.OAuth2.Required == "mandatory" - if authTypes.MutualSSL != nil { - mutualSSL = authTypes.MutualSSL - isMTLSEnabled = !authTypes.MutualSSL.Disabled - isMTLSMandatory = authTypes.MutualSSL.Required == "mandatory" + if r.Spec.Default != nil && r.Spec.Default.AuthTypes != nil && r.Spec.Default.AuthTypes.MutualSSL != nil { + if r.Spec.TargetRef.Kind != constants.KindAPI { + allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("default").Child("authTypes").Child("mtls"), r.Spec.Default.AuthTypes.MutualSSL, + "invalid authentication - mTLS can only be added for APIs")) } + mutualSSL := r.Spec.Default.AuthTypes.MutualSSL - if authTypes.APIKey != nil { - isAPIKeyEnabled = true - isAPIKeyMandatory = authTypes.APIKey.Required == "mandatory" + if mutualSSL != nil && len(mutualSSL.CertificatesInline) == 0 && len(mutualSSL.ConfigMapRefs) == 0 && len(mutualSSL.SecretRefs) == 0 { + allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("default").Child("authTypes").Child("mtls"), r.Spec.Default.AuthTypes.MutualSSL, + "invalid mTLS configuration - certificates not provided")) } + } - if mutualSSL != nil && r.Spec.TargetRef.Kind != constants.KindAPI { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("default").Child("authTypes").Child("oauth2"), r.Spec.Default.AuthTypes.MutualSSL, - "invalid authentication - mTLS can currently only be added for APIs")) + if r.Spec.Override != nil && r.Spec.Override.AuthTypes != nil { + if r.Spec.Override.AuthTypes.MutualSSL != nil { + if r.Spec.TargetRef.Kind != constants.KindAPI { + allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("override").Child("authTypes").Child("mtls"), r.Spec.Override.AuthTypes.MutualSSL, + "invalid authentication - mTLS can currently only be added for APIs")) + } } - isMTLSMandatory = isMTLSEnabled && isMTLSMandatory - isOAuthMandatory = isOAuthEnabled && isOAuthMandatory - isAPIKeyMandatory = isAPIKeyEnabled && isAPIKeyMandatory - - isMTLSOptional := isMTLSEnabled && !isMTLSMandatory - isOAuthOptional := isOAuthEnabled && !isOAuthMandatory - isAPIKeyOptional := isAPIKeyEnabled && !isAPIKeyMandatory - - // valid security combinations - // at least one must be enabled and mandatory - // OR mTLS is enabled and one of OAuth2 or APIKey is optional + mutualSSL := r.Spec.Override.AuthTypes.MutualSSL - if !((isMTLSMandatory || isOAuthMandatory || isAPIKeyMandatory) || (isMTLSOptional && (isOAuthOptional || isAPIKeyOptional))) { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("default").Child("authTypes"), authTypes, - "invalid authtypes provided: one of mTLS, APIKey, OAuth2 has to be enabled and mandatory "+ - "OR mTLS and one of OAuth2 or APIKey need to be optional "+ - "OR all three can be optional")) + if mutualSSL != nil && len(mutualSSL.CertificatesInline) == 0 && len(mutualSSL.ConfigMapRefs) == 0 && len(mutualSSL.SecretRefs) == 0 { + allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("default").Child("authTypes").Child("mtls"), r.Spec.Default.AuthTypes.MutualSSL, + "invalid mTLS configuration - certificates not provided")) } } diff --git a/runtime/config-deployer-service/ballerina/APIClient.bal b/runtime/config-deployer-service/ballerina/APIClient.bal index 6f52e3e57..78619c1ce 100644 --- a/runtime/config-deployer-service/ballerina/APIClient.bal +++ b/runtime/config-deployer-service/ballerina/APIClient.bal @@ -348,17 +348,9 @@ public class APIClient { map createdEndpointMap, commons:Organization organization) returns error? { map authenticationMap = {}; model:AuthenticationExtensionType authTypes = {}; - boolean isOAuthEnabled = true; - boolean isOAuthMandatory = true; - boolean isMTLSEnabled = false; - boolean isMTLSMandatory = false; - boolean isAPIKeyEnabled = false; - boolean isAPIKeyMandatory = false; foreach AuthenticationRequest authentication in authentications { if authentication.authType == "OAuth2" { OAuth2Authentication oauth2Authentication = check authentication.cloneWithType(OAuth2Authentication); - isOAuthEnabled = oauth2Authentication.enabled; - isOAuthMandatory = oauth2Authentication.required == "mandatory"; authTypes.oauth2 = {header: oauth2Authentication.headerName, sendTokenToUpstream: oauth2Authentication.sendTokenToUpstream, disabled: !oauth2Authentication.enabled, required: oauth2Authentication.required}; } else if authentication.authType == "JWT" { JWTAuthentication jwtAuthentication = check authentication.cloneWithType(JWTAuthentication); @@ -376,10 +368,8 @@ public class APIClient { } else { apiKeyAuthentication = check authentication.cloneWithType(APIKeyAuthentication); } - isAPIKeyEnabled = apiKeyAuthentication.enabled; - isAPIKeyMandatory = apiKeyAuthentication.required == "mandatory"; model:APIKey[] apiKeys = []; - if isAPIKeyEnabled { + if apiKeyAuthentication.enabled { if apiKeyAuthentication.headerEnable { apiKeys.push({'in: "Header", name: apiKeyAuthentication.headerName, sendTokenToUpstream: apiKeyAuthentication.sendTokenToUpstream}); } @@ -393,31 +383,10 @@ public class APIClient { } } else if authentication.authType == "mTLS" { MTLSAuthentication mtlsAuthentication = check authentication.cloneWithType(MTLSAuthentication); - isMTLSMandatory = mtlsAuthentication.required == "mandatory"; - isMTLSEnabled = mtlsAuthentication.enabled; authTypes.mtls = {disabled: !mtlsAuthentication.enabled, configMapRefs: mtlsAuthentication.certificates, required: mtlsAuthentication.required}; } } - isOAuthMandatory = isOAuthEnabled && isOAuthMandatory; - boolean isOAuthOptional = isOAuthEnabled && !isOAuthMandatory; - - isMTLSMandatory = isMTLSEnabled && isMTLSMandatory; - boolean isMTLSOptional = isMTLSEnabled && !isMTLSMandatory; - - isAPIKeyMandatory = isAPIKeyEnabled && isAPIKeyMandatory; - boolean isAPIKeyOptional = isAPIKeyEnabled && !isAPIKeyMandatory; - - if !( - // at least one must be enabled and mandatory - (isMTLSMandatory || isOAuthMandatory || isAPIKeyMandatory) || - // mTLS is enabled and one of OAuth2 or APIKey is optional - (isMTLSOptional && (isOAuthOptional || isAPIKeyOptional))) { - log:printError("Invalid authtypes provided: one of mTLS, APIKey, OAuth2 has to be enabled and mandatory " + - "OR mTLS and one of OAuth2 or APIKey need to be optional "); - return e909019(); - } - log:printDebug("Auth Types:" + authTypes.toString()); string[] keys = createdEndpointMap.keys(); log:printDebug("createdEndpointMap.keys:" + createdEndpointMap.keys().toString()); diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_disabled.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_disabled.apk-conf deleted file mode 100644 index 4ef9a701d..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_disabled.apk-conf +++ /dev/null @@ -1,38 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-disabled-oauth2-disabled-apikey-disabled" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: false - - authType: mTLS - enabled: false - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: false - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_mandatory.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_mandatory.apk-conf deleted file mode 100644 index 04f6e73d9..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_mandatory.apk-conf +++ /dev/null @@ -1,39 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-disabled-oauth2-disabled-apikey-mandatory" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: false - - authType: mTLS - enabled: false - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: mandatory - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_optional.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_optional.apk-conf deleted file mode 100644 index 045fb6b4a..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_optional.apk-conf +++ /dev/null @@ -1,39 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-disabled-oauth2-disabled-apikey-optional" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: false - - authType: mTLS - enabled: false - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: optional - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_disabled.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_disabled.apk-conf deleted file mode 100644 index bd9e8f952..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_disabled.apk-conf +++ /dev/null @@ -1,36 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-disabled-oauth2-mandatory-apikey-disabled" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: mTLS - enabled: false - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: false - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_mandatory.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_mandatory.apk-conf deleted file mode 100644 index badffbc8a..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_mandatory.apk-conf +++ /dev/null @@ -1,37 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-disabled-oauth2-mandatory-apikey-mandatory" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: mTLS - enabled: false - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: mandatory - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_optional.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_optional.apk-conf deleted file mode 100644 index d2a536599..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_optional.apk-conf +++ /dev/null @@ -1,37 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-disabled-oauth2-mandatory-apikey-optional" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: mTLS - enabled: false - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: optional - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_disabled.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_disabled.apk-conf deleted file mode 100644 index c8481eba9..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_disabled.apk-conf +++ /dev/null @@ -1,39 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-disabled-oauth2-optional-apikey-disabled" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - required: optional - enabled: true - - authType: mTLS - enabled: false - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: false - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_mandatory.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_mandatory.apk-conf deleted file mode 100644 index b8ef646c8..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_mandatory.apk-conf +++ /dev/null @@ -1,40 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-disabled-oauth2-optional-apikey-mandatory" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: true - required: optional - - authType: mTLS - enabled: false - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: mandatory - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_optional.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_optional.apk-conf deleted file mode 100644 index eb3ac4109..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_optional.apk-conf +++ /dev/null @@ -1,40 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-disabled-oauth2-optional-apikey-optional" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: true - required: optional - - authType: mTLS - enabled: false - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: optional - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_disabled.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_disabled.apk-conf deleted file mode 100644 index 6e05e29cf..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_disabled.apk-conf +++ /dev/null @@ -1,39 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-mandatory-oauth2-disabled-apikey-disabled" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: false - - authType: mTLS - enabled: true - required: mandatory - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: false - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_mandatory.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_mandatory.apk-conf deleted file mode 100644 index e8cd43bf3..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_mandatory.apk-conf +++ /dev/null @@ -1,40 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-mandatory-oauth2-disabled-apikey-mandatory" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: false - - authType: mTLS - enabled: true - required: mandatory - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: mandatory - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_optional.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_optional.apk-conf deleted file mode 100644 index 035d1c11f..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_optional.apk-conf +++ /dev/null @@ -1,40 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-mandatory-oauth2-disabled-apikey-optional" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: false - - authType: mTLS - enabled: true - required: mandatory - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: optional - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_disabled.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_disabled.apk-conf deleted file mode 100644 index b4eb4b4f4..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_disabled.apk-conf +++ /dev/null @@ -1,37 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-mandatory-oauth2-mandatory-apikey-disabled" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: mTLS - enabled: true - required: mandatory - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: false - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_mandatory.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_mandatory.apk-conf deleted file mode 100644 index b721bc99f..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_mandatory.apk-conf +++ /dev/null @@ -1,38 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-mandatory-oauth2-mandatory-apikey-mandatory" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: mTLS - required: mandatory - enabled: true - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: mandatory - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_optional.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_optional.apk-conf deleted file mode 100644 index 718ae6c0a..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_optional.apk-conf +++ /dev/null @@ -1,38 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-mandatory-oauth2-mandatory-apikey-optional" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: mTLS - enabled: true - required: mandatory - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: optional - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_disabled.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_disabled.apk-conf deleted file mode 100644 index 8b0a41707..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_disabled.apk-conf +++ /dev/null @@ -1,40 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-mandatory-oauth2-optional-apikey-disabled" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - required: optional - enabled: true - - authType: mTLS - enabled: true - required: mandatory - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: false - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_mandatory.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_mandatory.apk-conf deleted file mode 100644 index 1d04dda3f..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_mandatory.apk-conf +++ /dev/null @@ -1,41 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-mandatory-oauth2-optional-apikey-mandatory" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - required: optional - enabled: true - - authType: mTLS - enabled: true - required: mandatory - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: mandatory - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_optional.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_optional.apk-conf deleted file mode 100644 index 198d29e5f..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_optional.apk-conf +++ /dev/null @@ -1,41 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-mandatory-oauth2-optional-apikey-optional" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - required: optional - enabled: true - - authType: mTLS - enabled: true - required: mandatory - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: optional - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_disabled.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_disabled.apk-conf deleted file mode 100644 index c63d9c132..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_disabled.apk-conf +++ /dev/null @@ -1,39 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-optional-oauth2-disabled-apikey-disabled" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: false - - authType: mTLS - enabled: true - required: optional - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: false - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_mandatory.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_mandatory.apk-conf deleted file mode 100644 index b5e5e1ea4..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_mandatory.apk-conf +++ /dev/null @@ -1,39 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-optional-oauth2-disabled-apikey-mandatory" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: false - - authType: mTLS - enabled: true - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: mandatory - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_optional.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_optional.apk-conf deleted file mode 100644 index 216d2159d..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_optional.apk-conf +++ /dev/null @@ -1,39 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-optional-oauth2-disabled-apikey-optional" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: false - - authType: mTLS - enabled: true - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: optional - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_disabled.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_disabled.apk-conf deleted file mode 100644 index 11726b681..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_disabled.apk-conf +++ /dev/null @@ -1,36 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-optional-oauth2-mandatory-apikey-disabled" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: mTLS - enabled: true - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: false - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_mandatory.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_mandatory.apk-conf deleted file mode 100644 index e18c4b106..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_mandatory.apk-conf +++ /dev/null @@ -1,37 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-optional-oauth2-mandatory-apikey-mandatory" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: mTLS - enabled: true - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: mandatory - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_optional.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_optional.apk-conf deleted file mode 100644 index 7dfa71704..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_optional.apk-conf +++ /dev/null @@ -1,37 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-optional-oauth2-mandatory-apikey-optional" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: mTLS - enabled: true - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: optional - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_disabled.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_disabled.apk-conf deleted file mode 100644 index 91c46a131..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_disabled.apk-conf +++ /dev/null @@ -1,39 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-optional-oauth2-optional-apikey-disabled" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - required: optional - enabled: true - - authType: mTLS - enabled: true - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: false - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_mandatory.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_mandatory.apk-conf deleted file mode 100644 index a69e27654..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_mandatory.apk-conf +++ /dev/null @@ -1,40 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-optional-oauth2-optional-apikey-mandatory" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - required: optional - enabled: true - - authType: mTLS - enabled: true - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: mandatory - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_optional.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_optional.apk-conf deleted file mode 100644 index 82980e9fd..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_optional.apk-conf +++ /dev/null @@ -1,40 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-optional-oauth2-optional-apikey-optional" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - required: optional - enabled: true - - authType: mTLS - enabled: true - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: optional - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/tests/api/APIKey.feature b/test/cucumber-tests/src/test/resources/tests/api/APIKey.feature deleted file mode 100644 index a4da1aea2..000000000 --- a/test/cucumber-tests/src/test/resources/tests/api/APIKey.feature +++ /dev/null @@ -1,379 +0,0 @@ -Feature: Test all valid security combinations - Scenario: Test mandatory mtls and mandatory oauth2 and mandatory apikey with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_mandatory.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-mandatory-oauth2-mandatory-apikey-mandatory" - Then the response status code should be 202 - - Scenario: Test mandatory mtls and mandatory oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_optional.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-mandatory-oauth2-mandatory-apikey-optional" - Then the response status code should be 202 - - Scenario: Test mandatory mtls and mandatory oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_disabled.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-mandatory-oauth2-mandatory-apikey-disabled" - Then the response status code should be 202 - - Scenario: Test mandatory mtls and optional oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_mandatory.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-mandatory-oauth2-optional-apikey-mandatory" - Then the response status code should be 202 - - Scenario: Test mandatory mtls and optional oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_optional.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-mandatory-oauth2-optional-apikey-optional" - Then the response status code should be 202 - - Scenario: Test mandatory mtls and optional oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_disabled.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-mandatory-oauth2-optional-apikey-disabled" - Then the response status code should be 202 - - Scenario: Test mandatory mtls and disabled oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_mandatory.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-mandatory-oauth2-disabled-apikey-mandatory" - Then the response status code should be 202 - - Scenario: Test mandatory mtls and disabled oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_optional.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-mandatory-oauth2-disabled-apikey-optional" - Then the response status code should be 202 - - Scenario: Test mandatory mtls and disabled oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_disabled.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-mandatory-oauth2-disabled-apikey-disabled" - Then the response status code should be 202 - - Scenario: Test optional mtls and mandatory oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_mandatory.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-optional-oauth2-mandatory-apikey-mandatory" - Then the response status code should be 202 - - Scenario: Test optional mtls and mandatory oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_optional.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-optional-oauth2-mandatory-apikey-optional" - Then the response status code should be 202 - - Scenario: Test optional mtls and mandatory oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_disabled.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-optional-oauth2-mandatory-apikey-disabled" - Then the response status code should be 202 - - Scenario: Test optional mtls and optional oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_mandatory.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-optional-oauth2-optional-apikey-mandatory" - Then the response status code should be 202 - - Scenario: Test optional mtls and optional oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_optional.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-optional-oauth2-optional-apikey-optional" - Then the response status code should be 202 - - Scenario: Test optional mtls and optional oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_disabled.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-optional-oauth2-optional-apikey-disabled" - Then the response status code should be 202 - - Scenario: Test optional mtls and disabled oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_mandatory.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-optional-oauth2-disabled-apikey-mandatory" - Then the response status code should be 202 - - Scenario: Test optional mtls and disabled oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_optional.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-optional-oauth2-disabled-apikey-optional" - Then the response status code should be 202 - - Scenario: Test optional mtls and disabled oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_disabled.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 406 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-optional-oauth2-disabled-apikey-disabled" - Then the response status code should be 404 - - Scenario: Test disabled mtls and mandatory oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_mandatory.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-disabled-oauth2-mandatory-apikey-mandatory" - Then the response status code should be 202 - - Scenario: Test disabled mtls and mandatory oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_optional.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-disabled-oauth2-mandatory-apikey-optional" - Then the response status code should be 202 - - Scenario: Test disabled mtls and mandatory oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_disabled.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-disabled-oauth2-mandatory-apikey-disabled" - Then the response status code should be 202 - - Scenario: Test disabled mtls and optional oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_mandatory.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-disabled-oauth2-optional-apikey-mandatory" - Then the response status code should be 202 - - Scenario: Test disabled mtls and optional oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_optional.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 406 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-disabled-oauth2-optional-apikey-optional" - Then the response status code should be 404 - - Scenario: Test disabled mtls and optional oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_disabled.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 406 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-disabled-oauth2-optional-apikey-disabled" - Then the response status code should be 404 - - Scenario: Test disabled mtls and disabled oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_mandatory.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-disabled-oauth2-disabled-apikey-mandatory" - Then the response status code should be 202 - - Scenario: Test disabled mtls and disabled oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_optional.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 406 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-disabled-oauth2-disabled-apikey-optional" - Then the response status code should be 404 - - Scenario: Test disabled mtls and disabled oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_disabled.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 406 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-disabled-oauth2-disabled-apikey-disabled" - Then the response status code should be 404 - diff --git a/test/cucumber-tests/src/test/resources/tests/api/MTLSwithOAuth2Mandatory.feature b/test/cucumber-tests/src/test/resources/tests/api/MTLSwithOAuth2Mandatory.feature index 1f6cc149a..3c27be390 100644 --- a/test/cucumber-tests/src/test/resources/tests/api/MTLSwithOAuth2Mandatory.feature +++ b/test/cucumber-tests/src/test/resources/tests/api/MTLSwithOAuth2Mandatory.feature @@ -118,7 +118,6 @@ Feature: Test mTLS between client and gateway with client certificate sent in he When I undeploy the API whose ID is "mtls-optional-oauth2-enabled" Then the response status code should be 202 - # Disabled scenarios # mTLS optional OAuth2 disabled Scenario: Test optional mTLS and disabled OAuth2 with a valid client certificate in header Given The system is ready @@ -126,16 +125,64 @@ Feature: Test mTLS between client and gateway with client certificate sent in he When I use the APK Conf file "artifacts/apk-confs/mtls/mtls_optional_oauth2_disabled.apk-conf" And the definition file "artifacts/definitions/employees_api.json" And make the API deployment request - Then the response status code should be 406 + Then the response status code should be 200 + Then I set headers + | Authorization | bearer invalidToken | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + Then I set headers + | Authorization | bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + Then I set headers + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 200 response code, not accepting + | 401 | + + Scenario: Undeploy API + Given The system is ready + And I have a valid subscription + When I undeploy the API whose ID is "mtls-optional-oauth2-disabled" + Then the response status code should be 202 # mTLS disabled OAuth2 optional Scenario: Test an API with mTLS disabled and OAuth2 optional Given The system is ready - And I have a valid subscription + And I have a valid token with a client certificate "config-map-1.txt" When I use the APK Conf file "artifacts/apk-confs/mtls/mtls_disabled_oauth2_optional.apk-conf" And the definition file "artifacts/definitions/employees_api.json" And make the API deployment request - Then the response status code should be 406 + Then the response status code should be 200 + Then I set headers + | Authorization | bearer ${accessToken} | + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 200 response code, not accepting + | 401 | + Then I set headers + | Authorization | bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 200 response code, not accepting + | 401 | + Then I set headers + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + Then I set headers + | Authorization | bearer invalidToken | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + + Scenario: Undeploy API + Given The system is ready + And I have a valid subscription + When I undeploy the API whose ID is "mtls-disabled-oauth2-optional" + Then the response status code should be 202 # mTLS disabled OAuth2 disabled Scenario: Test an API with mTLS disabled and OAuth2 disabled @@ -144,7 +191,21 @@ Feature: Test mTLS between client and gateway with client certificate sent in he When I use the APK Conf file "artifacts/apk-confs/mtls/mtls_disabled_oauth2_disabled.apk-conf" And the definition file "artifacts/definitions/employees_api.json" And make the API deployment request - Then the response status code should be 406 + Then the response status code should be 200 + Then I set headers + | Authorization | bearer invalidToken | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 200 response code, not accepting + | 401 | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 200 response code, not accepting + | 401 | + + Scenario: Undeploy API + Given The system is ready + And I have a valid subscription + When I undeploy the API whose ID is "mtls-disabled-oauth2-disabled" + Then the response status code should be 202 # mTLS mandatory OAuth2 disabled Scenario: Test mandatory mTLS and disabled OAuth2 with a valid client certificate in header