diff --git a/adapter/config/default_config.go b/adapter/config/default_config.go
index 0df1c12dbf..2c70a6d697 100644
--- a/adapter/config/default_config.go
+++ b/adapter/config/default_config.go
@@ -120,7 +120,7 @@ var defaultConfig = &Config{
},
Retry: upstreamRetry{
MaxRetryCount: 5,
- RetryOn: "connect-failure",
+ RetryOn: "connect-failure",
BaseInterval: 25 * time.Millisecond,
MaxInterval: 500 * time.Millisecond,
StatusCodes: []uint32{504},
@@ -202,9 +202,11 @@ var defaultConfig = &Config{
},
},
AuthHeader: authHeader{
- EnableOutboundAuthHeader: false,
- AuthorizationHeader: "authorization",
- TestConsoleHeaderName: "Internal-Key",
+ EnableOutboundAuthHeader: false,
+ AuthorizationHeader: "authorization",
+ TestConsoleHeaderName: "Internal-Key",
+ TempTestConsoleHeaderNames: []string{},
+ TempTestConsoleHeadersMode: "monitor",
},
},
AuthService: authService{
diff --git a/adapter/config/types.go b/adapter/config/types.go
index 2a0f04333d..2c2c724a11 100644
--- a/adapter/config/types.go
+++ b/adapter/config/types.go
@@ -478,9 +478,11 @@ type analyticsEnforcer struct {
}
type authHeader struct {
- EnableOutboundAuthHeader bool
- AuthorizationHeader string
- TestConsoleHeaderName string
+ EnableOutboundAuthHeader bool
+ AuthorizationHeader string
+ TestConsoleHeaderName string
+ TempTestConsoleHeaderNames []string
+ TempTestConsoleHeadersMode string
}
type jwtIssuer struct {
diff --git a/adapter/internal/discovery/xds/marshaller.go b/adapter/internal/discovery/xds/marshaller.go
index 29a331c7fc..134ff75e63 100644
--- a/adapter/internal/discovery/xds/marshaller.go
+++ b/adapter/internal/discovery/xds/marshaller.go
@@ -211,9 +211,11 @@ func MarshalConfig(config *config.Config) *enforcer.Config {
Security: &enforcer.Security{
TokenService: issuers,
AuthHeader: &enforcer.AuthHeader{
- EnableOutboundAuthHeader: config.Enforcer.Security.AuthHeader.EnableOutboundAuthHeader,
- AuthorizationHeader: config.Enforcer.Security.AuthHeader.AuthorizationHeader,
- TestConsoleHeaderName: config.Enforcer.Security.AuthHeader.TestConsoleHeaderName,
+ EnableOutboundAuthHeader: config.Enforcer.Security.AuthHeader.EnableOutboundAuthHeader,
+ AuthorizationHeader: config.Enforcer.Security.AuthHeader.AuthorizationHeader,
+ TestConsoleHeaderName: config.Enforcer.Security.AuthHeader.TestConsoleHeaderName,
+ TempTestConsoleHeaderNames: config.Enforcer.Security.AuthHeader.TempTestConsoleHeaderNames,
+ TempTestConsoleHeadersMode: config.Enforcer.Security.AuthHeader.TempTestConsoleHeadersMode,
},
},
Cache: cache,
diff --git a/adapter/pkg/discovery/api/wso2/discovery/config/enforcer/auth_header.pb.go b/adapter/pkg/discovery/api/wso2/discovery/config/enforcer/auth_header.pb.go
index 9d1093c330..93726cb8db 100644
--- a/adapter/pkg/discovery/api/wso2/discovery/config/enforcer/auth_header.pb.go
+++ b/adapter/pkg/discovery/api/wso2/discovery/config/enforcer/auth_header.pb.go
@@ -29,8 +29,10 @@ type AuthHeader struct {
// Enable outbound auth header
EnableOutboundAuthHeader bool `protobuf:"varint,1,opt,name=enableOutboundAuthHeader,proto3" json:"enableOutboundAuthHeader,omitempty"`
// Auth header name
- AuthorizationHeader string `protobuf:"bytes,2,opt,name=authorizationHeader,proto3" json:"authorizationHeader,omitempty"`
- TestConsoleHeaderName string `protobuf:"bytes,3,opt,name=testConsoleHeaderName,proto3" json:"testConsoleHeaderName,omitempty"`
+ AuthorizationHeader string `protobuf:"bytes,2,opt,name=authorizationHeader,proto3" json:"authorizationHeader,omitempty"`
+ TestConsoleHeaderName string `protobuf:"bytes,3,opt,name=testConsoleHeaderName,proto3" json:"testConsoleHeaderName,omitempty"`
+ TempTestConsoleHeaderNames []string `protobuf:"bytes,4,rep,name=tempTestConsoleHeaderNames,proto3" json:"tempTestConsoleHeaderNames,omitempty"`
+ TempTestConsoleHeadersMode string `protobuf:"bytes,5,opt,name=tempTestConsoleHeadersMode,proto3" json:"tempTestConsoleHeadersMode,omitempty"`
}
func (x *AuthHeader) Reset() {
@@ -86,6 +88,20 @@ func (x *AuthHeader) GetTestConsoleHeaderName() string {
return ""
}
+func (x *AuthHeader) GetTempTestConsoleHeaderNames() []string {
+ if x != nil {
+ return x.TempTestConsoleHeaderNames
+ }
+ return nil
+}
+
+func (x *AuthHeader) GetTempTestConsoleHeadersMode() string {
+ if x != nil {
+ return x.TempTestConsoleHeadersMode
+ }
+ return ""
+}
+
var File_wso2_discovery_config_enforcer_auth_header_proto protoreflect.FileDescriptor
var file_wso2_discovery_config_enforcer_auth_header_proto_rawDesc = []byte{
@@ -94,7 +110,7 @@ var file_wso2_discovery_config_enforcer_auth_header_proto_rawDesc = []byte{
0x2f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f,
0x74, 0x6f, 0x12, 0x1e, 0x77, 0x73, 0x6f, 0x32, 0x2e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65,
0x72, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63,
- 0x65, 0x72, 0x22, 0xb0, 0x01, 0x0a, 0x0a, 0x41, 0x75, 0x74, 0x68, 0x48, 0x65, 0x61, 0x64, 0x65,
+ 0x65, 0x72, 0x22, 0xb0, 0x02, 0x0a, 0x0a, 0x41, 0x75, 0x74, 0x68, 0x48, 0x65, 0x61, 0x64, 0x65,
0x72, 0x12, 0x3a, 0x0a, 0x18, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x4f, 0x75, 0x74, 0x62, 0x6f,
0x75, 0x6e, 0x64, 0x41, 0x75, 0x74, 0x68, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20,
0x01, 0x28, 0x08, 0x52, 0x18, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x4f, 0x75, 0x74, 0x62, 0x6f,
@@ -105,7 +121,15 @@ var file_wso2_discovery_config_enforcer_auth_header_proto_rawDesc = []byte{
0x34, 0x0a, 0x15, 0x74, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65, 0x48, 0x65,
0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x15,
0x74, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65,
- 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x42, 0x96, 0x01, 0x0a, 0x31, 0x6f, 0x72, 0x67, 0x2e, 0x77, 0x73,
+ 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x3e, 0x0a, 0x1a, 0x74, 0x65, 0x6d, 0x70, 0x54, 0x65, 0x73,
+ 0x74, 0x43, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61,
+ 0x6d, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x1a, 0x74, 0x65, 0x6d, 0x70, 0x54,
+ 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
+ 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x3e, 0x0a, 0x1a, 0x74, 0x65, 0x6d, 0x70, 0x54, 0x65, 0x73,
+ 0x74, 0x43, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x4d,
+ 0x6f, 0x64, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1a, 0x74, 0x65, 0x6d, 0x70, 0x54,
+ 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
+ 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x42, 0x96, 0x01, 0x0a, 0x31, 0x6f, 0x72, 0x67, 0x2e, 0x77, 0x73,
0x6f, 0x32, 0x2e, 0x63, 0x68, 0x6f, 0x72, 0x65, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
0x74, 0x2e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
0x69, 0x67, 0x2e, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x72, 0x42, 0x0f, 0x41, 0x75, 0x74,
diff --git a/api/proto/wso2/discovery/config/enforcer/auth_header.proto b/api/proto/wso2/discovery/config/enforcer/auth_header.proto
index 4ce95d901d..3d1ba11621 100644
--- a/api/proto/wso2/discovery/config/enforcer/auth_header.proto
+++ b/api/proto/wso2/discovery/config/enforcer/auth_header.proto
@@ -18,4 +18,8 @@ message AuthHeader {
string authorizationHeader = 2;
string testConsoleHeaderName = 3;
+
+ repeated string tempTestConsoleHeaderNames = 4;
+
+ string tempTestConsoleHeadersMode = 5;
}
diff --git a/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeader.java b/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeader.java
index 2f7ebaef55..9e31b7e731 100644
--- a/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeader.java
+++ b/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeader.java
@@ -22,6 +22,8 @@ private AuthHeader(com.google.protobuf.GeneratedMessageV3.Builder builder) {
private AuthHeader() {
authorizationHeader_ = "";
testConsoleHeaderName_ = "";
+ tempTestConsoleHeaderNames_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ tempTestConsoleHeadersMode_ = "";
}
@java.lang.Override
@@ -44,6 +46,7 @@ private AuthHeader(
if (extensionRegistry == null) {
throw new java.lang.NullPointerException();
}
+ int mutable_bitField0_ = 0;
com.google.protobuf.UnknownFieldSet.Builder unknownFields =
com.google.protobuf.UnknownFieldSet.newBuilder();
try {
@@ -71,6 +74,21 @@ private AuthHeader(
testConsoleHeaderName_ = s;
break;
}
+ case 34: {
+ java.lang.String s = input.readStringRequireUtf8();
+ if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+ tempTestConsoleHeaderNames_ = new com.google.protobuf.LazyStringArrayList();
+ mutable_bitField0_ |= 0x00000001;
+ }
+ tempTestConsoleHeaderNames_.add(s);
+ break;
+ }
+ case 42: {
+ java.lang.String s = input.readStringRequireUtf8();
+
+ tempTestConsoleHeadersMode_ = s;
+ break;
+ }
default: {
if (!parseUnknownField(
input, unknownFields, extensionRegistry, tag)) {
@@ -86,6 +104,9 @@ private AuthHeader(
throw new com.google.protobuf.InvalidProtocolBufferException(
e).setUnfinishedMessage(this);
} finally {
+ if (((mutable_bitField0_ & 0x00000001) != 0)) {
+ tempTestConsoleHeaderNames_ = tempTestConsoleHeaderNames_.getUnmodifiableView();
+ }
this.unknownFields = unknownFields.build();
makeExtensionsImmutable();
}
@@ -202,6 +223,79 @@ public java.lang.String getTestConsoleHeaderName() {
}
}
+ public static final int TEMPTESTCONSOLEHEADERNAMES_FIELD_NUMBER = 4;
+ private com.google.protobuf.LazyStringList tempTestConsoleHeaderNames_;
+ /**
+ * repeated string tempTestConsoleHeaderNames = 4;
+ * @return A list containing the tempTestConsoleHeaderNames.
+ */
+ public com.google.protobuf.ProtocolStringList
+ getTempTestConsoleHeaderNamesList() {
+ return tempTestConsoleHeaderNames_;
+ }
+ /**
+ * repeated string tempTestConsoleHeaderNames = 4;
+ * @return The count of tempTestConsoleHeaderNames.
+ */
+ public int getTempTestConsoleHeaderNamesCount() {
+ return tempTestConsoleHeaderNames_.size();
+ }
+ /**
+ * repeated string tempTestConsoleHeaderNames = 4;
+ * @param index The index of the element to return.
+ * @return The tempTestConsoleHeaderNames at the given index.
+ */
+ public java.lang.String getTempTestConsoleHeaderNames(int index) {
+ return tempTestConsoleHeaderNames_.get(index);
+ }
+ /**
+ * repeated string tempTestConsoleHeaderNames = 4;
+ * @param index The index of the value to return.
+ * @return The bytes of the tempTestConsoleHeaderNames at the given index.
+ */
+ public com.google.protobuf.ByteString
+ getTempTestConsoleHeaderNamesBytes(int index) {
+ return tempTestConsoleHeaderNames_.getByteString(index);
+ }
+
+ public static final int TEMPTESTCONSOLEHEADERSMODE_FIELD_NUMBER = 5;
+ private volatile java.lang.Object tempTestConsoleHeadersMode_;
+ /**
+ * string tempTestConsoleHeadersMode = 5;
+ * @return The tempTestConsoleHeadersMode.
+ */
+ @java.lang.Override
+ public java.lang.String getTempTestConsoleHeadersMode() {
+ java.lang.Object ref = tempTestConsoleHeadersMode_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ tempTestConsoleHeadersMode_ = s;
+ return s;
+ }
+ }
+ /**
+ * string tempTestConsoleHeadersMode = 5;
+ * @return The bytes for tempTestConsoleHeadersMode.
+ */
+ @java.lang.Override
+ public com.google.protobuf.ByteString
+ getTempTestConsoleHeadersModeBytes() {
+ java.lang.Object ref = tempTestConsoleHeadersMode_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ tempTestConsoleHeadersMode_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
private byte memoizedIsInitialized = -1;
@java.lang.Override
public final boolean isInitialized() {
@@ -225,6 +319,12 @@ public void writeTo(com.google.protobuf.CodedOutputStream output)
if (!getTestConsoleHeaderNameBytes().isEmpty()) {
com.google.protobuf.GeneratedMessageV3.writeString(output, 3, testConsoleHeaderName_);
}
+ for (int i = 0; i < tempTestConsoleHeaderNames_.size(); i++) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 4, tempTestConsoleHeaderNames_.getRaw(i));
+ }
+ if (!getTempTestConsoleHeadersModeBytes().isEmpty()) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 5, tempTestConsoleHeadersMode_);
+ }
unknownFields.writeTo(output);
}
@@ -244,6 +344,17 @@ public int getSerializedSize() {
if (!getTestConsoleHeaderNameBytes().isEmpty()) {
size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, testConsoleHeaderName_);
}
+ {
+ int dataSize = 0;
+ for (int i = 0; i < tempTestConsoleHeaderNames_.size(); i++) {
+ dataSize += computeStringSizeNoTag(tempTestConsoleHeaderNames_.getRaw(i));
+ }
+ size += dataSize;
+ size += 1 * getTempTestConsoleHeaderNamesList().size();
+ }
+ if (!getTempTestConsoleHeadersModeBytes().isEmpty()) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(5, tempTestConsoleHeadersMode_);
+ }
size += unknownFields.getSerializedSize();
memoizedSize = size;
return size;
@@ -265,6 +376,10 @@ public boolean equals(final java.lang.Object obj) {
.equals(other.getAuthorizationHeader())) return false;
if (!getTestConsoleHeaderName()
.equals(other.getTestConsoleHeaderName())) return false;
+ if (!getTempTestConsoleHeaderNamesList()
+ .equals(other.getTempTestConsoleHeaderNamesList())) return false;
+ if (!getTempTestConsoleHeadersMode()
+ .equals(other.getTempTestConsoleHeadersMode())) return false;
if (!unknownFields.equals(other.unknownFields)) return false;
return true;
}
@@ -283,6 +398,12 @@ public int hashCode() {
hash = (53 * hash) + getAuthorizationHeader().hashCode();
hash = (37 * hash) + TESTCONSOLEHEADERNAME_FIELD_NUMBER;
hash = (53 * hash) + getTestConsoleHeaderName().hashCode();
+ if (getTempTestConsoleHeaderNamesCount() > 0) {
+ hash = (37 * hash) + TEMPTESTCONSOLEHEADERNAMES_FIELD_NUMBER;
+ hash = (53 * hash) + getTempTestConsoleHeaderNamesList().hashCode();
+ }
+ hash = (37 * hash) + TEMPTESTCONSOLEHEADERSMODE_FIELD_NUMBER;
+ hash = (53 * hash) + getTempTestConsoleHeadersMode().hashCode();
hash = (29 * hash) + unknownFields.hashCode();
memoizedHashCode = hash;
return hash;
@@ -426,6 +547,10 @@ public Builder clear() {
testConsoleHeaderName_ = "";
+ tempTestConsoleHeaderNames_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ bitField0_ = (bitField0_ & ~0x00000001);
+ tempTestConsoleHeadersMode_ = "";
+
return this;
}
@@ -452,9 +577,16 @@ public org.wso2.choreo.connect.discovery.config.enforcer.AuthHeader build() {
@java.lang.Override
public org.wso2.choreo.connect.discovery.config.enforcer.AuthHeader buildPartial() {
org.wso2.choreo.connect.discovery.config.enforcer.AuthHeader result = new org.wso2.choreo.connect.discovery.config.enforcer.AuthHeader(this);
+ int from_bitField0_ = bitField0_;
result.enableOutboundAuthHeader_ = enableOutboundAuthHeader_;
result.authorizationHeader_ = authorizationHeader_;
result.testConsoleHeaderName_ = testConsoleHeaderName_;
+ if (((bitField0_ & 0x00000001) != 0)) {
+ tempTestConsoleHeaderNames_ = tempTestConsoleHeaderNames_.getUnmodifiableView();
+ bitField0_ = (bitField0_ & ~0x00000001);
+ }
+ result.tempTestConsoleHeaderNames_ = tempTestConsoleHeaderNames_;
+ result.tempTestConsoleHeadersMode_ = tempTestConsoleHeadersMode_;
onBuilt();
return result;
}
@@ -514,6 +646,20 @@ public Builder mergeFrom(org.wso2.choreo.connect.discovery.config.enforcer.AuthH
testConsoleHeaderName_ = other.testConsoleHeaderName_;
onChanged();
}
+ if (!other.tempTestConsoleHeaderNames_.isEmpty()) {
+ if (tempTestConsoleHeaderNames_.isEmpty()) {
+ tempTestConsoleHeaderNames_ = other.tempTestConsoleHeaderNames_;
+ bitField0_ = (bitField0_ & ~0x00000001);
+ } else {
+ ensureTempTestConsoleHeaderNamesIsMutable();
+ tempTestConsoleHeaderNames_.addAll(other.tempTestConsoleHeaderNames_);
+ }
+ onChanged();
+ }
+ if (!other.getTempTestConsoleHeadersMode().isEmpty()) {
+ tempTestConsoleHeadersMode_ = other.tempTestConsoleHeadersMode_;
+ onChanged();
+ }
this.mergeUnknownFields(other.unknownFields);
onChanged();
return this;
@@ -542,6 +688,7 @@ public Builder mergeFrom(
}
return this;
}
+ private int bitField0_;
private boolean enableOutboundAuthHeader_ ;
/**
@@ -757,6 +904,192 @@ public Builder setTestConsoleHeaderNameBytes(
onChanged();
return this;
}
+
+ private com.google.protobuf.LazyStringList tempTestConsoleHeaderNames_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ private void ensureTempTestConsoleHeaderNamesIsMutable() {
+ if (!((bitField0_ & 0x00000001) != 0)) {
+ tempTestConsoleHeaderNames_ = new com.google.protobuf.LazyStringArrayList(tempTestConsoleHeaderNames_);
+ bitField0_ |= 0x00000001;
+ }
+ }
+ /**
+ * repeated string tempTestConsoleHeaderNames = 4;
+ * @return A list containing the tempTestConsoleHeaderNames.
+ */
+ public com.google.protobuf.ProtocolStringList
+ getTempTestConsoleHeaderNamesList() {
+ return tempTestConsoleHeaderNames_.getUnmodifiableView();
+ }
+ /**
+ * repeated string tempTestConsoleHeaderNames = 4;
+ * @return The count of tempTestConsoleHeaderNames.
+ */
+ public int getTempTestConsoleHeaderNamesCount() {
+ return tempTestConsoleHeaderNames_.size();
+ }
+ /**
+ * repeated string tempTestConsoleHeaderNames = 4;
+ * @param index The index of the element to return.
+ * @return The tempTestConsoleHeaderNames at the given index.
+ */
+ public java.lang.String getTempTestConsoleHeaderNames(int index) {
+ return tempTestConsoleHeaderNames_.get(index);
+ }
+ /**
+ * repeated string tempTestConsoleHeaderNames = 4;
+ * @param index The index of the value to return.
+ * @return The bytes of the tempTestConsoleHeaderNames at the given index.
+ */
+ public com.google.protobuf.ByteString
+ getTempTestConsoleHeaderNamesBytes(int index) {
+ return tempTestConsoleHeaderNames_.getByteString(index);
+ }
+ /**
+ * repeated string tempTestConsoleHeaderNames = 4;
+ * @param index The index to set the value at.
+ * @param value The tempTestConsoleHeaderNames to set.
+ * @return This builder for chaining.
+ */
+ public Builder setTempTestConsoleHeaderNames(
+ int index, java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureTempTestConsoleHeaderNamesIsMutable();
+ tempTestConsoleHeaderNames_.set(index, value);
+ onChanged();
+ return this;
+ }
+ /**
+ * repeated string tempTestConsoleHeaderNames = 4;
+ * @param value The tempTestConsoleHeaderNames to add.
+ * @return This builder for chaining.
+ */
+ public Builder addTempTestConsoleHeaderNames(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureTempTestConsoleHeaderNamesIsMutable();
+ tempTestConsoleHeaderNames_.add(value);
+ onChanged();
+ return this;
+ }
+ /**
+ * repeated string tempTestConsoleHeaderNames = 4;
+ * @param values The tempTestConsoleHeaderNames to add.
+ * @return This builder for chaining.
+ */
+ public Builder addAllTempTestConsoleHeaderNames(
+ java.lang.Iterable values) {
+ ensureTempTestConsoleHeaderNamesIsMutable();
+ com.google.protobuf.AbstractMessageLite.Builder.addAll(
+ values, tempTestConsoleHeaderNames_);
+ onChanged();
+ return this;
+ }
+ /**
+ * repeated string tempTestConsoleHeaderNames = 4;
+ * @return This builder for chaining.
+ */
+ public Builder clearTempTestConsoleHeaderNames() {
+ tempTestConsoleHeaderNames_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ bitField0_ = (bitField0_ & ~0x00000001);
+ onChanged();
+ return this;
+ }
+ /**
+ * repeated string tempTestConsoleHeaderNames = 4;
+ * @param value The bytes of the tempTestConsoleHeaderNames to add.
+ * @return This builder for chaining.
+ */
+ public Builder addTempTestConsoleHeaderNamesBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+ ensureTempTestConsoleHeaderNamesIsMutable();
+ tempTestConsoleHeaderNames_.add(value);
+ onChanged();
+ return this;
+ }
+
+ private java.lang.Object tempTestConsoleHeadersMode_ = "";
+ /**
+ * string tempTestConsoleHeadersMode = 5;
+ * @return The tempTestConsoleHeadersMode.
+ */
+ public java.lang.String getTempTestConsoleHeadersMode() {
+ java.lang.Object ref = tempTestConsoleHeadersMode_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs =
+ (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ tempTestConsoleHeadersMode_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ * string tempTestConsoleHeadersMode = 5;
+ * @return The bytes for tempTestConsoleHeadersMode.
+ */
+ public com.google.protobuf.ByteString
+ getTempTestConsoleHeadersModeBytes() {
+ java.lang.Object ref = tempTestConsoleHeadersMode_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8(
+ (java.lang.String) ref);
+ tempTestConsoleHeadersMode_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ * string tempTestConsoleHeadersMode = 5;
+ * @param value The tempTestConsoleHeadersMode to set.
+ * @return This builder for chaining.
+ */
+ public Builder setTempTestConsoleHeadersMode(
+ java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ tempTestConsoleHeadersMode_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ * string tempTestConsoleHeadersMode = 5;
+ * @return This builder for chaining.
+ */
+ public Builder clearTempTestConsoleHeadersMode() {
+
+ tempTestConsoleHeadersMode_ = getDefaultInstance().getTempTestConsoleHeadersMode();
+ onChanged();
+ return this;
+ }
+ /**
+ * string tempTestConsoleHeadersMode = 5;
+ * @param value The bytes for tempTestConsoleHeadersMode to set.
+ * @return This builder for chaining.
+ */
+ public Builder setTempTestConsoleHeadersModeBytes(
+ com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ tempTestConsoleHeadersMode_ = value;
+ onChanged();
+ return this;
+ }
@java.lang.Override
public final Builder setUnknownFields(
final com.google.protobuf.UnknownFieldSet unknownFields) {
diff --git a/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeaderOrBuilder.java b/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeaderOrBuilder.java
index a9a6f0beaa..82218a9597 100644
--- a/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeaderOrBuilder.java
+++ b/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeaderOrBuilder.java
@@ -48,4 +48,41 @@ public interface AuthHeaderOrBuilder extends
*/
com.google.protobuf.ByteString
getTestConsoleHeaderNameBytes();
+
+ /**
+ * repeated string tempTestConsoleHeaderNames = 4;
+ * @return A list containing the tempTestConsoleHeaderNames.
+ */
+ java.util.List
+ getTempTestConsoleHeaderNamesList();
+ /**
+ * repeated string tempTestConsoleHeaderNames = 4;
+ * @return The count of tempTestConsoleHeaderNames.
+ */
+ int getTempTestConsoleHeaderNamesCount();
+ /**
+ * repeated string tempTestConsoleHeaderNames = 4;
+ * @param index The index of the element to return.
+ * @return The tempTestConsoleHeaderNames at the given index.
+ */
+ java.lang.String getTempTestConsoleHeaderNames(int index);
+ /**
+ * repeated string tempTestConsoleHeaderNames = 4;
+ * @param index The index of the value to return.
+ * @return The bytes of the tempTestConsoleHeaderNames at the given index.
+ */
+ com.google.protobuf.ByteString
+ getTempTestConsoleHeaderNamesBytes(int index);
+
+ /**
+ * string tempTestConsoleHeadersMode = 5;
+ * @return The tempTestConsoleHeadersMode.
+ */
+ java.lang.String getTempTestConsoleHeadersMode();
+ /**
+ * string tempTestConsoleHeadersMode = 5;
+ * @return The bytes for tempTestConsoleHeadersMode.
+ */
+ com.google.protobuf.ByteString
+ getTempTestConsoleHeadersModeBytes();
}
diff --git a/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeaderProto.java b/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeaderProto.java
index c4bce0b6bb..15b81b86c7 100644
--- a/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeaderProto.java
+++ b/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeaderProto.java
@@ -30,13 +30,15 @@ public static void registerAllExtensions(
java.lang.String[] descriptorData = {
"\n0wso2/discovery/config/enforcer/auth_he" +
"ader.proto\022\036wso2.discovery.config.enforc" +
- "er\"j\n\nAuthHeader\022 \n\030enableOutboundAuthHe" +
- "ader\030\001 \001(\010\022\033\n\023authorizationHeader\030\002 \001(\t\022" +
- "\035\n\025testConsoleHeaderName\030\003 \001(\tB\226\001\n1org.w" +
- "so2.choreo.connect.discovery.config.enfo" +
- "rcerB\017AuthHeaderProtoP\001ZNgithub.com/envo" +
- "yproxy/go-control-plane/wso2/discovery/c" +
- "onfig/enforcer;enforcerb\006proto3"
+ "er\"\262\001\n\nAuthHeader\022 \n\030enableOutboundAuthH" +
+ "eader\030\001 \001(\010\022\033\n\023authorizationHeader\030\002 \001(\t" +
+ "\022\035\n\025testConsoleHeaderName\030\003 \001(\t\022\"\n\032tempT" +
+ "estConsoleHeaderNames\030\004 \003(\t\022\"\n\032tempTestC" +
+ "onsoleHeadersMode\030\005 \001(\tB\226\001\n1org.wso2.cho" +
+ "reo.connect.discovery.config.enforcerB\017A" +
+ "uthHeaderProtoP\001ZNgithub.com/envoyproxy/" +
+ "go-control-plane/wso2/discovery/config/e" +
+ "nforcer;enforcerb\006proto3"
};
descriptor = com.google.protobuf.Descriptors.FileDescriptor
.internalBuildGeneratedFileFrom(descriptorData,
@@ -47,7 +49,7 @@ public static void registerAllExtensions(
internal_static_wso2_discovery_config_enforcer_AuthHeader_fieldAccessorTable = new
com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
internal_static_wso2_discovery_config_enforcer_AuthHeader_descriptor,
- new java.lang.String[] { "EnableOutboundAuthHeader", "AuthorizationHeader", "TestConsoleHeaderName", });
+ new java.lang.String[] { "EnableOutboundAuthHeader", "AuthorizationHeader", "TestConsoleHeaderName", "TempTestConsoleHeaderNames", "TempTestConsoleHeadersMode", });
}
// @@protoc_insertion_point(outer_class_scope)
diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/api/Utils.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/api/Utils.java
index 1c7a2f9b6b..b7a889fff5 100644
--- a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/api/Utils.java
+++ b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/api/Utils.java
@@ -29,6 +29,7 @@
import org.wso2.choreo.connect.enforcer.config.ConfigHolder;
import org.wso2.choreo.connect.enforcer.config.dto.AuthHeaderDto;
import org.wso2.choreo.connect.enforcer.constants.APIConstants;
+import org.wso2.choreo.connect.enforcer.constants.Constants;
import org.wso2.choreo.connect.enforcer.util.FilterUtils;
import java.util.ArrayList;
@@ -120,6 +121,17 @@ static void populateRemoveAndProtectedHeaders(RequestContext requestContext) {
// to backend and traffic manager.
String internalKeyHeader = ConfigHolder.getInstance().getConfig().getAuthHeader()
.getTestConsoleHeaderName().toLowerCase();
+
+ // If the temp test console headers are in active mode,
+ // then those headers are also removed and considered as protected.
+ String tempConsoleTestHeadersMode = ConfigHolder.getInstance().getConfig().getAuthHeader()
+ .getTempTestConsoleTestHeadersMode();
+ if (Constants.TEMP_CONSOLE_TEST_HEADERS_ACTIVE_MODE.equals(tempConsoleTestHeadersMode)) {
+ List tempConsoleTestHeaders = ConfigHolder.getInstance().getConfig().getAuthHeader()
+ .getTempTestConsoleHeaderNames();
+ requestContext.getRemoveHeaders().addAll(tempConsoleTestHeaders);
+ requestContext.getProtectedHeaders().addAll(tempConsoleTestHeaders);
+ }
requestContext.getRemoveHeaders().add(internalKeyHeader);
// Avoid internal key being published to the Traffic Manager
requestContext.getProtectedHeaders().add(internalKeyHeader);
diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/config/ConfigHolder.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/config/ConfigHolder.java
index 9291358b05..8f66e1e938 100644
--- a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/config/ConfigHolder.java
+++ b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/config/ConfigHolder.java
@@ -208,6 +208,8 @@ private void populateAuthHeaderConfigurations(AuthHeader authHeader) {
authHeaderDto.setAuthorizationHeader(authHeader.getAuthorizationHeader());
authHeaderDto.setEnableOutboundAuthHeader(authHeader.getEnableOutboundAuthHeader());
authHeaderDto.setTestConsoleHeaderName(authHeader.getTestConsoleHeaderName());
+ authHeaderDto.setTempTestConsoleHeaderNames(authHeader.getTempTestConsoleHeaderNamesList());
+ authHeaderDto.setTempTestConsoleTestHeadersMode(authHeader.getTempTestConsoleHeadersMode());
config.setAuthHeader(authHeaderDto);
}
diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/config/dto/AuthHeaderDto.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/config/dto/AuthHeaderDto.java
index f673212c70..2d0345d7cf 100644
--- a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/config/dto/AuthHeaderDto.java
+++ b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/config/dto/AuthHeaderDto.java
@@ -18,6 +18,11 @@
package org.wso2.choreo.connect.enforcer.config.dto;
+import org.apache.commons.lang.StringUtils;
+
+import java.util.ArrayList;
+import java.util.List;
+
/**
* This contains authorization header properties.
*/
@@ -25,6 +30,8 @@ public class AuthHeaderDto {
private boolean enableOutboundAuthHeader = false;
private String authorizationHeader = "";
private String testConsoleHeaderName = "";
+ private List tempTestConsoleHeaderNames = new ArrayList<>();
+ private String tempTestConsoleTestHeadersMode = "";
public String getAuthorizationHeader() {
return authorizationHeader;
@@ -49,4 +56,24 @@ public void setTestConsoleHeaderName(String testConsoleHeaderName) {
public String getTestConsoleHeaderName() {
return testConsoleHeaderName;
}
+
+ public void setTempTestConsoleHeaderNames(List tempTestConsoleHeaderNames) {
+ if (tempTestConsoleHeaderNames != null) {
+ this.tempTestConsoleHeaderNames = tempTestConsoleHeaderNames;
+ }
+ }
+
+ public List getTempTestConsoleHeaderNames() {
+ return tempTestConsoleHeaderNames;
+ }
+
+ public void setTempTestConsoleTestHeadersMode(String mode) {
+ if (StringUtils.isNotBlank(mode)) {
+ this.tempTestConsoleTestHeadersMode = mode.toLowerCase();
+ }
+ }
+
+ public String getTempTestConsoleTestHeadersMode() {
+ return tempTestConsoleTestHeadersMode;
+ }
}
diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/constants/Constants.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/constants/Constants.java
index bf022b5274..276b3dc525 100644
--- a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/constants/Constants.java
+++ b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/constants/Constants.java
@@ -74,4 +74,8 @@ public class Constants {
// keyword to identify API-Key sent in sec-websocket-protocol header
public static final String WS_API_KEY_IDENTIFIER = "choreo-internal-API-Key";
+
+ // Modes for the temporary console test headers.
+ public static final String TEMP_CONSOLE_TEST_HEADERS_MONITOR_MODE = "monitor";
+ public static final String TEMP_CONSOLE_TEST_HEADERS_ACTIVE_MODE = "active";
}
diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/InternalAPIKeyAuthenticator.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/InternalAPIKeyAuthenticator.java
index 84557b5c37..6ab904c2ae 100644
--- a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/InternalAPIKeyAuthenticator.java
+++ b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/InternalAPIKeyAuthenticator.java
@@ -51,6 +51,7 @@
import java.text.ParseException;
import java.util.Arrays;
+import java.util.List;
import java.util.stream.Collectors;
/**
@@ -60,6 +61,8 @@ public class InternalAPIKeyAuthenticator extends APIKeyHandler {
private static final Log log = LogFactory.getLog(InternalAPIKeyAuthenticator.class);
private String securityParam;
+ private List tempConsoleTestHeaders;
+ private String tempTestConsoleHeadersMode;
private AbstractAPIMgtGatewayJWTGenerator jwtGenerator;
private final boolean isGatewayTokenCacheEnabled;
@@ -70,6 +73,10 @@ public InternalAPIKeyAuthenticator(String securityParam) {
if (enforcerConfig.getJwtConfigurationDto().isEnabled()) {
this.jwtGenerator = BackendJwtUtils.getApiMgtGatewayJWTGenerator();
}
+ this.tempConsoleTestHeaders = ConfigHolder.getInstance().getConfig().getAuthHeader()
+ .getTempTestConsoleHeaderNames();
+ this.tempTestConsoleHeadersMode = ConfigHolder.getInstance().getConfig().getAuthHeader()
+ .getTempTestConsoleTestHeadersMode();
}
@Override
@@ -77,6 +84,12 @@ public boolean canAuthenticate(RequestContext requestContext) {
String apiType = requestContext.getMatchedAPI().getApiType();
String internalKey = requestContext.getHeaders().get(
ConfigHolder.getInstance().getConfig().getAuthHeader().getTestConsoleHeaderName().toLowerCase());
+ if (internalKey == null &&
+ Constants.TEMP_CONSOLE_TEST_HEADERS_ACTIVE_MODE.equals(tempTestConsoleHeadersMode)) {
+ internalKey = tempConsoleTestHeaders.stream().map(header -> requestContext.getHeaders().get(header))
+ .filter(this::isAPIKey)
+ .findFirst().orElse(null);
+ }
if (apiType.equalsIgnoreCase(APIConstants.ApiType.WEB_SOCKET)) {
if (internalKey == null) {
internalKey = extractInternalKeyInWSProtocolHeader(requestContext);
@@ -296,6 +309,12 @@ public String getName() {
private String extractInternalKey(RequestContext requestContext) {
String internalKey;
internalKey = requestContext.getHeaders().get(securityParam);
+ if (internalKey == null &&
+ Constants.TEMP_CONSOLE_TEST_HEADERS_ACTIVE_MODE.equals(tempTestConsoleHeadersMode)) {
+ internalKey = tempConsoleTestHeaders.stream().map(header -> requestContext.getHeaders().get(header))
+ .filter(this::isAPIKey)
+ .findFirst().orElse(null);
+ }
if (internalKey != null) {
return internalKey.trim();
}
diff --git a/enforcer-parent/enforcer/src/test/java/org/wso2/choreo/connect/enforcer/security/jwt/InternalAPIKeyAuthenticatorTest.java b/enforcer-parent/enforcer/src/test/java/org/wso2/choreo/connect/enforcer/security/jwt/InternalAPIKeyAuthenticatorTest.java
index 9bae7cd042..78af33aade 100644
--- a/enforcer-parent/enforcer/src/test/java/org/wso2/choreo/connect/enforcer/security/jwt/InternalAPIKeyAuthenticatorTest.java
+++ b/enforcer-parent/enforcer/src/test/java/org/wso2/choreo/connect/enforcer/security/jwt/InternalAPIKeyAuthenticatorTest.java
@@ -34,6 +34,7 @@
import org.wso2.choreo.connect.enforcer.commons.model.RequestContext;
import org.wso2.choreo.connect.enforcer.config.ConfigHolder;
import org.wso2.choreo.connect.enforcer.config.EnforcerConfig;
+import org.wso2.choreo.connect.enforcer.config.dto.AuthHeaderDto;
import org.wso2.choreo.connect.enforcer.config.dto.CacheDto;
@RunWith(PowerMockRunner.class)
@PrepareForTest({ConfigHolder.class})
@@ -45,6 +46,7 @@ public void extractInternalKeyInWSProtocolHeaderTest() {
PowerMockito.mockStatic(ConfigHolder.class);
ConfigHolder configHolder = Mockito.mock(ConfigHolder.class);
EnforcerConfig enforcerConfig = Mockito.mock(EnforcerConfig.class);
+ AuthHeaderDto authHeaderDto = Mockito.mock(AuthHeaderDto.class);
CacheDto cacheDto = Mockito.mock(CacheDto.class);
Mockito.when(cacheDto.isEnabled()).thenReturn(true);
Mockito.when(enforcerConfig.getCacheDto()).thenReturn(cacheDto);
@@ -53,6 +55,7 @@ public void extractInternalKeyInWSProtocolHeaderTest() {
Mockito.when(enforcerConfig.getJwtConfigurationDto()).thenReturn(jwtConfigurationDto);
Mockito.when(configHolder.getConfig()).thenReturn(enforcerConfig);
Mockito.when(ConfigHolder.getInstance()).thenReturn(configHolder);
+ Mockito.when(ConfigHolder.getInstance().getConfig().getAuthHeader()).thenReturn(authHeaderDto);
String securityParam = "API-Key";
@@ -98,6 +101,7 @@ public void getProtocolsToSetInRequestHeadersTest() {
PowerMockito.mockStatic(ConfigHolder.class);
ConfigHolder configHolder = Mockito.mock(ConfigHolder.class);
EnforcerConfig enforcerConfig = Mockito.mock(EnforcerConfig.class);
+ AuthHeaderDto authHeaderDto = Mockito.mock(AuthHeaderDto.class);
CacheDto cacheDto = Mockito.mock(CacheDto.class);
Mockito.when(cacheDto.isEnabled()).thenReturn(true);
Mockito.when(enforcerConfig.getCacheDto()).thenReturn(cacheDto);
@@ -106,6 +110,7 @@ public void getProtocolsToSetInRequestHeadersTest() {
Mockito.when(enforcerConfig.getJwtConfigurationDto()).thenReturn(jwtConfigurationDto);
Mockito.when(configHolder.getConfig()).thenReturn(enforcerConfig);
Mockito.when(ConfigHolder.getInstance()).thenReturn(configHolder);
+ Mockito.when(ConfigHolder.getInstance().getConfig().getAuthHeader()).thenReturn(authHeaderDto);
String securityParam = "API-Key";
diff --git a/resources/conf/config.toml.template b/resources/conf/config.toml.template
index eeb4e61188..ce468d7933 100644
--- a/resources/conf/config.toml.template
+++ b/resources/conf/config.toml.template
@@ -351,6 +351,9 @@ enabled = true
# Header name for the authorization token coming from the downstream client
authorizationHeader = "authorization"
testConsoleHeaderName = "Internal-Key"
+ # Temporary additional headers for testConsoleHeaderName
+ tempTestConsoleHeaderNames = ["test-key"]
+ tempTestConsoleHeadersMode = "monitor"
# JWT token authorization configurations. You can provide multiple JWT issuers
# Issuer 1