Merge pull request #2720 from renuka-fernando/policy-update-with-apim

OPA - Send token only if "sendAccessToken" is configured

adapter/internal/oasparser/model/policy_container.go

@@ -97,20 +97,26 @@ func (p PolicyContainerMap) GetFormattedOperationalPolicies(policies OperationPo
 	for i, policy := range policies.Request {
 		if fmtPolicy, err := p.getFormattedPolicyFromTemplated(policy, policyInFlow, inFlowStats, i, swagger); err == nil {
 			fmtPolicies.Request = append(fmtPolicies.Request, fmtPolicy)
+			loggers.LoggerOasparser.Debugf("Applying operation policy %q in request flow, for API %q in org %q, formatted policy %v",
+				policy.PolicyName, swagger.GetID(), swagger.OrganizationID, fmtPolicy)
 		}
 	}
 
 	outFlowStats := policies.Response.getStats()
 	for i, policy := range policies.Response {
 		if fmtPolicy, err := p.getFormattedPolicyFromTemplated(policy, policyOutFlow, outFlowStats, i, swagger); err == nil {
 			fmtPolicies.Response = append(fmtPolicies.Response, fmtPolicy)
+			loggers.LoggerOasparser.Debugf("Applying operation policy %q in response flow, for API %q in org %q, formatted policy %v",
+				policy.PolicyName, swagger.GetID(), swagger.OrganizationID, fmtPolicy)
 		}
 	}
 
 	faultFlowStats := policies.Fault.getStats()
 	for i, policy := range policies.Fault {
 		if fmtPolicy, err := p.getFormattedPolicyFromTemplated(policy, policyFaultFlow, faultFlowStats, i, swagger); err == nil {
 			fmtPolicies.Fault = append(fmtPolicies.Fault, fmtPolicy)
+			loggers.LoggerOasparser.Debugf("Applying operation policy %q in fault flow, for API %q in org %q, formatted policy %v",
+				policy.PolicyName, swagger.GetID(), swagger.OrganizationID, fmtPolicy)
 		}
 	}
 
@@ -212,6 +218,8 @@ func (spec *PolicySpecification) fillDefaultsInPolicy(policy *Policy) {
 		for _, attrib := range spec.Data.PolicyAttributes {
 			if _, ok := paramMap[attrib.Name]; !ok && attrib.DefaultValue != "" {
 				paramMap[attrib.Name] = attrib.DefaultValue
+				loggers.LoggerOasparser.Debugf("Update with policy attribute %q of policy %q with default value from spec",
+					attrib.Name, policy.PolicyName)
 			}
 		}
 		policy.Parameters = paramMap

enforcer-parent/commons/src/main/java/org/wso2/choreo/connect/enforcer/commons/opa/OPAConstants.java

@@ -25,6 +25,7 @@ public class OPAConstants {
      * Constants of the AdditionalParameters map.
      */
     public static class AdditionalParameters {
+        public static final String PARAM_SEPARATOR = ",";
         public static final String ADDITIONAL_PROPERTIES = "additionalProperties";
         public static final String SEND_ACCESS_TOKEN = "sendAccessToken";
     }

enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/interceptor/opa/OPADefaultRequestGenerator.java

@@ -18,6 +18,7 @@
 
 package org.wso2.choreo.connect.enforcer.interceptor.opa;
 
+import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.json.JSONException;
@@ -32,13 +33,15 @@
 import org.wso2.choreo.connect.enforcer.constants.APIConstants;
 import org.wso2.choreo.connect.enforcer.constants.APISecurityConstants;
 
+import java.util.Arrays;
 import java.util.Map;
 
 /**
  * Default implementation of the {@link OPARequestGenerator}.
  */
 public class OPADefaultRequestGenerator implements OPARequestGenerator {
     private static final Logger log = LogManager.getLogger(OPADefaultRequestGenerator.class);
+    private static final String TRUE = "TRUE";
 
     @Override
     public String generateRequest(String policyName, String rule, Map<String, String> additionalParameters,
@@ -48,7 +51,9 @@ public String generateRequest(String policyName, String rule, Map<String, String
         requestPayload.put("input", inputPayload);
 
         // following fields are the same fields sent from the synapse request generator
-        inputPayload.put("transportHeaders", requestContext.getHeaders());
+        JSONObject transportHeaders = new JSONObject(requestContext.getHeaders());
+        transportHeaders.remove(StringUtils.lowerCase(requestContext.getMatchedAPI().getAuthHeader()));
+        inputPayload.put("transportHeaders", transportHeaders);
         inputPayload.put("requestOrigin", requestContext.getClientIp());
         inputPayload.put("method", requestContext.getRequestMethod());
         inputPayload.put("path", requestContext.getRequestPath());
@@ -66,14 +71,23 @@ public String generateRequest(String policyName, String rule, Map<String, String
         apiContext.put("sandClusterName", requestContext.getSandClusterHeader());
 
         // Authentication Context
-        if ("TRUE".equalsIgnoreCase(additionalParameters.get(OPAConstants.AdditionalParameters.SEND_ACCESS_TOKEN))) {
+        if (TRUE.equalsIgnoreCase(additionalParameters.get(OPAConstants.AdditionalParameters.SEND_ACCESS_TOKEN))) {
             AuthenticationContext authContext = requestContext.getAuthenticationContext();
             JSONObject authContextPayload = new JSONObject();
             authContextPayload.put("token", authContext.getRawToken());
             authContextPayload.put("tokenType", authContext.getTokenType());
             authContextPayload.put("keyType", authContext.getKeyType());
             inputPayload.put("authenticationContext", authContextPayload);
         }
+
+        // Additional Properties
+        // In APIM additional parameter are appended to the main input payload, handle the same in Choreo Connect
+        String addProps = additionalParameters.get(OPAConstants.AdditionalParameters.ADDITIONAL_PROPERTIES);
+        if (StringUtils.isNotEmpty(addProps)) {
+            Arrays.stream(addProps.split(OPAConstants.AdditionalParameters.PARAM_SEPARATOR))
+                    .forEach(key -> inputPayload.put(key, requestContext.getProperties().get(key)));
+        }
+
         return requestPayload.toString();
     }