Merge pull request #2206 from pubudu538/migration

Add In-Place upgrade for APK upgrading
wso2 · Apr 1, 2024 · 09db166 · 09db166
2 parents 539f399 + cc9d84b
commit 09db166
Show file tree

Hide file tree

Showing 38 changed files with 945 additions and 338 deletions.
diff --git a/...o2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/Oauth2Authenticator.java b/...o2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/Oauth2Authenticator.java
@@ -48,6 +48,7 @@
 import org.wso2.apk.enforcer.security.jwt.validator.JWTValidator;
 import org.wso2.apk.enforcer.security.jwt.validator.RevokedJWTDataHolder;
 import org.wso2.apk.enforcer.subscription.SubscriptionDataHolder;
+import org.wso2.apk.enforcer.subscription.SubscriptionDataStore;
 import org.wso2.apk.enforcer.server.RevokedTokenRedisClient;
 import org.wso2.apk.enforcer.tracing.TracingConstants;
 import org.wso2.apk.enforcer.tracing.TracingSpan;
@@ -472,8 +473,21 @@ private JWTValidationInfo getJwtValidationInfo(String jwtToken, String organizat
         try {
             // Get issuer
             String issuer = jwtClaimsSet.getIssuer();
-            JWTValidator jwtValidator = SubscriptionDataHolder.getInstance().getSubscriptionDataStore(organization)
-                    .getJWTValidatorByIssuer(issuer, environment);
+            SubscriptionDataStore subscriptionDataStore = SubscriptionDataHolder.getInstance()
+                    .getSubscriptionDataStore(organization);
+            if (subscriptionDataStore == null) {
+                throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(),
+                        APISecurityConstants.API_AUTH_INVALID_CREDENTIALS,
+                        APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
+            }
+            JWTValidator jwtValidator = subscriptionDataStore.getJWTValidatorByIssuer(issuer, environment);
+            // If no validator found for the issuer, we are not caching the token.
+            if (jwtValidator == null) {
+                throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(),
+                        APISecurityConstants.API_AUTH_INVALID_CREDENTIALS,
+                        APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
+            }
+
             // If no validator found for the issuer, we are not caching the token.
             if (jwtValidator == null) {
                 throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(),

diff --git a/helm-charts/README.md b/helm-charts/README.md
diff --git a/helm-charts/Version-Upgrade.md b/helm-charts/Version-Upgrade.md
@@ -0,0 +1,27 @@
+# Updating APK Version
+
+This guide outlines the process of upgrading from APK v1.0.0 installation to APK v1.1.0 installation.
+
+## In-Place Upgrade
+
+The in-place upgrade process transitions your existing APK v1.0.0 installation to APK v1.1.0. Prior to implementing these steps in a production environment, it is advised to apply and validate them in lower environments.
+
+- Ensure APK v1.0.0 is currently installed in the cluster.
+
+    **Note:** The steps provided below assume that APK v1.0.0 is installed in the `default` namespace under the release name `apk`. Replace the dot (.) with the appropriate APK v1.1.0 Helm chart name and version, which is `wso2apk/apk-helm --version 1.1.0`.
+
+- Install/Update CRDs for APK v1.1.0.
+
+    ```bash
+    (helm template apk . -f crds-upgrade-values.yaml -n default && helm show crds .) > apk-v1.1.0-crds.yaml
+
+    kubectl apply -f apk-v1.1.0-crds.yaml
+    ```
+
+- Upgrade the existing APK v1.0.0 installation to APK v1.1.0.
+
+    ```bash
+    helm upgrade --reuse-values apk . -f ./in-place-upgrade-values.yaml --set skipCrds=true
+    ```
+
+These steps will seamlessly transition your APK installation to the latest version, ensuring continued functionality and compatibility.
diff --git a/helm-charts/crds-upgrade-values.yaml b/helm-charts/crds-upgrade-values.yaml
@@ -0,0 +1,49 @@
+# Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com) All Rights Reserved.
+#
+# WSO2 LLC. licenses this file to you under the Apache License,
+# Version 2.0 (the "License"); you may not use this file except
+# in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+wso2:
+  apk:
+    cp:
+      enabled: false
+    webhooks:
+      validatingwebhookconfigurations: false
+      mutatingwebhookconfigurations: false
+    auth:
+      enabled: false
+      enableServiceAccountCreation: false
+      enableClusterRoleCreation: false
+    dp:
+      enabled: false        
+
+idp:
+  enabled: false
+
+gatewaySystem:
+  enabled: false
+  enableServiceAccountCreation: false
+  enableClusterRoleCreation: false
+  applyGatewayWehbhookJobs: false
+
+certmanager:
+  enabled: false
+  enableClusterIssuer: false
+  enableRootCa: false
+
+postgresql:
+  enabled: false
+
+redis:
+  enabled: false