From 01db51ae43ae72dc698964ebdb5d12eb6992f745 Mon Sep 17 00:00:00 2001 From: Mevan Date: Tue, 3 Sep 2024 22:57:09 +0530 Subject: [PATCH 1/3] Introduce temporary configs to support multiple headers for the Console testing --- adapter/config/default_config.go | 2 +- adapter/config/types.go | 8 +- adapter/internal/discovery/xds/marshaller.go | 8 +- .../config/enforcer/auth_header.pb.go | 32 +- .../config/enforcer/auth_header.proto | 4 + .../discovery/config/enforcer/AuthHeader.java | 333 ++++++++++++++++++ .../config/enforcer/AuthHeaderOrBuilder.java | 37 ++ .../config/enforcer/AuthHeaderProto.java | 18 +- .../choreo/connect/enforcer/api/Utils.java | 12 + .../connect/enforcer/config/ConfigHolder.java | 2 + .../enforcer/config/dto/AuthHeaderDto.java | 27 ++ .../connect/enforcer/constants/Constants.java | 4 + .../jwt/InternalAPIKeyAuthenticator.java | 19 + resources/conf/config.toml.template | 3 + 14 files changed, 490 insertions(+), 19 deletions(-) diff --git a/adapter/config/default_config.go b/adapter/config/default_config.go index 0df1c12dbf..af8136d821 100644 --- a/adapter/config/default_config.go +++ b/adapter/config/default_config.go @@ -120,7 +120,7 @@ var defaultConfig = &Config{ }, Retry: upstreamRetry{ MaxRetryCount: 5, - RetryOn: "connect-failure", + RetryOn: "connect-failure", BaseInterval: 25 * time.Millisecond, MaxInterval: 500 * time.Millisecond, StatusCodes: []uint32{504}, diff --git a/adapter/config/types.go b/adapter/config/types.go index 2a0f04333d..2c2c724a11 100644 --- a/adapter/config/types.go +++ b/adapter/config/types.go @@ -478,9 +478,11 @@ type analyticsEnforcer struct { } type authHeader struct { - EnableOutboundAuthHeader bool - AuthorizationHeader string - TestConsoleHeaderName string + EnableOutboundAuthHeader bool + AuthorizationHeader string + TestConsoleHeaderName string + TempTestConsoleHeaderNames []string + TempTestConsoleHeadersMode string } type jwtIssuer struct { diff --git a/adapter/internal/discovery/xds/marshaller.go b/adapter/internal/discovery/xds/marshaller.go index 29a331c7fc..134ff75e63 100644 --- a/adapter/internal/discovery/xds/marshaller.go +++ b/adapter/internal/discovery/xds/marshaller.go @@ -211,9 +211,11 @@ func MarshalConfig(config *config.Config) *enforcer.Config { Security: &enforcer.Security{ TokenService: issuers, AuthHeader: &enforcer.AuthHeader{ - EnableOutboundAuthHeader: config.Enforcer.Security.AuthHeader.EnableOutboundAuthHeader, - AuthorizationHeader: config.Enforcer.Security.AuthHeader.AuthorizationHeader, - TestConsoleHeaderName: config.Enforcer.Security.AuthHeader.TestConsoleHeaderName, + EnableOutboundAuthHeader: config.Enforcer.Security.AuthHeader.EnableOutboundAuthHeader, + AuthorizationHeader: config.Enforcer.Security.AuthHeader.AuthorizationHeader, + TestConsoleHeaderName: config.Enforcer.Security.AuthHeader.TestConsoleHeaderName, + TempTestConsoleHeaderNames: config.Enforcer.Security.AuthHeader.TempTestConsoleHeaderNames, + TempTestConsoleHeadersMode: config.Enforcer.Security.AuthHeader.TempTestConsoleHeadersMode, }, }, Cache: cache, diff --git a/adapter/pkg/discovery/api/wso2/discovery/config/enforcer/auth_header.pb.go b/adapter/pkg/discovery/api/wso2/discovery/config/enforcer/auth_header.pb.go index 9d1093c330..93726cb8db 100644 --- a/adapter/pkg/discovery/api/wso2/discovery/config/enforcer/auth_header.pb.go +++ b/adapter/pkg/discovery/api/wso2/discovery/config/enforcer/auth_header.pb.go @@ -29,8 +29,10 @@ type AuthHeader struct { // Enable outbound auth header EnableOutboundAuthHeader bool `protobuf:"varint,1,opt,name=enableOutboundAuthHeader,proto3" json:"enableOutboundAuthHeader,omitempty"` // Auth header name - AuthorizationHeader string `protobuf:"bytes,2,opt,name=authorizationHeader,proto3" json:"authorizationHeader,omitempty"` - TestConsoleHeaderName string `protobuf:"bytes,3,opt,name=testConsoleHeaderName,proto3" json:"testConsoleHeaderName,omitempty"` + AuthorizationHeader string `protobuf:"bytes,2,opt,name=authorizationHeader,proto3" json:"authorizationHeader,omitempty"` + TestConsoleHeaderName string `protobuf:"bytes,3,opt,name=testConsoleHeaderName,proto3" json:"testConsoleHeaderName,omitempty"` + TempTestConsoleHeaderNames []string `protobuf:"bytes,4,rep,name=tempTestConsoleHeaderNames,proto3" json:"tempTestConsoleHeaderNames,omitempty"` + TempTestConsoleHeadersMode string `protobuf:"bytes,5,opt,name=tempTestConsoleHeadersMode,proto3" json:"tempTestConsoleHeadersMode,omitempty"` } func (x *AuthHeader) Reset() { @@ -86,6 +88,20 @@ func (x *AuthHeader) GetTestConsoleHeaderName() string { return "" } +func (x *AuthHeader) GetTempTestConsoleHeaderNames() []string { + if x != nil { + return x.TempTestConsoleHeaderNames + } + return nil +} + +func (x *AuthHeader) GetTempTestConsoleHeadersMode() string { + if x != nil { + return x.TempTestConsoleHeadersMode + } + return "" +} + var File_wso2_discovery_config_enforcer_auth_header_proto protoreflect.FileDescriptor var file_wso2_discovery_config_enforcer_auth_header_proto_rawDesc = []byte{ @@ -94,7 +110,7 @@ var file_wso2_discovery_config_enforcer_auth_header_proto_rawDesc = []byte{ 0x2f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x77, 0x73, 0x6f, 0x32, 0x2e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, - 0x65, 0x72, 0x22, 0xb0, 0x01, 0x0a, 0x0a, 0x41, 0x75, 0x74, 0x68, 0x48, 0x65, 0x61, 0x64, 0x65, + 0x65, 0x72, 0x22, 0xb0, 0x02, 0x0a, 0x0a, 0x41, 0x75, 0x74, 0x68, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x3a, 0x0a, 0x18, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x41, 0x75, 0x74, 0x68, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x18, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x4f, 0x75, 0x74, 0x62, 0x6f, @@ -105,7 +121,15 @@ var file_wso2_discovery_config_enforcer_auth_header_proto_rawDesc = []byte{ 0x34, 0x0a, 0x15, 0x74, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x15, 0x74, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, - 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x42, 0x96, 0x01, 0x0a, 0x31, 0x6f, 0x72, 0x67, 0x2e, 0x77, 0x73, + 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x3e, 0x0a, 0x1a, 0x74, 0x65, 0x6d, 0x70, 0x54, 0x65, 0x73, + 0x74, 0x43, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, + 0x6d, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x1a, 0x74, 0x65, 0x6d, 0x70, 0x54, + 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, + 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x3e, 0x0a, 0x1a, 0x74, 0x65, 0x6d, 0x70, 0x54, 0x65, 0x73, + 0x74, 0x43, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x4d, + 0x6f, 0x64, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1a, 0x74, 0x65, 0x6d, 0x70, 0x54, + 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, + 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x42, 0x96, 0x01, 0x0a, 0x31, 0x6f, 0x72, 0x67, 0x2e, 0x77, 0x73, 0x6f, 0x32, 0x2e, 0x63, 0x68, 0x6f, 0x72, 0x65, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x2e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x72, 0x42, 0x0f, 0x41, 0x75, 0x74, diff --git a/api/proto/wso2/discovery/config/enforcer/auth_header.proto b/api/proto/wso2/discovery/config/enforcer/auth_header.proto index 4ce95d901d..3d1ba11621 100644 --- a/api/proto/wso2/discovery/config/enforcer/auth_header.proto +++ b/api/proto/wso2/discovery/config/enforcer/auth_header.proto @@ -18,4 +18,8 @@ message AuthHeader { string authorizationHeader = 2; string testConsoleHeaderName = 3; + + repeated string tempTestConsoleHeaderNames = 4; + + string tempTestConsoleHeadersMode = 5; } diff --git a/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeader.java b/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeader.java index 2f7ebaef55..9e31b7e731 100644 --- a/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeader.java +++ b/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeader.java @@ -22,6 +22,8 @@ private AuthHeader(com.google.protobuf.GeneratedMessageV3.Builder builder) { private AuthHeader() { authorizationHeader_ = ""; testConsoleHeaderName_ = ""; + tempTestConsoleHeaderNames_ = com.google.protobuf.LazyStringArrayList.EMPTY; + tempTestConsoleHeadersMode_ = ""; } @java.lang.Override @@ -44,6 +46,7 @@ private AuthHeader( if (extensionRegistry == null) { throw new java.lang.NullPointerException(); } + int mutable_bitField0_ = 0; com.google.protobuf.UnknownFieldSet.Builder unknownFields = com.google.protobuf.UnknownFieldSet.newBuilder(); try { @@ -71,6 +74,21 @@ private AuthHeader( testConsoleHeaderName_ = s; break; } + case 34: { + java.lang.String s = input.readStringRequireUtf8(); + if (!((mutable_bitField0_ & 0x00000001) != 0)) { + tempTestConsoleHeaderNames_ = new com.google.protobuf.LazyStringArrayList(); + mutable_bitField0_ |= 0x00000001; + } + tempTestConsoleHeaderNames_.add(s); + break; + } + case 42: { + java.lang.String s = input.readStringRequireUtf8(); + + tempTestConsoleHeadersMode_ = s; + break; + } default: { if (!parseUnknownField( input, unknownFields, extensionRegistry, tag)) { @@ -86,6 +104,9 @@ private AuthHeader( throw new com.google.protobuf.InvalidProtocolBufferException( e).setUnfinishedMessage(this); } finally { + if (((mutable_bitField0_ & 0x00000001) != 0)) { + tempTestConsoleHeaderNames_ = tempTestConsoleHeaderNames_.getUnmodifiableView(); + } this.unknownFields = unknownFields.build(); makeExtensionsImmutable(); } @@ -202,6 +223,79 @@ public java.lang.String getTestConsoleHeaderName() { } } + public static final int TEMPTESTCONSOLEHEADERNAMES_FIELD_NUMBER = 4; + private com.google.protobuf.LazyStringList tempTestConsoleHeaderNames_; + /** + * repeated string tempTestConsoleHeaderNames = 4; + * @return A list containing the tempTestConsoleHeaderNames. + */ + public com.google.protobuf.ProtocolStringList + getTempTestConsoleHeaderNamesList() { + return tempTestConsoleHeaderNames_; + } + /** + * repeated string tempTestConsoleHeaderNames = 4; + * @return The count of tempTestConsoleHeaderNames. + */ + public int getTempTestConsoleHeaderNamesCount() { + return tempTestConsoleHeaderNames_.size(); + } + /** + * repeated string tempTestConsoleHeaderNames = 4; + * @param index The index of the element to return. + * @return The tempTestConsoleHeaderNames at the given index. + */ + public java.lang.String getTempTestConsoleHeaderNames(int index) { + return tempTestConsoleHeaderNames_.get(index); + } + /** + * repeated string tempTestConsoleHeaderNames = 4; + * @param index The index of the value to return. + * @return The bytes of the tempTestConsoleHeaderNames at the given index. + */ + public com.google.protobuf.ByteString + getTempTestConsoleHeaderNamesBytes(int index) { + return tempTestConsoleHeaderNames_.getByteString(index); + } + + public static final int TEMPTESTCONSOLEHEADERSMODE_FIELD_NUMBER = 5; + private volatile java.lang.Object tempTestConsoleHeadersMode_; + /** + * string tempTestConsoleHeadersMode = 5; + * @return The tempTestConsoleHeadersMode. + */ + @java.lang.Override + public java.lang.String getTempTestConsoleHeadersMode() { + java.lang.Object ref = tempTestConsoleHeadersMode_; + if (ref instanceof java.lang.String) { + return (java.lang.String) ref; + } else { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + tempTestConsoleHeadersMode_ = s; + return s; + } + } + /** + * string tempTestConsoleHeadersMode = 5; + * @return The bytes for tempTestConsoleHeadersMode. + */ + @java.lang.Override + public com.google.protobuf.ByteString + getTempTestConsoleHeadersModeBytes() { + java.lang.Object ref = tempTestConsoleHeadersMode_; + if (ref instanceof java.lang.String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + tempTestConsoleHeadersMode_ = b; + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + private byte memoizedIsInitialized = -1; @java.lang.Override public final boolean isInitialized() { @@ -225,6 +319,12 @@ public void writeTo(com.google.protobuf.CodedOutputStream output) if (!getTestConsoleHeaderNameBytes().isEmpty()) { com.google.protobuf.GeneratedMessageV3.writeString(output, 3, testConsoleHeaderName_); } + for (int i = 0; i < tempTestConsoleHeaderNames_.size(); i++) { + com.google.protobuf.GeneratedMessageV3.writeString(output, 4, tempTestConsoleHeaderNames_.getRaw(i)); + } + if (!getTempTestConsoleHeadersModeBytes().isEmpty()) { + com.google.protobuf.GeneratedMessageV3.writeString(output, 5, tempTestConsoleHeadersMode_); + } unknownFields.writeTo(output); } @@ -244,6 +344,17 @@ public int getSerializedSize() { if (!getTestConsoleHeaderNameBytes().isEmpty()) { size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, testConsoleHeaderName_); } + { + int dataSize = 0; + for (int i = 0; i < tempTestConsoleHeaderNames_.size(); i++) { + dataSize += computeStringSizeNoTag(tempTestConsoleHeaderNames_.getRaw(i)); + } + size += dataSize; + size += 1 * getTempTestConsoleHeaderNamesList().size(); + } + if (!getTempTestConsoleHeadersModeBytes().isEmpty()) { + size += com.google.protobuf.GeneratedMessageV3.computeStringSize(5, tempTestConsoleHeadersMode_); + } size += unknownFields.getSerializedSize(); memoizedSize = size; return size; @@ -265,6 +376,10 @@ public boolean equals(final java.lang.Object obj) { .equals(other.getAuthorizationHeader())) return false; if (!getTestConsoleHeaderName() .equals(other.getTestConsoleHeaderName())) return false; + if (!getTempTestConsoleHeaderNamesList() + .equals(other.getTempTestConsoleHeaderNamesList())) return false; + if (!getTempTestConsoleHeadersMode() + .equals(other.getTempTestConsoleHeadersMode())) return false; if (!unknownFields.equals(other.unknownFields)) return false; return true; } @@ -283,6 +398,12 @@ public int hashCode() { hash = (53 * hash) + getAuthorizationHeader().hashCode(); hash = (37 * hash) + TESTCONSOLEHEADERNAME_FIELD_NUMBER; hash = (53 * hash) + getTestConsoleHeaderName().hashCode(); + if (getTempTestConsoleHeaderNamesCount() > 0) { + hash = (37 * hash) + TEMPTESTCONSOLEHEADERNAMES_FIELD_NUMBER; + hash = (53 * hash) + getTempTestConsoleHeaderNamesList().hashCode(); + } + hash = (37 * hash) + TEMPTESTCONSOLEHEADERSMODE_FIELD_NUMBER; + hash = (53 * hash) + getTempTestConsoleHeadersMode().hashCode(); hash = (29 * hash) + unknownFields.hashCode(); memoizedHashCode = hash; return hash; @@ -426,6 +547,10 @@ public Builder clear() { testConsoleHeaderName_ = ""; + tempTestConsoleHeaderNames_ = com.google.protobuf.LazyStringArrayList.EMPTY; + bitField0_ = (bitField0_ & ~0x00000001); + tempTestConsoleHeadersMode_ = ""; + return this; } @@ -452,9 +577,16 @@ public org.wso2.choreo.connect.discovery.config.enforcer.AuthHeader build() { @java.lang.Override public org.wso2.choreo.connect.discovery.config.enforcer.AuthHeader buildPartial() { org.wso2.choreo.connect.discovery.config.enforcer.AuthHeader result = new org.wso2.choreo.connect.discovery.config.enforcer.AuthHeader(this); + int from_bitField0_ = bitField0_; result.enableOutboundAuthHeader_ = enableOutboundAuthHeader_; result.authorizationHeader_ = authorizationHeader_; result.testConsoleHeaderName_ = testConsoleHeaderName_; + if (((bitField0_ & 0x00000001) != 0)) { + tempTestConsoleHeaderNames_ = tempTestConsoleHeaderNames_.getUnmodifiableView(); + bitField0_ = (bitField0_ & ~0x00000001); + } + result.tempTestConsoleHeaderNames_ = tempTestConsoleHeaderNames_; + result.tempTestConsoleHeadersMode_ = tempTestConsoleHeadersMode_; onBuilt(); return result; } @@ -514,6 +646,20 @@ public Builder mergeFrom(org.wso2.choreo.connect.discovery.config.enforcer.AuthH testConsoleHeaderName_ = other.testConsoleHeaderName_; onChanged(); } + if (!other.tempTestConsoleHeaderNames_.isEmpty()) { + if (tempTestConsoleHeaderNames_.isEmpty()) { + tempTestConsoleHeaderNames_ = other.tempTestConsoleHeaderNames_; + bitField0_ = (bitField0_ & ~0x00000001); + } else { + ensureTempTestConsoleHeaderNamesIsMutable(); + tempTestConsoleHeaderNames_.addAll(other.tempTestConsoleHeaderNames_); + } + onChanged(); + } + if (!other.getTempTestConsoleHeadersMode().isEmpty()) { + tempTestConsoleHeadersMode_ = other.tempTestConsoleHeadersMode_; + onChanged(); + } this.mergeUnknownFields(other.unknownFields); onChanged(); return this; @@ -542,6 +688,7 @@ public Builder mergeFrom( } return this; } + private int bitField0_; private boolean enableOutboundAuthHeader_ ; /** @@ -757,6 +904,192 @@ public Builder setTestConsoleHeaderNameBytes( onChanged(); return this; } + + private com.google.protobuf.LazyStringList tempTestConsoleHeaderNames_ = com.google.protobuf.LazyStringArrayList.EMPTY; + private void ensureTempTestConsoleHeaderNamesIsMutable() { + if (!((bitField0_ & 0x00000001) != 0)) { + tempTestConsoleHeaderNames_ = new com.google.protobuf.LazyStringArrayList(tempTestConsoleHeaderNames_); + bitField0_ |= 0x00000001; + } + } + /** + * repeated string tempTestConsoleHeaderNames = 4; + * @return A list containing the tempTestConsoleHeaderNames. + */ + public com.google.protobuf.ProtocolStringList + getTempTestConsoleHeaderNamesList() { + return tempTestConsoleHeaderNames_.getUnmodifiableView(); + } + /** + * repeated string tempTestConsoleHeaderNames = 4; + * @return The count of tempTestConsoleHeaderNames. + */ + public int getTempTestConsoleHeaderNamesCount() { + return tempTestConsoleHeaderNames_.size(); + } + /** + * repeated string tempTestConsoleHeaderNames = 4; + * @param index The index of the element to return. + * @return The tempTestConsoleHeaderNames at the given index. + */ + public java.lang.String getTempTestConsoleHeaderNames(int index) { + return tempTestConsoleHeaderNames_.get(index); + } + /** + * repeated string tempTestConsoleHeaderNames = 4; + * @param index The index of the value to return. + * @return The bytes of the tempTestConsoleHeaderNames at the given index. + */ + public com.google.protobuf.ByteString + getTempTestConsoleHeaderNamesBytes(int index) { + return tempTestConsoleHeaderNames_.getByteString(index); + } + /** + * repeated string tempTestConsoleHeaderNames = 4; + * @param index The index to set the value at. + * @param value The tempTestConsoleHeaderNames to set. + * @return This builder for chaining. + */ + public Builder setTempTestConsoleHeaderNames( + int index, java.lang.String value) { + if (value == null) { + throw new NullPointerException(); + } + ensureTempTestConsoleHeaderNamesIsMutable(); + tempTestConsoleHeaderNames_.set(index, value); + onChanged(); + return this; + } + /** + * repeated string tempTestConsoleHeaderNames = 4; + * @param value The tempTestConsoleHeaderNames to add. + * @return This builder for chaining. + */ + public Builder addTempTestConsoleHeaderNames( + java.lang.String value) { + if (value == null) { + throw new NullPointerException(); + } + ensureTempTestConsoleHeaderNamesIsMutable(); + tempTestConsoleHeaderNames_.add(value); + onChanged(); + return this; + } + /** + * repeated string tempTestConsoleHeaderNames = 4; + * @param values The tempTestConsoleHeaderNames to add. + * @return This builder for chaining. + */ + public Builder addAllTempTestConsoleHeaderNames( + java.lang.Iterable values) { + ensureTempTestConsoleHeaderNamesIsMutable(); + com.google.protobuf.AbstractMessageLite.Builder.addAll( + values, tempTestConsoleHeaderNames_); + onChanged(); + return this; + } + /** + * repeated string tempTestConsoleHeaderNames = 4; + * @return This builder for chaining. + */ + public Builder clearTempTestConsoleHeaderNames() { + tempTestConsoleHeaderNames_ = com.google.protobuf.LazyStringArrayList.EMPTY; + bitField0_ = (bitField0_ & ~0x00000001); + onChanged(); + return this; + } + /** + * repeated string tempTestConsoleHeaderNames = 4; + * @param value The bytes of the tempTestConsoleHeaderNames to add. + * @return This builder for chaining. + */ + public Builder addTempTestConsoleHeaderNamesBytes( + com.google.protobuf.ByteString value) { + if (value == null) { + throw new NullPointerException(); + } + checkByteStringIsUtf8(value); + ensureTempTestConsoleHeaderNamesIsMutable(); + tempTestConsoleHeaderNames_.add(value); + onChanged(); + return this; + } + + private java.lang.Object tempTestConsoleHeadersMode_ = ""; + /** + * string tempTestConsoleHeadersMode = 5; + * @return The tempTestConsoleHeadersMode. + */ + public java.lang.String getTempTestConsoleHeadersMode() { + java.lang.Object ref = tempTestConsoleHeadersMode_; + if (!(ref instanceof java.lang.String)) { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + tempTestConsoleHeadersMode_ = s; + return s; + } else { + return (java.lang.String) ref; + } + } + /** + * string tempTestConsoleHeadersMode = 5; + * @return The bytes for tempTestConsoleHeadersMode. + */ + public com.google.protobuf.ByteString + getTempTestConsoleHeadersModeBytes() { + java.lang.Object ref = tempTestConsoleHeadersMode_; + if (ref instanceof String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + tempTestConsoleHeadersMode_ = b; + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + /** + * string tempTestConsoleHeadersMode = 5; + * @param value The tempTestConsoleHeadersMode to set. + * @return This builder for chaining. + */ + public Builder setTempTestConsoleHeadersMode( + java.lang.String value) { + if (value == null) { + throw new NullPointerException(); + } + + tempTestConsoleHeadersMode_ = value; + onChanged(); + return this; + } + /** + * string tempTestConsoleHeadersMode = 5; + * @return This builder for chaining. + */ + public Builder clearTempTestConsoleHeadersMode() { + + tempTestConsoleHeadersMode_ = getDefaultInstance().getTempTestConsoleHeadersMode(); + onChanged(); + return this; + } + /** + * string tempTestConsoleHeadersMode = 5; + * @param value The bytes for tempTestConsoleHeadersMode to set. + * @return This builder for chaining. + */ + public Builder setTempTestConsoleHeadersModeBytes( + com.google.protobuf.ByteString value) { + if (value == null) { + throw new NullPointerException(); + } + checkByteStringIsUtf8(value); + + tempTestConsoleHeadersMode_ = value; + onChanged(); + return this; + } @java.lang.Override public final Builder setUnknownFields( final com.google.protobuf.UnknownFieldSet unknownFields) { diff --git a/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeaderOrBuilder.java b/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeaderOrBuilder.java index a9a6f0beaa..82218a9597 100644 --- a/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeaderOrBuilder.java +++ b/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeaderOrBuilder.java @@ -48,4 +48,41 @@ public interface AuthHeaderOrBuilder extends */ com.google.protobuf.ByteString getTestConsoleHeaderNameBytes(); + + /** + * repeated string tempTestConsoleHeaderNames = 4; + * @return A list containing the tempTestConsoleHeaderNames. + */ + java.util.List + getTempTestConsoleHeaderNamesList(); + /** + * repeated string tempTestConsoleHeaderNames = 4; + * @return The count of tempTestConsoleHeaderNames. + */ + int getTempTestConsoleHeaderNamesCount(); + /** + * repeated string tempTestConsoleHeaderNames = 4; + * @param index The index of the element to return. + * @return The tempTestConsoleHeaderNames at the given index. + */ + java.lang.String getTempTestConsoleHeaderNames(int index); + /** + * repeated string tempTestConsoleHeaderNames = 4; + * @param index The index of the value to return. + * @return The bytes of the tempTestConsoleHeaderNames at the given index. + */ + com.google.protobuf.ByteString + getTempTestConsoleHeaderNamesBytes(int index); + + /** + * string tempTestConsoleHeadersMode = 5; + * @return The tempTestConsoleHeadersMode. + */ + java.lang.String getTempTestConsoleHeadersMode(); + /** + * string tempTestConsoleHeadersMode = 5; + * @return The bytes for tempTestConsoleHeadersMode. + */ + com.google.protobuf.ByteString + getTempTestConsoleHeadersModeBytes(); } diff --git a/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeaderProto.java b/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeaderProto.java index c4bce0b6bb..15b81b86c7 100644 --- a/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeaderProto.java +++ b/enforcer-parent/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeaderProto.java @@ -30,13 +30,15 @@ public static void registerAllExtensions( java.lang.String[] descriptorData = { "\n0wso2/discovery/config/enforcer/auth_he" + "ader.proto\022\036wso2.discovery.config.enforc" + - "er\"j\n\nAuthHeader\022 \n\030enableOutboundAuthHe" + - "ader\030\001 \001(\010\022\033\n\023authorizationHeader\030\002 \001(\t\022" + - "\035\n\025testConsoleHeaderName\030\003 \001(\tB\226\001\n1org.w" + - "so2.choreo.connect.discovery.config.enfo" + - "rcerB\017AuthHeaderProtoP\001ZNgithub.com/envo" + - "yproxy/go-control-plane/wso2/discovery/c" + - "onfig/enforcer;enforcerb\006proto3" + "er\"\262\001\n\nAuthHeader\022 \n\030enableOutboundAuthH" + + "eader\030\001 \001(\010\022\033\n\023authorizationHeader\030\002 \001(\t" + + "\022\035\n\025testConsoleHeaderName\030\003 \001(\t\022\"\n\032tempT" + + "estConsoleHeaderNames\030\004 \003(\t\022\"\n\032tempTestC" + + "onsoleHeadersMode\030\005 \001(\tB\226\001\n1org.wso2.cho" + + "reo.connect.discovery.config.enforcerB\017A" + + "uthHeaderProtoP\001ZNgithub.com/envoyproxy/" + + "go-control-plane/wso2/discovery/config/e" + + "nforcer;enforcerb\006proto3" }; descriptor = com.google.protobuf.Descriptors.FileDescriptor .internalBuildGeneratedFileFrom(descriptorData, @@ -47,7 +49,7 @@ public static void registerAllExtensions( internal_static_wso2_discovery_config_enforcer_AuthHeader_fieldAccessorTable = new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( internal_static_wso2_discovery_config_enforcer_AuthHeader_descriptor, - new java.lang.String[] { "EnableOutboundAuthHeader", "AuthorizationHeader", "TestConsoleHeaderName", }); + new java.lang.String[] { "EnableOutboundAuthHeader", "AuthorizationHeader", "TestConsoleHeaderName", "TempTestConsoleHeaderNames", "TempTestConsoleHeadersMode", }); } // @@protoc_insertion_point(outer_class_scope) diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/api/Utils.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/api/Utils.java index 1c7a2f9b6b..b7a889fff5 100644 --- a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/api/Utils.java +++ b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/api/Utils.java @@ -29,6 +29,7 @@ import org.wso2.choreo.connect.enforcer.config.ConfigHolder; import org.wso2.choreo.connect.enforcer.config.dto.AuthHeaderDto; import org.wso2.choreo.connect.enforcer.constants.APIConstants; +import org.wso2.choreo.connect.enforcer.constants.Constants; import org.wso2.choreo.connect.enforcer.util.FilterUtils; import java.util.ArrayList; @@ -120,6 +121,17 @@ static void populateRemoveAndProtectedHeaders(RequestContext requestContext) { // to backend and traffic manager. String internalKeyHeader = ConfigHolder.getInstance().getConfig().getAuthHeader() .getTestConsoleHeaderName().toLowerCase(); + + // If the temp test console headers are in active mode, + // then those headers are also removed and considered as protected. + String tempConsoleTestHeadersMode = ConfigHolder.getInstance().getConfig().getAuthHeader() + .getTempTestConsoleTestHeadersMode(); + if (Constants.TEMP_CONSOLE_TEST_HEADERS_ACTIVE_MODE.equals(tempConsoleTestHeadersMode)) { + List tempConsoleTestHeaders = ConfigHolder.getInstance().getConfig().getAuthHeader() + .getTempTestConsoleHeaderNames(); + requestContext.getRemoveHeaders().addAll(tempConsoleTestHeaders); + requestContext.getProtectedHeaders().addAll(tempConsoleTestHeaders); + } requestContext.getRemoveHeaders().add(internalKeyHeader); // Avoid internal key being published to the Traffic Manager requestContext.getProtectedHeaders().add(internalKeyHeader); diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/config/ConfigHolder.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/config/ConfigHolder.java index 9291358b05..8f66e1e938 100644 --- a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/config/ConfigHolder.java +++ b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/config/ConfigHolder.java @@ -208,6 +208,8 @@ private void populateAuthHeaderConfigurations(AuthHeader authHeader) { authHeaderDto.setAuthorizationHeader(authHeader.getAuthorizationHeader()); authHeaderDto.setEnableOutboundAuthHeader(authHeader.getEnableOutboundAuthHeader()); authHeaderDto.setTestConsoleHeaderName(authHeader.getTestConsoleHeaderName()); + authHeaderDto.setTempTestConsoleHeaderNames(authHeader.getTempTestConsoleHeaderNamesList()); + authHeaderDto.setTempTestConsoleTestHeadersMode(authHeader.getTempTestConsoleHeadersMode()); config.setAuthHeader(authHeaderDto); } diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/config/dto/AuthHeaderDto.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/config/dto/AuthHeaderDto.java index f673212c70..2d0345d7cf 100644 --- a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/config/dto/AuthHeaderDto.java +++ b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/config/dto/AuthHeaderDto.java @@ -18,6 +18,11 @@ package org.wso2.choreo.connect.enforcer.config.dto; +import org.apache.commons.lang.StringUtils; + +import java.util.ArrayList; +import java.util.List; + /** * This contains authorization header properties. */ @@ -25,6 +30,8 @@ public class AuthHeaderDto { private boolean enableOutboundAuthHeader = false; private String authorizationHeader = ""; private String testConsoleHeaderName = ""; + private List tempTestConsoleHeaderNames = new ArrayList<>(); + private String tempTestConsoleTestHeadersMode = ""; public String getAuthorizationHeader() { return authorizationHeader; @@ -49,4 +56,24 @@ public void setTestConsoleHeaderName(String testConsoleHeaderName) { public String getTestConsoleHeaderName() { return testConsoleHeaderName; } + + public void setTempTestConsoleHeaderNames(List tempTestConsoleHeaderNames) { + if (tempTestConsoleHeaderNames != null) { + this.tempTestConsoleHeaderNames = tempTestConsoleHeaderNames; + } + } + + public List getTempTestConsoleHeaderNames() { + return tempTestConsoleHeaderNames; + } + + public void setTempTestConsoleTestHeadersMode(String mode) { + if (StringUtils.isNotBlank(mode)) { + this.tempTestConsoleTestHeadersMode = mode.toLowerCase(); + } + } + + public String getTempTestConsoleTestHeadersMode() { + return tempTestConsoleTestHeadersMode; + } } diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/constants/Constants.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/constants/Constants.java index bf022b5274..276b3dc525 100644 --- a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/constants/Constants.java +++ b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/constants/Constants.java @@ -74,4 +74,8 @@ public class Constants { // keyword to identify API-Key sent in sec-websocket-protocol header public static final String WS_API_KEY_IDENTIFIER = "choreo-internal-API-Key"; + + // Modes for the temporary console test headers. + public static final String TEMP_CONSOLE_TEST_HEADERS_MONITOR_MODE = "monitor"; + public static final String TEMP_CONSOLE_TEST_HEADERS_ACTIVE_MODE = "active"; } diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/InternalAPIKeyAuthenticator.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/InternalAPIKeyAuthenticator.java index 84557b5c37..6ab904c2ae 100644 --- a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/InternalAPIKeyAuthenticator.java +++ b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/InternalAPIKeyAuthenticator.java @@ -51,6 +51,7 @@ import java.text.ParseException; import java.util.Arrays; +import java.util.List; import java.util.stream.Collectors; /** @@ -60,6 +61,8 @@ public class InternalAPIKeyAuthenticator extends APIKeyHandler { private static final Log log = LogFactory.getLog(InternalAPIKeyAuthenticator.class); private String securityParam; + private List tempConsoleTestHeaders; + private String tempTestConsoleHeadersMode; private AbstractAPIMgtGatewayJWTGenerator jwtGenerator; private final boolean isGatewayTokenCacheEnabled; @@ -70,6 +73,10 @@ public InternalAPIKeyAuthenticator(String securityParam) { if (enforcerConfig.getJwtConfigurationDto().isEnabled()) { this.jwtGenerator = BackendJwtUtils.getApiMgtGatewayJWTGenerator(); } + this.tempConsoleTestHeaders = ConfigHolder.getInstance().getConfig().getAuthHeader() + .getTempTestConsoleHeaderNames(); + this.tempTestConsoleHeadersMode = ConfigHolder.getInstance().getConfig().getAuthHeader() + .getTempTestConsoleTestHeadersMode(); } @Override @@ -77,6 +84,12 @@ public boolean canAuthenticate(RequestContext requestContext) { String apiType = requestContext.getMatchedAPI().getApiType(); String internalKey = requestContext.getHeaders().get( ConfigHolder.getInstance().getConfig().getAuthHeader().getTestConsoleHeaderName().toLowerCase()); + if (internalKey == null && + Constants.TEMP_CONSOLE_TEST_HEADERS_ACTIVE_MODE.equals(tempTestConsoleHeadersMode)) { + internalKey = tempConsoleTestHeaders.stream().map(header -> requestContext.getHeaders().get(header)) + .filter(this::isAPIKey) + .findFirst().orElse(null); + } if (apiType.equalsIgnoreCase(APIConstants.ApiType.WEB_SOCKET)) { if (internalKey == null) { internalKey = extractInternalKeyInWSProtocolHeader(requestContext); @@ -296,6 +309,12 @@ public String getName() { private String extractInternalKey(RequestContext requestContext) { String internalKey; internalKey = requestContext.getHeaders().get(securityParam); + if (internalKey == null && + Constants.TEMP_CONSOLE_TEST_HEADERS_ACTIVE_MODE.equals(tempTestConsoleHeadersMode)) { + internalKey = tempConsoleTestHeaders.stream().map(header -> requestContext.getHeaders().get(header)) + .filter(this::isAPIKey) + .findFirst().orElse(null); + } if (internalKey != null) { return internalKey.trim(); } diff --git a/resources/conf/config.toml.template b/resources/conf/config.toml.template index eeb4e61188..ce468d7933 100644 --- a/resources/conf/config.toml.template +++ b/resources/conf/config.toml.template @@ -351,6 +351,9 @@ enabled = true # Header name for the authorization token coming from the downstream client authorizationHeader = "authorization" testConsoleHeaderName = "Internal-Key" + # Temporary additional headers for testConsoleHeaderName + tempTestConsoleHeaderNames = ["test-key"] + tempTestConsoleHeadersMode = "monitor" # JWT token authorization configurations. You can provide multiple JWT issuers # Issuer 1 From 605abb21419692bb8063b33a30af68c8bdc0fecc Mon Sep 17 00:00:00 2001 From: Mevan Date: Wed, 4 Sep 2024 11:04:37 +0530 Subject: [PATCH 2/3] Fix unit test failures --- .../security/jwt/InternalAPIKeyAuthenticatorTest.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/enforcer-parent/enforcer/src/test/java/org/wso2/choreo/connect/enforcer/security/jwt/InternalAPIKeyAuthenticatorTest.java b/enforcer-parent/enforcer/src/test/java/org/wso2/choreo/connect/enforcer/security/jwt/InternalAPIKeyAuthenticatorTest.java index 9bae7cd042..78af33aade 100644 --- a/enforcer-parent/enforcer/src/test/java/org/wso2/choreo/connect/enforcer/security/jwt/InternalAPIKeyAuthenticatorTest.java +++ b/enforcer-parent/enforcer/src/test/java/org/wso2/choreo/connect/enforcer/security/jwt/InternalAPIKeyAuthenticatorTest.java @@ -34,6 +34,7 @@ import org.wso2.choreo.connect.enforcer.commons.model.RequestContext; import org.wso2.choreo.connect.enforcer.config.ConfigHolder; import org.wso2.choreo.connect.enforcer.config.EnforcerConfig; +import org.wso2.choreo.connect.enforcer.config.dto.AuthHeaderDto; import org.wso2.choreo.connect.enforcer.config.dto.CacheDto; @RunWith(PowerMockRunner.class) @PrepareForTest({ConfigHolder.class}) @@ -45,6 +46,7 @@ public void extractInternalKeyInWSProtocolHeaderTest() { PowerMockito.mockStatic(ConfigHolder.class); ConfigHolder configHolder = Mockito.mock(ConfigHolder.class); EnforcerConfig enforcerConfig = Mockito.mock(EnforcerConfig.class); + AuthHeaderDto authHeaderDto = Mockito.mock(AuthHeaderDto.class); CacheDto cacheDto = Mockito.mock(CacheDto.class); Mockito.when(cacheDto.isEnabled()).thenReturn(true); Mockito.when(enforcerConfig.getCacheDto()).thenReturn(cacheDto); @@ -53,6 +55,7 @@ public void extractInternalKeyInWSProtocolHeaderTest() { Mockito.when(enforcerConfig.getJwtConfigurationDto()).thenReturn(jwtConfigurationDto); Mockito.when(configHolder.getConfig()).thenReturn(enforcerConfig); Mockito.when(ConfigHolder.getInstance()).thenReturn(configHolder); + Mockito.when(ConfigHolder.getInstance().getConfig().getAuthHeader()).thenReturn(authHeaderDto); String securityParam = "API-Key"; @@ -98,6 +101,7 @@ public void getProtocolsToSetInRequestHeadersTest() { PowerMockito.mockStatic(ConfigHolder.class); ConfigHolder configHolder = Mockito.mock(ConfigHolder.class); EnforcerConfig enforcerConfig = Mockito.mock(EnforcerConfig.class); + AuthHeaderDto authHeaderDto = Mockito.mock(AuthHeaderDto.class); CacheDto cacheDto = Mockito.mock(CacheDto.class); Mockito.when(cacheDto.isEnabled()).thenReturn(true); Mockito.when(enforcerConfig.getCacheDto()).thenReturn(cacheDto); @@ -106,6 +110,7 @@ public void getProtocolsToSetInRequestHeadersTest() { Mockito.when(enforcerConfig.getJwtConfigurationDto()).thenReturn(jwtConfigurationDto); Mockito.when(configHolder.getConfig()).thenReturn(enforcerConfig); Mockito.when(ConfigHolder.getInstance()).thenReturn(configHolder); + Mockito.when(ConfigHolder.getInstance().getConfig().getAuthHeader()).thenReturn(authHeaderDto); String securityParam = "API-Key"; From cf6fc4f9e56ad1f0b1805ea0d1f4520dbf3e0038 Mon Sep 17 00:00:00 2001 From: Mevan Date: Mon, 9 Sep 2024 15:08:41 +0530 Subject: [PATCH 3/3] Set default configs for tempTestConsoleHeaderNames and tempTestConsoleHeadersMode --- adapter/config/default_config.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/adapter/config/default_config.go b/adapter/config/default_config.go index af8136d821..2c70a6d697 100644 --- a/adapter/config/default_config.go +++ b/adapter/config/default_config.go @@ -202,9 +202,11 @@ var defaultConfig = &Config{ }, }, AuthHeader: authHeader{ - EnableOutboundAuthHeader: false, - AuthorizationHeader: "authorization", - TestConsoleHeaderName: "Internal-Key", + EnableOutboundAuthHeader: false, + AuthorizationHeader: "authorization", + TestConsoleHeaderName: "Internal-Key", + TempTestConsoleHeaderNames: []string{}, + TempTestConsoleHeadersMode: "monitor", }, }, AuthService: authService{