From a9269afc449eea7ced46ecc6943db3b3c91980b2 Mon Sep 17 00:00:00 2001 From: Tharindu Dharmarathna Date: Wed, 6 Sep 2023 10:57:53 +0530 Subject: [PATCH] change JWT->Oauth2 --- .../internal/oasparser/model/http_route.go | 8 ++--- .../apis/dp/v1alpha1/authentication_types.go | 8 ++--- .../apis/dp/v1alpha1/zz_generated.deepcopy.go | 32 +++++++++---------- .../bases/dp.wso2.com_authentications.yaml | 12 +++---- .../crds/dp.wso2.com_authentications.yaml | 29 ++++------------- .../ballerina/APIClient.bal | 6 ++-- .../modules/model/Authentication.bal | 4 +-- .../ballerina/resources/apk-conf-schema.yaml | 6 ++-- .../ballerina/tests/APIClientTest.bal | 4 +-- .../ballerina/tests/resources/apk-schema.json | 4 +-- .../bothVhostGlobalEndpoint.apk-conf | 2 +- .../tests/resources/invalid.apk-conf | 2 +- ...alidproductionVhostGlobalEndpoint.apk-conf | 2 +- ...lidproductionVhostResourceEndpointapk-conf | 2 +- ...invalidsandboxVhostGlobalEndpoint.apk-conf | 2 +- .../tests/resources/jwtAuth.apk-conf | 2 +- .../tests/resources/jwtandAPIKey.apk-conf | 2 +- .../ballerina/types.bal | 4 +-- .../config-deployer/conf/apk-schema.json | 4 +-- runtime/runtime-ui/schema/apk-conf.yaml | 4 +-- runtime/runtime-ui/schema/apk-schema.json | 4 +-- runtime/runtime-ui/templates/petstore.yaml | 2 +- runtime/runtime-ui/templates/pizza-shack.yaml | 2 +- 23 files changed, 66 insertions(+), 81 deletions(-) diff --git a/adapter/internal/oasparser/model/http_route.go b/adapter/internal/oasparser/model/http_route.go index 3916fac0d2..96c513481b 100644 --- a/adapter/internal/oasparser/model/http_route.go +++ b/adapter/internal/oasparser/model/http_route.go @@ -565,12 +565,12 @@ func concatAuthSchemes(schemeUp *dpv1alpha1.Authentication, schemeDown *dpv1alph // tip: use concatScheme method func getSecurity(authScheme *dpv1alpha1.Authentication) *Authentication { authHeader := constants.AuthorizationHeader - if authScheme != nil && authScheme.Spec.Override.AuthTypes != nil && len(authScheme.Spec.Override.AuthTypes.JWT.Header) > 0 { - authHeader = authScheme.Spec.Override.AuthTypes.JWT.Header + if authScheme != nil && authScheme.Spec.Override.AuthTypes != nil && len(authScheme.Spec.Override.AuthTypes.Oauth2.Header) > 0 { + authHeader = authScheme.Spec.Override.AuthTypes.Oauth2.Header } sendTokenToUpstream := false if authScheme != nil && authScheme.Spec.Override.AuthTypes != nil { - sendTokenToUpstream = authScheme.Spec.Override.AuthTypes.JWT.SendTokenToUpstream + sendTokenToUpstream = authScheme.Spec.Override.AuthTypes.Oauth2.SendTokenToUpstream } auth := &Authentication{Disabled: false, TestConsoleKey: &TestConsoleKey{Header: constants.TestConsoleKeyHeader}, @@ -581,7 +581,7 @@ func getSecurity(authScheme *dpv1alpha1.Authentication) *Authentication { return &Authentication{Disabled: true} } authFound := false - if authScheme.Spec.Override.AuthTypes != nil && authScheme.Spec.Override.AuthTypes.JWT.Disabled { + if authScheme.Spec.Override.AuthTypes != nil && authScheme.Spec.Override.AuthTypes.Oauth2.Disabled { auth = &Authentication{Disabled: false, TestConsoleKey: &TestConsoleKey{Header: constants.TestConsoleKeyHeader}, } diff --git a/adapter/internal/operator/apis/dp/v1alpha1/authentication_types.go b/adapter/internal/operator/apis/dp/v1alpha1/authentication_types.go index 332aa5dcbb..86ccb6a6fd 100644 --- a/adapter/internal/operator/apis/dp/v1alpha1/authentication_types.go +++ b/adapter/internal/operator/apis/dp/v1alpha1/authentication_types.go @@ -42,10 +42,10 @@ type AuthSpec struct { // APIAuth Authentication scheme type and details type APIAuth struct { - // JWT is to specify the JWT authentication scheme details + // Oauth2 is to specify the Oauth2 authentication scheme details // // +optional - JWT JWTAuth `json:"jwt,omitempty"` + Oauth2 Oauth2Auth `json:"oauth2,omitempty"` // APIKey is to specify the APIKey authentication scheme details // @@ -74,8 +74,8 @@ type TestConsoleKeyAuth struct { SendTokenToUpstream bool `json:"sendTokenToUpstream,omitempty"` } -// JWTAuth JWT Authentication scheme details -type JWTAuth struct { +// Oauth2Auth Oauth Authentication scheme details +type Oauth2Auth struct { // Disabled is to disable JWT authentication // diff --git a/adapter/internal/operator/apis/dp/v1alpha1/zz_generated.deepcopy.go b/adapter/internal/operator/apis/dp/v1alpha1/zz_generated.deepcopy.go index a6d9bdb694..47c3fb3113 100644 --- a/adapter/internal/operator/apis/dp/v1alpha1/zz_generated.deepcopy.go +++ b/adapter/internal/operator/apis/dp/v1alpha1/zz_generated.deepcopy.go @@ -57,7 +57,7 @@ func (in *API) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *APIAuth) DeepCopyInto(out *APIAuth) { *out = *in - out.JWT = in.JWT + out.Oauth2 = in.Oauth2 if in.APIKey != nil { in, out := &in.APIKey, &out.APIKey *out = make([]APIKeyAuth, len(*in)) @@ -996,21 +996,6 @@ func (in *JWKS) DeepCopy() *JWKS { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *JWTAuth) DeepCopyInto(out *JWTAuth) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuth. -func (in *JWTAuth) DeepCopy() *JWTAuth { - if in == nil { - return nil - } - out := new(JWTAuth) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *JWTIssuer) DeepCopyInto(out *JWTIssuer) { *out = *in @@ -1148,6 +1133,21 @@ func (in *JWTIssuerStatus) DeepCopy() *JWTIssuerStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Oauth2Auth) DeepCopyInto(out *Oauth2Auth) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Oauth2Auth. +func (in *Oauth2Auth) DeepCopy() *Oauth2Auth { + if in == nil { + return nil + } + out := new(Oauth2Auth) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PolicySpec) DeepCopyInto(out *PolicySpec) { *out = *in diff --git a/adapter/internal/operator/config/crd/bases/dp.wso2.com_authentications.yaml b/adapter/internal/operator/config/crd/bases/dp.wso2.com_authentications.yaml index b3924d877b..440da0044b 100644 --- a/adapter/internal/operator/config/crd/bases/dp.wso2.com_authentications.yaml +++ b/adapter/internal/operator/config/crd/bases/dp.wso2.com_authentications.yaml @@ -68,9 +68,9 @@ spec: type: object nullable: true type: array - jwt: - description: JWT is to specify the JWT authentication scheme - details + oauth2: + description: Oauth2 is to specify the Oauth2 authentication + scheme details properties: disabled: default: false @@ -139,9 +139,9 @@ spec: type: object nullable: true type: array - jwt: - description: JWT is to specify the JWT authentication scheme - details + oauth2: + description: Oauth2 is to specify the Oauth2 authentication + scheme details properties: disabled: default: false diff --git a/helm-charts/crds/dp.wso2.com_authentications.yaml b/helm-charts/crds/dp.wso2.com_authentications.yaml index d42c99fe43..440da0044b 100644 --- a/helm-charts/crds/dp.wso2.com_authentications.yaml +++ b/helm-charts/crds/dp.wso2.com_authentications.yaml @@ -1,19 +1,4 @@ -# -------------------------------------------------------------------- -# Copyright (c) 2023, WSO2 LLC. (http://wso2.com) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ----------------------------------------------------------------------- - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -83,9 +68,9 @@ spec: type: object nullable: true type: array - jwt: - description: JWT is to specify the JWT authentication scheme - details + oauth2: + description: Oauth2 is to specify the Oauth2 authentication + scheme details properties: disabled: default: false @@ -154,9 +139,9 @@ spec: type: object nullable: true type: array - jwt: - description: JWT is to specify the JWT authentication scheme - details + oauth2: + description: Oauth2 is to specify the Oauth2 authentication + scheme details properties: disabled: default: false diff --git a/runtime/config-deployer-service/ballerina/APIClient.bal b/runtime/config-deployer-service/ballerina/APIClient.bal index 98a7a68e48..d6035bf378 100644 --- a/runtime/config-deployer-service/ballerina/APIClient.bal +++ b/runtime/config-deployer-service/ballerina/APIClient.bal @@ -327,9 +327,9 @@ public class APIClient { map authenticationMap = {}; model:AuthenticationExtenstionType authTypes = {}; foreach AuthenticationRequest authentication in authentications { - if authentication.authType == "JWT" { - JWTAuthentication jwtAuthentication = check authentication.cloneWithType(JWTAuthentication); - authTypes.jwt = {header: jwtAuthentication.headerName, sendTokenToUpstream: jwtAuthentication.sendTokenToUpstream, disabled: !jwtAuthentication.enabled}; + if authentication.authType == "OAuth2" { + OAuth2Authentication oauth2Authentication = check authentication.cloneWithType(OAuth2Authentication); + authTypes.oauth2 = {header: oauth2Authentication.headerName, sendTokenToUpstream: oauth2Authentication.sendTokenToUpstream, disabled: !oauth2Authentication.enabled}; } else if authentication.authType == "APIKey" && authentication is APIKeyAuthentication { APIKeyAuthentication apiKeyAuthentication = check authentication.cloneWithType(APIKeyAuthentication); authTypes.apiKey = []; diff --git a/runtime/config-deployer-service/ballerina/modules/model/Authentication.bal b/runtime/config-deployer-service/ballerina/modules/model/Authentication.bal index 0f9facdcf0..9950adb948 100644 --- a/runtime/config-deployer-service/ballerina/modules/model/Authentication.bal +++ b/runtime/config-deployer-service/ballerina/modules/model/Authentication.bal @@ -35,11 +35,11 @@ public type AuthenticationData record { }; public type AuthenticationExtenstionType record { - JWTAuthentication jwt?; + OAuth2Authentication oauth2?; APIKey[] apiKey = []; }; -public type JWTAuthentication record { +public type OAuth2Authentication record { string header?; boolean sendTokenToUpstream?; boolean disabled; diff --git a/runtime/config-deployer-service/ballerina/resources/apk-conf-schema.yaml b/runtime/config-deployer-service/ballerina/resources/apk-conf-schema.yaml index d0da1e1f2e..bdf221117d 100644 --- a/runtime/config-deployer-service/ballerina/resources/apk-conf-schema.yaml +++ b/runtime/config-deployer-service/ballerina/resources/apk-conf-schema.yaml @@ -74,12 +74,12 @@ components: additionalProperties: false AuthenticationRequest: oneOf: - - $ref: "#/components/schemas/JWTAuthentication" + - $ref: "#/components/schemas/OAuth2Authentication" - $ref: "#/components/schemas/APIKeyAuthentication" discriminator: propertyName: authType mapping: - JWT: "#/components/schemas/JWTAuthentication" + OAuth2: "#/components/schemas/OAuth2Authentication" APIKey: "#/components/schemas/APIKeyAuthentication" Authentication: type: object @@ -93,7 +93,7 @@ components: type: boolean example: true additionalProperties: false - JWTAuthentication: + OAuth2Authentication: allOf: - $ref: '#/components/schemas/Authentication' - type: object diff --git a/runtime/config-deployer-service/ballerina/tests/APIClientTest.bal b/runtime/config-deployer-service/ballerina/tests/APIClientTest.bal index cd9714eae1..02f5a35c06 100644 --- a/runtime/config-deployer-service/ballerina/tests/APIClientTest.bal +++ b/runtime/config-deployer-service/ballerina/tests/APIClientTest.bal @@ -469,7 +469,7 @@ public function testJWTAuthenticationOnlyEnable() returns error? { model:AuthenticationData expectedAuthenticationData = { disabled: false, authTypes: { - jwt: { + oauth2: { disabled: false, header: "Authorization", sendTokenToUpstream: false @@ -538,7 +538,7 @@ public function testAPIKeyAndJWTEnable() returns error? { sendTokenToUpstream: false } ], - jwt: { + oauth2: { disabled: false, header: "Authorization", sendTokenToUpstream: false diff --git a/runtime/config-deployer-service/ballerina/tests/resources/apk-schema.json b/runtime/config-deployer-service/ballerina/tests/resources/apk-schema.json index c440f77970..4944693048 100644 --- a/runtime/config-deployer-service/ballerina/tests/resources/apk-schema.json +++ b/runtime/config-deployer-service/ballerina/tests/resources/apk-schema.json @@ -95,8 +95,8 @@ "properties": { "authType": { "type": "string", - "example": "JWT", - "description": "The type of authentication to be used, e.g., JWT, OAuth, etc." + "example": "OAuth2", + "description": "The type of authentication to be used, e.g., OAuth2, etc." }, "sendTokenToUpstream": { "type": "boolean", diff --git a/runtime/config-deployer-service/ballerina/tests/resources/bothVhostGlobalEndpoint.apk-conf b/runtime/config-deployer-service/ballerina/tests/resources/bothVhostGlobalEndpoint.apk-conf index 0c3d14c51a..c4d35606ea 100644 --- a/runtime/config-deployer-service/ballerina/tests/resources/bothVhostGlobalEndpoint.apk-conf +++ b/runtime/config-deployer-service/ballerina/tests/resources/bothVhostGlobalEndpoint.apk-conf @@ -17,7 +17,7 @@ operations: authTypeEnabled: true scopes: [] authentication: - - authType: "JWT" + - authType: "OAuth2" sendTokenToUpstream: false enabled: true headerName: "Authorization" diff --git a/runtime/config-deployer-service/ballerina/tests/resources/invalid.apk-conf b/runtime/config-deployer-service/ballerina/tests/resources/invalid.apk-conf index aca5e93835..5fc1addce1 100644 --- a/runtime/config-deployer-service/ballerina/tests/resources/invalid.apk-conf +++ b/runtime/config-deployer-service/ballerina/tests/resources/invalid.apk-conf @@ -22,7 +22,7 @@ operations: authTypeEnabled: true scopes: [] authentication: - - authType: "JWT" + - authType: "OAuth2" sendTokenToUpstream: false enabled: true headerName: "Authorization" diff --git a/runtime/config-deployer-service/ballerina/tests/resources/invalidproductionVhostGlobalEndpoint.apk-conf b/runtime/config-deployer-service/ballerina/tests/resources/invalidproductionVhostGlobalEndpoint.apk-conf index 0c3d14c51a..c4d35606ea 100644 --- a/runtime/config-deployer-service/ballerina/tests/resources/invalidproductionVhostGlobalEndpoint.apk-conf +++ b/runtime/config-deployer-service/ballerina/tests/resources/invalidproductionVhostGlobalEndpoint.apk-conf @@ -17,7 +17,7 @@ operations: authTypeEnabled: true scopes: [] authentication: - - authType: "JWT" + - authType: "OAuth2" sendTokenToUpstream: false enabled: true headerName: "Authorization" diff --git a/runtime/config-deployer-service/ballerina/tests/resources/invalidproductionVhostResourceEndpointapk-conf b/runtime/config-deployer-service/ballerina/tests/resources/invalidproductionVhostResourceEndpointapk-conf index b64d4c3418..321d023473 100644 --- a/runtime/config-deployer-service/ballerina/tests/resources/invalidproductionVhostResourceEndpointapk-conf +++ b/runtime/config-deployer-service/ballerina/tests/resources/invalidproductionVhostResourceEndpointapk-conf @@ -19,7 +19,7 @@ operations: authTypeEnabled: true scopes: [] authentication: - - authType: "JWT" + - authType: "OAuth2" sendTokenToUpstream: false enabled: true headerName: "Authorization" diff --git a/runtime/config-deployer-service/ballerina/tests/resources/invalidsandboxVhostGlobalEndpoint.apk-conf b/runtime/config-deployer-service/ballerina/tests/resources/invalidsandboxVhostGlobalEndpoint.apk-conf index 0c3d14c51a..c4d35606ea 100644 --- a/runtime/config-deployer-service/ballerina/tests/resources/invalidsandboxVhostGlobalEndpoint.apk-conf +++ b/runtime/config-deployer-service/ballerina/tests/resources/invalidsandboxVhostGlobalEndpoint.apk-conf @@ -17,7 +17,7 @@ operations: authTypeEnabled: true scopes: [] authentication: - - authType: "JWT" + - authType: "OAuth2" sendTokenToUpstream: false enabled: true headerName: "Authorization" diff --git a/runtime/config-deployer-service/ballerina/tests/resources/jwtAuth.apk-conf b/runtime/config-deployer-service/ballerina/tests/resources/jwtAuth.apk-conf index ec26d713dd..fadcfdcee8 100644 --- a/runtime/config-deployer-service/ballerina/tests/resources/jwtAuth.apk-conf +++ b/runtime/config-deployer-service/ballerina/tests/resources/jwtAuth.apk-conf @@ -15,7 +15,7 @@ operations: - target: /get verb: POST authentication: - - authType: "JWT" + - authType: "OAuth2" enabled: true corsConfiguration: corsConfigurationEnabled: false diff --git a/runtime/config-deployer-service/ballerina/tests/resources/jwtandAPIKey.apk-conf b/runtime/config-deployer-service/ballerina/tests/resources/jwtandAPIKey.apk-conf index 8968399687..5ec5af8434 100644 --- a/runtime/config-deployer-service/ballerina/tests/resources/jwtandAPIKey.apk-conf +++ b/runtime/config-deployer-service/ballerina/tests/resources/jwtandAPIKey.apk-conf @@ -15,7 +15,7 @@ operations: - target: /get verb: POST authentication: - - authType: "JWT" + - authType: "OAuth2" enabled: true - authType: "APIKey" enabled: true diff --git a/runtime/config-deployer-service/ballerina/types.bal b/runtime/config-deployer-service/ballerina/types.bal index 74dc2535ee..b346c79199 100644 --- a/runtime/config-deployer-service/ballerina/types.bal +++ b/runtime/config-deployer-service/ballerina/types.bal @@ -112,14 +112,14 @@ public type CircuitBreaker record { int maxRetries?; }; -public type AuthenticationRequest JWTAuthentication|APIKeyAuthentication; +public type AuthenticationRequest OAuth2Authentication|APIKeyAuthentication; public type EndpointConfigurations record { EndpointConfiguration production?; EndpointConfiguration sandbox?; }; -public type JWTAuthentication record {| +public type OAuth2Authentication record {| *Authentication; boolean sendTokenToUpstream = false; string headerName = "Authorization"; diff --git a/runtime/config-deployer-service/docker/config-deployer/conf/apk-schema.json b/runtime/config-deployer-service/docker/config-deployer/conf/apk-schema.json index c440f77970..4944693048 100644 --- a/runtime/config-deployer-service/docker/config-deployer/conf/apk-schema.json +++ b/runtime/config-deployer-service/docker/config-deployer/conf/apk-schema.json @@ -95,8 +95,8 @@ "properties": { "authType": { "type": "string", - "example": "JWT", - "description": "The type of authentication to be used, e.g., JWT, OAuth, etc." + "example": "OAuth2", + "description": "The type of authentication to be used, e.g., OAuth2, etc." }, "sendTokenToUpstream": { "type": "boolean", diff --git a/runtime/runtime-ui/schema/apk-conf.yaml b/runtime/runtime-ui/schema/apk-conf.yaml index 9f63d05e48..33cda19502 100644 --- a/runtime/runtime-ui/schema/apk-conf.yaml +++ b/runtime/runtime-ui/schema/apk-conf.yaml @@ -75,8 +75,8 @@ schemas: properties: authType: type: string - example: JWT - description: The type of authentication to be used, e.g., JWT, OAuth, etc. + example: OAuth2 + description: The type of authentication to be used, e.g., OAuth2, etc. sendTokenToUpstream: type: boolean default: false diff --git a/runtime/runtime-ui/schema/apk-schema.json b/runtime/runtime-ui/schema/apk-schema.json index c440f77970..4944693048 100644 --- a/runtime/runtime-ui/schema/apk-schema.json +++ b/runtime/runtime-ui/schema/apk-schema.json @@ -95,8 +95,8 @@ "properties": { "authType": { "type": "string", - "example": "JWT", - "description": "The type of authentication to be used, e.g., JWT, OAuth, etc." + "example": "OAuth2", + "description": "The type of authentication to be used, e.g., OAuth2, etc." }, "sendTokenToUpstream": { "type": "boolean", diff --git a/runtime/runtime-ui/templates/petstore.yaml b/runtime/runtime-ui/templates/petstore.yaml index 1f33651552..2fc0793ee1 100644 --- a/runtime/runtime-ui/templates/petstore.yaml +++ b/runtime/runtime-ui/templates/petstore.yaml @@ -53,7 +53,7 @@ apiRateLimit: requestsPerUnit: 1000 unit: "Hour" authentication: - - authType: "JWT" + - authType: "OAuth2" sendTokenToUpstream: false enabled: true headerName: "Authorization" diff --git a/runtime/runtime-ui/templates/pizza-shack.yaml b/runtime/runtime-ui/templates/pizza-shack.yaml index 3d01ef81f7..d9e78adf8b 100644 --- a/runtime/runtime-ui/templates/pizza-shack.yaml +++ b/runtime/runtime-ui/templates/pizza-shack.yaml @@ -79,7 +79,7 @@ apiRateLimit: requestsPerUnit: 1000 unit: "Hour" authentication: - - authType: "JWT" + - authType: "OAuth2" sendTokenToUpstream: false enabled: true headerName: "Authorization"