Merge pull request #2368 from DDH13/feature/grpc

Feature/grpc
wso2 · May 10, 2024 · 77d593a · 77d593a
2 parents c11392e + d1dae98
commit 77d593a
Show file tree

Hide file tree

Showing 133 changed files with 15,617 additions and 323 deletions.
diff --git a/.github/workflows/agent-integration-test.yml b/.github/workflows/agent-integration-test.yml
@@ -56,11 +56,13 @@ jobs:
       if: github.event_name == 'pull_request_target' && contains(github.event.label.name, 'trigger-action')
       shell: sh
       run: |
-        helm repo add wso2apim https://github.com/wso2/helm-apim/releases/download/cp-4.3.0-rc
+        helm repo add wso2apim https://github.com/wso2/helm-apim/releases/download/cp-4.3.0
         helm repo update
-        helm install apim wso2apim/wso2am-cp --version 4.3.0-rc -f https://raw.githubusercontent.com/wso2/apk/main/helm-charts/samples/apim/cp/amd-values.yaml -n apk --debug --wait --timeout 5m0s
+        helm install apim wso2apim/wso2am-cp --version 4.3.0 -f https://raw.githubusercontent.com/wso2/apk/main/helm-charts/samples/apim/cp/values.yaml -n apk --debug --wait --timeout 5m0s
+        kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/cloud/deploy.yaml
         kubectl get pods -n apk
         kubectl get svc -n apk
+        kubectl get ing -n apk
     - name: Helm release deploy APK DP
       if: github.event_name == 'pull_request_target' && contains(github.event.label.name, 'trigger-action')
       shell: sh
@@ -93,9 +95,9 @@ jobs:
     - name: Run test cases
       shell: sh
       run: |
-        cd apk-repo/test/apim-apk-agent-test/cucumber-tests
-        sh ./scripts/setup-hosts.sh
-        ./gradlew runTests
+        cd apk-repo/test/cucumber-tests
+        sh ./scripts/agent-setup-hosts.sh
+        ./gradlew runCpToDpTests
     - name: Helm release undeploy
       if: always()
       shell: sh
@@ -109,6 +111,7 @@ jobs:
         kubectl get subscriptions -n apk
         kubectl get tokenissuers -n apk
         kubectl get httproutes -n apk
+        kubectl get ing -n apk
         kubectl get pods -l app.kubernetes.io/name=apim-apk-agent | awk '{print $1}' | xargs -I{} kubectl logs {} -n apk
         helm uninstall apk -n apk
         helm uninstall apim -n apk
@@ -131,5 +134,5 @@ jobs:
       if: always()
       uses: malinthaprasan/action-surefire-report@v1
       with:
-       report_paths: 'apk-agent-repo/test/postman-tests/build/*.xml'
-       fail_on_test_failures: true
+       report_paths: 'apk-repo/test/cucumber-tests/build/test-output/junitreports/*.xml'
+       fail_on_test_failures: true
diff --git a/common-gradle-scripts/java.gradle b/common-gradle-scripts/java.gradle
@@ -20,7 +20,6 @@
 // apply plugin: 'com.github.spotbugs'
 apply plugin: 'jacoco'
 apply plugin: 'java'
-apply plugin: 'maven-publish'
 java.sourceCompatibility = JavaVersion.VERSION_11
 
 repositories {
@@ -31,34 +30,3 @@ repositories {
     }
 }
 
-jar {
-    into("META-INF/maven/$project.group/$project.name") {
-        from { generatePomFileForMavenPublication }
-        rename ".*", "pom.xml"
-    }
-}
-
-publishing {
-    publications {
-        maven(MavenPublication) {
-            from components.java
-        }
-    }
-
-    repositories {
-        maven {
-            name 'nexus'
-            // TODO: define public nexus repositories
-            url = "https://maven.wso2.org/nexus/service/local/staging/deploy/maven2/"
-            credentials {
-                username rootProject.hasProperty("nexus_username") ? nexus_username : System.getenv("NEXUS_USERNAME")
-                password rootProject.hasProperty("nexus_password") ? nexus_password : System.getenv("NEXUS_PASSWORD")
-            }
-            allowInsecureProtocol = false
-        }
-    }
-}
-
-tasks.named('build').configure {
-    finalizedBy publishToMavenLocal
-}
diff --git a/gateway/enforcer/Dockerfile b/gateway/enforcer/Dockerfile
@@ -68,7 +68,7 @@ ARG APK_USER_GROUP_ID=10001
 ARG APK_USER_HOME=/home/${APK_USER}
 ARG GRPC_HEALTH_PROBE_PATH=/bin/grpc_health_probe
 ARG TARGETARCH
-ARG APK_VERSION=1.0-SNAPSHOT
+ARG APK_VERSION=1.1.0-SNAPSHOT
 
 ENV VERSION=${APK_VERSION}
 ENV JAVA_OPTS=""
@@ -127,5 +127,4 @@ COPY resources/check_health.sh .
 #todo add applicationinsights.json file and point it to the appInsightsAgent jar
 #Add the agent using JVM arg -javaagent:/home/wso2/conf/applicationinsights-agent-3.1.1.jar
 #Add the config file using System property -Dapplicationinsights.configuration.file=/home/wso2/conf/applicationinsights.json
-
-CMD java -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="${ENFORCER_HOME}/logs/heap-dump.hprof" $JAVA_OPTS -Dlog4j.configurationFile="${ENFORCER_HOME}/conf/log4j2.properties" -DtracingEnabled="true" -cp "lib/*:lib/dropins/*" org.wso2.apk.enforcer.server.AuthServer
+CMD java -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="${ENFORCER_HOME}/logs/heap-dump.hprof" $JAVA_OPTS -Dlog4j.configurationFile="${ENFORCER_HOME}/conf/log4j2.properties" -DtracingEnabled="true" -jar lib/enforcer-${VERSION}.jar
diff --git a/gateway/enforcer/build.gradle b/gateway/enforcer/build.gradle
@@ -34,7 +34,7 @@ release {
 }
 
 task build{
-    dependsOn("resources:build")
+    dependsOn("org.wso2.apk.enforcer:build_enforcer")
     finalizedBy docker_build
 }
 
@@ -45,7 +45,6 @@ allprojects {
 
 subprojects {
     apply from: "$rootDir/../../common-gradle-scripts/java.gradle"
-    afterReleaseBuild.dependsOn publish
 }
 
 tasks.named("afterReleaseBuild").configure {

diff --git a/gateway/enforcer/org.wso2.apk.enforcer/build.gradle b/gateway/enforcer/org.wso2.apk.enforcer/build.gradle
@@ -15,6 +15,10 @@
  *
  */
 
+plugins {
+    id 'com.github.johnrengelman.shadow' version '7.1.0'
+}
+
 description = 'WSO2 APK Enforcer'
 
 sourceSets {
@@ -95,3 +99,21 @@ dependencies {
         implementation libs.mockito.inline
     }
 }
+shadowJar {
+    baseName = 'enforcer'
+    version = project.version
+    classifier = ''
+
+    manifest {
+        attributes 'Main-Class': 'org.wso2.apk.enforcer.server.AuthServer'
+    }
+    mergeServiceFiles()
+}
+tasks.register("copyJar", Copy) {
+    from shadowJar.archivePath
+    into "../resources/lib"
+}
+tasks.register("build_enforcer"){
+    dependsOn("shadowJar")
+    finalizedBy("copyJar")
+}
diff --git a/gateway/enforcer/resources/build.gradle b/gateway/enforcer/resources/build.gradle
diff --git a/gateway/enforcer/settings.gradle b/gateway/enforcer/settings.gradle
@@ -18,7 +18,6 @@
 rootProject.name = 'enforcer-parent'
  include(':org.wso2.apk.enforcer')
  include(':org.wso2.apk.enforcer.commons')
- include(':resources')
  include(':org.wso2.apk.enforcer.analytics.publishers')
 
 dependencyResolutionManagement {

diff --git a/runtime/config-deployer-service/ballerina/APIClient.bal b/runtime/config-deployer-service/ballerina/APIClient.bal
@@ -371,9 +371,15 @@ public class APIClient {
                 authTypes.jwt = {header: <string>jwtAuthentication.headerName, sendTokenToUpstream: <boolean>jwtAuthentication.sendTokenToUpstream, disabled: !jwtAuthentication.enabled, audience: jwtAuthentication.audience};
             } else if authentication.authType == "APIKey" && authentication is APIKeyAuthentication {
                 APIKeyAuthentication apiKeyAuthentication = check authentication.cloneWithType(APIKeyAuthentication);
-                authTypes.apiKey = [];
-                authTypes.apiKey.push({'in: "Header", name: apiKeyAuthentication.headerName, sendTokenToUpstream: apiKeyAuthentication.sendTokenToUpstream});
-                authTypes.apiKey.push({'in: "Query", name: apiKeyAuthentication.queryParamName, sendTokenToUpstream: apiKeyAuthentication.sendTokenToUpstream});
+                model:APIKey[] apiKeys = [];
+
+                if apiKeyAuthentication.headerEnable {
+                    apiKeys.push({'in: "Header", name: <string>apiKeyAuthentication.headerName, sendTokenToUpstream: apiKeyAuthentication.sendTokenToUpstream});
+                }
+                if apiKeyAuthentication.queryParamEnable {
+                    apiKeys.push({'in: "Query", name: <string>apiKeyAuthentication.queryParamName, sendTokenToUpstream: apiKeyAuthentication.sendTokenToUpstream});
+                }
+                authTypes.apiKey = apiKeys;
             } else if authentication.authType == "mTLS" {
                 MTLSAuthentication mtlsAuthentication = check authentication.cloneWithType(MTLSAuthentication);
                 isMTLSMandatory = mtlsAuthentication.required == "mandatory";
@@ -636,7 +642,7 @@ public class APIClient {
                             if apiArtifact.scopes.hasKey(scope) {
                                 scopeCr = apiArtifact.scopes.get(scope);
                             } else {
-                                scopeCr = self.generateScopeCR(apiArtifact, apkConf, organization, scope, count);
+                                scopeCr = self.generateScopeCR(operation, apiArtifact, apkConf, organization, scope, count);
                                 count = count + 1;
                             }
                             model:HTTPRouteFilter scopeFilter = {'type: "ExtensionRef", extensionRef: {group: "dp.wso2.com", kind: scopeCr.kind, name: scopeCr.metadata.name}};
@@ -695,7 +701,7 @@ public class APIClient {
                             if apiArtifact.scopes.hasKey(scope) {
                                 scopeCr = apiArtifact.scopes.get(scope);
                             } else {
-                                scopeCr = self.generateScopeCR(apiArtifact, apkConf, organization, scope, count);
+                                scopeCr = self.generateScopeCR(operation, apiArtifact, apkConf, organization, scope, count);
                                 count = count + 1;
                             }
                             model:GRPCRouteFilter scopeFilter = {'type: "ExtensionRef", extensionRef: {group: "dp.wso2.com", kind: scopeCr.kind, name: scopeCr.metadata.name}};
@@ -755,7 +761,7 @@ public class APIClient {
                             if apiArtifact.scopes.hasKey(scope) {
                                 scopeCr = apiArtifact.scopes.get(scope);
                             } else {
-                                scopeCr = self.generateScopeCR(apiArtifact, apkConf, organization, scope, count);
+                                scopeCr = self.generateScopeCR(operation, apiArtifact, apkConf, organization, scope, count);
                                 count = count + 1;
                             }
                             model:GQLRouteFilter scopeFilter = {extensionRef: {group: "dp.wso2.com", kind: scopeCr.kind, name: scopeCr.metadata.name}};
@@ -823,10 +829,10 @@ public class APIClient {
         return ();
     }
 
-    private isolated function generateScopeCR(model:APIArtifact apiArtifact, APKConf apkConf, commons:Organization organization, string scope, int count) returns model:Scope {
+    private isolated function generateScopeCR(APKOperations operation, model:APIArtifact apiArtifact, APKConf apkConf, commons:Organization organization, string scope, int count) returns model:Scope {
         model:Scope scopeCr = {
             metadata: {
-                name: apiArtifact.uniqueId + "-scope-" + count.toString(),
+                name: self.getScopeUid(apiArtifact, operation, count),
                 labels: self.getLabels(apkConf, organization)
             },
             spec: {
@@ -1663,6 +1669,17 @@ public class APIClient {
         }
     }
 
+    public isolated function getScopeUid(model:APIArtifact apiArtifact, APKOperations? apiOperation, int count) returns string {
+        string scopeUid = apiArtifact.uniqueId;
+        if (apiOperation is APKOperations) {
+            if (apiOperation.target is string) {
+                byte[] hexBytes = string:toBytes(<string>apiArtifact.uniqueId + <string>apiOperation.target + <string>apiOperation.verb);
+                scopeUid = crypto:hashSha1(hexBytes).toBase16();
+            }
+        }
+        return scopeUid + "-scope-" + count.toString();
+    }
+
     public isolated function getBackendPolicyUid(APKConf api, string endpointType, commons:Organization organization) returns string {
         string concatanatedString = uuid:createType1AsString();
         return "backendpolicy-" + concatanatedString;

diff --git a/runtime/config-deployer-service/ballerina/resources/apk-conf-schema.yaml b/runtime/config-deployer-service/ballerina/resources/apk-conf-schema.yaml
@@ -150,7 +150,7 @@ components:
             headerEnable:
               type: boolean
               default: true
-            audience: 
+            audience:
               type: array
               default: []
               items:
@@ -173,7 +173,7 @@ components:
               default: false
             headerName:
               type: string
-              example: Authorization
+              example: apikey
               default: apikey
             queryParamName:
               type: string

diff --git a/runtime/config-deployer-service/ballerina/tests/resources/apk-schema.json b/runtime/config-deployer-service/ballerina/tests/resources/apk-schema.json
@@ -213,7 +213,7 @@
         },
         "headerName": {
           "type": "string",
-          "example": "Authorization",
+          "example": "apikey",
           "default": "apikey"
         },
         "queryParamName": {

diff --git a/runtime/config-deployer-service/ballerina/types.bal b/runtime/config-deployer-service/ballerina/types.bal
@@ -278,7 +278,7 @@ public type APIKeyAuthentication record {|
     string headerName = "apiKey";
     string queryParamName = "apiKey";
     boolean headerEnable = true;
-    boolean queryParamEnable = true;
+    boolean queryParamEnable = false;
 |};
 
 # Mutual SSL configuration of this API

diff --git a/runtime/config-deployer-service/docker/config-deployer/conf/apk-schema.json b/runtime/config-deployer-service/docker/config-deployer/conf/apk-schema.json
@@ -156,11 +156,16 @@
         "required": {
           "type": "string",
           "default": "mandatory",
-          "enum": ["mandatory", "optional"]
+          "enum": [
+            "mandatory",
+            "optional"
+          ]
         },
         "authType": {
           "type": "string",
-          "enum": ["JWT"]
+          "enum": [
+            "JWT"
+          ]
         },
         "sendTokenToUpstream": {
           "type": "boolean",
@@ -253,7 +258,7 @@
         },
         "headerName": {
           "type": "string",
-          "example": "Authorization",
+          "example": "apikey",
           "default": "apikey"
         },
         "queryParamName": {
@@ -608,7 +613,7 @@
           }
         }
       },
-      "required":[
+      "required": [
         "target",
         "verb"
       ],

diff --git a/test/apim-apk-agent-test/agent-helm-chart/Chart.lock b/test/apim-apk-agent-test/agent-helm-chart/Chart.lock
@@ -3,4 +3,4 @@ dependencies:
   repository: https://charts.jetstack.io
   version: v1.10.1
 digest: sha256:d1377472dfb3a62dccc58dd12757d029afa304c1f2ded3f5cc3052b308fb8c00
-generated: "2024-04-03T21:00:00.612083+05:30"
+generated: "2024-04-05T14:59:18.259209+05:30"
diff --git a/test/apim-apk-agent-test/agent-helm-chart/Chart.yaml b/test/apim-apk-agent-test/agent-helm-chart/Chart.yaml
@@ -18,7 +18,7 @@ apiVersion: v2
 name: apim-apk-agent
 description: A Helm chart for deploying apim-apk-agent
 type: application
-version: 1.1.0-beta
+version: 1.1.0
 appVersion: "1.16.0"
 dependencies:
   - name: cert-manager