From ee409679b9a37a688b13f9bbcf862bef03330910 Mon Sep 17 00:00:00 2001 From: sgayangi Date: Tue, 23 Jul 2024 13:07:44 +0530 Subject: [PATCH] Update authentication webhook implementation --- .../api/wso2/discovery/api/api.pb.go | 146 +++---- .../dp/v1alpha2/authentication_webhook.go | 62 +-- .../apk/enforcer/discovery/api/ApiProto.java | 41 +- .../ballerina/APIClient.bal | 33 +- ...d_oauth2_disabled_apikey_disabled.apk-conf | 38 -- ..._oauth2_disabled_apikey_mandatory.apk-conf | 39 -- ...d_oauth2_disabled_apikey_optional.apk-conf | 39 -- ..._oauth2_mandatory_apikey_disabled.apk-conf | 36 -- ...oauth2_mandatory_apikey_mandatory.apk-conf | 37 -- ..._oauth2_mandatory_apikey_optional.apk-conf | 37 -- ...d_oauth2_optional_apikey_disabled.apk-conf | 39 -- ..._oauth2_optional_apikey_mandatory.apk-conf | 40 -- ...d_oauth2_optional_apikey_optional.apk-conf | 40 -- ...y_oauth2_disabled_apikey_disabled.apk-conf | 39 -- ..._oauth2_disabled_apikey_mandatory.apk-conf | 40 -- ...y_oauth2_disabled_apikey_optional.apk-conf | 40 -- ..._oauth2_mandatory_apikey_disabled.apk-conf | 37 -- ...oauth2_mandatory_apikey_mandatory.apk-conf | 38 -- ..._oauth2_mandatory_apikey_optional.apk-conf | 38 -- ...y_oauth2_optional_apikey_disabled.apk-conf | 40 -- ..._oauth2_optional_apikey_mandatory.apk-conf | 41 -- ...y_oauth2_optional_apikey_optional.apk-conf | 41 -- ...l_oauth2_disabled_apikey_disabled.apk-conf | 39 -- ..._oauth2_disabled_apikey_mandatory.apk-conf | 39 -- ...l_oauth2_disabled_apikey_optional.apk-conf | 39 -- ..._oauth2_mandatory_apikey_disabled.apk-conf | 36 -- ...oauth2_mandatory_apikey_mandatory.apk-conf | 37 -- ..._oauth2_mandatory_apikey_optional.apk-conf | 37 -- ...l_oauth2_optional_apikey_disabled.apk-conf | 39 -- ..._oauth2_optional_apikey_mandatory.apk-conf | 40 -- ...l_oauth2_optional_apikey_optional.apk-conf | 40 -- .../test/resources/tests/api/APIKey.feature | 379 ------------------ .../tests/api/MTLSwithOAuth2Mandatory.feature | 71 +++- 33 files changed, 190 insertions(+), 1587 deletions(-) delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_disabled.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_mandatory.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_optional.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_disabled.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_mandatory.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_optional.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_disabled.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_mandatory.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_optional.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_disabled.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_mandatory.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_optional.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_disabled.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_mandatory.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_optional.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_disabled.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_mandatory.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_optional.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_disabled.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_mandatory.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_optional.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_disabled.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_mandatory.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_optional.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_disabled.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_mandatory.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_optional.apk-conf delete mode 100644 test/cucumber-tests/src/test/resources/tests/api/APIKey.feature diff --git a/adapter/pkg/discovery/api/wso2/discovery/api/api.pb.go b/adapter/pkg/discovery/api/wso2/discovery/api/api.pb.go index 58fd010b3..8f785e8a2 100644 --- a/adapter/pkg/discovery/api/wso2/discovery/api/api.pb.go +++ b/adapter/pkg/discovery/api/wso2/discovery/api/api.pb.go @@ -309,7 +309,7 @@ var file_wso2_discovery_api_api_proto_rawDesc = []byte{ 0x2f, 0x67, 0x72, 0x61, 0x70, 0x68, 0x71, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x24, 0x77, 0x73, 0x6f, 0x32, 0x2f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x69, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xad, 0x09, 0x0a, 0x03, 0x41, 0x70, 0x69, 0x12, 0x0e, 0x0a, 0x02, + 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa7, 0x0a, 0x0a, 0x03, 0x41, 0x70, 0x69, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, @@ -343,55 +343,63 @@ var file_wso2_discovery_api_api_proto_rawDesc = []byte{ 0x61, 0x74, 0x65, 0x52, 0x12, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x6d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x53, 0x53, 0x4c, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x75, 0x74, 0x75, - 0x61, 0x6c, 0x53, 0x53, 0x4c, 0x12, 0x30, 0x0a, 0x13, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x18, 0x10, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x13, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, - 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x12, 0x2c, 0x0a, 0x11, 0x74, 0x72, 0x61, 0x6e, 0x73, - 0x70, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x18, 0x11, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x11, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x63, - 0x75, 0x72, 0x69, 0x74, 0x79, 0x12, 0x5b, 0x0a, 0x15, 0x67, 0x72, 0x61, 0x70, 0x68, 0x71, 0x6c, - 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x78, 0x69, 0x74, 0x79, 0x49, 0x6e, 0x66, 0x6f, 0x18, 0x17, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x77, 0x73, 0x6f, 0x32, 0x2e, 0x64, 0x69, 0x73, 0x63, - 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x47, 0x72, 0x61, 0x70, 0x68, 0x71, - 0x6c, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x78, 0x69, 0x74, 0x79, 0x52, 0x15, 0x67, 0x72, 0x61, - 0x70, 0x68, 0x71, 0x6c, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x78, 0x69, 0x74, 0x79, 0x49, 0x6e, - 0x66, 0x6f, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x41, 0x50, 0x49, 0x18, - 0x18, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x41, 0x50, 0x49, - 0x12, 0x59, 0x0a, 0x13, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x4a, 0x57, 0x54, 0x54, 0x6f, - 0x6b, 0x65, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x18, 0x19, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, - 0x77, 0x73, 0x6f, 0x32, 0x2e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x4a, 0x57, 0x54, 0x54, 0x6f, 0x6b, - 0x65, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x13, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x4a, - 0x57, 0x54, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x2c, 0x0a, 0x11, 0x61, - 0x70, 0x69, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x69, 0x6c, 0x65, - 0x18, 0x1a, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x61, 0x70, 0x69, 0x44, 0x65, 0x66, 0x69, 0x6e, - 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x65, 0x6e, 0x76, - 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, - 0x65, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x36, 0x0a, 0x16, 0x73, + 0x61, 0x6c, 0x53, 0x53, 0x4c, 0x12, 0x62, 0x0a, 0x13, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x18, 0x10, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x77, 0x73, 0x6f, 0x32, 0x2e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, + 0x65, 0x72, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x41, 0x70, 0x69, 0x2e, 0x41, 0x70, 0x70, 0x6c, + 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x13, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x12, 0x2c, 0x0a, 0x11, 0x74, 0x72, 0x61, + 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x18, 0x11, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, + 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x12, 0x5b, 0x0a, 0x15, 0x67, 0x72, 0x61, 0x70, 0x68, + 0x71, 0x6c, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x78, 0x69, 0x74, 0x79, 0x49, 0x6e, 0x66, 0x6f, + 0x18, 0x17, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x77, 0x73, 0x6f, 0x32, 0x2e, 0x64, 0x69, + 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x47, 0x72, 0x61, 0x70, + 0x68, 0x71, 0x6c, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x78, 0x69, 0x74, 0x79, 0x52, 0x15, 0x67, + 0x72, 0x61, 0x70, 0x68, 0x71, 0x6c, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x78, 0x69, 0x74, 0x79, + 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x41, 0x50, + 0x49, 0x18, 0x18, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x41, + 0x50, 0x49, 0x12, 0x59, 0x0a, 0x13, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x4a, 0x57, 0x54, + 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x18, 0x19, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x27, 0x2e, 0x77, 0x73, 0x6f, 0x32, 0x2e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, + 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x4a, 0x57, 0x54, 0x54, + 0x6f, 0x6b, 0x65, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x13, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, + 0x64, 0x4a, 0x57, 0x54, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x2c, 0x0a, + 0x11, 0x61, 0x70, 0x69, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x69, + 0x6c, 0x65, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x61, 0x70, 0x69, 0x44, 0x65, 0x66, + 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x65, + 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0b, 0x65, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x36, 0x0a, + 0x16, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x56, 0x61, 0x6c, + 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x16, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x56, 0x61, 0x6c, 0x69, 0x64, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x16, 0x73, 0x75, 0x62, - 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, - 0x18, 0x1d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x77, 0x73, 0x6f, 0x32, 0x2e, 0x64, 0x69, - 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x45, 0x6e, 0x64, 0x70, - 0x6f, 0x69, 0x6e, 0x74, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x09, 0x65, 0x6e, 0x64, - 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x12, 0x4c, 0x0a, 0x10, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, - 0x6e, 0x74, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x18, 0x1e, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x20, 0x2e, 0x77, 0x73, 0x6f, 0x32, 0x2e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, - 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x49, 0x6e, - 0x66, 0x6f, 0x52, 0x10, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x53, 0x65, 0x63, 0x75, - 0x72, 0x69, 0x74, 0x79, 0x12, 0x3e, 0x0a, 0x0a, 0x61, 0x69, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, - 0x65, 0x72, 0x18, 0x1f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x77, 0x73, 0x6f, 0x32, 0x2e, - 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x41, 0x49, - 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x0a, 0x61, 0x69, 0x70, 0x72, 0x6f, 0x76, - 0x69, 0x64, 0x65, 0x72, 0x42, 0x70, 0x0a, 0x23, 0x6f, 0x72, 0x67, 0x2e, 0x77, 0x73, 0x6f, 0x32, - 0x2e, 0x61, 0x70, 0x6b, 0x2e, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x72, 0x2e, 0x64, 0x69, - 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x42, 0x08, 0x41, 0x70, 0x69, - 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x67, - 0x6f, 0x2d, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x2d, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2f, - 0x77, 0x73, 0x6f, 0x32, 0x2f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2f, 0x61, - 0x70, 0x69, 0x3b, 0x61, 0x70, 0x69, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, + 0x74, 0x73, 0x18, 0x1d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x77, 0x73, 0x6f, 0x32, 0x2e, + 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x45, 0x6e, + 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x09, 0x65, + 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x12, 0x4c, 0x0a, 0x10, 0x65, 0x6e, 0x64, 0x70, + 0x6f, 0x69, 0x6e, 0x74, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x18, 0x1e, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x77, 0x73, 0x6f, 0x32, 0x2e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, + 0x65, 0x72, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, + 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x10, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x53, 0x65, + 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3e, 0x0a, 0x0a, 0x61, 0x69, 0x70, 0x72, 0x6f, 0x76, + 0x69, 0x64, 0x65, 0x72, 0x18, 0x1f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x77, 0x73, 0x6f, + 0x32, 0x2e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, + 0x41, 0x49, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x0a, 0x61, 0x69, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x1a, 0x46, 0x0a, 0x18, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x70, + 0x0a, 0x23, 0x6f, 0x72, 0x67, 0x2e, 0x77, 0x73, 0x6f, 0x32, 0x2e, 0x61, 0x70, 0x6b, 0x2e, 0x65, + 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x72, 0x2e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, + 0x79, 0x2e, 0x61, 0x70, 0x69, 0x42, 0x08, 0x41, 0x70, 0x69, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, + 0x01, 0x5a, 0x3d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6e, + 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x67, 0x6f, 0x2d, 0x63, 0x6f, 0x6e, 0x74, + 0x72, 0x6f, 0x6c, 0x2d, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2f, 0x77, 0x73, 0x6f, 0x32, 0x2f, 0x64, + 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x3b, 0x61, 0x70, 0x69, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -409,27 +417,29 @@ func file_wso2_discovery_api_api_proto_rawDescGZIP() []byte { var file_wso2_discovery_api_api_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_wso2_discovery_api_api_proto_goTypes = []interface{}{ (*Api)(nil), // 0: wso2.discovery.api.Api - (*Resource)(nil), // 1: wso2.discovery.api.Resource - (*Certificate)(nil), // 2: wso2.discovery.api.Certificate - (*GraphqlComplexity)(nil), // 3: wso2.discovery.api.GraphqlComplexity - (*BackendJWTTokenInfo)(nil), // 4: wso2.discovery.api.BackendJWTTokenInfo - (*EndpointCluster)(nil), // 5: wso2.discovery.api.EndpointCluster - (*SecurityInfo)(nil), // 6: wso2.discovery.api.SecurityInfo - (*AIProvider)(nil), // 7: wso2.discovery.api.AIProvider + nil, // 1: wso2.discovery.api.Api.ApplicationSecurityEntry + (*Resource)(nil), // 2: wso2.discovery.api.Resource + (*Certificate)(nil), // 3: wso2.discovery.api.Certificate + (*GraphqlComplexity)(nil), // 4: wso2.discovery.api.GraphqlComplexity + (*BackendJWTTokenInfo)(nil), // 5: wso2.discovery.api.BackendJWTTokenInfo + (*EndpointCluster)(nil), // 6: wso2.discovery.api.EndpointCluster + (*SecurityInfo)(nil), // 7: wso2.discovery.api.SecurityInfo + (*AIProvider)(nil), // 8: wso2.discovery.api.AIProvider } var file_wso2_discovery_api_api_proto_depIdxs = []int32{ - 1, // 0: wso2.discovery.api.Api.resources:type_name -> wso2.discovery.api.Resource - 2, // 1: wso2.discovery.api.Api.clientCertificates:type_name -> wso2.discovery.api.Certificate - 3, // 2: wso2.discovery.api.Api.graphqlComplexityInfo:type_name -> wso2.discovery.api.GraphqlComplexity - 4, // 3: wso2.discovery.api.Api.backendJWTTokenInfo:type_name -> wso2.discovery.api.BackendJWTTokenInfo - 5, // 4: wso2.discovery.api.Api.endpoints:type_name -> wso2.discovery.api.EndpointCluster - 6, // 5: wso2.discovery.api.Api.endpointSecurity:type_name -> wso2.discovery.api.SecurityInfo - 7, // 6: wso2.discovery.api.Api.aiprovider:type_name -> wso2.discovery.api.AIProvider - 7, // [7:7] is the sub-list for method output_type - 7, // [7:7] is the sub-list for method input_type - 7, // [7:7] is the sub-list for extension type_name - 7, // [7:7] is the sub-list for extension extendee - 0, // [0:7] is the sub-list for field type_name + 2, // 0: wso2.discovery.api.Api.resources:type_name -> wso2.discovery.api.Resource + 3, // 1: wso2.discovery.api.Api.clientCertificates:type_name -> wso2.discovery.api.Certificate + 1, // 2: wso2.discovery.api.Api.applicationSecurity:type_name -> wso2.discovery.api.Api.ApplicationSecurityEntry + 4, // 3: wso2.discovery.api.Api.graphqlComplexityInfo:type_name -> wso2.discovery.api.GraphqlComplexity + 5, // 4: wso2.discovery.api.Api.backendJWTTokenInfo:type_name -> wso2.discovery.api.BackendJWTTokenInfo + 6, // 5: wso2.discovery.api.Api.endpoints:type_name -> wso2.discovery.api.EndpointCluster + 7, // 6: wso2.discovery.api.Api.endpointSecurity:type_name -> wso2.discovery.api.SecurityInfo + 8, // 7: wso2.discovery.api.Api.aiprovider:type_name -> wso2.discovery.api.AIProvider + 8, // [8:8] is the sub-list for method output_type + 8, // [8:8] is the sub-list for method input_type + 8, // [8:8] is the sub-list for extension type_name + 8, // [8:8] is the sub-list for extension extendee + 0, // [0:8] is the sub-list for field type_name } func init() { file_wso2_discovery_api_api_proto_init() } diff --git a/common-go-libs/apis/dp/v1alpha2/authentication_webhook.go b/common-go-libs/apis/dp/v1alpha2/authentication_webhook.go index 8d97c7588..c51e44f8f 100644 --- a/common-go-libs/apis/dp/v1alpha2/authentication_webhook.go +++ b/common-go-libs/apis/dp/v1alpha2/authentication_webhook.go @@ -69,60 +69,38 @@ func (r *Authentication) ValidateAuthentication() error { if r.Spec.TargetRef.Name == "" { allErrs = append(allErrs, field.Required(field.NewPath("spec").Child("targetRef").Child("name"), "Name is required")) } + if !(r.Spec.TargetRef.Kind == constants.KindAPI || r.Spec.TargetRef.Kind == constants.KindResource) { allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("targetRef").Child("kind"), r.Spec.TargetRef.Kind, "Invalid Kind is provided")) } - var mutualSSL *MutualSSLConfig - var authTypes *APIAuth - - isOAuthEnabled := true - isOAuthMandatory := true - - isMTLSEnabled := false - isMTLSMandatory := false - - isAPIKeyEnabled := false - isAPIKeyMandatory := false - if r.Spec.Default != nil && r.Spec.Default.AuthTypes != nil { - authTypes = r.Spec.Default.AuthTypes - - isOAuthEnabled = !authTypes.OAuth2.Disabled - isOAuthMandatory = authTypes.OAuth2.Required == "mandatory" - if authTypes.MutualSSL != nil { - mutualSSL = authTypes.MutualSSL - isMTLSEnabled = !authTypes.MutualSSL.Disabled - isMTLSMandatory = authTypes.MutualSSL.Required == "mandatory" + if r.Spec.Default != nil && r.Spec.Default.AuthTypes != nil && r.Spec.Default.AuthTypes.MutualSSL != nil { + if r.Spec.TargetRef.Kind != constants.KindAPI { + allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("default").Child("authTypes").Child("mtls"), r.Spec.Default.AuthTypes.MutualSSL, + "invalid authentication - mTLS can only be added for APIs")) } + mutualSSL := r.Spec.Default.AuthTypes.MutualSSL - if authTypes.APIKey != nil { - isAPIKeyEnabled = true - isAPIKeyMandatory = authTypes.APIKey.Required == "mandatory" + if mutualSSL != nil && len(mutualSSL.CertificatesInline) == 0 && len(mutualSSL.ConfigMapRefs) == 0 && len(mutualSSL.SecretRefs) == 0 { + allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("default").Child("authTypes").Child("mtls"), r.Spec.Default.AuthTypes.MutualSSL, + "invalid mTLS configuration - certificates not provided")) } + } - if mutualSSL != nil && r.Spec.TargetRef.Kind != constants.KindAPI { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("default").Child("authTypes").Child("oauth2"), r.Spec.Default.AuthTypes.MutualSSL, - "invalid authentication - mTLS can currently only be added for APIs")) + if r.Spec.Override != nil && r.Spec.Override.AuthTypes != nil { + if r.Spec.Override.AuthTypes.MutualSSL != nil { + if r.Spec.TargetRef.Kind != constants.KindAPI { + allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("override").Child("authTypes").Child("mtls"), r.Spec.Override.AuthTypes.MutualSSL, + "invalid authentication - mTLS can currently only be added for APIs")) + } } - isMTLSMandatory = isMTLSEnabled && isMTLSMandatory - isOAuthMandatory = isOAuthEnabled && isOAuthMandatory - isAPIKeyMandatory = isAPIKeyEnabled && isAPIKeyMandatory - - isMTLSOptional := isMTLSEnabled && !isMTLSMandatory - isOAuthOptional := isOAuthEnabled && !isOAuthMandatory - isAPIKeyOptional := isAPIKeyEnabled && !isAPIKeyMandatory - - // valid security combinations - // at least one must be enabled and mandatory - // OR mTLS is enabled and one of OAuth2 or APIKey is optional + mutualSSL := r.Spec.Override.AuthTypes.MutualSSL - if !((isMTLSMandatory || isOAuthMandatory || isAPIKeyMandatory) || (isMTLSOptional && (isOAuthOptional || isAPIKeyOptional))) { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("default").Child("authTypes"), authTypes, - "invalid authtypes provided: one of mTLS, APIKey, OAuth2 has to be enabled and mandatory "+ - "OR mTLS and one of OAuth2 or APIKey need to be optional "+ - "OR all three can be optional")) + if mutualSSL != nil && len(mutualSSL.CertificatesInline) == 0 && len(mutualSSL.ConfigMapRefs) == 0 && len(mutualSSL.SecretRefs) == 0 { + allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("default").Child("authTypes").Child("mtls"), r.Spec.Default.AuthTypes.MutualSSL, + "invalid mTLS configuration - certificates not provided")) } } diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/api/ApiProto.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/api/ApiProto.java index 792b6dd4b..8f168c4d2 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/api/ApiProto.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/discovery/api/ApiProto.java @@ -41,7 +41,7 @@ public static void registerAllExtensions( "luster.proto\032&wso2/discovery/api/securit" + "y_info.proto\032 wso2/discovery/api/graphql" + ".proto\032$wso2/discovery/api/ai_provider.p" + - "roto\"\274\006\n\003Api\022\n\n\002id\030\001 \001(\t\022\r\n\005title\030\002 \001(\t\022" + + "roto\"\252\007\n\003Api\022\n\n\002id\030\001 \001(\t\022\r\n\005title\030\002 \001(\t\022" + "\017\n\007version\030\003 \001(\t\022\017\n\007apiType\030\004 \001(\t\022\036\n\026dis" + "ableAuthentications\030\005 \001(\010\022\025\n\rdisableScop" + "es\030\006 \001(\010\022\017\n\007envType\030\007 \001(\t\022/\n\tresources\030\010" + @@ -50,21 +50,24 @@ public static void registerAllExtensions( "leState\030\013 \001(\t\022\r\n\005vhost\030\014 \001(\t\022\026\n\016organiza" + "tionId\030\r \001(\t\022;\n\022clientCertificates\030\016 \003(\013" + "2\037.wso2.discovery.api.Certificate\022\021\n\tmut" + - "ualSSL\030\017 \001(\t\022\033\n\023applicationSecurity\030\020 \001(" + - "\010\022\031\n\021transportSecurity\030\021 \001(\010\022D\n\025graphqlC" + - "omplexityInfo\030\027 \003(\0132%.wso2.discovery.api" + - ".GraphqlComplexity\022\021\n\tsystemAPI\030\030 \001(\010\022D\n" + - "\023backendJWTTokenInfo\030\031 \001(\0132\'.wso2.discov" + - "ery.api.BackendJWTTokenInfo\022\031\n\021apiDefini" + - "tionFile\030\032 \001(\014\022\023\n\013environment\030\033 \001(\t\022\036\n\026s" + - "ubscriptionValidation\030\034 \001(\010\0226\n\tendpoints" + - "\030\035 \001(\0132#.wso2.discovery.api.EndpointClus" + - "ter\022:\n\020endpointSecurity\030\036 \003(\0132 .wso2.dis" + - "covery.api.SecurityInfo\0222\n\naiprovider\030\037 " + - "\001(\0132\036.wso2.discovery.api.AIProviderBp\n#o" + - "rg.wso2.apk.enforcer.discovery.apiB\010ApiP" + - "rotoP\001Z=github.com/envoyproxy/go-control" + - "-plane/wso2/discovery/api;apib\006proto3" + "ualSSL\030\017 \001(\t\022M\n\023applicationSecurity\030\020 \003(" + + "\01320.wso2.discovery.api.Api.ApplicationSe" + + "curityEntry\022\031\n\021transportSecurity\030\021 \001(\010\022D" + + "\n\025graphqlComplexityInfo\030\027 \003(\0132%.wso2.dis" + + "covery.api.GraphqlComplexity\022\021\n\tsystemAP" + + "I\030\030 \001(\010\022D\n\023backendJWTTokenInfo\030\031 \001(\0132\'.w" + + "so2.discovery.api.BackendJWTTokenInfo\022\031\n" + + "\021apiDefinitionFile\030\032 \001(\014\022\023\n\013environment\030" + + "\033 \001(\t\022\036\n\026subscriptionValidation\030\034 \001(\010\0226\n" + + "\tendpoints\030\035 \001(\0132#.wso2.discovery.api.En" + + "dpointCluster\022:\n\020endpointSecurity\030\036 \003(\0132" + + " .wso2.discovery.api.SecurityInfo\0222\n\naip" + + "rovider\030\037 \001(\0132\036.wso2.discovery.api.AIPro" + + "vider\032:\n\030ApplicationSecurityEntry\022\013\n\003key" + + "\030\001 \001(\t\022\r\n\005value\030\002 \001(\010:\0028\001Bp\n#org.wso2.ap" + + "k.enforcer.discovery.apiB\010ApiProtoP\001Z=gi" + + "thub.com/envoyproxy/go-control-plane/wso" + + "2/discovery/api;apib\006proto3" }; descriptor = com.google.protobuf.Descriptors.FileDescriptor .internalBuildGeneratedFileFrom(descriptorData, @@ -83,6 +86,12 @@ public static void registerAllExtensions( com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( internal_static_wso2_discovery_api_Api_descriptor, new java.lang.String[] { "Id", "Title", "Version", "ApiType", "DisableAuthentications", "DisableScopes", "EnvType", "Resources", "BasePath", "Tier", "ApiLifeCycleState", "Vhost", "OrganizationId", "ClientCertificates", "MutualSSL", "ApplicationSecurity", "TransportSecurity", "GraphqlComplexityInfo", "SystemAPI", "BackendJWTTokenInfo", "ApiDefinitionFile", "Environment", "SubscriptionValidation", "Endpoints", "EndpointSecurity", "Aiprovider", }); + internal_static_wso2_discovery_api_Api_ApplicationSecurityEntry_descriptor = + internal_static_wso2_discovery_api_Api_descriptor.getNestedTypes().get(0); + internal_static_wso2_discovery_api_Api_ApplicationSecurityEntry_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_wso2_discovery_api_Api_ApplicationSecurityEntry_descriptor, + new java.lang.String[] { "Key", "Value", }); org.wso2.apk.enforcer.discovery.api.ResourceProto.getDescriptor(); org.wso2.apk.enforcer.discovery.api.CertificateProto.getDescriptor(); org.wso2.apk.enforcer.discovery.api.BackendJWTTokenInfoProto.getDescriptor(); diff --git a/runtime/config-deployer-service/ballerina/APIClient.bal b/runtime/config-deployer-service/ballerina/APIClient.bal index cf4e29d4a..1469775e0 100644 --- a/runtime/config-deployer-service/ballerina/APIClient.bal +++ b/runtime/config-deployer-service/ballerina/APIClient.bal @@ -348,17 +348,9 @@ public class APIClient { map createdEndpointMap, commons:Organization organization) returns error? { map authenticationMap = {}; model:AuthenticationExtensionType authTypes = {}; - boolean isOAuthEnabled = true; - boolean isOAuthMandatory = true; - boolean isMTLSEnabled = false; - boolean isMTLSMandatory = false; - boolean isAPIKeyEnabled = false; - boolean isAPIKeyMandatory = false; foreach AuthenticationRequest authentication in authentications { if authentication.authType == "OAuth2" { OAuth2Authentication oauth2Authentication = check authentication.cloneWithType(OAuth2Authentication); - isOAuthEnabled = oauth2Authentication.enabled; - isOAuthMandatory = oauth2Authentication.required == "mandatory"; authTypes.oauth2 = {header: oauth2Authentication.headerName, sendTokenToUpstream: oauth2Authentication.sendTokenToUpstream, disabled: !oauth2Authentication.enabled, required: oauth2Authentication.required}; } else if authentication.authType == "JWT" { JWTAuthentication jwtAuthentication = check authentication.cloneWithType(JWTAuthentication); @@ -376,10 +368,8 @@ public class APIClient { } else { apiKeyAuthentication = check authentication.cloneWithType(APIKeyAuthentication); } - isAPIKeyEnabled = apiKeyAuthentication.enabled; - isAPIKeyMandatory = apiKeyAuthentication.required == "mandatory"; model:APIKey[] apiKeys = []; - if isAPIKeyEnabled { + if apiKeyAuthentication.enabled { if apiKeyAuthentication.headerEnable { apiKeys.push({'in: "Header", name: apiKeyAuthentication.headerName, sendTokenToUpstream: apiKeyAuthentication.sendTokenToUpstream}); } @@ -393,31 +383,10 @@ public class APIClient { } } else if authentication.authType == "mTLS" { MTLSAuthentication mtlsAuthentication = check authentication.cloneWithType(MTLSAuthentication); - isMTLSMandatory = mtlsAuthentication.required == "mandatory"; - isMTLSEnabled = mtlsAuthentication.enabled; authTypes.mtls = {disabled: !mtlsAuthentication.enabled, configMapRefs: mtlsAuthentication.certificates, required: mtlsAuthentication.required}; } } - isOAuthMandatory = isOAuthEnabled && isOAuthMandatory; - boolean isOAuthOptional = isOAuthEnabled && !isOAuthMandatory; - - isMTLSMandatory = isMTLSEnabled && isMTLSMandatory; - boolean isMTLSOptional = isMTLSEnabled && !isMTLSMandatory; - - isAPIKeyMandatory = isAPIKeyEnabled && isAPIKeyMandatory; - boolean isAPIKeyOptional = isAPIKeyEnabled && !isAPIKeyMandatory; - - if !( - // at least one must be enabled and mandatory - (isMTLSMandatory || isOAuthMandatory || isAPIKeyMandatory) || - // mTLS is enabled and one of OAuth2 or APIKey is optional - (isMTLSOptional && (isOAuthOptional || isAPIKeyOptional))) { - log:printError("Invalid authtypes provided: one of mTLS, APIKey, OAuth2 has to be enabled and mandatory " + - "OR mTLS and one of OAuth2 or APIKey need to be optional "); - return e909019(); - } - log:printDebug("Auth Types:" + authTypes.toString()); string[] keys = createdEndpointMap.keys(); log:printDebug("createdEndpointMap.keys:" + createdEndpointMap.keys().toString()); diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_disabled.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_disabled.apk-conf deleted file mode 100644 index 4ef9a701d..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_disabled.apk-conf +++ /dev/null @@ -1,38 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-disabled-oauth2-disabled-apikey-disabled" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: false - - authType: mTLS - enabled: false - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: false - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_mandatory.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_mandatory.apk-conf deleted file mode 100644 index 04f6e73d9..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_mandatory.apk-conf +++ /dev/null @@ -1,39 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-disabled-oauth2-disabled-apikey-mandatory" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: false - - authType: mTLS - enabled: false - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: mandatory - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_optional.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_optional.apk-conf deleted file mode 100644 index 045fb6b4a..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_optional.apk-conf +++ /dev/null @@ -1,39 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-disabled-oauth2-disabled-apikey-optional" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: false - - authType: mTLS - enabled: false - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: optional - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_disabled.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_disabled.apk-conf deleted file mode 100644 index bd9e8f952..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_disabled.apk-conf +++ /dev/null @@ -1,36 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-disabled-oauth2-mandatory-apikey-disabled" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: mTLS - enabled: false - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: false - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_mandatory.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_mandatory.apk-conf deleted file mode 100644 index badffbc8a..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_mandatory.apk-conf +++ /dev/null @@ -1,37 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-disabled-oauth2-mandatory-apikey-mandatory" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: mTLS - enabled: false - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: mandatory - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_optional.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_optional.apk-conf deleted file mode 100644 index d2a536599..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_optional.apk-conf +++ /dev/null @@ -1,37 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-disabled-oauth2-mandatory-apikey-optional" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: mTLS - enabled: false - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: optional - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_disabled.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_disabled.apk-conf deleted file mode 100644 index c8481eba9..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_disabled.apk-conf +++ /dev/null @@ -1,39 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-disabled-oauth2-optional-apikey-disabled" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - required: optional - enabled: true - - authType: mTLS - enabled: false - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: false - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_mandatory.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_mandatory.apk-conf deleted file mode 100644 index b8ef646c8..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_mandatory.apk-conf +++ /dev/null @@ -1,40 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-disabled-oauth2-optional-apikey-mandatory" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: true - required: optional - - authType: mTLS - enabled: false - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: mandatory - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_optional.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_optional.apk-conf deleted file mode 100644 index eb3ac4109..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_optional.apk-conf +++ /dev/null @@ -1,40 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-disabled-oauth2-optional-apikey-optional" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: true - required: optional - - authType: mTLS - enabled: false - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: optional - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_disabled.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_disabled.apk-conf deleted file mode 100644 index 6e05e29cf..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_disabled.apk-conf +++ /dev/null @@ -1,39 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-mandatory-oauth2-disabled-apikey-disabled" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: false - - authType: mTLS - enabled: true - required: mandatory - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: false - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_mandatory.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_mandatory.apk-conf deleted file mode 100644 index e8cd43bf3..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_mandatory.apk-conf +++ /dev/null @@ -1,40 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-mandatory-oauth2-disabled-apikey-mandatory" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: false - - authType: mTLS - enabled: true - required: mandatory - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: mandatory - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_optional.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_optional.apk-conf deleted file mode 100644 index 035d1c11f..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_optional.apk-conf +++ /dev/null @@ -1,40 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-mandatory-oauth2-disabled-apikey-optional" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: false - - authType: mTLS - enabled: true - required: mandatory - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: optional - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_disabled.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_disabled.apk-conf deleted file mode 100644 index b4eb4b4f4..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_disabled.apk-conf +++ /dev/null @@ -1,37 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-mandatory-oauth2-mandatory-apikey-disabled" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: mTLS - enabled: true - required: mandatory - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: false - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_mandatory.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_mandatory.apk-conf deleted file mode 100644 index b721bc99f..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_mandatory.apk-conf +++ /dev/null @@ -1,38 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-mandatory-oauth2-mandatory-apikey-mandatory" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: mTLS - required: mandatory - enabled: true - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: mandatory - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_optional.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_optional.apk-conf deleted file mode 100644 index 718ae6c0a..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_optional.apk-conf +++ /dev/null @@ -1,38 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-mandatory-oauth2-mandatory-apikey-optional" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: mTLS - enabled: true - required: mandatory - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: optional - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_disabled.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_disabled.apk-conf deleted file mode 100644 index 8b0a41707..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_disabled.apk-conf +++ /dev/null @@ -1,40 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-mandatory-oauth2-optional-apikey-disabled" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - required: optional - enabled: true - - authType: mTLS - enabled: true - required: mandatory - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: false - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_mandatory.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_mandatory.apk-conf deleted file mode 100644 index 1d04dda3f..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_mandatory.apk-conf +++ /dev/null @@ -1,41 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-mandatory-oauth2-optional-apikey-mandatory" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - required: optional - enabled: true - - authType: mTLS - enabled: true - required: mandatory - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: mandatory - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_optional.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_optional.apk-conf deleted file mode 100644 index 198d29e5f..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_optional.apk-conf +++ /dev/null @@ -1,41 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-mandatory-oauth2-optional-apikey-optional" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - required: optional - enabled: true - - authType: mTLS - enabled: true - required: mandatory - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: optional - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_disabled.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_disabled.apk-conf deleted file mode 100644 index c63d9c132..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_disabled.apk-conf +++ /dev/null @@ -1,39 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-optional-oauth2-disabled-apikey-disabled" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: false - - authType: mTLS - enabled: true - required: optional - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: false - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_mandatory.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_mandatory.apk-conf deleted file mode 100644 index b5e5e1ea4..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_mandatory.apk-conf +++ /dev/null @@ -1,39 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-optional-oauth2-disabled-apikey-mandatory" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: false - - authType: mTLS - enabled: true - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: mandatory - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_optional.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_optional.apk-conf deleted file mode 100644 index 216d2159d..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_optional.apk-conf +++ /dev/null @@ -1,39 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-optional-oauth2-disabled-apikey-optional" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - enabled: false - - authType: mTLS - enabled: true - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: optional - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_disabled.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_disabled.apk-conf deleted file mode 100644 index 11726b681..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_disabled.apk-conf +++ /dev/null @@ -1,36 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-optional-oauth2-mandatory-apikey-disabled" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: mTLS - enabled: true - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: false - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_mandatory.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_mandatory.apk-conf deleted file mode 100644 index e18c4b106..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_mandatory.apk-conf +++ /dev/null @@ -1,37 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-optional-oauth2-mandatory-apikey-mandatory" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: mTLS - enabled: true - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: mandatory - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_optional.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_optional.apk-conf deleted file mode 100644 index 7dfa71704..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_optional.apk-conf +++ /dev/null @@ -1,37 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-optional-oauth2-mandatory-apikey-optional" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: mTLS - enabled: true - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: optional - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_disabled.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_disabled.apk-conf deleted file mode 100644 index 91c46a131..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_disabled.apk-conf +++ /dev/null @@ -1,39 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-optional-oauth2-optional-apikey-disabled" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - required: optional - enabled: true - - authType: mTLS - enabled: true - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: false - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_mandatory.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_mandatory.apk-conf deleted file mode 100644 index a69e27654..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_mandatory.apk-conf +++ /dev/null @@ -1,40 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-optional-oauth2-optional-apikey-mandatory" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - required: optional - enabled: true - - authType: mTLS - enabled: true - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: mandatory - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_optional.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_optional.apk-conf deleted file mode 100644 index 82980e9fd..000000000 --- a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_optional.apk-conf +++ /dev/null @@ -1,40 +0,0 @@ -name: "EmployeeServiceAPI" -basePath: "/mtls" -version: "3.14" -type: "REST" -id: "mtls-optional-oauth2-optional-apikey-optional" -defaultVersion: false -endpointConfigurations: - production: - endpoint: "http://backend:80/anything" -operations: - - target: "/employee" - verb: "GET" - secured: true - scopes: [] - - target: "/employee" - verb: "POST" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "PUT" - secured: true - scopes: [] - - target: "/employee/{employeeId}" - verb: "DELETE" - secured: true - scopes: [] -authentication: - - authType: OAuth2 - required: optional - enabled: true - - authType: mTLS - enabled: true - certificates: - - name: mtls-test-configmap - key: tls.crt - - authType: APIKey - enabled: true - required: optional - headerEnable: true - headerName: APIKey diff --git a/test/cucumber-tests/src/test/resources/tests/api/APIKey.feature b/test/cucumber-tests/src/test/resources/tests/api/APIKey.feature deleted file mode 100644 index a4da1aea2..000000000 --- a/test/cucumber-tests/src/test/resources/tests/api/APIKey.feature +++ /dev/null @@ -1,379 +0,0 @@ -Feature: Test all valid security combinations - Scenario: Test mandatory mtls and mandatory oauth2 and mandatory apikey with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_mandatory.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-mandatory-oauth2-mandatory-apikey-mandatory" - Then the response status code should be 202 - - Scenario: Test mandatory mtls and mandatory oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_optional.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-mandatory-oauth2-mandatory-apikey-optional" - Then the response status code should be 202 - - Scenario: Test mandatory mtls and mandatory oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_mandatory_oauth2_mandatory_apikey_disabled.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-mandatory-oauth2-mandatory-apikey-disabled" - Then the response status code should be 202 - - Scenario: Test mandatory mtls and optional oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_mandatory.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-mandatory-oauth2-optional-apikey-mandatory" - Then the response status code should be 202 - - Scenario: Test mandatory mtls and optional oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_optional.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-mandatory-oauth2-optional-apikey-optional" - Then the response status code should be 202 - - Scenario: Test mandatory mtls and optional oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_mandatory_oauth2_optional_apikey_disabled.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-mandatory-oauth2-optional-apikey-disabled" - Then the response status code should be 202 - - Scenario: Test mandatory mtls and disabled oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_mandatory.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-mandatory-oauth2-disabled-apikey-mandatory" - Then the response status code should be 202 - - Scenario: Test mandatory mtls and disabled oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_optional.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-mandatory-oauth2-disabled-apikey-optional" - Then the response status code should be 202 - - Scenario: Test mandatory mtls and disabled oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_mandatory_oauth2_disabled_apikey_disabled.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-mandatory-oauth2-disabled-apikey-disabled" - Then the response status code should be 202 - - Scenario: Test optional mtls and mandatory oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_mandatory.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-optional-oauth2-mandatory-apikey-mandatory" - Then the response status code should be 202 - - Scenario: Test optional mtls and mandatory oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_optional.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-optional-oauth2-mandatory-apikey-optional" - Then the response status code should be 202 - - Scenario: Test optional mtls and mandatory oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_optional_oauth2_mandatory_apikey_disabled.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-optional-oauth2-mandatory-apikey-disabled" - Then the response status code should be 202 - - Scenario: Test optional mtls and optional oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_mandatory.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-optional-oauth2-optional-apikey-mandatory" - Then the response status code should be 202 - - Scenario: Test optional mtls and optional oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_optional.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-optional-oauth2-optional-apikey-optional" - Then the response status code should be 202 - - Scenario: Test optional mtls and optional oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_optional_oauth2_optional_apikey_disabled.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-optional-oauth2-optional-apikey-disabled" - Then the response status code should be 202 - - Scenario: Test optional mtls and disabled oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_mandatory.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-optional-oauth2-disabled-apikey-mandatory" - Then the response status code should be 202 - - Scenario: Test optional mtls and disabled oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_optional.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-optional-oauth2-disabled-apikey-optional" - Then the response status code should be 202 - - Scenario: Test optional mtls and disabled oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_optional_oauth2_disabled_apikey_disabled.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 406 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-optional-oauth2-disabled-apikey-disabled" - Then the response status code should be 404 - - Scenario: Test disabled mtls and mandatory oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_mandatory.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-disabled-oauth2-mandatory-apikey-mandatory" - Then the response status code should be 202 - - Scenario: Test disabled mtls and mandatory oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_optional.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-disabled-oauth2-mandatory-apikey-optional" - Then the response status code should be 202 - - Scenario: Test disabled mtls and mandatory oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_disabled_oauth2_mandatory_apikey_disabled.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-disabled-oauth2-mandatory-apikey-disabled" - Then the response status code should be 202 - - Scenario: Test disabled mtls and optional oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_mandatory.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-disabled-oauth2-optional-apikey-mandatory" - Then the response status code should be 202 - - Scenario: Test disabled mtls and optional oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_optional.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 406 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-disabled-oauth2-optional-apikey-optional" - Then the response status code should be 404 - - Scenario: Test disabled mtls and optional oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_disabled_oauth2_optional_apikey_disabled.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 406 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-disabled-oauth2-optional-apikey-disabled" - Then the response status code should be 404 - - Scenario: Test disabled mtls and disabled oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_mandatory.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 200 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-disabled-oauth2-disabled-apikey-mandatory" - Then the response status code should be 202 - - Scenario: Test disabled mtls and disabled oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_optional.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 406 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-disabled-oauth2-disabled-apikey-optional" - Then the response status code should be 404 - - Scenario: Test disabled mtls and disabled oauth2 with a valid client certificate in header - Given The system is ready - And I have a valid token with a client certificate "config-map-1.txt" - When I use the APK Conf file "artifacts/apk-confs/apikey/mtls_disabled_oauth2_disabled_apikey_disabled.apk-conf" - And the definition file "artifacts/definitions/employees_api.json" - And make the API deployment request - Then the response status code should be 406 - - Scenario: Undeploy API - Given The system is ready - And I have a valid subscription - When I undeploy the API whose ID is "mtls-disabled-oauth2-disabled-apikey-disabled" - Then the response status code should be 404 - diff --git a/test/cucumber-tests/src/test/resources/tests/api/MTLSwithOAuth2Mandatory.feature b/test/cucumber-tests/src/test/resources/tests/api/MTLSwithOAuth2Mandatory.feature index 1f6cc149a..6cd8fb4fe 100644 --- a/test/cucumber-tests/src/test/resources/tests/api/MTLSwithOAuth2Mandatory.feature +++ b/test/cucumber-tests/src/test/resources/tests/api/MTLSwithOAuth2Mandatory.feature @@ -118,7 +118,6 @@ Feature: Test mTLS between client and gateway with client certificate sent in he When I undeploy the API whose ID is "mtls-optional-oauth2-enabled" Then the response status code should be 202 - # Disabled scenarios # mTLS optional OAuth2 disabled Scenario: Test optional mTLS and disabled OAuth2 with a valid client certificate in header Given The system is ready @@ -126,16 +125,64 @@ Feature: Test mTLS between client and gateway with client certificate sent in he When I use the APK Conf file "artifacts/apk-confs/mtls/mtls_optional_oauth2_disabled.apk-conf" And the definition file "artifacts/definitions/employees_api.json" And make the API deployment request - Then the response status code should be 406 + Then the response status code should be 200 + Then I set headers + | Authorization | bearer invalidToken | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + Then I set headers + | Authorization | bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + Then I set headers + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 200 response code, not accepting + | 401 | + + Scenario: Undeploy API + Given The system is ready + And I have a valid subscription + When I undeploy the API whose ID is "mtls-optional-oauth2-disabled" + Then the response status code should be 202 # mTLS disabled OAuth2 optional Scenario: Test an API with mTLS disabled and OAuth2 optional Given The system is ready - And I have a valid subscription + And I have a valid token with a client certificate "config-map-1.txt" When I use the APK Conf file "artifacts/apk-confs/mtls/mtls_disabled_oauth2_optional.apk-conf" And the definition file "artifacts/definitions/employees_api.json" And make the API deployment request - Then the response status code should be 406 + Then the response status code should be 200 + Then I set headers + | Authorization | bearer ${accessToken} | + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 200 response code, not accepting + | 401 | + Then I set headers + | Authorization | bearer ${accessToken} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 200 response code, not accepting + | 401 | + Then I set headers + | X-WSO2-CLIENT-CERTIFICATE | ${clientCertificate} | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 200 response code, not accepting + | 401 | + Then I set headers + | Authorization | bearer invalidToken | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 401 response code, not accepting + | 200 | + + Scenario: Undeploy API + Given The system is ready + And I have a valid subscription + When I undeploy the API whose ID is "mtls-disabled-oauth2-optional" + Then the response status code should be 202 # mTLS disabled OAuth2 disabled Scenario: Test an API with mTLS disabled and OAuth2 disabled @@ -144,7 +191,21 @@ Feature: Test mTLS between client and gateway with client certificate sent in he When I use the APK Conf file "artifacts/apk-confs/mtls/mtls_disabled_oauth2_disabled.apk-conf" And the definition file "artifacts/definitions/employees_api.json" And make the API deployment request - Then the response status code should be 406 + Then the response status code should be 200 + Then I set headers + | Authorization | bearer invalidToken | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 200 response code, not accepting + | 401 | + And I send "GET" request to "https://default.gw.wso2.com:9095/mtls/3.14/employee/" with body "" + And I eventually receive 200 response code, not accepting + | 401 | + + Scenario: Undeploy API + Given The system is ready + And I have a valid subscription + When I undeploy the API whose ID is "mtls-disabled-oauth2-disabled" + Then the response status code should be 202 # mTLS mandatory OAuth2 disabled Scenario: Test mandatory mTLS and disabled OAuth2 with a valid client certificate in header