From 112eadf30cd9f9cb26ca8cddf7a02cef8f746c41 Mon Sep 17 00:00:00 2001
From: Renuka Fernando <renukapiyumal@gmail.com>
Date: Sat, 5 Mar 2022 07:32:48 +0530
Subject: [PATCH] OPA - Send token only if "sendAccessToken" is configured

---
 .../oasparser/model/policy_container.go        |  8 ++++++++
 .../enforcer/commons/opa/OPAConstants.java     |  1 +
 .../opa/OPADefaultRequestGenerator.java        | 18 ++++++++++++++++--
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/adapter/internal/oasparser/model/policy_container.go b/adapter/internal/oasparser/model/policy_container.go
index 8072262ca0..7e6ac0a43d 100644
--- a/adapter/internal/oasparser/model/policy_container.go
+++ b/adapter/internal/oasparser/model/policy_container.go
@@ -97,6 +97,8 @@ func (p PolicyContainerMap) GetFormattedOperationalPolicies(policies OperationPo
 	for i, policy := range policies.Request {
 		if fmtPolicy, err := p.getFormattedPolicyFromTemplated(policy, policyInFlow, inFlowStats, i, swagger); err == nil {
 			fmtPolicies.Request = append(fmtPolicies.Request, fmtPolicy)
+			loggers.LoggerOasparser.Debugf("Applying operation policy %q in request flow, for API %q in org %q, formatted policy %v",
+				policy.PolicyName, swagger.GetID(), swagger.OrganizationID, fmtPolicy)
 		}
 	}
 
@@ -104,6 +106,8 @@ func (p PolicyContainerMap) GetFormattedOperationalPolicies(policies OperationPo
 	for i, policy := range policies.Response {
 		if fmtPolicy, err := p.getFormattedPolicyFromTemplated(policy, policyOutFlow, outFlowStats, i, swagger); err == nil {
 			fmtPolicies.Response = append(fmtPolicies.Response, fmtPolicy)
+			loggers.LoggerOasparser.Debugf("Applying operation policy %q in response flow, for API %q in org %q, formatted policy %v",
+				policy.PolicyName, swagger.GetID(), swagger.OrganizationID, fmtPolicy)
 		}
 	}
 
@@ -111,6 +115,8 @@ func (p PolicyContainerMap) GetFormattedOperationalPolicies(policies OperationPo
 	for i, policy := range policies.Fault {
 		if fmtPolicy, err := p.getFormattedPolicyFromTemplated(policy, policyFaultFlow, faultFlowStats, i, swagger); err == nil {
 			fmtPolicies.Fault = append(fmtPolicies.Fault, fmtPolicy)
+			loggers.LoggerOasparser.Debugf("Applying operation policy %q in fault flow, for API %q in org %q, formatted policy %v",
+				policy.PolicyName, swagger.GetID(), swagger.OrganizationID, fmtPolicy)
 		}
 	}
 
@@ -212,6 +218,8 @@ func (spec *PolicySpecification) fillDefaultsInPolicy(policy *Policy) {
 		for _, attrib := range spec.Data.PolicyAttributes {
 			if _, ok := paramMap[attrib.Name]; !ok && attrib.DefaultValue != "" {
 				paramMap[attrib.Name] = attrib.DefaultValue
+				loggers.LoggerOasparser.Debugf("Update with policy attribute %q of policy %q with default value from spec",
+					attrib.Name, policy.PolicyName)
 			}
 		}
 		policy.Parameters = paramMap
diff --git a/enforcer-parent/commons/src/main/java/org/wso2/choreo/connect/enforcer/commons/opa/OPAConstants.java b/enforcer-parent/commons/src/main/java/org/wso2/choreo/connect/enforcer/commons/opa/OPAConstants.java
index 8b89c01923..80ca37dbdf 100644
--- a/enforcer-parent/commons/src/main/java/org/wso2/choreo/connect/enforcer/commons/opa/OPAConstants.java
+++ b/enforcer-parent/commons/src/main/java/org/wso2/choreo/connect/enforcer/commons/opa/OPAConstants.java
@@ -25,6 +25,7 @@ public class OPAConstants {
      * Constants of the AdditionalParameters map.
      */
     public static class AdditionalParameters {
+        public static final String PARAM_SEPARATOR = ",";
         public static final String ADDITIONAL_PROPERTIES = "additionalProperties";
         public static final String SEND_ACCESS_TOKEN = "sendAccessToken";
     }
diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/interceptor/opa/OPADefaultRequestGenerator.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/interceptor/opa/OPADefaultRequestGenerator.java
index f23a25df13..d9aea61fe1 100644
--- a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/interceptor/opa/OPADefaultRequestGenerator.java
+++ b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/interceptor/opa/OPADefaultRequestGenerator.java
@@ -18,6 +18,7 @@
 
 package org.wso2.choreo.connect.enforcer.interceptor.opa;
 
+import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.json.JSONException;
@@ -32,6 +33,7 @@
 import org.wso2.choreo.connect.enforcer.constants.APIConstants;
 import org.wso2.choreo.connect.enforcer.constants.APISecurityConstants;
 
+import java.util.Arrays;
 import java.util.Map;
 
 /**
@@ -39,6 +41,7 @@
  */
 public class OPADefaultRequestGenerator implements OPARequestGenerator {
     private static final Logger log = LogManager.getLogger(OPADefaultRequestGenerator.class);
+    private static final String TRUE = "TRUE";
 
     @Override
     public String generateRequest(String policyName, String rule, Map<String, String> additionalParameters,
@@ -48,7 +51,9 @@ public String generateRequest(String policyName, String rule, Map<String, String
         requestPayload.put("input", inputPayload);
 
         // following fields are the same fields sent from the synapse request generator
-        inputPayload.put("transportHeaders", requestContext.getHeaders());
+        JSONObject transportHeaders = new JSONObject(requestContext.getHeaders());
+        transportHeaders.remove(StringUtils.lowerCase(requestContext.getMatchedAPI().getAuthHeader()));
+        inputPayload.put("transportHeaders", transportHeaders);
         inputPayload.put("requestOrigin", requestContext.getClientIp());
         inputPayload.put("method", requestContext.getRequestMethod());
         inputPayload.put("path", requestContext.getRequestPath());
@@ -66,7 +71,7 @@ public String generateRequest(String policyName, String rule, Map<String, String
         apiContext.put("sandClusterName", requestContext.getSandClusterHeader());
 
         // Authentication Context
-        if ("TRUE".equalsIgnoreCase(additionalParameters.get(OPAConstants.AdditionalParameters.SEND_ACCESS_TOKEN))) {
+        if (TRUE.equalsIgnoreCase(additionalParameters.get(OPAConstants.AdditionalParameters.SEND_ACCESS_TOKEN))) {
             AuthenticationContext authContext = requestContext.getAuthenticationContext();
             JSONObject authContextPayload = new JSONObject();
             authContextPayload.put("token", authContext.getRawToken());
@@ -74,6 +79,15 @@ public String generateRequest(String policyName, String rule, Map<String, String
             authContextPayload.put("keyType", authContext.getKeyType());
             inputPayload.put("authenticationContext", authContextPayload);
         }
+
+        // Additional Properties
+        // In APIM additional parameter are appended to the main input payload, handle the same in Choreo Connect
+        String addProps = additionalParameters.get(OPAConstants.AdditionalParameters.ADDITIONAL_PROPERTIES);
+        if (StringUtils.isNotEmpty(addProps)) {
+            Arrays.stream(addProps.split(OPAConstants.AdditionalParameters.PARAM_SEPARATOR))
+                    .forEach(key -> inputPayload.put(key, requestContext.getProperties().get(key)));
+        }
+
         return requestPayload.toString();
     }