Add subscription validation enable capability at gateway level

wso2 · Nov 13, 2023 · 723c9b4 · 723c9b4
1 parent 62d624b
commit 723c9b4
Show file tree

Hide file tree

Showing 16 changed files with 167 additions and 51 deletions.
diff --git a/adapter/api/proto/wso2/discovery/config/enforcer/config.proto b/adapter/api/proto/wso2/discovery/config/enforcer/config.proto
@@ -46,4 +46,6 @@ message Config {
     repeated Filter filters = 11;
 
     Soap soap = 12;
+
+    bool mandateSubscriptionValidation = 13;
 }
diff --git a/adapter/config/default_config.go b/adapter/config/default_config.go
@@ -194,6 +194,7 @@ var defaultConfig = &Config{
 			Enabled: false,
 			Type:    "azure",
 		},
+		MandateSubscriptionValidation: false,
 	},
 	ManagementServer: managementServer{
 		Enabled:   false,

diff --git a/adapter/config/types.go b/adapter/config/types.go
@@ -150,15 +150,16 @@ type xRateLimitHeaders struct {
 }
 
 type enforcer struct {
-	Security     security
-	AuthService  authService
-	JwtGenerator jwtGenerator
-	Cache        cache
-	JwtIssuer    jwtIssuer
-	Management   management
-	RestServer   restServer
-	Filters      []filter
-	Metrics      metrics
+	Security                      security
+	AuthService                   authService
+	JwtGenerator                  jwtGenerator
+	Cache                         cache
+	JwtIssuer                     jwtIssuer
+	Management                    management
+	RestServer                    restServer
+	Filters                       []filter
+	Metrics                       metrics
+	MandateSubscriptionValidation bool
 }
 
 type consul struct {

diff --git a/adapter/internal/discovery/xds/marshaller.go b/adapter/internal/discovery/xds/marshaller.go
@@ -104,6 +104,7 @@ func MarshalConfig(config *config.Config) *enforcer.Config {
 		Enabled: config.Enforcer.Metrics.Enabled,
 		Type:    config.Enforcer.Metrics.Type,
 	}
+	mandateSubscriptionValidation := config.Enforcer.MandateSubscriptionValidation
 	analytics := &enforcer.Analytics{
 		Enabled:            config.Analytics.Enabled,
 		Properties:         config.Analytics.Properties,
@@ -165,13 +166,14 @@ func MarshalConfig(config *config.Config) *enforcer.Config {
 				EnableOutboundCertificateHeader: config.Enforcer.Security.MutualSSL.EnableOutboundCertificateHeader,
 			},
 		},
-		Cache:      cache,
-		Tracing:    tracing,
-		Metrics:    metrics,
-		Analytics:  analytics,
-		Management: management,
-		Filters:    filters,
-		Soap:       soap,
+		Cache:                         cache,
+		Tracing:                       tracing,
+		Metrics:                       metrics,
+		Analytics:                     analytics,
+		Management:                    management,
+		Filters:                       filters,
+		Soap:                          soap,
+		MandateSubscriptionValidation: mandateSubscriptionValidation,
 	}
 }
 

diff --git a/adapter/internal/operator/controllers/dp/gateway_controller.go b/adapter/internal/operator/controllers/dp/gateway_controller.go
@@ -298,7 +298,7 @@ func (gatewayReconciler *GatewayReconciler) getInterceptorServicesForGateway(ctx
 			}
 		}
 	}
-	return interceptorServices, nil // TODO(Ashera): Handle global subscription validation enable disable
+	return interceptorServices, nil
 }
 
 func (gatewayReconciler *GatewayReconciler) getResolvedBackendsMapping(ctx context.Context,

diff --git a/adapter/pkg/discovery/api/wso2/discovery/config/enforcer/config.pb.go b/adapter/pkg/discovery/api/wso2/discovery/config/enforcer/config.pb.go
diff --git a/common-controller/commoncontroller/common_controller.go b/common-controller/commoncontroller/common_controller.go
@@ -152,7 +152,6 @@ func runCommonEnforcerServer(server xdsv3.Server, enforcerServer wso2_server.Ser
 	port uint) {
 	var grpcOptions []grpc.ServerOption
 	grpcOptions = append(grpcOptions, grpc.MaxConcurrentStreams(grpcMaxConcurrentStreams))
-	// TODO(Ashera): Add TLS support for Common Controller - Enforcer connection
 	publicKeyLocation, privateKeyLocation, truststoreLocation := utils.GetKeyLocations()
 	cert, err := utils.GetServerCertificate(publicKeyLocation, privateKeyLocation)
 

diff --git a/...forcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/ConfigHolder.java b/...forcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/ConfigHolder.java
@@ -161,6 +161,7 @@ private void parseConfigs(Config config) {
         populateCustomFilters(config.getFiltersList());
         populateAPIKeyIssuer(config.getSecurity().getApiKey());
         populateInternalTokenIssuer(config.getSecurity().getRuntimeToken());
+        populateMandateSubscriptionValidationConfig(config.getMandateSubscriptionValidation());
         // resolve string variables provided as environment variables.
         resolveConfigsWithEnvs(this.config);
     }
@@ -196,6 +197,10 @@ private void populateSoapErrorResponseConfigs(Soap soap) {
         config.setSoapErrorResponseConfigDto(soapErrorResponseConfigDto);
     }
 
+    private void populateMandateSubscriptionValidationConfig(boolean mandateSubscriptionValidation) {
+        config.setMandateSubscriptionValidation(mandateSubscriptionValidation);
+    }
+
     private void populateManagementCredentials(Management management) {
 
         ManagementCredentialsDto managementCredentialsDto = new ManagementCredentialsDto();

diff --git a/...rcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/EnforcerConfig.java b/...rcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/EnforcerConfig.java
@@ -59,6 +59,7 @@ public class EnforcerConfig {
     private FilterDTO[] customFilters;
 
     private SoapErrorResponseConfigDto soapErrorResponseConfigDto;
+    private boolean mandateSubscriptionValidation;
 
     public AuthServiceConfigurationDto getAuthService() {
         return authService;
@@ -203,5 +204,13 @@ public BackendJWKSDto getBackendJWKSDto() {
     public void setBackendJWKSDto(BackendJWKSDto backendJWKSDto) {
         this.backendJWKSDto = backendJWKSDto;
     }
+
+    public boolean getMandateSubscriptionValidation() {
+        return mandateSubscriptionValidation;
+    }
+
+    public void setMandateSubscriptionValidation(boolean mandateSubscriptionValidation) {
+        this.mandateSubscriptionValidation = mandateSubscriptionValidation;
+    }
 }
 
diff --git a/...o2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/config/enforcer/Config.java b/...o2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/config/enforcer/Config.java
diff --git a/...forcer/src/main/java/org/wso2/apk/enforcer/discovery/config/enforcer/ConfigOrBuilder.java b/...forcer/src/main/java/org/wso2/apk/enforcer/discovery/config/enforcer/ConfigOrBuilder.java
diff --git a/...k.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/config/enforcer/ConfigProto.java b/...k.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/config/enforcer/ConfigProto.java
-Original file line number
+Diff line change
@@ Expand Up @@
     			}
     		}
     	}
-    	return interceptorServices, nil // TODO(Ashera): Handle global subscription validation enable disable
+    	return interceptorServices, nil
     }
     func (gatewayReconciler *GatewayReconciler) getResolvedBackendsMapping(ctx context.Context,
@@ Expand Down @@