Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make console test header drop at GW configurable #3583

Merged
merged 1 commit into from
Sep 13, 2024
Merged

Make console test header drop at GW configurable #3583

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions adapter/config/default_config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -225,6 +225,7 @@ var defaultConfig = &Config{
TestConsoleHeaderName: "Internal-Key",
TempTestConsoleHeaderNames: []string{},
TempTestConsoleHeadersMode: "monitor",
DropConsoleTestHeaders: true,
},
},
AuthService: authService{
Expand Down
1 change: 1 addition & 0 deletions adapter/config/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -494,6 +494,7 @@ type authHeader struct {
TestConsoleHeaderName string
TempTestConsoleHeaderNames []string
TempTestConsoleHeadersMode string
DropConsoleTestHeaders bool
}

type jwtIssuer struct {
Expand Down
1 change: 1 addition & 0 deletions adapter/internal/discovery/xds/marshaller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,7 @@ func MarshalConfig(config *config.Config) *enforcer.Config {
TestConsoleHeaderName: config.Enforcer.Security.AuthHeader.TestConsoleHeaderName,
TempTestConsoleHeaderNames: config.Enforcer.Security.AuthHeader.TempTestConsoleHeaderNames,
TempTestConsoleHeadersMode: config.Enforcer.Security.AuthHeader.TempTestConsoleHeadersMode,
DropConsoleTestHeaders: config.Enforcer.Security.AuthHeader.DropConsoleTestHeaders,
},
},
Cache: cache,
Expand Down
35 changes: 23 additions & 12 deletions adapter/pkg/discovery/api/wso2/discovery/config/enforcer/auth_header.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions api/proto/wso2/discovery/config/enforcer/auth_header.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,6 @@ message AuthHeader {
repeated string tempTestConsoleHeaderNames = 4;

string tempTestConsoleHeadersMode = 5;

bool dropConsoleTestHeaders = 6;
}
65 changes: 65 additions & 0 deletions ...t/enforcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeader.java
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions ...r/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeaderOrBuilder.java
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 8 additions & 7 deletions ...orcer/src/main/gen/org/wso2/choreo/connect/discovery/config/enforcer/AuthHeaderProto.java
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 9 additions & 6 deletions enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/api/Utils.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,22 +119,25 @@ static void populateRemoveAndProtectedHeaders(RequestContext requestContext) {
// Internal-Key credential is considered to be protected headers, such that the
// header would not be sent
// to backend and traffic manager.
String internalKeyHeader = ConfigHolder.getInstance().getConfig().getAuthHeader()
.getTestConsoleHeaderName().toLowerCase();
if (ConfigHolder.getInstance().getConfig().getAuthHeader().isDropConsoleTestHeaders()) {
String internalKeyHeader = ConfigHolder.getInstance().getConfig().getAuthHeader()
.getTestConsoleHeaderName().toLowerCase();
requestContext.getRemoveHeaders().add(internalKeyHeader);
// Avoid internal key being published to the Traffic Manager
requestContext.getProtectedHeaders().add(internalKeyHeader);
}

// If the temp test console headers are in active mode,
// then those headers are also removed and considered as protected.
String tempConsoleTestHeadersMode = ConfigHolder.getInstance().getConfig().getAuthHeader()
.getTempTestConsoleTestHeadersMode();
if (Constants.TEMP_CONSOLE_TEST_HEADERS_ACTIVE_MODE.equals(tempConsoleTestHeadersMode)) {
if (Constants.TEMP_CONSOLE_TEST_HEADERS_ACTIVE_MODE.equals(tempConsoleTestHeadersMode) &&
ConfigHolder.getInstance().getConfig().getAuthHeader().isDropConsoleTestHeaders()) {
List<String> tempConsoleTestHeaders = ConfigHolder.getInstance().getConfig().getAuthHeader()
.getTempTestConsoleHeaderNames();
requestContext.getRemoveHeaders().addAll(tempConsoleTestHeaders);
requestContext.getProtectedHeaders().addAll(tempConsoleTestHeaders);
}
requestContext.getRemoveHeaders().add(internalKeyHeader);
// Avoid internal key being published to the Traffic Manager
requestContext.getProtectedHeaders().add(internalKeyHeader);

// Remove Authorization Header
AuthHeaderDto authHeader = ConfigHolder.getInstance().getConfig().getAuthHeader();
Expand Down
1 change: 1 addition & 0 deletions ...r-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/config/ConfigHolder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,7 @@ private void populateAuthHeaderConfigurations(AuthHeader authHeader) {
authHeaderDto.setTestConsoleHeaderName(authHeader.getTestConsoleHeaderName());
authHeaderDto.setTempTestConsoleHeaderNames(authHeader.getTempTestConsoleHeaderNamesList());
authHeaderDto.setTempTestConsoleTestHeadersMode(authHeader.getTempTestConsoleHeadersMode());
authHeaderDto.setDropConsoleTestHeaders(authHeader.getDropConsoleTestHeaders());
config.setAuthHeader(authHeaderDto);
}

Expand Down
9 changes: 9 additions & 0 deletions ...ent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/config/dto/AuthHeaderDto.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ public class AuthHeaderDto {
private String testConsoleHeaderName = "";
private List<String> tempTestConsoleHeaderNames = new ArrayList<>();
private String tempTestConsoleTestHeadersMode = "";
private boolean dropConsoleTestHeaders = true;

public String getAuthorizationHeader() {
return authorizationHeader;
Expand Down Expand Up @@ -76,4 +77,12 @@ public void setTempTestConsoleTestHeadersMode(String mode) {
public String getTempTestConsoleTestHeadersMode() {
return tempTestConsoleTestHeadersMode;
}

public boolean isDropConsoleTestHeaders() {
return dropConsoleTestHeaders;
}

public void setDropConsoleTestHeaders(boolean dropConsoleTestHeaders) {
this.dropConsoleTestHeaders = dropConsoleTestHeaders;
}
}
1 change: 1 addition & 0 deletions resources/conf/config.toml.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -372,6 +372,7 @@ enabled = true
# Temporary additional headers for testConsoleHeaderName
tempTestConsoleHeaderNames = ["test-key"]
tempTestConsoleHeadersMode = "monitor"
dropConsoleTestHeaders = true

# JWT token authorization configurations. You can provide multiple JWT issuers
# Issuer 1
Expand Down
Loading