Add API Key Authentication to agent

wso2 · Apr 26, 2024 · 943983f · 943983f
1 parent f91e206
commit 943983f
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 7 deletions.
diff --git a/apim-apk-agent/pkg/transformer/api_model.go b/apim-apk-agent/pkg/transformer/api_model.go
@@ -140,6 +140,7 @@ type APIMApi struct {
 	DefaultVersion       bool                   `json:"isDefaultVersion"`
 	Type                 string                 `yaml:"type"`
 	AuthorizationHeader  string                 `yaml:"authorizationHeader"`
+	APIKeyHeader         string                 `yaml:"apiKeyHeader"`
 	SecuritySchemes      []string               `json:"securityScheme"`
 	AdditionalProperties []AdditionalProperties `yaml:"additionalProperties"`
 	// AdditionalPropertiesMap []AdditionalPropertiesMap `yaml:"additionalPropertiesMap"`

diff --git a/apim-apk-agent/pkg/transformer/apk_model.go b/apim-apk-agent/pkg/transformer/apk_model.go
@@ -64,7 +64,7 @@ type AuthConfiguration struct {
 	Enabled           bool          `yaml:"enabled"`
 	QueryParamName    string        `yaml:"queryParamName,omitempty"`
 	HeaderEnabled     bool          `yaml:"headerEnable,omitempty"`
-	queryParamEnable  bool          `yaml:"queryParamEnable,omitempty"`
+	QueryParamEnable  bool          `yaml:"queryParamEnable,omitempty"`
 	Certificates      []Certificate `yaml:"certificates,omitempty"`
 	Audience          []string      `yaml:"audience,omitempty"`
 }

diff --git a/apim-apk-agent/pkg/transformer/constants.go b/apim-apk-agent/pkg/transformer/constants.go
@@ -28,6 +28,7 @@ const (
 	postHTTPMethod    = "POST"
 	contentTypeHeader = "Content-Type"
 	internalKeyHeader = "internal-key"
+	apiKeyHeader      = "apikey"
 
 	// K8s CRD fields
 	k8sKindField                = "kind"
@@ -51,6 +52,14 @@ const (
 	mTLS   = "mTLS"
 	jwt    = "JWT"
 	oAuth2 = "OAuth2"
+	apiKey = "APIKey"
+
+	// Security Scheme values
+	oAuth2SecScheme    = "oauth2"
+	oAuth2Mandatory    = "oauth_basic_auth_api_key_mandatory"
+	mutualSSL          = "mutualssl"
+	mutualSSLMandatory = "mutualssl_mandatory"
+	apiKeySecScheme    = "api_key"
 
 	// Optionality constants
 	mandatory = "mandatory"

diff --git a/apim-apk-agent/pkg/transformer/transformer.go b/apim-apk-agent/pkg/transformer/transformer.go
@@ -174,7 +174,7 @@ func GenerateAPKConf(APIJson string, certArtifact CertificateArtifact, organizat
 		certAvailable = true
 	}
 
-	authConfigList := mapAuthConfigs(apiYamlData.ID, apiYamlData.AuthorizationHeader, apiYamlData.SecuritySchemes, certAvailable, certList, apiUniqueID)
+	authConfigList := mapAuthConfigs(apiYamlData.ID, apiYamlData.AuthorizationHeader, apiYamlData.APIKeyHeader, apiYamlData.SecuritySchemes, certAvailable, certList, apiUniqueID)
 	apk.Authentication = &authConfigList
 
 	corsEnabled := apiYamlData.CORSConfiguration.CORSConfigurationEnabled
@@ -384,14 +384,14 @@ func getReqAndResInterceptors(reqPolicyCount, resPolicyCount int, reqPolicies []
 
 // mapAuthConfigs will take the security schemes as the parameter and will return the mapped auth configs to be
 // added into the apk-conf
-func mapAuthConfigs(apiUUID string, authHeader string, secSchemes []string, certAvailable bool, certList CertDescriptor, apiUniqueID string) []AuthConfiguration {
+func mapAuthConfigs(apiUUID string, authHeader string, configuredAPIKeyHeader string, secSchemes []string, certAvailable bool, certList CertDescriptor, apiUniqueID string) []AuthConfiguration {
 	var authConfigs []AuthConfiguration
-	if StringExists("oauth2", secSchemes) {
+	if StringExists(oAuth2SecScheme, secSchemes) {
 		var newConfig AuthConfiguration
 		newConfig.AuthType = oAuth2
 		newConfig.Enabled = true
 		newConfig.HeaderName = authHeader
-		if StringExists("oauth_basic_auth_api_key_mandatory", secSchemes) {
+		if StringExists(oAuth2Mandatory, secSchemes) {
 			newConfig.Required = mandatory
 		} else {
 			newConfig.Required = optional
@@ -406,11 +406,11 @@ func mapAuthConfigs(apiUUID string, authHeader string, secSchemes []string, cert
 		}
 		authConfigs = append(authConfigs, oAuth2DisabledConfig)
 	}
-	if StringExists("mutualssl", secSchemes) && certAvailable {
+	if StringExists(mutualSSL, secSchemes) && certAvailable {
 		var newConfig AuthConfiguration
 		newConfig.AuthType = mTLS
 		newConfig.Enabled = true
-		if StringExists("mutualssl_mandatory", secSchemes) {
+		if StringExists(mutualSSLMandatory, secSchemes) {
 			newConfig.Required = mandatory
 		} else {
 			newConfig.Required = optional
@@ -436,6 +436,17 @@ func mapAuthConfigs(apiUUID string, authHeader string, secSchemes []string, cert
 		HeaderName: internalKeyHeader,
 	}
 	authConfigs = append(authConfigs, internalKeyAuthConfig)
+
+	if StringExists(apiKeySecScheme, secSchemes) {
+		apiKeyAuthConfig := AuthConfiguration{
+			AuthType:       apiKey,
+			Enabled:        true,
+			HeaderName:     configuredAPIKeyHeader,
+			HeaderEnabled:  true,
+			QueryParamName: apiKeyHeader,
+		}
+		authConfigs = append(authConfigs, apiKeyAuthConfig)
+	}
 	return authConfigs
 }