Skip to content

Commit

Permalink
Add changes from code review
Browse files Browse the repository at this point in the history
  • Loading branch information
@sgayangi
sgayangi committed Jan 9, 2024
1 parent 094c3cf commit 98ca8f6
Show file tree
Hide file tree
Showing 37 changed files with 2,225 additions and 255 deletions.
24 changes: 12 additions & 12 deletions adapter/internal/oasparser/model/adapter_internal_api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -313,8 +313,8 @@ func (adapterInternalAPI *AdapterInternalAPI) GetDisableScopes() bool {
}

// GetDisableMtls returns whether mTLS is disabled or not
func (swagger *AdapterInternalAPI) GetDisableMtls() bool {
return swagger.disableMtls
func (adapterInternalAPI *AdapterInternalAPI) GetDisableMtls() bool {
return adapterInternalAPI.disableMtls
}

// GetID returns the Id of the API
Expand All @@ -340,7 +340,7 @@ func (adapterInternalAPI *AdapterInternalAPI) GetClientCerts() []Certificate {
}

// SetClientCerts set the client certificates of the API
func (swagger *AdapterInternalAPI) SetClientCerts(apiName string, certs []string) {
func (adapterInternalAPI *AdapterInternalAPI) SetClientCerts(apiName string, certs []string) {
var clientCerts []Certificate
for i, cert := range certs {
clientCert := Certificate{
Expand All @@ -349,7 +349,7 @@ func (swagger *AdapterInternalAPI) SetClientCerts(apiName string, certs []string
}
clientCerts = append(clientCerts, clientCert)
}
swagger.clientCertificates = clientCerts
adapterInternalAPI.clientCertificates = clientCerts
}

// SetID set the Id of the API
Expand Down Expand Up @@ -400,18 +400,18 @@ func (adapterInternalAPI *AdapterInternalAPI) GetXWSO2AuthHeader() string {
}

// SetMutualSSL sets the optional or mandatory mTLS
func (swagger *AdapterInternalAPI) SetMutualSSL(mutualSSL string) {
swagger.mutualSSL = mutualSSL
func (adapterInternalAPI *AdapterInternalAPI) SetMutualSSL(mutualSSL string) {
adapterInternalAPI.mutualSSL = mutualSSL
}

// GetMutualSSL returns the optional or mandatory mTLS
func (swagger *AdapterInternalAPI) GetMutualSSL() string {
return swagger.mutualSSL
func (adapterInternalAPI *AdapterInternalAPI) GetMutualSSL() string {
return adapterInternalAPI.mutualSSL
}

// SetDisableMtls returns whether mTLS is disabled or not
func (swagger *AdapterInternalAPI) SetDisableMtls(disableMtls bool) {
swagger.disableMtls = disableMtls
func (adapterInternalAPI *AdapterInternalAPI) SetDisableMtls(disableMtls bool) {
adapterInternalAPI.disableMtls = disableMtls
}

// SetXWSO2ApplicationSecurity sets the optional or mandatory application security
Expand Down Expand Up @@ -469,7 +469,7 @@ func (adapterInternalAPI *AdapterInternalAPI) SetInfoHTTPRouteCR(httpRoute *gwap
disableScopes := true
config := config.ReadConfigs()

var authScheme *dpv1alpha1.Authentication
var authScheme *dpv1alpha2.Authentication
if outputAuthScheme != nil {
authScheme = *outputAuthScheme
}
Expand Down Expand Up @@ -800,7 +800,7 @@ func (adapterInternalAPI *AdapterInternalAPI) SetInfoGQLRouteCR(gqlRoute *dpv1al
disableScopes := true
config := config.ReadConfigs()

var authScheme *dpv1alpha1.Authentication
var authScheme *dpv1alpha2.Authentication
if outputAuthScheme != nil {
authScheme = *outputAuthScheme
}
Expand Down
12 changes: 6 additions & 6 deletions adapter/internal/oasparser/model/http_route.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@ import (

// ResourceParams contains httproute related parameters
type ResourceParams struct {
AuthSchemes map[string]dpv1alpha1.Authentication
ResourceAuthSchemes map[string]dpv1alpha1.Authentication
AuthSchemes map[string]dpv1alpha2.Authentication
ResourceAuthSchemes map[string]dpv1alpha2.Authentication
APIPolicies map[string]dpv1alpha2.APIPolicy
ResourceAPIPolicies map[string]dpv1alpha2.APIPolicy
InterceptorServiceMapping map[string]dpv1alpha1.InterceptorService
Expand Down Expand Up @@ -207,9 +207,9 @@ func concatAPIPolicies(schemeUp *dpv1alpha2.APIPolicy, schemeDown *dpv1alpha2.AP
return &apiPolicy
}

func concatAuthSchemes(schemeUp *dpv1alpha1.Authentication, schemeDown *dpv1alpha1.Authentication) *dpv1alpha1.Authentication {
finalAuth := dpv1alpha1.Authentication{
Spec: dpv1alpha1.AuthenticationSpec{},
func concatAuthSchemes(schemeUp *dpv1alpha2.Authentication, schemeDown *dpv1alpha2.Authentication) *dpv1alpha2.Authentication {
finalAuth := dpv1alpha2.Authentication{
Spec: dpv1alpha2.AuthenticationSpec{},
}
if schemeUp != nil && schemeDown != nil {
finalAuth.Spec.Override = utils.SelectPolicy(&schemeUp.Spec.Override, &schemeUp.Spec.Default, &schemeDown.Spec.Override, &schemeDown.Spec.Default)
Expand All @@ -224,7 +224,7 @@ func concatAuthSchemes(schemeUp *dpv1alpha1.Authentication, schemeDown *dpv1alph
// getSecurity returns security schemes and it's definitions with flag to indicate if security is disabled
// make sure authscheme only has external service override values. (i.e. empty default values)
// tip: use concatScheme method
func getSecurity(authScheme *dpv1alpha1.Authentication) *Authentication {
func getSecurity(authScheme *dpv1alpha2.Authentication) *Authentication {
authHeader := constants.AuthorizationHeader
if authScheme != nil && authScheme.Spec.Override != nil && authScheme.Spec.Override.AuthTypes != nil && len(authScheme.Spec.Override.AuthTypes.Oauth2.Header) > 0 {
authHeader = authScheme.Spec.Override.AuthTypes.Oauth2.Header
Expand Down
9 changes: 9 additions & 0 deletions adapter/internal/operator/PROJECT
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,15 @@ resources:
kind: API
path: github.com/wso2/apk/adapter/internal/operator/apis/dp/v1alpha2
version: v1alpha2
- api:
crdVersion: v1
namespaced: true
controller: true
domain: wso2.com
group: dp
kind: Authentication
path: github.com/wso2/apk/adapter/internal/operator/apis/dp/v1alpha2
version: v1alpha2
- api:
crdVersion: v1
namespaced: true
Expand Down
217 changes: 211 additions & 6 deletions adapter/internal/operator/config/crd/bases/dp.wso2.com_authentications.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
controller-gen.kubebuilder.io/version: v0.12.0
name: authentications.dp.wso2.com
spec:
group: dp.wso2.com
Expand All @@ -16,6 +15,214 @@ spec:
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Authentication is the Schema for the authentications API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AuthenticationSpec defines the desired state of Authentication
properties:
default:
description: AuthSpec specification of the authentication service
properties:
authTypes:
description: AuthTypes is to specify the authentication scheme
types and details
properties:
apiKey:
description: APIKey is to specify the APIKey authentication
scheme details
items:
description: APIKeyAuth APIKey Authentication scheme details
properties:
in:
description: In is to specify how the APIKey is passed
to the request
enum:
- Header
- Query
minLength: 1
type: string
name:
description: Name is the name of the header or query
parameter to be used
minLength: 1
type: string
sendTokenToUpstream:
description: SendTokenToUpstream is to specify whether
the APIKey should be sent to the upstream
type: boolean
type: object
nullable: true
type: array
oauth2:
description: Oauth2 is to specify the Oauth2 authentication
scheme details
properties:
disabled:
default: false
description: Disabled is to disable OAuth2 authentication
type: boolean
header:
default: authorization
description: Header is the header name used to pass the
OAuth2 token
type: string
sendTokenToUpstream:
description: SendTokenToUpstream is to specify whether
the OAuth2 token should be sent to the upstream
type: boolean
type: object
testConsoleKey:
description: TestConsoleKey is to specify the Test Console
Key authentication scheme details
properties:
header:
default: internal-key
description: Header is the header name used to pass the
Test Console Key
minLength: 1
type: string
sendTokenToUpstream:
description: SendTokenToUpstream is to specify whether
the Test Console Key should be sent to the upstream
type: boolean
type: object
type: object
disabled:
description: Disabled is to disable all authentications
type: boolean
type: object
override:
description: AuthSpec specification of the authentication service
properties:
authTypes:
description: AuthTypes is to specify the authentication scheme
types and details
properties:
apiKey:
description: APIKey is to specify the APIKey authentication
scheme details
items:
description: APIKeyAuth APIKey Authentication scheme details
properties:
in:
description: In is to specify how the APIKey is passed
to the request
enum:
- Header
- Query
minLength: 1
type: string
name:
description: Name is the name of the header or query
parameter to be used
minLength: 1
type: string
sendTokenToUpstream:
description: SendTokenToUpstream is to specify whether
the APIKey should be sent to the upstream
type: boolean
type: object
nullable: true
type: array
oauth2:
description: Oauth2 is to specify the Oauth2 authentication
scheme details
properties:
disabled:
default: false
description: Disabled is to disable OAuth2 authentication
type: boolean
header:
default: authorization
description: Header is the header name used to pass the
OAuth2 token
type: string
sendTokenToUpstream:
description: SendTokenToUpstream is to specify whether
the OAuth2 token should be sent to the upstream
type: boolean
type: object
testConsoleKey:
description: TestConsoleKey is to specify the Test Console
Key authentication scheme details
properties:
header:
default: internal-key
description: Header is the header name used to pass the
Test Console Key
minLength: 1
type: string
sendTokenToUpstream:
description: SendTokenToUpstream is to specify whether
the Test Console Key should be sent to the upstream
type: boolean
type: object
type: object
disabled:
description: Disabled is to disable all authentications
type: boolean
type: object
targetRef:
description: PolicyTargetReference identifies an API object to apply
policy to. This should be used as part of Policy resources that
can target Gateway API resources. For more information on how this
policy attachment model works, and a sample Policy resource, refer
to the policy attachment documentation for Gateway API.
properties:
group:
description: Group is the group of the target resource.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
description: Kind is kind of the target resource.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the target resource.
maxLength: 253
minLength: 1
type: string
namespace:
description: Namespace is the namespace of the referent. When
unspecified, the local namespace is inferred. Even when policy
targets a resource in a different namespace, it MUST only apply
to traffic originating from the same namespace as the policy.
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- group
- kind
- name
type: object
type: object
status:
description: AuthenticationStatus defines the observed state of Authentication
type: object
type: object
served: true
storage: false
subresources:
status: {}
- name: v1alpha2
schema:
openAPIV3Schema:
description: Authentication is the Schema for the authentications API
Expand Down Expand Up @@ -103,6 +310,7 @@ spec:
description: Disabled is to disable mTLS authentication
type: boolean
required:
default: optional
description: Required indicates whether mutualSSL is mandatory
or optional
enum:
Expand All @@ -129,8 +337,6 @@ spec:
- name
type: object
type: array
required:
- required
type: object
oauth2:
description: Oauth2 is to specify the Oauth2 authentication
Expand Down Expand Up @@ -238,6 +444,7 @@ spec:
description: Disabled is to disable mTLS authentication
type: boolean
required:
default: optional
description: Required indicates whether mutualSSL is mandatory
or optional
enum:
Expand All @@ -264,8 +471,6 @@ spec:
- name
type: object
type: array
required:
- required
type: object
oauth2:
description: Oauth2 is to specify the Oauth2 authentication
Expand Down
Loading

0 comments on commit 98ca8f6

Please sign in to comment.