Merge pull request #2299 from CrowleyRajapakse/new-main7

Adding System API for Token Revocation
wso2 · Apr 8, 2024 · 9978ee0 · 9978ee0
2 parents 5553a2b + 9c5be6d
commit 9978ee0
Show file tree

Hide file tree

Showing 5 changed files with 129 additions and 36 deletions.
diff --git a/README.md b/README.md
@@ -17,7 +17,6 @@ Some characteristics of APK
 - APK aims to provide API marketplace capabilities, enabling sharing, discovery, and reusability of APIs while focusing on efficient governance and administration.
 - With its Kubernetes-native approach, exceptional characteristics, microservices architecture, and commitment to collaboration and innovation, APK sets a new standard for API management.
 
-
 For more information about APK release planning and project management information, visit [APK Project Dashboard](https://github.com/orgs/wso2/projects/80/)
 
 For in-depth information about WSO2 API Management Platform, visit [WSO2 API Management](https://wso2.com/api-manager/)

diff --git a/...harts/templates/data-plane/gateway-components/common-controller/api/notification-api.yaml b/...harts/templates/data-plane/gateway-components/common-controller/api/notification-api.yaml
@@ -0,0 +1,122 @@
+# Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com) All Rights Reserved.
+#
+# WSO2 LLC. licenses this file to you under the Apache License,
+# Version 2.0 (the "License"); you may not use this file except
+# in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+{{- if and .Values.wso2.apk.dp.enabled .Values.wso2.apk.dp.commonController }}
+kind: "API"
+apiVersion: "dp.wso2.com/v1alpha2"
+metadata:
+  name: "{{ template "apk-helm.resource.prefix" . }}-wso2-apk-notification-api"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    managed-by: "apk"
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+spec:
+  apiName: "WSO2 APK Notification API"
+  apiType: "REST"
+  apiVersion: "1.0.0"
+  basePath: "/api/notification/1.0.0"
+  isDefaultVersion: true
+  organization: "apk-system"
+  definitionFileRef: "{{ template "apk-helm.resource.prefix" . }}-notification-api-definition"
+  production:
+  - routeRefs:
+    - "{{ template "apk-helm.resource.prefix" . }}-notification-api-route"
+  systemAPI: true
+---
+kind: "Backend"
+apiVersion: "dp.wso2.com/v1alpha1"
+metadata:
+  name: {{ template "apk-helm.resource.prefix" . }}-notification-api-backend
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+spec:
+  basePath: ""
+  services:
+    - host:  {{ template "apk-helm.resource.prefix" . }}-common-controller-service.{{ .Release.Namespace }}.svc
+      port: 9543
+  protocol: "https"
+  tls:
+    allowedSANs:
+      - {{ template "apk-helm.resource.prefix" . }}-common-controller-service.{{ .Release.Namespace }}.svc
+    secretRef:
+    {{- if and .Values.wso2.apk.dp.commonController.deployment.configs .Values.wso2.apk.dp.commonController.deployment.configs.tls }}
+      name: {{ .Values.wso2.apk.dp.commonController.deployment.configs.tls.secretName}}
+      key: {{ .Values.wso2.apk.dp.commonController.deployment.configs.tls.certKeyFilename }}
+    {{- else }}
+      name: {{ template "apk-helm.resource.prefix" . }}-common-controller-server-cert
+      key: tls.crt
+    {{- end }}
+---
+apiVersion: "gateway.networking.k8s.io/v1beta1"
+kind: "HTTPRoute"
+metadata:
+  name: "{{ template "apk-helm.resource.prefix" . }}-notification-api-route"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    managed-by: "apk"
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+spec:
+  hostnames:
+    - "{{ .Values.wso2.apk.listener.hostname | default "api.am.wso2.com"}}"
+  rules:
+    - matches:
+        - path:
+            type: "RegularExpression"
+            value: "/notify"
+          method: "POST"
+      backendRefs:
+        - group: "dp.wso2.com"
+          kind: "Backend"
+          name: "{{ template "apk-helm.resource.prefix" . }}-notification-api-backend"
+  parentRefs:
+    - group: "gateway.networking.k8s.io"
+      kind: "Gateway"
+      name: {{ .Values.wso2.apk.dp.gateway.name | default "wso2-apk-default" }}
+      sectionName: "httpslistener"
+---
+kind: "ConfigMap"
+apiVersion: "v1"
+metadata:
+  name: "{{ template "apk-helm.resource.prefix" . }}-notification-api-definition"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    managed-by: "apk"
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+binaryData:
+  definition: "H4sIAAAAAAAA/31TTW/bMAz9K4LOi5N028W3dsghCJYUa7rLUhSqTc/qrI9KdFYv8H8fKTtrgwTzxTb5RL73SB2k82CV1zKXH7NZNpcfhNS2cjI/SNTYACXWDnWlC4XaWXF9u2RMCbEI2nOIENtaR84IH9xeU04oYaColdXRiMoFEcGW2v6kuH1fDR0dW2U7yzX3EOJQb05UZrKnWITAYZn/OMg2NJSrEX3Mp1MincGrMr6BrHBmup+f87oNrmyL1GkoJPuHVLRog8YuVS2hUm2D9P2Qkl5hHVn+NDHt+NO7iPyOrTEqdEdPOiZ/3nXwi0zAGkTsIoIZFXoVlAE8CrL0Q3jsPAy+089LC9TggsMgGCdcdeJgJr62EcUTiJ3cblaL9eO3xffNl+vtcrPeyYwLBXhpdYBS5hhaYPnYpbnSXAwD4NU3roS3fFGDUWkDmFlOBwLNTvbJHy4HEW9cmawpnEWwyR3lfTPSmj5Hpn04r+WenqHAZEag3QtIRqW0+wX2Us8+MUxzfoeTnWvDRBUFxDhJsUkNAUb8qeQhEr2zceh1NZvx69ThzSot3KdLuRtVilH3CJqfg+6tarF2Qf+hxoz6fKnUkuwKVjXiLi2kWITgaC37/67loIq2nDSQ2UnEEX3HDg+6/p15c5spXbHbVeN+J5A2PCU9TGwknGZ2f3K9kLTyvZJpIWhSfLgfnr9aQ7ylNgQAAA=="
+---
+apiVersion: "dp.wso2.com/v1alpha1"
+kind: "Authentication"
+metadata:
+  name: "{{ template "apk-helm.resource.prefix" . }}-notification-api-no-authentication-policy"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    managed-by: "apk"
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+spec:
+  override:
+    disabled: true
+  targetRef:
+    group: ""
+    kind: "API"
+    name: "{{ template "apk-helm.resource.prefix" . }}-wso2-apk-notification-api"
+---
+{{- end}}
diff --git a/.../templates/data-plane/gateway-components/common-controller/common-controller-service.yaml b/.../templates/data-plane/gateway-components/common-controller/common-controller-service.yaml
@@ -38,4 +38,8 @@ spec:
     - name: https-internal-api
       protocol: TCP
       port: 18003
+    - name: web-server
+      protocol: TCP
+      port: 9543
+      targetPort: 9543
 {{- end -}}
diff --git a/...data-plane/gateway-components/common-controller/common-controller-web-server-service.yaml b/...data-plane/gateway-components/common-controller/common-controller-web-server-service.yaml
diff --git a/test/cucumber-tests/src/test/resources/tests/api/RevokedToken.feature b/test/cucumber-tests/src/test/resources/tests/api/RevokedToken.feature
@@ -12,12 +12,12 @@ Feature: Token revocation
     And I eventually receive 200 response code, not accepting
       |429|
       |401|
-    Then I set headers
-      |stsAuthKey|2jrmypak391zsqz974ugdddebf812ofx1b9t1oq27530ir02tc815eemrx435qvcp41ucgy7v5uuawzi4qcmjrx0k1zgox2s28cr|
     And I send "GET" request to "https://default.gw.wso2.com:9095/jwt-basic/3.14/employee/" with body ""
     And the response status code should be 200
     # Revoke the token
-    And I send "POST" request to "https://apk-test-setup-wso2-apk-common-controller-service.apk-integration-test.svc:9543/notify?type=TOKEN_REVOCATION" with body "{\"token\": \"${accessToken}\"}"
+    Then I set headers
+      |stsAuthKey|2jrmypak391zsqz974ugdddebf812ofx1b9t1oq27530ir02tc815eemrx435qvcp41ucgy7v5uuawzi4qcmjrx0k1zgox2s28cr|
+    And I send "POST" request to "https://api.am.wso2.com:9095/api/notification/1.0.0/notify?type=TOKEN_REVOCATION" with body "{\"token\": \"${accessToken}\"}"
     And the response status code should be 200
     And I wait for 5 seconds
     And I send "GET" request to "https://default.gw.wso2.com:9095/jwt-basic/3.14/employee/" with body ""