From 2bd7ce112acd16780cbec9707c13e49ef107569a Mon Sep 17 00:00:00 2001 From: Ashan Rathnaweera Date: Mon, 4 Nov 2024 17:05:54 +0530 Subject: [PATCH 1/2] Update Velocity template to handle resources when security is set to 'None' --- .../resources/api_templates/velocity_template.xml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/modules/distribution/resources/api_templates/velocity_template.xml b/modules/distribution/resources/api_templates/velocity_template.xml index 60a7cd4d6f..c274770a34 100644 --- a/modules/distribution/resources/api_templates/velocity_template.xml +++ b/modules/distribution/resources/api_templates/velocity_template.xml @@ -335,14 +335,18 @@ $in_sequences.get("$resource.getUriTemplate()").get($uri) #if( $environmentType !='hybrid' ) + #if( $resource.getAuthType() == 'None' && $environmentType == 'sandbox' + && $endpoint_config.get("sandbox_endpoints") ) + #draw_endpoint( "sandbox" $endpoint_config ) + #else - #if( $environmentType == 'production' ) + #if( $environmentType == 'production' ) Sandbox Key Provided for Production Gateway - #elseif( $environmentType == 'sandbox' ) + #elseif( $environmentType == 'sandbox' ) Production Key Provided for Sandbox Gateway - #end + #end @@ -352,6 +356,7 @@ $in_sequences.get("$resource.getUriTemplate()").get($uri) + #end #else #if( $endpoint_config.get("production_endpoints") && $endpoint_config.get("sandbox_endpoints") ) @@ -359,7 +364,11 @@ $in_sequences.get("$resource.getUriTemplate()").get($uri) #elseif( $endpoint_config.get("production_endpoints") ) #elseif( $endpoint_config.get("sandbox_endpoints") ) + #if( $resource.getAuthType() == 'None' ) + #draw_endpoint( "sandbox" $endpoint_config ) + #else + #end #end #end From 771ade0a6cb1ee4d62fdfeab7c262d43e836533f Mon Sep 17 00:00:00 2001 From: Ashan Rathnaweera Date: Wed, 27 Nov 2024 12:37:52 +0530 Subject: [PATCH 2/2] Add test to validate the flows of velocity template. --- ...ndpointsAndTokensInSandboxEnvTestCase.java | 300 ++++++++++++++ ...WithVariousEndpointsAndTokensTestCase.java | 388 ++++++++++++++++++ .../apiInvokeCombinationsTest/deployment.toml | 282 +++++++++++++ .../src/test/resources/testng.xml | 2 + 4 files changed, 972 insertions(+) create mode 100644 modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/token/InvokeAPIWithVariousEndpointsAndTokensInSandboxEnvTestCase.java create mode 100644 modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/token/InvokeAPIWithVariousEndpointsAndTokensTestCase.java create mode 100644 modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/tokenTest/apiInvokeCombinationsTest/deployment.toml diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/token/InvokeAPIWithVariousEndpointsAndTokensInSandboxEnvTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/token/InvokeAPIWithVariousEndpointsAndTokensInSandboxEnvTestCase.java new file mode 100644 index 0000000000..62cd7e41f1 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/token/InvokeAPIWithVariousEndpointsAndTokensInSandboxEnvTestCase.java @@ -0,0 +1,300 @@ +/* + * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.am.integration.tests.token; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.testng.annotations.AfterClass; +import org.testng.annotations.BeforeClass; +import org.testng.annotations.DataProvider; +import org.testng.annotations.Factory; +import org.testng.annotations.Test; +import org.wso2.am.integration.clients.publisher.api.v1.dto.APIOperationsDTO; +import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationDTO; +import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyDTO; +import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyGenerateRequestDTO; +import org.wso2.am.integration.test.utils.base.APIMIntegrationConstants; +import org.wso2.am.integration.test.utils.bean.APIRequest; +import org.wso2.am.integration.tests.api.lifecycle.APIManagerLifecycleBaseTest; +import org.wso2.carbon.apimgt.api.model.APIIdentifier; +import org.wso2.carbon.automation.engine.FrameworkConstants; +import org.wso2.carbon.automation.engine.annotations.ExecutionEnvironment; +import org.wso2.carbon.automation.engine.annotations.SetEnvironment; +import org.wso2.carbon.automation.engine.context.TestUserMode; +import org.wso2.carbon.automation.test.utils.http.client.HttpRequestUtil; +import org.wso2.carbon.automation.test.utils.http.client.HttpResponse; +import org.wso2.carbon.integration.common.utils.mgt.ServerConfigurationManager; + +import java.io.File; +import java.net.URL; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import static org.testng.Assert.assertEquals; +import static org.testng.Assert.assertNotNull; + +@SetEnvironment(executionEnvironments = { ExecutionEnvironment.STANDALONE }) +public class InvokeAPIWithVariousEndpointsAndTokensInSandboxEnvTestCase extends APIManagerLifecycleBaseTest { + private ServerConfigurationManager serverConfigurationManager; + private static final Log log = LogFactory.getLog(InvokeAPIWithVariousEndpointsAndTokensTestCase.class); + private List apiOperationsDTOList; + private final String apiTier = APIMIntegrationConstants.API_TIER.UNLIMITED; + private final String applicationTier = APIMIntegrationConstants.APPLICATION_TIER.UNLIMITED; + private final String resourceTier = APIMIntegrationConstants.RESOURCE_TIER.UNLIMITED; + private String gatewayUrl; + private String providerName; + private String apiId1; + private String apiId2; + private String applicationId; + ApplicationKeyDTO applicationKeyProductionDTO; + ApplicationKeyDTO applicationKeySandboxDTO; + private final String SANDBOX_RESPONSE_BODY = "HelloWSO2 from File 1_Sandbox"; + private final String PRODUCTION_KEY_FOR_API_WITH_NO_PRODUCTION_ENDPOINT_ERROR = "Production Key Provided for Sandbox Gateway"; + + @DataProvider + public static Object[][] userModeDataProvider() { + return new Object[][] { new Object[] { TestUserMode.SUPER_TENANT_ADMIN } }; + } + + @Factory(dataProvider = "userModeDataProvider") + public InvokeAPIWithVariousEndpointsAndTokensInSandboxEnvTestCase(TestUserMode userMode) { + this.userMode = userMode; + } + + @BeforeClass(alwaysRun = true) + public void setEnvironment() throws Exception { + super.init(userMode); + log.info("Test starting user mode: " + userMode); + + serverConfigurationManager = new ServerConfigurationManager(gatewayContextWrk); + serverConfigurationManager.applyConfiguration(new File( + getAMResourceLocation() + File.separator + "configFiles" + File.separator + "tokenTest" + File.separator + "apiInvokeCombinationsTest" + File.separator + "deployment.toml")); + + // Create an application to subscribe to the APIs + String applicationName = "InvokeAPIWithVariousEndpointsAndTokens"; + String applicationDescription = "Application for Invoke API with various endpoints and tokens"; + HttpResponse applicationResponse = restAPIStore.createApplication(applicationName, applicationDescription, + APIMIntegrationConstants.APPLICATION_TIER.UNLIMITED, ApplicationDTO.TokenTypeEnum.JWT); + applicationId = applicationResponse.getData(); + + // Generate production and sandbox keys + ArrayList grantTypes = new ArrayList<>(); + grantTypes.add(APIMIntegrationConstants.GRANT_TYPE.PASSWORD); + grantTypes.add(APIMIntegrationConstants.GRANT_TYPE.CLIENT_CREDENTIAL); + applicationKeyProductionDTO = restAPIStore.generateKeys(applicationId, "3600", "", + ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION, null, grantTypes); + applicationKeySandboxDTO = restAPIStore.generateKeys(applicationId, "3600", "", + ApplicationKeyGenerateRequestDTO.KeyTypeEnum.SANDBOX, null, grantTypes); + + if (gatewayContextWrk.getContextTenant().getDomain().equals(FrameworkConstants.SUPER_TENANT_DOMAIN_NAME)) { + gatewayUrl = gatewayUrlsWrk.getWebAppURLNhttp(); + } else { + gatewayUrl = gatewayUrlsWrk.getWebAppURLNhttp() + "t/" + gatewayContextWrk.getContextTenant() + .getDomain() + "/"; + } + + providerName = publisherContext.getContextTenant().getContextUser().getUserName(); + } + + @Test(groups = { "wso2.am" }, description = "Invoke API with both sandbox and production endpoints and tokens") + public void testInvokeAPIWithBothEndpointsAndTokens() throws Exception { + // Create an API + String apiName = "InvokeAPIWithBothEndpointsAndTokens"; + String apiContext = "invokeAPIWithBothEndpointsAndTokens"; + String apiVersion = "1.0.0"; + String apiDescription = "This is a test API created by API manager integration test"; + String endpointUrl = gatewayUrl + apiContext + "/" + apiVersion + "/name"; + String apiSandboxEndpoint = backEndServerUrl.getWebAppURLHttp() + APIMIntegrationConstants.SANDBOXEP1_WEB_APP_NAME; + String apiProductionEndpoint = backEndServerUrl.getWebAppURLHttp() + APIMIntegrationConstants.PRODEP1_WEB_APP_NAME; + + // Add the resource + apiOperationsDTOList = new ArrayList<>(); + APIOperationsDTO apiOperationDTO = new APIOperationsDTO(); + apiOperationDTO.setTarget("/name"); + apiOperationDTO.setVerb("GET"); + apiOperationDTO.authType( + APIMIntegrationConstants.ResourceAuthTypes.APPLICATION_AND_APPLICATION_USER.getAuthType()); + apiOperationDTO.setThrottlingPolicy(resourceTier); + apiOperationsDTOList.add(apiOperationDTO); + + APIRequest apiRequest = new APIRequest(apiName, apiContext, new URL(apiProductionEndpoint), + new URL(apiSandboxEndpoint)); + apiRequest.setTiersCollection(apiTier); + apiRequest.setTier(apiTier); + apiRequest.setVersion(apiVersion); + apiRequest.setOperationsDTOS(apiOperationsDTOList); + apiRequest.setVisibility("public"); + apiRequest.setDescription(apiDescription); + apiRequest.setProvider(providerName); + APIIdentifier apiIdentifier = new APIIdentifier(providerName, apiName, apiVersion); + + apiId1 = createPublishAndSubscribeToAPIUsingRest(apiRequest, restAPIPublisher, restAPIStore, applicationId, + applicationTier); + + // Invoke the API with sandbox endpoint and JWT token + Map requestHeaders = new HashMap<>(); + assert applicationKeySandboxDTO.getToken() != null; + requestHeaders.put("Authorization", "Bearer " + applicationKeySandboxDTO.getToken().getAccessToken()); + HttpResponse sandboxResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(sandboxResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Response code mismatched"); + assertEquals(sandboxResponse.getData(), SANDBOX_RESPONSE_BODY, "Response body mismatch"); + + // Invoke the API with production endpoint and JWT token + requestHeaders = new HashMap<>(); + assert applicationKeyProductionDTO.getToken() != null; + requestHeaders.put("Authorization", "Bearer " + applicationKeyProductionDTO.getToken().getAccessToken()); + HttpResponse productionResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(productionResponse.getResponseCode(), HTTP_RESPONSE_CODE_UNAUTHORIZED, "Response code mismatched"); + assertEquals(productionResponse.getData(), PRODUCTION_KEY_FOR_API_WITH_NO_PRODUCTION_ENDPOINT_ERROR, "Response body mismatch"); + + // Update the resource auth type to none + apiOperationDTO = apiOperationsDTOList.get(0); + apiOperationDTO.authType(APIMIntegrationConstants.ResourceAuthTypes.NONE.getAuthType()); + apiOperationsDTOList.clear(); + apiOperationsDTOList.add(apiOperationDTO); + apiRequest.setOperationsDTOS(apiOperationsDTOList); + HttpResponse updateAPIHTTPResponse = restAPIPublisher.updateAPI(apiRequest, apiId1); + + // Undeploy and Delete API Revisions + undeployAndDeleteAPIRevisionsUsingRest(apiId1, restAPIPublisher); + // Create Revision and Deploy to Gateway + createAPIRevisionAndDeployUsingRest(apiId1, restAPIPublisher); + + waitForAPIDeploymentSync(providerName, apiName, apiVersion, APIMIntegrationConstants.IS_API_EXISTS); + + assertEquals(updateAPIHTTPResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, + "Update API Response Code is invalid. " + getAPIIdentifierString(apiIdentifier)); + assertNotNull(updateAPIHTTPResponse.getData(), + "Error in API Update in " + getAPIIdentifierString(apiIdentifier)); + + // Invoke the updated API with sandbox endpoint and JWT token + requestHeaders = new HashMap<>(); + requestHeaders.put("Authorization", "Bearer " + applicationKeySandboxDTO.getToken().getAccessToken()); + sandboxResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(sandboxResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Response code mismatched"); + assertEquals(sandboxResponse.getData(), SANDBOX_RESPONSE_BODY, "Response body mismatch"); + + // Invoke the updated API with production endpoint and JWT token + requestHeaders = new HashMap<>(); + requestHeaders.put("Authorization", "Bearer " + applicationKeyProductionDTO.getToken().getAccessToken()); + productionResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(productionResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Response code mismatched"); + assertEquals(productionResponse.getData(), SANDBOX_RESPONSE_BODY, "Response body mismatch"); + } + + @Test(groups = { "wso2.am" }, description = "Invoke API with sandbox endpoint and both tokens") + public void testInvokeAPIWithSandboxEndpointAndBothTokens() throws Exception { + // Create an API + String apiName = "InvokeAPIWithSandboxEndpointAndBothTokens"; + String apiContext = "invokeAPIWithSandboxEndpointAndBothTokens"; + String apiVersion = "1.0.0"; + String apiDescription = "This is a test API created by API manager integration test"; + String endpointUrl = gatewayUrl + apiContext + "/" + apiVersion + "/name"; + String apiSandboxEndpoint = backEndServerUrl.getWebAppURLHttp() + APIMIntegrationConstants.SANDBOXEP1_WEB_APP_NAME; + List endpointLB = new ArrayList<>(); + endpointLB.add(apiSandboxEndpoint); + + // Add the resource + apiOperationsDTOList = new ArrayList<>(); + APIOperationsDTO apiOperationDTO = new APIOperationsDTO(); + apiOperationDTO.setTarget("/name"); + apiOperationDTO.setVerb("GET"); + apiOperationDTO.authType( + APIMIntegrationConstants.ResourceAuthTypes.APPLICATION_AND_APPLICATION_USER.getAuthType()); + apiOperationDTO.setThrottlingPolicy(resourceTier); + apiOperationsDTOList.add(apiOperationDTO); + + APIRequest apiRequest = new APIRequest(apiName, apiContext, apiVersion, null, endpointLB); + apiRequest.setTiersCollection(apiTier); + apiRequest.setTier(apiTier); + apiRequest.setVersion(apiVersion); + apiRequest.setOperationsDTOS(apiOperationsDTOList); + apiRequest.setVisibility("public"); + apiRequest.setDescription(apiDescription); + apiRequest.setProvider(providerName); + APIIdentifier apiIdentifier = new APIIdentifier(providerName, apiName, apiVersion); + + apiId2 = createPublishAndSubscribeToAPIUsingRest(apiRequest, restAPIPublisher, restAPIStore, applicationId, + applicationTier); + + // Invoke the API with sandbox endpoint and JWT token + Map requestHeaders = new HashMap<>(); + assert applicationKeySandboxDTO.getToken() != null; + requestHeaders.put("Authorization", "Bearer " + applicationKeySandboxDTO.getToken().getAccessToken()); + HttpResponse sandboxResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(sandboxResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Response code mismatched"); + assertEquals(sandboxResponse.getData(), SANDBOX_RESPONSE_BODY, "Response body mismatch"); + + // Invoke the API with production endpoint and JWT token + requestHeaders = new HashMap<>(); + assert applicationKeyProductionDTO.getToken() != null; + requestHeaders.put("Authorization", "Bearer " + applicationKeyProductionDTO.getToken().getAccessToken()); + HttpResponse productionResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(productionResponse.getResponseCode(), HTTP_RESPONSE_CODE_UNAUTHORIZED, "Response code mismatched"); + assertEquals(productionResponse.getData(), PRODUCTION_KEY_FOR_API_WITH_NO_PRODUCTION_ENDPOINT_ERROR, + "Response body mismatch"); + + // Update the resource auth type to none + apiOperationDTO = apiOperationsDTOList.get(0); + apiOperationDTO.authType(APIMIntegrationConstants.ResourceAuthTypes.NONE.getAuthType()); + apiOperationsDTOList.clear(); + apiOperationsDTOList.add(apiOperationDTO); + apiRequest.setOperationsDTOS(apiOperationsDTOList); + HttpResponse updateAPIHTTPResponse = restAPIPublisher.updateAPI(apiRequest, apiId2); + + // Undeploy and Delete API Revisions + undeployAndDeleteAPIRevisionsUsingRest(apiId2, restAPIPublisher); + // Create Revision and Deploy to Gateway + createAPIRevisionAndDeployUsingRest(apiId2, restAPIPublisher); + + waitForAPIDeploymentSync(providerName, apiName, apiVersion, APIMIntegrationConstants.IS_API_EXISTS); + + assertEquals(updateAPIHTTPResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, + "Update API Response Code is invalid. " + getAPIIdentifierString(apiIdentifier)); + assertNotNull(updateAPIHTTPResponse.getData(), + "Error in API Update in " + getAPIIdentifierString(apiIdentifier)); + + // Invoke the updated API with sandbox endpoint and JWT token + requestHeaders = new HashMap<>(); + requestHeaders.put("Authorization", "Bearer " + applicationKeySandboxDTO.getToken().getAccessToken()); + sandboxResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(sandboxResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Response code mismatched"); + assertEquals(sandboxResponse.getData(), SANDBOX_RESPONSE_BODY, "Response body mismatch"); + + // Invoke the updated API with production endpoint and JWT token + requestHeaders = new HashMap<>(); + requestHeaders.put("Authorization", "Bearer " + applicationKeyProductionDTO.getToken().getAccessToken()); + productionResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(productionResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Response code mismatched"); + assertEquals(productionResponse.getData(), SANDBOX_RESPONSE_BODY, "Response body mismatch"); + } + + @AfterClass(alwaysRun = true) + public void destroy() throws Exception { + restAPIStore.deleteApplication(applicationId); + undeployAndDeleteAPIRevisionsUsingRest(apiId1, restAPIPublisher); + undeployAndDeleteAPIRevisionsUsingRest(apiId2, restAPIPublisher); + restAPIPublisher.deleteAPI(apiId1); + restAPIPublisher.deleteAPI(apiId2); + serverConfigurationManager.restoreToLastConfiguration(); + super.cleanUp(); + } +} diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/token/InvokeAPIWithVariousEndpointsAndTokensTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/token/InvokeAPIWithVariousEndpointsAndTokensTestCase.java new file mode 100644 index 0000000000..ee5abd7830 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/token/InvokeAPIWithVariousEndpointsAndTokensTestCase.java @@ -0,0 +1,388 @@ +/* + * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.am.integration.tests.token; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import org.testng.annotations.AfterClass; +import org.testng.annotations.BeforeClass; +import org.testng.annotations.DataProvider; +import org.testng.annotations.Factory; +import org.testng.annotations.Test; + +import org.wso2.am.integration.clients.publisher.api.v1.dto.APIOperationsDTO; +import org.wso2.am.integration.tests.api.lifecycle.APIManagerLifecycleBaseTest; +import org.wso2.am.integration.test.utils.bean.APIRequest; +import org.wso2.carbon.apimgt.api.model.APIIdentifier; +import org.wso2.carbon.automation.engine.FrameworkConstants; +import org.wso2.am.integration.test.utils.base.APIMIntegrationConstants; +import org.wso2.carbon.automation.test.utils.http.client.HttpResponse; +import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationDTO; +import org.wso2.carbon.automation.test.utils.http.client.HttpRequestUtil; +import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyDTO; +import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyGenerateRequestDTO; +import org.wso2.carbon.automation.engine.annotations.ExecutionEnvironment; +import org.wso2.carbon.automation.engine.annotations.SetEnvironment; +import org.wso2.carbon.automation.engine.context.TestUserMode; + +import java.util.Map; +import java.util.HashMap; +import java.net.URL; +import java.util.ArrayList; +import java.util.List; + +import static org.testng.Assert.assertEquals; +import static org.testng.Assert.assertNotNull; + +@SetEnvironment(executionEnvironments = { ExecutionEnvironment.STANDALONE }) +public class InvokeAPIWithVariousEndpointsAndTokensTestCase extends APIManagerLifecycleBaseTest { + + private static final Log log = LogFactory.getLog(InvokeAPIWithVariousEndpointsAndTokensTestCase.class); + private List apiOperationsDTOList; + private final String apiTier = APIMIntegrationConstants.API_TIER.UNLIMITED; + private final String applicationTier = APIMIntegrationConstants.APPLICATION_TIER.UNLIMITED; + private final String resourceTier = APIMIntegrationConstants.RESOURCE_TIER.UNLIMITED; + private String gatewayUrl; + private String providerName; + private String apiId1; + private String apiId2; + private String apiId3; + private String applicationId; + ApplicationKeyDTO applicationKeyProductionDTO; + ApplicationKeyDTO applicationKeySandboxDTO; + private final String SANDBOX_RESPONSE_BODY = "HelloWSO2 from File 1_Sandbox"; + private final String PRODUCTION_RESPONSE_BODY = "HelloWSO2 from File 1"; + private final String SANDBOX_KEY_FOR_API_WITH_NO_SANDBOX_ENDPOINT_ERROR = "{\"code\":\"900901\",\"type\":\"Status report\",\"message\":\"Runtime Error\",\"description\":\"Sandbox key offered to the API with no sandbox endpoint\"}"; + private final String PRODUCTION_KEY_FOR_API_WITH_NO_PRODUCTION_ENDPOINT_ERROR = "{\"code\":\"900901\",\"type\":\"Status report\",\"message\":\"Runtime Error\",\"description\":\"Production key offered to the API with no production endpoint\"}"; + + @DataProvider + public static Object[][] userModeDataProvider() { + return new Object[][] { new Object[] { TestUserMode.SUPER_TENANT_ADMIN }, + new Object[] { TestUserMode.TENANT_ADMIN }, }; + } + + @Factory(dataProvider = "userModeDataProvider") + public InvokeAPIWithVariousEndpointsAndTokensTestCase(TestUserMode userMode) { + this.userMode = userMode; + } + + @BeforeClass(alwaysRun = true) + public void setEnvironment() throws Exception { + super.init(userMode); + log.info("Test starting user mode: " + userMode); + + // Create an application to subscribe to the APIs + String applicationName = "InvokeAPIWithVariousEndpointsAndTokens"; + String applicationDescription = "Application for Invoke API with various endpoints and tokens"; + HttpResponse applicationResponse = restAPIStore.createApplication(applicationName, applicationDescription, + APIMIntegrationConstants.APPLICATION_TIER.UNLIMITED, ApplicationDTO.TokenTypeEnum.JWT); + applicationId = applicationResponse.getData(); + + // Generate production and sandbox keys + ArrayList grantTypes = new ArrayList<>(); + grantTypes.add(APIMIntegrationConstants.GRANT_TYPE.PASSWORD); + grantTypes.add(APIMIntegrationConstants.GRANT_TYPE.CLIENT_CREDENTIAL); + applicationKeyProductionDTO = restAPIStore.generateKeys(applicationId, "3600", "", + ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION, null, grantTypes); + applicationKeySandboxDTO = restAPIStore.generateKeys(applicationId, "3600", "", + ApplicationKeyGenerateRequestDTO.KeyTypeEnum.SANDBOX, null, grantTypes); + + if (gatewayContextWrk.getContextTenant().getDomain().equals(FrameworkConstants.SUPER_TENANT_DOMAIN_NAME)) { + gatewayUrl = gatewayUrlsWrk.getWebAppURLNhttp(); + } else { + gatewayUrl = gatewayUrlsWrk.getWebAppURLNhttp() + "t/" + gatewayContextWrk.getContextTenant() + .getDomain() + "/"; + } + + providerName = publisherContext.getContextTenant().getContextUser().getUserName(); + } + + @Test(groups = { "wso2.am" }, description = "Invoke API with both sandbox and production endpoints and tokens") + public void testInvokeAPIWithBothEndpointsAndTokens() throws Exception { + // Create an API + String apiName = "InvokeAPIWithBothEndpointsAndTokens"; + String apiContext = "invokeAPIWithBothEndpointsAndTokens"; + String apiVersion = "1.0.0"; + String apiDescription = "This is a test API created by API manager integration test"; + String endpointUrl = gatewayUrl + apiContext + "/" + apiVersion + "/name"; + String apiSandboxEndpoint = backEndServerUrl.getWebAppURLHttp() + APIMIntegrationConstants.SANDBOXEP1_WEB_APP_NAME; + String apiProductionEndpoint = backEndServerUrl.getWebAppURLHttp() + APIMIntegrationConstants.PRODEP1_WEB_APP_NAME; + + // Add the resource + apiOperationsDTOList = new ArrayList<>(); + APIOperationsDTO apiOperationDTO = new APIOperationsDTO(); + apiOperationDTO.setTarget("/name"); + apiOperationDTO.setVerb("GET"); + apiOperationDTO.authType( + APIMIntegrationConstants.ResourceAuthTypes.APPLICATION_AND_APPLICATION_USER.getAuthType()); + apiOperationDTO.setThrottlingPolicy(resourceTier); + apiOperationsDTOList.add(apiOperationDTO); + + APIRequest apiRequest = new APIRequest(apiName, apiContext, new URL(apiProductionEndpoint), + new URL(apiSandboxEndpoint)); + apiRequest.setTiersCollection(apiTier); + apiRequest.setTier(apiTier); + apiRequest.setVersion(apiVersion); + apiRequest.setOperationsDTOS(apiOperationsDTOList); + apiRequest.setVisibility("public"); + apiRequest.setDescription(apiDescription); + apiRequest.setProvider(providerName); + APIIdentifier apiIdentifier = new APIIdentifier(providerName, apiName, apiVersion); + + apiId1 = createPublishAndSubscribeToAPIUsingRest(apiRequest, restAPIPublisher, restAPIStore, applicationId, + applicationTier); + + // Invoke the API with sandbox endpoint and JWT token + Map requestHeaders = new HashMap<>(); + assert applicationKeySandboxDTO.getToken() != null; + requestHeaders.put("Authorization", "Bearer " + applicationKeySandboxDTO.getToken().getAccessToken()); + HttpResponse sandboxResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(sandboxResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Response code mismatched"); + assertEquals(sandboxResponse.getData(), SANDBOX_RESPONSE_BODY, "Response body mismatch"); + + // Invoke the API with production endpoint and JWT token + requestHeaders = new HashMap<>(); + assert applicationKeyProductionDTO.getToken() != null; + requestHeaders.put("Authorization", "Bearer " + applicationKeyProductionDTO.getToken().getAccessToken()); + HttpResponse productionResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(productionResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Response code mismatched"); + assertEquals(productionResponse.getData(), PRODUCTION_RESPONSE_BODY, "Response body mismatch"); + + // Update the resource auth type to none + apiOperationDTO = apiOperationsDTOList.get(0); + apiOperationDTO.authType(APIMIntegrationConstants.ResourceAuthTypes.NONE.getAuthType()); + apiOperationsDTOList.clear(); + apiOperationsDTOList.add(apiOperationDTO); + apiRequest.setOperationsDTOS(apiOperationsDTOList); + HttpResponse updateAPIHTTPResponse = restAPIPublisher.updateAPI(apiRequest, apiId1); + + // Undeploy and Delete API Revisions + undeployAndDeleteAPIRevisionsUsingRest(apiId1, restAPIPublisher); + // Create Revision and Deploy to Gateway + createAPIRevisionAndDeployUsingRest(apiId1, restAPIPublisher); + + waitForAPIDeploymentSync(providerName, apiName, apiVersion, APIMIntegrationConstants.IS_API_EXISTS); + + assertEquals(updateAPIHTTPResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, + "Update API Response Code is invalid. " + getAPIIdentifierString(apiIdentifier)); + assertNotNull(updateAPIHTTPResponse.getData(), + "Error in API Update in " + getAPIIdentifierString(apiIdentifier)); + + // Invoke the updated API with sandbox endpoint and JWT token + requestHeaders = new HashMap<>(); + requestHeaders.put("Authorization", "Bearer " + applicationKeySandboxDTO.getToken().getAccessToken()); + sandboxResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(sandboxResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Response code mismatched"); + assertEquals(sandboxResponse.getData(), PRODUCTION_RESPONSE_BODY, "Response body mismatch"); + + // Invoke the updated API with production endpoint and JWT token + requestHeaders = new HashMap<>(); + requestHeaders.put("Authorization", "Bearer " + applicationKeyProductionDTO.getToken().getAccessToken()); + productionResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(productionResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Response code mismatched"); + assertEquals(productionResponse.getData(), PRODUCTION_RESPONSE_BODY, "Response body mismatch"); + } + + @Test(groups = { "wso2.am" }, description = "Invoke API with production endpoint and both tokens") + public void testInvokeAPIWithProductionEndpointAndBothTokens() throws Exception { + // Create an API + String apiName = "InvokeAPIWithProductionEndpointAndBothTokens"; + String apiContext = "invokeAPIWithProductionEndpointAndBothTokens"; + String apiVersion = "1.0.0"; + String apiDescription = "This is a test API created by API manager integration test"; + String endpointUrl = gatewayUrl + apiContext + "/" + apiVersion + "/name"; + String apiProductionEndpoint = backEndServerUrl.getWebAppURLHttp() + APIMIntegrationConstants.PRODEP1_WEB_APP_NAME; + List endpointLB = new ArrayList<>(); + endpointLB.add(apiProductionEndpoint); + + // Add the resource + apiOperationsDTOList = new ArrayList<>(); + APIOperationsDTO apiOperationDTO = new APIOperationsDTO(); + apiOperationDTO.setTarget("/name"); + apiOperationDTO.setVerb("GET"); + apiOperationDTO.authType( + APIMIntegrationConstants.ResourceAuthTypes.APPLICATION_AND_APPLICATION_USER.getAuthType()); + apiOperationDTO.setThrottlingPolicy(resourceTier); + apiOperationsDTOList.add(apiOperationDTO); + + APIRequest apiRequest = new APIRequest(apiName, apiContext, apiVersion, endpointLB, null); + apiRequest.setTiersCollection(apiTier); + apiRequest.setTier(apiTier); + apiRequest.setVersion(apiVersion); + apiRequest.setOperationsDTOS(apiOperationsDTOList); + apiRequest.setVisibility("public"); + apiRequest.setDescription(apiDescription); + apiRequest.setProvider(providerName); + APIIdentifier apiIdentifier = new APIIdentifier(providerName, apiName, apiVersion); + + apiId2 = createPublishAndSubscribeToAPIUsingRest(apiRequest, restAPIPublisher, restAPIStore, applicationId, + applicationTier); + + // Invoke the API with sandbox endpoint and JWT token + Map requestHeaders = new HashMap<>(); + assert applicationKeySandboxDTO.getToken() != null; + requestHeaders.put("Authorization", "Bearer " + applicationKeySandboxDTO.getToken().getAccessToken()); + HttpResponse sandboxResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(sandboxResponse.getResponseCode(), HTTP_RESPONSE_CODE_FORBIDDEN, "Response code mismatched"); + assertEquals(sandboxResponse.getData(), SANDBOX_KEY_FOR_API_WITH_NO_SANDBOX_ENDPOINT_ERROR, + "Response body mismatch"); + + // Invoke the API with production endpoint and JWT token + requestHeaders = new HashMap<>(); + assert applicationKeyProductionDTO.getToken() != null; + requestHeaders.put("Authorization", "Bearer " + applicationKeyProductionDTO.getToken().getAccessToken()); + HttpResponse productionResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(productionResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Response code mismatched"); + assertEquals(productionResponse.getData(), PRODUCTION_RESPONSE_BODY, "Response body mismatch"); + + // Update the resource auth type to none + apiOperationDTO = apiOperationsDTOList.get(0); + apiOperationDTO.authType(APIMIntegrationConstants.ResourceAuthTypes.NONE.getAuthType()); + apiOperationsDTOList.clear(); + apiOperationsDTOList.add(apiOperationDTO); + apiRequest.setOperationsDTOS(apiOperationsDTOList); + HttpResponse updateAPIHTTPResponse = restAPIPublisher.updateAPI(apiRequest, apiId2); + + // Undeploy and Delete API Revisions + undeployAndDeleteAPIRevisionsUsingRest(apiId2, restAPIPublisher); + // Create Revision and Deploy to Gateway + createAPIRevisionAndDeployUsingRest(apiId2, restAPIPublisher); + + waitForAPIDeploymentSync(providerName, apiName, apiVersion, APIMIntegrationConstants.IS_API_EXISTS); + + assertEquals(updateAPIHTTPResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, + "Update API Response Code is invalid. " + getAPIIdentifierString(apiIdentifier)); + assertNotNull(updateAPIHTTPResponse.getData(), + "Error in API Update in " + getAPIIdentifierString(apiIdentifier)); + + // Invoke the updated API with sandbox endpoint and JWT token + requestHeaders = new HashMap<>(); + requestHeaders.put("Authorization", "Bearer " + applicationKeySandboxDTO.getToken().getAccessToken()); + sandboxResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(sandboxResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Response code mismatched"); + assertEquals(sandboxResponse.getData(), PRODUCTION_RESPONSE_BODY, "Response body mismatch"); + + // Invoke the updated API with production endpoint and JWT token + requestHeaders = new HashMap<>(); + requestHeaders.put("Authorization", "Bearer " + applicationKeyProductionDTO.getToken().getAccessToken()); + productionResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(productionResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Response code mismatched"); + assertEquals(productionResponse.getData(), PRODUCTION_RESPONSE_BODY, "Response body mismatch"); + } + + @Test(groups = { "wso2.am" }, description = "Invoke API with sandbox endpoint and both tokens") + public void testInvokeAPIWithSandboxEndpointAndBothTokens() throws Exception { + // Create an API + String apiName = "InvokeAPIWithSandboxEndpointAndBothTokens"; + String apiContext = "invokeAPIWithSandboxEndpointAndBothTokens"; + String apiVersion = "1.0.0"; + String apiDescription = "This is a test API created by API manager integration test"; + String endpointUrl = gatewayUrl + apiContext + "/" + apiVersion + "/name"; + String apiSandboxEndpoint = backEndServerUrl.getWebAppURLHttp() + APIMIntegrationConstants.SANDBOXEP1_WEB_APP_NAME; + List endpointLB = new ArrayList<>(); + endpointLB.add(apiSandboxEndpoint); + + // Add the resource + apiOperationsDTOList = new ArrayList<>(); + APIOperationsDTO apiOperationDTO = new APIOperationsDTO(); + apiOperationDTO.setTarget("/name"); + apiOperationDTO.setVerb("GET"); + apiOperationDTO.authType( + APIMIntegrationConstants.ResourceAuthTypes.APPLICATION_AND_APPLICATION_USER.getAuthType()); + apiOperationDTO.setThrottlingPolicy(resourceTier); + apiOperationsDTOList.add(apiOperationDTO); + + APIRequest apiRequest = new APIRequest(apiName, apiContext, apiVersion, null, endpointLB); + apiRequest.setTiersCollection(apiTier); + apiRequest.setTier(apiTier); + apiRequest.setVersion(apiVersion); + apiRequest.setOperationsDTOS(apiOperationsDTOList); + apiRequest.setVisibility("public"); + apiRequest.setDescription(apiDescription); + apiRequest.setProvider(providerName); + APIIdentifier apiIdentifier = new APIIdentifier(providerName, apiName, apiVersion); + + apiId3 = createPublishAndSubscribeToAPIUsingRest(apiRequest, restAPIPublisher, restAPIStore, applicationId, + applicationTier); + + // Invoke the API with sandbox endpoint and JWT token + Map requestHeaders = new HashMap<>(); + assert applicationKeySandboxDTO.getToken() != null; + requestHeaders.put("Authorization", "Bearer " + applicationKeySandboxDTO.getToken().getAccessToken()); + HttpResponse sandboxResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(sandboxResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Response code mismatched"); + assertEquals(sandboxResponse.getData(), SANDBOX_RESPONSE_BODY, "Response body mismatch"); + + // Invoke the API with production endpoint and JWT token + requestHeaders = new HashMap<>(); + assert applicationKeyProductionDTO.getToken() != null; + requestHeaders.put("Authorization", "Bearer " + applicationKeyProductionDTO.getToken().getAccessToken()); + HttpResponse productionResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(productionResponse.getResponseCode(), HTTP_RESPONSE_CODE_FORBIDDEN, "Response code mismatched"); + assertEquals(productionResponse.getData(), PRODUCTION_KEY_FOR_API_WITH_NO_PRODUCTION_ENDPOINT_ERROR, + "Response body mismatch"); + + // Update the resource auth type to none + apiOperationDTO = apiOperationsDTOList.get(0); + apiOperationDTO.authType(APIMIntegrationConstants.ResourceAuthTypes.NONE.getAuthType()); + apiOperationsDTOList.clear(); + apiOperationsDTOList.add(apiOperationDTO); + apiRequest.setOperationsDTOS(apiOperationsDTOList); + HttpResponse updateAPIHTTPResponse = restAPIPublisher.updateAPI(apiRequest, apiId3); + + // Undeploy and Delete API Revisions + undeployAndDeleteAPIRevisionsUsingRest(apiId3, restAPIPublisher); + // Create Revision and Deploy to Gateway + createAPIRevisionAndDeployUsingRest(apiId3, restAPIPublisher); + + waitForAPIDeploymentSync(providerName, apiName, apiVersion, APIMIntegrationConstants.IS_API_EXISTS); + + assertEquals(updateAPIHTTPResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, + "Update API Response Code is invalid. " + getAPIIdentifierString(apiIdentifier)); + assertNotNull(updateAPIHTTPResponse.getData(), + "Error in API Update in " + getAPIIdentifierString(apiIdentifier)); + + // Invoke the updated API with sandbox endpoint and JWT token + requestHeaders = new HashMap<>(); + requestHeaders.put("Authorization", "Bearer " + applicationKeySandboxDTO.getToken().getAccessToken()); + sandboxResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(sandboxResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Response code mismatched"); + assertEquals(sandboxResponse.getData(), SANDBOX_RESPONSE_BODY, "Response body mismatch"); + + // Invoke the updated API with production endpoint and JWT token + requestHeaders = new HashMap<>(); + requestHeaders.put("Authorization", "Bearer " + applicationKeyProductionDTO.getToken().getAccessToken()); + productionResponse = HttpRequestUtil.doGet(endpointUrl, requestHeaders); + assertEquals(productionResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Response code mismatched"); + assertEquals(productionResponse.getData(), SANDBOX_RESPONSE_BODY, "Response body mismatch"); + } + + @AfterClass(alwaysRun = true) + public void destroy() throws Exception { + restAPIStore.deleteApplication(applicationId); + undeployAndDeleteAPIRevisionsUsingRest(apiId1, restAPIPublisher); + undeployAndDeleteAPIRevisionsUsingRest(apiId2, restAPIPublisher); + undeployAndDeleteAPIRevisionsUsingRest(apiId3, restAPIPublisher); + restAPIPublisher.deleteAPI(apiId1); + restAPIPublisher.deleteAPI(apiId2); + restAPIPublisher.deleteAPI(apiId3); + super.cleanUp(); + } +} diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/tokenTest/apiInvokeCombinationsTest/deployment.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/tokenTest/apiInvokeCombinationsTest/deployment.toml new file mode 100644 index 0000000000..8752386dd1 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/tokenTest/apiInvokeCombinationsTest/deployment.toml @@ -0,0 +1,282 @@ +[server] +hostname = "localhost" +#offset=0 +base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}" +server_role = "default" +enable_shutdown_from_api = true +enable_restart_from_api = true + +[super_admin] +username = "admin" +password = "admin" +create_admin_account = true + +[user_store] +type = "database_unique_id" + +[database.apim_db] +driver = "$env{API_MANAGER_DATABASE_DRIVER}" +url = "$env{API_MANAGER_DATABASE_URL}" +username = "$env{API_MANAGER_DATABASE_USERNAME}" +password = "$env{API_MANAGER_DATABASE_PASSWORD}" +validationQuery = "$env{API_MANAGER_DATABASE_VALIDATION_QUERY}" + +[database.shared_db] +driver = "$env{SHARED_DATABASE_DRIVER}" +url = "$env{SHARED_DATABASE_URL}" +username = "$env{SHARED_DATABASE_USERNAME}" +password = "$env{SHARED_DATABASE_PASSWORD}" +validationQuery = "$env{SHARED_DATABASE_VALIDATION_QUERY}" + +[keystore.tls] +file_name = "wso2carbon.jks" +type = "JKS" +password = "wso2carbon" +alias = "wso2carbon" +key_password = "wso2carbon" + +[[apim.gateway.environment]] +name = "Default" +type = "sandbox" +provider = "wso2" +display_in_api_console = true +description = "This is a hybrid gateway that handles both production and sandbox token traffic." +show_as_token_endpoint_url = true +service_url = "https://localhost:${mgt.transport.https.port}/services/" +username = "admin" +password = "admin" +ws_endpoint = "ws://localhost:9099" +http_endpoint = "http://localhost:${http.nio.port}" +https_endpoint = "https://localhost:${https.nio.port}" + +[[apim.gateway.environment]] +name = "devportalEnv" +display_name = "Developer portal Test Environment" +type = "sandbox" +display_in_api_console = false +description = "development api gateway broker" +provider = "solace" +service_url = "http://localhost:9960" +username = "testUser" +ws_endpoint = "ws://localhost:9960/" +wss_endpoint = "wss://localhost:9960/" +http_endpoint = "http://localhost:9960" +https_endpoint = "https://localhost:9960/" +password = "testPassword" +show_as_token_endpoint_url = false + +[apim.gateway.environment.properties] +Organization = "TestWSO2" +DisplayName = "Developer portal Test Environment" +DevAccountName = "devPortTestEnv" + +#[apim.cache.gateway_token] +#enable = true +#expiry_time = "15m" + +#[apim.cache.resource] +#enable = true + +#[apim.cache.km_token] +#enable = false +#expiry_time = "15m" + +#[apim.cache.recent_apis] +#enable = false + +#[apim.cache.scopes] +#enable = true + +#[apim.cache.publisher_roles] +#enable = true + +#[apim.cache.jwt_claim] +#enable = true +#expiry_time = "15m" + +#[apim.cache.tags] +#expiry_time = "2m" + +#[apim.analytics] +#enable = false +#store_api_url = "https://localhost:7444" +#username = "$ref{super_admin.username}" +#password = "$ref{super_admin.password}" +#event_publisher_type = "default" +#event_publisher_type = "custom" +#event_publisher_impl = "org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataBridgeDataPublisher" +#publish_response_size = true + +#[[apim.analytics.url_group]] +#analytics_url =["tcp://analytics1:7611","tcp://analytics2:7611"] +#analytics_auth_url =["ssl://analytics1:7711","ssl://analytics2:7711"] +#type = "loadbalance" + +#[[apim.analytics.url_group]] +#analytics_url =["tcp://analytics1:7612","tcp://analytics2:7612"] +#analytics_auth_url =["ssl://analytics1:7712","ssl://analytics2:7712"] +#type = "failover" + + +#[apim.key_manager] +#service_url = "https://localhost:${mgt.transport.https.port}/services/" +#username = "$ref{super_admin.username}" +#password = "$ref{super_admin.password}" +#pool.init_idle_capacity = 50 +#pool.max_idle = 100 +#key_validation_handler_type = "default" +#key_validation_handler_type = "custom" +#key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler" + +#[apim.jwt] +#enable = true +#encoding = "base64" # base64,base64url +#generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator" +#claim_dialect = "http://wso2.org/claims" +#header = "X-JWT-Assertion" +#signing_algorithm = "SHA256withRSA" +#enable_user_claims = true +#claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever" + +#[apim.oauth_config] +#enable_outbound_auth_header = false +#auth_header = "Authorization" +#revoke_endpoint = "https://localhost:${https.nio.port}/revoke" +#enable_token_encryption = false +#enable_token_hashing = false + +#[apim.devportal] +#url = "https://localhost:${mgt.transport.https.port}/devportal" +#enable_application_sharing = false +#if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl +#application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api +#application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl" +#display_multiple_versions = false +#display_deprecated_apis = false +#enable_comments = true +#enable_ratings = true +#enable_forum = true + +[apim.cors] +allow_origins = "*" +allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] +allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction"] +allow_credentials = false + +#[[apim.throttling.url_group]] +#analytics_url = ["tcp://localhost:7611","tcp://localhost:7611"] +#analytics_auth_url = ["ssl://localhost:7711","ssl://localhost:7711"] +#type = "loadbalance" + +#[apim.throttling] +#enable_data_publishing = true +#enable_policy_deploy = true +#enable_blacklist_condition = true + +#throttle_decision_endpoints = ["tcp://localhost:5672","tcp://localhost:5672"] +# +#enable_persistence = true + +#[apim.throttling.blacklist_condition] +#start_delay = "5m" +#period = "1h" + +#[apim.throttling.jms] +#start_delay = "5m" + +#[apim.throttling.event_sync] +#hostName = "0.0.0.0" +#port = 11224 +# +#[apim.throttling.event_management] +#hostName = "0.0.0.0" +#port = 10005 + +#[[apim.throttling.url_group]] +#traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"] +#traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"] +#type = "loadbalance" +# +#[[apim.throttling.url_group]] +#traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"] +#traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"] +#type = "failover" + +#[apim.workflow] +#enable = false +#service_url = "https://localhost:9445/bpmn" +#username = "$ref{super_admin.username}" +#password = "$ref{super_admin.password}" +#callback_endpoint = "https://localhost:${mgt.transport.https.port}/api/am/publisher/v0.16/workflows/update-workflow-status" +#token_endpoint = "https://localhost:${https.nio.port}/token" +#client_registration_endpoint = "https://localhost:${mgt.transport.https.port}/client-registration/v0.17/register" +#client_registration_username = "$ref{super_admin.username}" +#client_registration_password = "$ref{super_admin.password}" + +#data bridge config +#[transport.receiver] +#type = "binary" +#worker_threads = 10 +#session_timeout = "30m" +#keystore.file_name = "$ref{keystore.tls.file_name}" +#keystore.password = "$ref{keystore.tls.password}" +#tcp_port = 9611 +#ssl_port = 9711 +#ssl_receiver_thread_pool_size = 100 +#tcp_receiver_thread_pool_size = 100 +#ssl_enabled_protocols = ["TLSv1","TLSv1.1","TLSv1.2"] +#ciphers = ["SSL_RSA_WITH_RC4_128_MD5","SSL_RSA_WITH_RC4_128_SHA"] + +#[apim.notification] +#from_address = "APIM.com" +#username = "APIM" +#password = "APIM+123" +#hostname = "localhost" +#port = 3025 +#enable_start_tls = false +#enable_authentication = true + +#[apim.token.revocation] +#notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl" +#enable_realtime_notifier = true +#realtime_notifier.ttl = 5000 +#enable_persistent_notifier = true +#persistent_notifier.hostname = "https://localhost:2379/v2/keys/jti/" +#persistent_notifier.ttl = 5000 +#persistent_notifier.username = "root" +#persistent_notifier.password = "root" + +[[event_handler]] +name="userPostSelfRegistration" +subscriptions=["POST_ADD_USER"] + +[transport] +passthru_https.listener.ssl_profile_interval = 6000 +passthru_https.sender.ssl_profile.interval = 6000 + +[security_audit] +api_token="b57973cf-b74c-4ade-921d-ece83251eceb" +collection_id="f73b8171-4f71-499b-891a-d34aa71f2d45" +base_url="https://localhost:9943/am-auditApi-sample/api/auditapi" +global=true + +[apim.certificate_reloader] +period = "1m" + +[database.local] +url = "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" + +[[event_listener]] +id = "token_revocation" +type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler" +name = "org.wso2.is.notification.ApimOauthEventInterceptor" +order = 1 +[event_listener.properties] +notification_endpoint = "https://localhost:${mgt.transport.https.port}/internal/data/v1/notify" +username = "${admin.username}" +password = "${admin.password}" +'header.X-WSO2-KEY-MANAGER' = "default" + +[apim.sync_runtime_artifacts.gateway.skip_list] +apis = ["admin--git2231head_v1.0.0.xml","admin--PizzaShackAPI_v1.0.0.xml","admin--ScriptMediatorAPI_v1.0.xml", + "APIThrottleBackendAPI.xml","BackEndSecurity.xml","DigestAuth_API.xml","git2231.xml","HttpPATCHSupport_API.xml","JWKS-Backend.xml","JWTBackendAPI.xml","multiVSR_v1.0.0.xml","Response_API_1.xml","Response_API_2.xml","Response_Custom_API.xml","Response_Error_API.xml","Response_Loc_API.xml","SpecialCRN_v1.0.0.xml","status_code_204_API.xml","stockquote.xml","XML_API.xml","Version1.xml","Version2.xml","schemaValidationAPI.xml"] \ No newline at end of file diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml b/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml index 587acddf85..0505ae3a2a 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml @@ -112,6 +112,8 @@ + +