-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[TT-13186/TT-13199] implement upstream basic authentication #6596
base: master
Are you sure you want to change the base?
Conversation
c4dfd99
to
808b3b9
Compare
1 similar comment
PR Reviewer Guide 🔍Here are some key observations to aid the review process:
|
API Changes --- prev.txt 2024-10-01 10:59:17.201977919 +0000
+++ current.txt 2024-10-01 10:59:10.954984474 +0000
@@ -853,7 +853,32 @@
},
"detailed_tracing": {
"type": "boolean"
- }
+ },
+ "upstream_auth": {
+ "type": "object",
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "basic_auth": {
+ "type": "object",
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "username": {
+ "type": "string"
+ },
+ "password": {
+ "type": "string"
+ },
+ "header_name": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ }
},
"required": [
"name",
@@ -1034,6 +1059,9 @@
VersionName string `bson:"-" json:"-"`
DetailedTracing bool `bson:"detailed_tracing" json:"detailed_tracing"`
+
+ // UpstreamAuth stores information about authenticating against upstream.
+ UpstreamAuth UpstreamAuth `bson:"upstream_auth" json:"upstream_auth"`
}
APIDefinition represents the configuration for a single proxied API and it's
versions.
@@ -1959,6 +1987,31 @@
MatchRegexp *regexp.Regexp `json:"-"`
}
+type UpstreamAuth struct {
+ // Enabled enables upstream API authentication.
+ Enabled bool `bson:"enabled" json:"enabled"`
+ // BasicAuth holds the basic authentication configuration for upstream API authentication.
+ BasicAuth UpstreamBasicAuth `bson:"basic_auth" json:"basic_auth"`
+}
+ UpstreamAuth holds the configurations related to upstream API
+ authentication.
+
+func (u *UpstreamAuth) IsEnabled() bool
+ IsEnabled checks if UpstreamAuthentication is enabled for the API.
+
+type UpstreamBasicAuth struct {
+ // Enabled enables upstream basic authentication.
+ Enabled bool `bson:"enabled" json:"enabled,omitempty"`
+ // Username is the username to be used for upstream basic authentication.
+ Username string `bson:"username" json:"username"`
+ // Password is the password to be used for upstream basic authentication.
+ Password string `bson:"password" json:"password"`
+ // HeaderName is the custom header name to be used for upstream basic authentication.
+ // Defaults to `Authorization`.
+ HeaderName string `bson:"header_name" json:"header_name"`
+}
+ UpstreamBasicAuth holds upstream basic authentication configuration.
+
type UptimeTests struct {
CheckList []HostCheckObject `bson:"check_list" json:"check_list"`
Config UptimeTestsConfig `bson:"config" json:"config"`
@@ -4682,6 +4735,9 @@
// RateLimit contains the configuration related to API level rate limit.
RateLimit *RateLimit `bson:"rateLimit,omitempty" json:"rateLimit,omitempty"`
+
+ // Authentication contains the configuration related to upstream authentication.
+ Authentication *UpstreamAuth `bson:"authentication,omitempty" json:"authentication,omitempty"`
}
Upstream holds configuration for the upstream server to which Tyk should
proxy requests.
@@ -4692,6 +4748,40 @@
func (u *Upstream) Fill(api apidef.APIDefinition)
Fill fills *Upstream from apidef.APIDefinition.
+type UpstreamAuth struct {
+ // Enabled enables upstream API authentication.
+ Enabled bool `bson:"enabled" json:"enabled"`
+ // BasicAuth holds the basic authentication configuration for upstream API authentication.
+ BasicAuth *UpstreamBasicAuth `bson:"basicAuth,omitempty" json:"basicAuth,omitempty"`
+}
+ UpstreamAuth holds the configurations related to upstream API
+ authentication.
+
+func (u *UpstreamAuth) ExtractTo(api *apidef.UpstreamAuth)
+ ExtractTo extracts *UpstreamAuth into *apidef.UpstreamAuth.
+
+func (u *UpstreamAuth) Fill(api apidef.UpstreamAuth)
+ Fill fills *UpstreamAuth from apidef.UpstreamAuth.
+
+type UpstreamBasicAuth struct {
+ // Enabled enables upstream basic authentication.
+ Enabled bool `bson:"enabled" json:"enabled"`
+ // HeaderName is the custom header name to be used for upstream basic authentication.
+ // Defaults to `Authorization`.
+ HeaderName string `bson:"headerName" json:"headerName"`
+ // Username is the username to be used for upstream basic authentication.
+ Username string `bson:"username" json:"username"`
+ // Password is the password to be used for upstream basic authentication.
+ Password string `bson:"password" json:"password"`
+}
+ UpstreamBasicAuth holds upstream basic authentication configuration.
+
+func (u *UpstreamBasicAuth) ExtractTo(api *apidef.UpstreamBasicAuth)
+ ExtractTo extracts *UpstreamBasicAuth into *apidef.UpstreamBasicAuth.
+
+func (u *UpstreamBasicAuth) Fill(api apidef.UpstreamBasicAuth)
+ Fill fills *UpstreamBasicAuth from apidef.UpstreamBasicAuth.
+
type ValidateRequest struct {
// Enabled is a boolean flag, if set to `true`, it enables request validation.
Enabled bool `bson:"enabled" json:"enabled"`
@@ -7200,8 +7290,24 @@
API.
func GetSession(r *http.Request) *user.SessionState
+func GetUpstreamAuthHeader(r *http.Request) string
+ GetUpstreamAuthHeader returns the header name to be used for upstream
+ authentication.
+
+func GetUpstreamAuthValue(r *http.Request) string
+ GetUpstreamAuthValue gets the auth header value to be used for upstream
+ authentication.
+
func SetDefinition(r *http.Request, s *apidef.APIDefinition)
func SetSession(r *http.Request, s *user.SessionState, scheduleUpdate bool, hashKey ...bool)
+func SetUpstreamAuthHeader(r *http.Request, name string)
+ SetUpstreamAuthHeader sets the header name to be used for upstream
+ authentication.
+
+func SetUpstreamAuthValue(r *http.Request, name string)
+ SetUpstreamAuthValue sets the auth header value to be used for upstream
+ authentication.
+
TYPES
@@ -7241,6 +7347,11 @@
// CacheOptions holds cache options required for cache writer middleware.
CacheOptions
OASDefinition
+
+ // UpstreamAuthHeader sets the header name to be used for upstream authentication.
+ UpstreamAuthHeader
+ // UpstreamAuthValue sets the value for upstream authentication.
+ UpstreamAuthValue
)
# Package: ./dlpython
@@ -10680,6 +10791,23 @@
Enums representing the various statuses for a VersionInfo Path match during
a proxy request
+type UpstreamBasicAuth struct {
+ *BaseMiddleware
+}
+ UpstreamBasicAuth is a middleware that will do basic authentication for
+ upstream connections. UpstreamBasicAuth middleware is only supported in Tyk
+ OAS API definitions.
+
+func (t *UpstreamBasicAuth) EnabledForSpec() bool
+ EnabledForSpec returns true if the middleware is enabled based on API Spec.
+
+func (t *UpstreamBasicAuth) Name() string
+ Name returns the name of middleware.
+
+func (t *UpstreamBasicAuth) ProcessRequest(_ http.ResponseWriter, r *http.Request, _ interface{}) (error, int)
+ ProcessRequest will inject basic auth info into request context so that it
+ can be used during reverse proxy.
+
type UptimeReportData struct {
URL string
RequestTime int64
@@ -12180,6 +12308,8 @@
ControlRequest bool `json:",omitempty"`
}
+type TestCases []TestCase
+
type TransportOption func(*http.Transport)
Options for populating a http.Transport
|
PR Code Suggestions ✨Explore these optional code suggestions:
|
Quality Gate passedIssues Measures |
User description
TT-13199
Description
Implement upstream basic authentication as a middleware.
Now users can configure upstream authentication using basic auth in
upstream_auth.basic_auth
in Tyk classic API def.upstream.authentication.basicAuth
in Tyk OAS API def.Related Issue
Parent: https://tyktech.atlassian.net/browse/TT-13186
Subtask: https://tyktech.atlassian.net/browse/TT-13199
Motivation and Context
How This Has Been Tested
Screenshots (if appropriate)
Types of changes
Checklist
PR Type
Enhancement, Tests
Description
UpstreamAuth
andUpstreamBasicAuth
structs to manage authentication details.UpstreamBasicAuth
middleware to handle basic authentication for upstream connections.UpstreamBasicAuth
middleware.Changes walkthrough 📝
api_definitions.go
Add upstream authentication structures and methods
apidef/api_definitions.go
UpstreamAuth
struct to store upstream authenticationinformation.
UpstreamBasicAuth
struct for basic authentication details.upstream.go
Integrate upstream authentication into OAS upstream configuration
apidef/oas/upstream.go
Authentication
field toUpstream
struct for upstreamauthentication configuration.
ctx.go
Add context management for upstream authentication
ctx/ctx.go
and value.
api_loader.go
Append UpstreamBasicAuth middleware to chain
gateway/api_loader.go
UpstreamBasicAuth
middleware to the middleware chain.mw_upstream_basic_auth.go
Implement UpstreamBasicAuth middleware for basic authentication
gateway/mw_upstream_basic_auth.go
UpstreamBasicAuth
middleware for basic authentication.reverse_proxy.go
Integrate upstream authentication into reverse proxy
gateway/reverse_proxy.go
mw_upstream_basic_auth_test.go
Add tests for UpstreamBasicAuth middleware functionality
gateway/mw_upstream_basic_auth_test.go
UpstreamBasicAuth
middleware.http.go
Add TestCases type for test management
test/http.go
TestCases
type for managing multiple test cases.