From 9132f41f5a44d29b59c0cd1b93ee3bf6a612f6cd Mon Sep 17 00:00:00 2001 From: sgayangi Date: Mon, 8 Apr 2024 18:10:15 +0530 Subject: [PATCH 1/3] Update API Key implementation --- .../ballerina/APIClient.bal | 14 +++++++++++--- .../config-deployer-service/ballerina/types.bal | 4 ++-- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/runtime/config-deployer-service/ballerina/APIClient.bal b/runtime/config-deployer-service/ballerina/APIClient.bal index 5fcdd78ee..a11f5ca90 100644 --- a/runtime/config-deployer-service/ballerina/APIClient.bal +++ b/runtime/config-deployer-service/ballerina/APIClient.bal @@ -363,9 +363,17 @@ public class APIClient { authTypes.jwt = {header: jwtAuthentication.headerName, sendTokenToUpstream: jwtAuthentication.sendTokenToUpstream, disabled: !jwtAuthentication.enabled, audience: jwtAuthentication.audience}; } else if authentication.authType == "APIKey" && authentication is APIKeyAuthentication { APIKeyAuthentication apiKeyAuthentication = check authentication.cloneWithType(APIKeyAuthentication); - authTypes.apiKey = []; - authTypes.apiKey.push({'in: "Header", name: apiKeyAuthentication.headerName, sendTokenToUpstream: apiKeyAuthentication.sendTokenToUpstream}); - authTypes.apiKey.push({'in: "Query", name: apiKeyAuthentication.queryParamName, sendTokenToUpstream: apiKeyAuthentication.sendTokenToUpstream}); + model:APIKey[] apiKeys = []; + boolean|() headerEnabled = apiKeyAuthentication.headerEnable; + boolean|() queryEnabled = apiKeyAuthentication.queryParamEnable; + + if headerEnabled is boolean && headerEnabled { + apiKeys.push({'in: "Header", name: apiKeyAuthentication.headerName, sendTokenToUpstream: apiKeyAuthentication.sendTokenToUpstream}); + } + if queryEnabled is boolean && queryEnabled { + apiKeys.push({'in: "Query", name: apiKeyAuthentication.queryParamName, sendTokenToUpstream: apiKeyAuthentication.sendTokenToUpstream}); + } + authTypes.apiKey = apiKeys; } else if authentication.authType == "mTLS" { MTLSAuthentication mtlsAuthentication = check authentication.cloneWithType(MTLSAuthentication); isMTLSMandatory = mtlsAuthentication.required == "mandatory"; diff --git a/runtime/config-deployer-service/ballerina/types.bal b/runtime/config-deployer-service/ballerina/types.bal index b68f2f2ee..25bd738b7 100644 --- a/runtime/config-deployer-service/ballerina/types.bal +++ b/runtime/config-deployer-service/ballerina/types.bal @@ -277,8 +277,8 @@ public type APIKeyAuthentication record {| boolean sendTokenToUpstream = false; string headerName = "apiKey"; string queryParamName = "apiKey"; - boolean headerEnable = true; - boolean queryParamEnable = true; + boolean headerEnable?; + boolean queryParamEnable?; |}; # Mutual SSL configuration of this API From 7e8d8265ebe88b9ed12dc7b7c0df1fd847abd966 Mon Sep 17 00:00:00 2001 From: sgayangi Date: Mon, 8 Apr 2024 18:22:19 +0530 Subject: [PATCH 2/3] Update config deployer test cases --- runtime/config-deployer-service/ballerina/APIClient.bal | 2 +- .../ballerina/tests/resources/apiKeyOnly.apk-conf | 1 + .../ballerina/tests/resources/jwtandAPIKey.apk-conf | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/runtime/config-deployer-service/ballerina/APIClient.bal b/runtime/config-deployer-service/ballerina/APIClient.bal index a11f5ca90..b5ea081e2 100644 --- a/runtime/config-deployer-service/ballerina/APIClient.bal +++ b/runtime/config-deployer-service/ballerina/APIClient.bal @@ -361,7 +361,7 @@ public class APIClient { } else if authentication.authType == "JWT" { JWTAuthentication jwtAuthentication = check authentication.cloneWithType(JWTAuthentication); authTypes.jwt = {header: jwtAuthentication.headerName, sendTokenToUpstream: jwtAuthentication.sendTokenToUpstream, disabled: !jwtAuthentication.enabled, audience: jwtAuthentication.audience}; - } else if authentication.authType == "APIKey" && authentication is APIKeyAuthentication { + } else if authentication.authType == "APIKey" { APIKeyAuthentication apiKeyAuthentication = check authentication.cloneWithType(APIKeyAuthentication); model:APIKey[] apiKeys = []; boolean|() headerEnabled = apiKeyAuthentication.headerEnable; diff --git a/runtime/config-deployer-service/ballerina/tests/resources/apiKeyOnly.apk-conf b/runtime/config-deployer-service/ballerina/tests/resources/apiKeyOnly.apk-conf index 52ef28289..b1f082411 100644 --- a/runtime/config-deployer-service/ballerina/tests/resources/apiKeyOnly.apk-conf +++ b/runtime/config-deployer-service/ballerina/tests/resources/apiKeyOnly.apk-conf @@ -18,6 +18,7 @@ authentication: - authType: "APIKey" enabled: true queryParamEnable: true + headerEnable: true corsConfiguration: corsConfigurationEnabled: false accessControlAllowOrigins: diff --git a/runtime/config-deployer-service/ballerina/tests/resources/jwtandAPIKey.apk-conf b/runtime/config-deployer-service/ballerina/tests/resources/jwtandAPIKey.apk-conf index 62d5518b9..88b21c4aa 100644 --- a/runtime/config-deployer-service/ballerina/tests/resources/jwtandAPIKey.apk-conf +++ b/runtime/config-deployer-service/ballerina/tests/resources/jwtandAPIKey.apk-conf @@ -20,6 +20,7 @@ authentication: - authType: "APIKey" enabled: true queryParamEnable: true + headerEnable: true corsConfiguration: corsConfigurationEnabled: false accessControlAllowOrigins: From cc44f9b1f03b271351d088c1586a2cbfac3d7959 Mon Sep 17 00:00:00 2001 From: sgayangi Date: Tue, 16 Apr 2024 13:58:25 +0530 Subject: [PATCH 3/3] Add default values for API Key Authentication --- .../config-deployer-service/ballerina/APIClient.bal | 8 +++----- .../ballerina/resources/apk-conf-schema.yaml | 4 ++-- .../ballerina/tests/resources/apiKeyOnly.apk-conf | 1 - .../ballerina/tests/resources/apk-schema.json | 2 +- .../ballerina/tests/resources/jwtandAPIKey.apk-conf | 1 - runtime/config-deployer-service/ballerina/types.bal | 4 ++-- .../docker/config-deployer/conf/apk-schema.json | 13 +++++++++---- 7 files changed, 17 insertions(+), 16 deletions(-) diff --git a/runtime/config-deployer-service/ballerina/APIClient.bal b/runtime/config-deployer-service/ballerina/APIClient.bal index b5ea081e2..1975b4e11 100644 --- a/runtime/config-deployer-service/ballerina/APIClient.bal +++ b/runtime/config-deployer-service/ballerina/APIClient.bal @@ -361,16 +361,14 @@ public class APIClient { } else if authentication.authType == "JWT" { JWTAuthentication jwtAuthentication = check authentication.cloneWithType(JWTAuthentication); authTypes.jwt = {header: jwtAuthentication.headerName, sendTokenToUpstream: jwtAuthentication.sendTokenToUpstream, disabled: !jwtAuthentication.enabled, audience: jwtAuthentication.audience}; - } else if authentication.authType == "APIKey" { + } else if authentication.authType == "APIKey" && authentication is APIKeyAuthentication { APIKeyAuthentication apiKeyAuthentication = check authentication.cloneWithType(APIKeyAuthentication); model:APIKey[] apiKeys = []; - boolean|() headerEnabled = apiKeyAuthentication.headerEnable; - boolean|() queryEnabled = apiKeyAuthentication.queryParamEnable; - if headerEnabled is boolean && headerEnabled { + if apiKeyAuthentication.headerEnable { apiKeys.push({'in: "Header", name: apiKeyAuthentication.headerName, sendTokenToUpstream: apiKeyAuthentication.sendTokenToUpstream}); } - if queryEnabled is boolean && queryEnabled { + if apiKeyAuthentication.queryParamEnable { apiKeys.push({'in: "Query", name: apiKeyAuthentication.queryParamName, sendTokenToUpstream: apiKeyAuthentication.sendTokenToUpstream}); } authTypes.apiKey = apiKeys; diff --git a/runtime/config-deployer-service/ballerina/resources/apk-conf-schema.yaml b/runtime/config-deployer-service/ballerina/resources/apk-conf-schema.yaml index baf1c0ac8..9c9847c50 100644 --- a/runtime/config-deployer-service/ballerina/resources/apk-conf-schema.yaml +++ b/runtime/config-deployer-service/ballerina/resources/apk-conf-schema.yaml @@ -150,7 +150,7 @@ components: headerEnable: type: boolean default: true - audience: + audience: type: array default: [] items: @@ -173,7 +173,7 @@ components: default: false headerName: type: string - example: Authorization + example: apikey default: apikey queryParamName: type: string diff --git a/runtime/config-deployer-service/ballerina/tests/resources/apiKeyOnly.apk-conf b/runtime/config-deployer-service/ballerina/tests/resources/apiKeyOnly.apk-conf index b1f082411..52ef28289 100644 --- a/runtime/config-deployer-service/ballerina/tests/resources/apiKeyOnly.apk-conf +++ b/runtime/config-deployer-service/ballerina/tests/resources/apiKeyOnly.apk-conf @@ -18,7 +18,6 @@ authentication: - authType: "APIKey" enabled: true queryParamEnable: true - headerEnable: true corsConfiguration: corsConfigurationEnabled: false accessControlAllowOrigins: diff --git a/runtime/config-deployer-service/ballerina/tests/resources/apk-schema.json b/runtime/config-deployer-service/ballerina/tests/resources/apk-schema.json index ee39eacd3..9eb12e129 100644 --- a/runtime/config-deployer-service/ballerina/tests/resources/apk-schema.json +++ b/runtime/config-deployer-service/ballerina/tests/resources/apk-schema.json @@ -213,7 +213,7 @@ }, "headerName": { "type": "string", - "example": "Authorization", + "example": "apikey", "default": "apikey" }, "queryParamName": { diff --git a/runtime/config-deployer-service/ballerina/tests/resources/jwtandAPIKey.apk-conf b/runtime/config-deployer-service/ballerina/tests/resources/jwtandAPIKey.apk-conf index 88b21c4aa..62d5518b9 100644 --- a/runtime/config-deployer-service/ballerina/tests/resources/jwtandAPIKey.apk-conf +++ b/runtime/config-deployer-service/ballerina/tests/resources/jwtandAPIKey.apk-conf @@ -20,7 +20,6 @@ authentication: - authType: "APIKey" enabled: true queryParamEnable: true - headerEnable: true corsConfiguration: corsConfigurationEnabled: false accessControlAllowOrigins: diff --git a/runtime/config-deployer-service/ballerina/types.bal b/runtime/config-deployer-service/ballerina/types.bal index 25bd738b7..41fa29730 100644 --- a/runtime/config-deployer-service/ballerina/types.bal +++ b/runtime/config-deployer-service/ballerina/types.bal @@ -277,8 +277,8 @@ public type APIKeyAuthentication record {| boolean sendTokenToUpstream = false; string headerName = "apiKey"; string queryParamName = "apiKey"; - boolean headerEnable?; - boolean queryParamEnable?; + boolean headerEnable = true; + boolean queryParamEnable = false; |}; # Mutual SSL configuration of this API diff --git a/runtime/config-deployer-service/docker/config-deployer/conf/apk-schema.json b/runtime/config-deployer-service/docker/config-deployer/conf/apk-schema.json index c1f5c3402..870b4a389 100644 --- a/runtime/config-deployer-service/docker/config-deployer/conf/apk-schema.json +++ b/runtime/config-deployer-service/docker/config-deployer/conf/apk-schema.json @@ -156,11 +156,16 @@ "required": { "type": "string", "default": "mandatory", - "enum": ["mandatory", "optional"] + "enum": [ + "mandatory", + "optional" + ] }, "authType": { "type": "string", - "enum": ["JWT"] + "enum": [ + "JWT" + ] }, "sendTokenToUpstream": { "type": "boolean", @@ -253,7 +258,7 @@ }, "headerName": { "type": "string", - "example": "Authorization", + "example": "apikey", "default": "apikey" }, "queryParamName": { @@ -608,7 +613,7 @@ } } }, - "required":[ + "required": [ "target", "verb" ],