Skip to content

Commit

Permalink
fixing mtls auth not setting properly issue
Browse files Browse the repository at this point in the history
  • Loading branch information
@CrowleyRajapakse
CrowleyRajapakse committed Apr 1, 2024
1 parent dc901b9 commit 9068d7c
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 7 deletions.
20 changes: 16 additions & 4 deletions apim-apk-agent/pkg/transformer/transformer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import (
"bytes"
"crypto/sha1"
"crypto/tls"
"encoding/base64"
"encoding/hex"
"encoding/json"
"errors"
Expand Down Expand Up @@ -161,7 +162,7 @@ func GenerateAPKConf(APIJson string, certArtifact CertificateArtifact, organizat
certAvailable = true
}

authConfigList := mapAuthConfigs(apiYamlData.ID, apiYamlData.AuthorizationHeader, apiYamlData.SecuritySchemes, certAvailable, certList)
authConfigList := mapAuthConfigs(apiYamlData.ID, apiYamlData.AuthorizationHeader, apiYamlData.SecuritySchemes, certAvailable, certList, apiUniqueID)
apk.Authentication = &authConfigList

apk.CorsConfig = &apiYamlData.CORSConfiguration
Expand Down Expand Up @@ -320,7 +321,7 @@ func getReqAndResInterceptors(reqPolicyCount, resPolicyCount int, reqPolicies []

// mapAuthConfigs will take the security schemes as the parameter and will return the mapped auth configs to be
// added into the apk-conf
func mapAuthConfigs(apiUUID string, authHeader string, secSchemes []string, certAvailable bool, certList CertDescriptor) []AuthConfiguration {
func mapAuthConfigs(apiUUID string, authHeader string, secSchemes []string, certAvailable bool, certList CertDescriptor, apiUniqueID string) []AuthConfiguration {
var authConfigs []AuthConfiguration
if StringExists("oauth2", secSchemes) {
var newConfig AuthConfiguration
Expand Down Expand Up @@ -349,7 +350,7 @@ func mapAuthConfigs(apiUUID string, authHeader string, secSchemes []string, cert

for i, cert := range certList.CertData {
prop := &Certificate{
Name: cert.Alias,
Name: apiUniqueID + "-" + cert.Alias,
Key: cert.Certificate,
}
clientCerts[i] = *prop
Expand Down Expand Up @@ -812,7 +813,18 @@ func createConfigMaps(certFiles map[string]string, k8sArtifact *K8sArtifacts) {
if cm.Data == nil {
cm.Data = make(map[string]string)
}
cm.Data[confKey] = confValue
apimCert := confValue
// Remove "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" strings
pemCert := strings.ReplaceAll(apimCert, "-----BEGIN CERTIFICATE-----", "")
pemCert = strings.ReplaceAll(pemCert, "-----END CERTIFICATE-----", "")
pemCert = strings.TrimSpace(pemCert)
// Decode the Base64 encoded certificate content
decodedCert, err := base64.StdEncoding.DecodeString(pemCert)
logger.LoggerTransformer.Debugf("Decoded Certificate: %v", decodedCert)
if err != nil {
logger.LoggerTransformer.Errorf("Error decoding the certificate: %v", err)
}
cm.Data[confKey] = string(decodedCert)
certConfigMap := &cm

logger.LoggerTransformer.Debugf("New ConfigMap Data: %v", *certConfigMap)
Expand Down
8 changes: 5 additions & 3 deletions apim-apk-agent/pkg/transformer/transformer_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,8 +224,8 @@ func TestCreateConfigMaps(t *testing.T) {
for _, k8Json := range sampleK8Artifacts {
// Define input parameters
certFiles := map[string]string{
"cert1": "-----BEGIN CERTIFICATE----- MIIDWTCCAkGgAwIBAgIUbiBM1STcH3a8LjqLjelY1+jD2KwwDQYJKoZIhvcNAQEL BQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRMwEQYDVQQH DApTYW4gRnJhbmNpc2NvMRcwFQYDVQQKDA5PcGVuU3BhY2UgTGltaXRlZDEXMBUG A1UEAwwOcGxpdHRlc3QuY29tMB4XDTIxMDgyNTE0MDUyN1oXDTIyMDgyNTE0MDUy N1owgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRMwEQYDVQQH DApTYW4gRnJhbmNpc2NvMRcwFQYDVQQKDA5PcGVuU3BhY2UgTGltaXRlZDEXMBUG A1UEAwwOcGxpdHRlc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAyH+VgZ5mcIiDw5YNvVD9sPsGQ5zUzOqK4JbQ2QipVt2mIXRMOHZjBsoLOIHw +U0mqyKTsDZN2zSq9N8Nc58VLyG2DLvOQqzqSC9P6hfrCed09pb3xRP2EnB16rli iC/DzN4Ou4gQ0JHh8THHIKd+OydQJpj1qoE/cpOpqkTx61Gd8RaN9YOm87dvyoYx kYzK9jsm24eX7l7pYzrQ/8oG++J4Cqof1f+bBjx8ZYxx92EhwGqRuBUVnROAv9WS vhJt7zk4H3ugVTJ9CBTmkdz+j5QZw4b36vJpySfu+DlDC6ZzuoXKZcc9k5l9MPnQ eG+MlH2sHwvtSfhiFpFbFQIDAQABo1MwUTAdBgNVHQ4EFgQUwCljqo6ES4rT3o+X ofc/m1j8i58wHwYDVR0jBBgwFoAUwCljqo6ES4rT3o+Xofc/m1j8i58wDwYDVR0T AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAMnR2MzIRoB25/jl5g69GQ4ju eynDDr7GwRqfV8bJN05zmgnlGxBXkT/3jpiwuK+PBdzG6Dw1qRxbN52Z1QUzYpFq eN0B4K9Zmc4d82z9/4M+7tNLx09JKe7ky+f1QGkSZBxIjAKxPUyT8GCOVvQj0x9C 8q6ht3R4miq/rGpUXjJiWYTBZ2V/X33RlDfH38QrhqRYPltp++UDs+8LwTp3Dx4N 8cjplhh9lyM4lH33D20CNUw2T+3JOGtzgTn1ffwsxgDbW5Vf2RU8Qs5iTYoi8epF OnMzCqBt/t9gKGJ1oXc6T/URQKKKfGZL+RWbqFb1wUOuYfzL9nxI63tJxvK7yg== -----END CERTIFICATE-----",
"cert2": "-----BEGIN CERTIFICATE----- MIIEqDCCA5CgAwIBAgIJAIql0LphfqC5MA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FuIEZyYW5j aXNjbzEXMBUGA1UECgwOT3BlblNwYWNlIExpbWl0ZWQxFzAVBgNVBAMMDnBsaXR0 ZXMudGVzdDAeFw0yMDEyMDExNjUzMTFaFw0yMTAzMzAxNjUzMTFaMIGMMQswCQYD VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FuIEZyYW5j aXNjbzEXMBUGA1UECgwOT3BlblNwYWNlIExpbWl0ZWQxFzAVBgNVBAMMDnBsaXR0 ZXMudGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIs8piOIsHH1 iTelPml0g9TLjnUWtAtIJpLPz5gI5cP16zBZMTnR3Qw4M2Kjwos9iRlfGWSttg0t nGo8DqP7d9HoP7chqey7hx7YmMvIgfrjT+wtbB69GBCW0vqn/3rPfb/IB4fVZ+RQ +D9r3k1Y3LR0ewIplbTfDit8xjqkFmGvvho8GpwP8P/yOIEteXJL3GceH1ap3Sre GwPGkNLwBe6AY8Hh1PcX4QXgUbA9tIYpqYwwVweRvdGRTkZrO5YiAbLOZJzVf6zM W2+3Xl86HkM0a/DJcGx1N7hZwWxyb+XX5OLbTtCLb6KAl2q28zxdBC6ftKysZVCH GOUCAwEAAaMnMCUwCwYDVR0PBAQDAgXgMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI hvcNAQELBQADggEBAFUwdqeE6McZmK2Iq61xZlL2iZ3pE6/DqDP0BSjWvWSrvnfb RAR4+5WuS/q80MJd2iXXfC2AfIC0EGzzCkMP05gblhzLRp/J/VRW5uPrqzBp1h6F e/LI3bJjCpUMZ0WJi7HXVjRA7n/N1gGsZB5vTI5nmKTeCSMPA8V7R/q+QzhM5NL7 XwlVyxuyYlWuXUNp5GqHRQNNQem6v44tRM56NmN4nIylWvFjBwnunlvdqCr83HcE /bjXKSoBUERm9k7dRbUcm1JrQiJ6LCZbxdPhzXnccHkE4r8qq0WReJb6l5nHeEQE R1r2HqNwnHMtEvfUHJQpHYRrU06VQVvdQrTDhmQ= -----END CERTIFICATE-----",
"cert1": "-----BEGIN CERTIFICATE----- LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHVENDQWdFQ0ZBTklrTFFCa2Q3NnFpVFh6U1hqQlMyc2NQSnNNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1FMHgKQ3pBSkJnTlZCQVlUQWt4TE1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNUTB3Q3dZRFZRUUtEQVIzYzI4eQpNUXd3Q2dZRFZRUUxEQU5oY0dzeEREQUtCZ05WQkFNTUEyRndhekFlRncweU16RXlNRFl4TURFeU5EaGFGdzB5Ck5UQTBNVGt4TURFeU5EaGFNRVV4Q3pBSkJnTlZCQVlUQWt4TE1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmwKTVNFd0h3WURWUVFLREJoSmJuUmxjbTVsZENCWGFXUm5hWFJ6SUZCMGVTQk1kR1F3Z2dFaU1BMEdDU3FHU0liMwpEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNkRzkwVy9UbGs0dTlhd0hQdGVENXpwVmNUaFVLd01MdkFLdzlpCnZWUUJDMEFHNkd6UGJha29sNWdLVm0ra0JVREZ6enpGNmVheUVYS1dieWFaRHR5NjZBMis3SExMY0tCb3A1TS8KYTU3UTlYdFUzbFJZdm90Z3V0TFd1SGNJN21MQ1NjWkRyakEzcm5iL0tqamJoWjYwMlpTMXBwNWp0eVV6NkR3TAptN3c0d1EvUlByb3FDZEJqOFFxb0F2bkRETFNQZURmc3gxNEo1VmVOSlZHSlYyd2F4NjVqV1JqUmtqNndFN3oyCnF6V0FsUDV2RGVFRDZib2dZWVZEcEM4RHRnYXlRK3ZLQVFMaTF1aitJOVlxYi9uUFVyZFVoOUlseHVkbHFpRlEKUXh5dnNYTUpFemJXV21sYkQwa1hZa0htSHpldEpOUEs5YXlPUy9mSmNBY2ZBYjAxQWdNQkFBRXdEUVlKS29aSQpodmNOQVFFTEJRQURnZ0VCQUZtVWM3K2NJOGQwRGw0d1RkcStnZnlXZHFqUWI3QVlWTzlEdkppM1hHeGRjNUtwCjFuQ1NzS3pLVXo5Z3Z4WEhlYVlLckJOWWY0U1NVK1BrZGYvQldlUHFpN1VYL1NJeE5YYnkyZGE4eldnK1c2VWgKeFpmS2xMWUdNcDNtQ2p1ZVpwWlRKN1NLT09HRkE4SUlnRXpqSkQ5TG4xZ2wzeXdNYUN3bE5yRzlScGlEMU1jVApDT0t2eVdOS25TUlZyL1J2Q2tsTFZyQU1USnI1MGtjZTJjemNkRmwveEY0SG02NnZwN2NQL2JZSktXQUw4aEJHCnpVYTlhUUJLbmNPb0FPK3pRL1NHeTd1SnhURFVGOFN2ZXJEc21qT2M2QVU2SWhCR1ZVeVgvSlFiWXlKZlppbkIKWWx2aVl4VnpJbTZJYU5KSHg0c2lodzRVMS9qTUZXUlhUNDcwemNRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t -----END CERTIFICATE-----",
"cert2": "-----BEGIN CERTIFICATE----- LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHVENDQWdFQ0ZBTklrTFFCa2Q3NnFpVFh6U1hqQlMyc2NQSnNNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1FMHgKQ3pBSkJnTlZCQVlUQWt4TE1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNUTB3Q3dZRFZRUUtEQVIzYzI4eQpNUXd3Q2dZRFZRUUxEQU5oY0dzeEREQUtCZ05WQkFNTUEyRndhekFlRncweU16RXlNRFl4TURFeU5EaGFGdzB5Ck5UQTBNVGt4TURFeU5EaGFNRVV4Q3pBSkJnTlZCQVlUQWt4TE1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmwKTVNFd0h3WURWUVFLREJoSmJuUmxjbTVsZENCWGFXUm5hWFJ6SUZCMGVTQk1kR1F3Z2dFaU1BMEdDU3FHU0liMwpEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNkRzkwVy9UbGs0dTlhd0hQdGVENXpwVmNUaFVLd01MdkFLdzlpCnZWUUJDMEFHNkd6UGJha29sNWdLVm0ra0JVREZ6enpGNmVheUVYS1dieWFaRHR5NjZBMis3SExMY0tCb3A1TS8KYTU3UTlYdFUzbFJZdm90Z3V0TFd1SGNJN21MQ1NjWkRyakEzcm5iL0tqamJoWjYwMlpTMXBwNWp0eVV6NkR3TAptN3c0d1EvUlByb3FDZEJqOFFxb0F2bkRETFNQZURmc3gxNEo1VmVOSlZHSlYyd2F4NjVqV1JqUmtqNndFN3oyCnF6V0FsUDV2RGVFRDZib2dZWVZEcEM4RHRnYXlRK3ZLQVFMaTF1aitJOVlxYi9uUFVyZFVoOUlseHVkbHFpRlEKUXh5dnNYTUpFemJXV21sYkQwa1hZa0htSHpldEpOUEs5YXlPUy9mSmNBY2ZBYjAxQWdNQkFBRXdEUVlKS29aSQpodmNOQVFFTEJRQURnZ0VCQUZtVWM3K2NJOGQwRGw0d1RkcStnZnlXZHFqUWI3QVlWTzlEdkppM1hHeGRjNUtwCjFuQ1NzS3pLVXo5Z3Z4WEhlYVlLckJOWWY0U1NVK1BrZGYvQldlUHFpN1VYL1NJeE5YYnkyZGE4eldnK1c2VWgKeFpmS2xMWUdNcDNtQ2p1ZVpwWlRKN1NLT09HRkE4SUlnRXpqSkQ5TG4xZ2wzeXdNYUN3bE5yRzlScGlEMU1jVApDT0t2eVdOS25TUlZyL1J2Q2tsTFZyQU1USnI1MGtjZTJjemNkRmwveEY0SG02NnZwN2NQL2JZSktXQUw4aEJHCnpVYTlhUUJLbmNPb0FPK3pRL1NHeTd1SnhURFVGOFN2ZXJEc21qT2M2QVU2SWhCR1ZVeVgvSlFiWXlKZlppbkIKWWx2aVl4VnpJbTZJYU5KSHg0c2lodzRVMS9qTUZXUlhUNDcwemNRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t -----END CERTIFICATE-----",
}

var k8sArtifact K8sArtifacts
Expand All @@ -251,7 +251,9 @@ func TestCreateConfigMaps(t *testing.T) {
assert.NotNil(t, cm, "ConfigMap should not be nil")
assert.Equal(t, "v1", cm.APIVersion, "APIVersion should be 'v1'")
assert.Equal(t, "ConfigMap", cm.Kind, "Kind should be 'ConfigMap'")
assert.Equal(t, confValue, cm.Data[confKey], "Data should match the provided certificate content")
assert.NotNil(t, confValue, "Data should not be nil")
decodedCert := "-----BEGIN CERTIFICATE-----\nMIIDGTCCAgECFANIkLQBkd76qiTXzSXjBS2scPJsMA0GCSqGSIb3DQEBCwUAME0x\nCzAJBgNVBAYTAkxLMRMwEQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDAR3c28y\nMQwwCgYDVQQLDANhcGsxDDAKBgNVBAMMA2FwazAeFw0yMzEyMDYxMDEyNDhaFw0y\nNTA0MTkxMDEyNDhaMEUxCzAJBgNVBAYTAkxLMRMwEQYDVQQIDApTb21lLVN0YXRl\nMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3\nDQEBAQUAA4IBDwAwggEKAoIBAQCdG90W/Tlk4u9awHPteD5zpVcThUKwMLvAKw9i\nvVQBC0AG6GzPbakol5gKVm+kBUDFzzzF6eayEXKWbyaZDty66A2+7HLLcKBop5M/\na57Q9XtU3lRYvotgutLWuHcI7mLCScZDrjA3rnb/KjjbhZ602ZS1pp5jtyUz6DwL\nm7w4wQ/RProqCdBj8QqoAvnDDLSPeDfsx14J5VeNJVGJV2wax65jWRjRkj6wE7z2\nqzWAlP5vDeED6bogYYVDpC8DtgayQ+vKAQLi1uj+I9Yqb/nPUrdUh9IlxudlqiFQ\nQxyvsXMJEzbWWmlbD0kXYkHmHzetJNPK9ayOS/fJcAcfAb01AgMBAAEwDQYJKoZI\nhvcNAQELBQADggEBAFmUc7+cI8d0Dl4wTdq+gfyWdqjQb7AYVO9DvJi3XGxdc5Kp\n1nCSsKzKUz9gvxXHeaYKrBNYf4SSU+Pkdf/BWePqi7UX/SIxNXby2da8zWg+W6Uh\nxZfKlLYGMp3mCjueZpZTJ7SKOOGFA8IIgEzjJD9Ln1gl3ywMaCwlNrG9RpiD1McT\nCOKvyWNKnSRVr/RvCklLVrAMTJr50kce2czcdFl/xF4Hm66vp7cP/bYJKWAL8hBG\nzUa9aQBKncOoAO+zQ/SGy7uJxTDUF8SverDsmjOc6AU6IhBGVUyX/JQbYyJfZinB\nYlviYxVzIm6IaNJHx4sihw4U1/jMFWRXT470zcQ=\n-----END CERTIFICATE-----"
assert.Equal(t, decodedCert, cm.Data[confKey], "Data should match the provided certificate content")
}
}
}
Expand Down

0 comments on commit 9068d7c

Please sign in to comment.