Merge branch 'master' into 4.3.0-kernel-upgrade

wso2 · Feb 16, 2024 · 4c1d08f · 4c1d08f
2 parents 4029d77 + c0cc65f
commit 4c1d08f
Show file tree

Hide file tree

Showing 32 changed files with 1,874 additions and 66 deletions.
diff --git a/modules/distribution/product/src/main/assembly/bin.xml b/modules/distribution/product/src/main/assembly/bin.xml
@@ -1249,6 +1249,20 @@
             <fileMode>644</fileMode>
         </file>
 
+        <file>
+            <source>src/main/startup-scripts/fips.sh</source>
+            <outputDirectory>wso2am-${pom.version}/bin/</outputDirectory>
+            <filtered>true</filtered>
+            <fileMode>755</fileMode>
+        </file>
+
+        <file>
+            <source>src/main/startup-scripts/fips.bat</source>
+            <outputDirectory>wso2am-${pom.version}/bin/</outputDirectory>
+            <filtered>true</filtered>
+            <fileMode>755</fileMode>
+        </file>
+
         <file>
             <source>src/main/startup-scripts/profileSetup.sh</source>
             <outputDirectory>wso2am-${pom.version}/bin/</outputDirectory>

diff --git a/modules/distribution/product/src/main/conf/deployment.toml b/modules/distribution/product/src/main/conf/deployment.toml
@@ -52,6 +52,7 @@ key_password =  "wso2carbon"
 [[apim.gateway.environment]]
 name = "Default"
 type = "hybrid"
+gateway_type = "Regular"
 provider = "wso2"
 display_in_api_console = true
 description = "This is a hybrid gateway that handles both production and sandbox token traffic."

diff --git a/modules/distribution/product/src/main/resources/conf/deployment-templates/control-plane.toml b/modules/distribution/product/src/main/resources/conf/deployment-templates/control-plane.toml
@@ -49,6 +49,7 @@ key_password =  "wso2carbon"
 [[apim.gateway.environment]]
 name = "Default"
 type = "hybrid"
+gateway_type = "Regular"
 provider = "wso2"
 display_in_api_console = true
 description = "This is a hybrid gateway that handles both production and sandbox token traffic."

diff --git a/modules/distribution/product/src/main/startup-scripts/fips.bat b/modules/distribution/product/src/main/startup-scripts/fips.bat
diff --git a/modules/distribution/product/src/main/startup-scripts/fips.sh b/modules/distribution/product/src/main/startup-scripts/fips.sh
diff --git a/.../distribution/resources/operation_policies/definitions/jwtClaimBasedAccessValidator_v1.j2 b/.../distribution/resources/operation_policies/definitions/jwtClaimBasedAccessValidator_v1.j2
@@ -0,0 +1,6 @@
+<class name="org.wso2.carbon.apimgt.gateway.mediators.ClaimBasedResourceAccessValidationMediator">
+    <property name="accessVerificationClaim"  value = "{{accessVerificationClaim}}"/>
+    <property name="accessVerificationClaimValue" value="{{accessVerificationClaimValue}}"/>
+    <property name="accessVerificationClaimValueRegex" value="{{accessVerificationClaimValueRegex}}"/>
+    <property name="shouldAllowValidation" value="{{shouldAllowValidation}}"/>
+</class>
diff --git a/...ribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json b/...ribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json
@@ -0,0 +1,51 @@
+{
+    "category": "Mediation",
+    "name": "jwtClaimBasedAccessValidator",
+    "version": "v1",
+    "displayName": "JWT claim based access validator",
+    "description": "This policy validates configured claim name and value in this policy with the claim name and value sent in the JWT access token to grant access to the API resource.",
+    "applicableFlows": [
+      "request"
+    ],
+    "supportedGateways": [
+      "Synapse"
+    ],
+    "supportedApiTypes": [
+      "HTTP"
+    ],
+    "policyAttributes": [
+      {
+        "name": "accessVerificationClaim",
+        "displayName": "Access verification claim name",
+        "description": "This should be the name the custom claim which is expected in the JWT access token.",
+        "validationRegex": "^[a-zA-Z_]+$",
+        "type": "String",
+        "defaultValue": "aut",
+        "required": true
+      },
+      {
+        "name": "accessVerificationClaimValue",
+        "displayName": "Access verification claim value",
+        "description": "This should be the value of a custom claim which is expected in the JWT access token.",
+        "type": "String",
+        "defaultValue": "APPLICATION",
+        "required": true
+      },
+      {
+        "name": "accessVerificationClaimValueRegex",
+        "displayName": "Access verification claim value regex",
+        "description": "If a regex is provided, the claim values will be matched using this regex. Otherwise they will be checked for equality.",
+        "type": "String",
+        "defaultValue": "",
+        "required": false
+      },
+      {
+        "name": "shouldAllowValidation",
+        "displayName": "Allow flow when claims are not matching",
+        "description": "Tick this to allow the flow when the claims are not matching. Keeping this un-ticked will allow the flow only when the claims are matched.",
+        "type": "Boolean",
+        "defaultValue": "false",
+        "required": false
+      }
+    ]
+  }
diff --git a/modules/integration/tests-common/clients/admin/.openapi-generator/admin-api.yaml.sha256 b/modules/integration/tests-common/clients/admin/.openapi-generator/admin-api.yaml.sha256
@@ -1 +1 @@
-913b0f99d03f27dee037609be7975aca8be768047cea3b7c8598dd11a5a89a6a
+79b51370beba8f507666fe239fea0c86a211fc9f1f8dbf97264d13f09f0c147a
diff --git a/modules/integration/tests-common/clients/admin/api/openapi.yaml b/modules/integration/tests-common/clients/admin/api/openapi.yaml
@@ -7962,6 +7962,18 @@ components:
       - type
       title: Throttle Limit
       type: object
+    BurstLimit:
+      properties:
+        rateLimitCount:
+          description: Burst control request count
+          example: 10
+          type: integer
+        rateLimitTimeUnit:
+          description: Burst control time unit
+          example: min
+          type: string
+      title: Burst Limit object
+      type: object
     MonetizationInfo:
       properties:
         monetizationPlan:
@@ -8346,6 +8358,7 @@ components:
           endpointURI: default
         - protocol: default
           endpointURI: default
+        gatewayType: Regular
         isReadOnly: false
         provider: wso2
         displayName: US Region
@@ -8393,6 +8406,10 @@ components:
         provider:
           example: wso2
           type: string
+        gatewayType:
+          default: Regular
+          example: Regular
+          type: string
         isReadOnly:
           example: false
           readOnly: true
@@ -8424,6 +8441,7 @@ components:
             endpointURI: default
           - protocol: default
             endpointURI: default
+          gatewayType: Regular
           isReadOnly: false
           provider: wso2
           displayName: US Region
@@ -8453,6 +8471,7 @@ components:
             endpointURI: default
           - protocol: default
             endpointURI: default
+          gatewayType: Regular
           isReadOnly: false
           provider: wso2
           displayName: US Region
@@ -8786,6 +8805,9 @@ components:
             mask: true
           defaultScopesClaim: scope
           type: default
+        gatewayTypes:
+        - gatewayTypes
+        - gatewayTypes
         scopes:
         - scopes
         - scopes
@@ -8794,6 +8816,10 @@ components:
           items:
             type: string
           type: array
+        gatewayTypes:
+          items:
+            type: string
+          type: array
         keyManagerConfiguration:
           items:
             $ref: '#/components/schemas/Settings_keyManagerConfiguration'
@@ -8884,6 +8910,11 @@ components:
           tokenEndpoint: https://localhost:9444/oauth2/token
           consumerKeyClaim: azp
           scopesClaim: scp
+          permissions:
+            permissionType: ALLOW
+            roles:
+            - Internal/subscriber
+            - Internal/subscriber
           alias: https://localhost:9443/oauth2/token
           id: 01234567-0123-0123-0123-012345678901
           userInfoEndpoint: https://localhost:9444/oauth2/userinfo?schema=openid
@@ -8946,6 +8977,11 @@ components:
         tokenEndpoint: https://localhost:9444/oauth2/token
         consumerKeyClaim: azp
         scopesClaim: scp
+        permissions:
+          permissionType: ALLOW
+          roles:
+          - Internal/subscriber
+          - Internal/subscriber
         alias: https://localhost:9443/oauth2/token
         id: 01234567-0123-0123-0123-012345678901
         userInfoEndpoint: https://localhost:9444/oauth2/userinfo?schema=openid
@@ -9104,6 +9140,8 @@ components:
             Password: admin
           properties: {}
           type: object
+        permissions:
+          $ref: '#/components/schemas/KeyManager_permissions'
         tokenType:
           default: DIRECT
           description: The type of the tokens to be used (exchanged or without exchanged).
@@ -9628,6 +9666,8 @@ components:
       properties:
         defaultLimit:
           $ref: '#/components/schemas/ThrottleLimit'
+        burstLimit:
+          $ref: '#/components/schemas/BurstLimit'
       required:
       - defaultLimit
     SubscriptionThrottlePolicy_allOf:
@@ -9783,6 +9823,26 @@ components:
           type: string
         value:
           type: string
+    KeyManager_permissions:
+      example:
+        permissionType: ALLOW
+        roles:
+        - Internal/subscriber
+        - Internal/subscriber
+      properties:
+        permissionType:
+          default: PUBLIC
+          enum:
+          - PUBLIC
+          - ALLOW
+          - DENY
+          example: ALLOW
+          type: string
+        roles:
+          items:
+            example: Internal/subscriber
+            type: string
+          type: array
   securitySchemes:
     OAuth2Security:
       flows:

diff --git a/...ents/admin/src/gen/java/org/wso2/am/integration/clients/admin/api/dto/EnvironmentDTO.java b/...ents/admin/src/gen/java/org/wso2/am/integration/clients/admin/api/dto/EnvironmentDTO.java
@@ -54,6 +54,10 @@ public class EnvironmentDTO {
         @SerializedName(SERIALIZED_NAME_PROVIDER)
             private String provider;
 
+        public static final String SERIALIZED_NAME_GATEWAY_TYPE = "gatewayType";
+        @SerializedName(SERIALIZED_NAME_GATEWAY_TYPE)
+            private String gatewayType = "Regular";
+
         public static final String SERIALIZED_NAME_IS_READ_ONLY = "isReadOnly";
         @SerializedName(SERIALIZED_NAME_IS_READ_ONLY)
             private Boolean isReadOnly;
@@ -185,6 +189,29 @@ public void setProvider(String provider) {
     }
 
 
+        public EnvironmentDTO gatewayType(String gatewayType) {
+
+        this.gatewayType = gatewayType;
+        return this;
+        }
+
+    /**
+        * Get gatewayType
+    * @return gatewayType
+    **/
+        @javax.annotation.Nullable
+      @ApiModelProperty(example = "Regular", value = "")
+
+    public String getGatewayType() {
+        return gatewayType;
+    }
+
+
+    public void setGatewayType(String gatewayType) {
+        this.gatewayType = gatewayType;
+    }
+
+
         public EnvironmentDTO isReadOnly(Boolean isReadOnly) {
 
         this.isReadOnly = isReadOnly;
@@ -290,6 +317,7 @@ public boolean equals(Object o) {
             Objects.equals(this.displayName, environment.displayName) &&
             Objects.equals(this.description, environment.description) &&
             Objects.equals(this.provider, environment.provider) &&
+            Objects.equals(this.gatewayType, environment.gatewayType) &&
             Objects.equals(this.isReadOnly, environment.isReadOnly) &&
             Objects.equals(this.vhosts, environment.vhosts) &&
             Objects.equals(this.endpointURIs, environment.endpointURIs) &&
@@ -298,7 +326,7 @@ public boolean equals(Object o) {
 
     @Override
     public int hashCode() {
-        return Objects.hash(id, name, displayName, description, provider, isReadOnly, vhosts, endpointURIs, additionalProperties);
+        return Objects.hash(id, name, displayName, description, provider, gatewayType, isReadOnly, vhosts, endpointURIs, additionalProperties);
     }
 
 
@@ -311,6 +339,7 @@ public String toString() {
     sb.append("    displayName: ").append(toIndentedString(displayName)).append("\n");
     sb.append("    description: ").append(toIndentedString(description)).append("\n");
     sb.append("    provider: ").append(toIndentedString(provider)).append("\n");
+    sb.append("    gatewayType: ").append(toIndentedString(gatewayType)).append("\n");
     sb.append("    isReadOnly: ").append(toIndentedString(isReadOnly)).append("\n");
     sb.append("    vhosts: ").append(toIndentedString(vhosts)).append("\n");
     sb.append("    endpointURIs: ").append(toIndentedString(endpointURIs)).append("\n");

diff --git a/...clients/admin/src/gen/java/org/wso2/am/integration/clients/admin/api/dto/SettingsDTO.java b/...clients/admin/src/gen/java/org/wso2/am/integration/clients/admin/api/dto/SettingsDTO.java
@@ -36,6 +36,10 @@ public class SettingsDTO {
         @SerializedName(SERIALIZED_NAME_SCOPES)
             private List<String> scopes = null;
 
+        public static final String SERIALIZED_NAME_GATEWAY_TYPES = "gatewayTypes";
+        @SerializedName(SERIALIZED_NAME_GATEWAY_TYPES)
+            private List<String> gatewayTypes = null;
+
         public static final String SERIALIZED_NAME_KEY_MANAGER_CONFIGURATION = "keyManagerConfiguration";
         @SerializedName(SERIALIZED_NAME_KEY_MANAGER_CONFIGURATION)
             private List<SettingsKeyManagerConfigurationDTO> keyManagerConfiguration = null;
@@ -68,6 +72,29 @@ public void setScopes(List<String> scopes) {
     }
 
 
+        public SettingsDTO gatewayTypes(List<String> gatewayTypes) {
+
+        this.gatewayTypes = gatewayTypes;
+        return this;
+        }
+
+    /**
+        * Get gatewayTypes
+    * @return gatewayTypes
+    **/
+        @javax.annotation.Nullable
+      @ApiModelProperty(value = "")
+
+    public List<String> getGatewayTypes() {
+        return gatewayTypes;
+    }
+
+
+    public void setGatewayTypes(List<String> gatewayTypes) {
+        this.gatewayTypes = gatewayTypes;
+    }
+
+
         public SettingsDTO keyManagerConfiguration(List<SettingsKeyManagerConfigurationDTO> keyManagerConfiguration) {
 
         this.keyManagerConfiguration = keyManagerConfiguration;
@@ -124,13 +151,14 @@ public boolean equals(Object o) {
         }
             SettingsDTO settings = (SettingsDTO) o;
             return Objects.equals(this.scopes, settings.scopes) &&
+            Objects.equals(this.gatewayTypes, settings.gatewayTypes) &&
             Objects.equals(this.keyManagerConfiguration, settings.keyManagerConfiguration) &&
             Objects.equals(this.analyticsEnabled, settings.analyticsEnabled);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(scopes, keyManagerConfiguration, analyticsEnabled);
+        return Objects.hash(scopes, gatewayTypes, keyManagerConfiguration, analyticsEnabled);
     }
 
 
@@ -139,6 +167,7 @@ public String toString() {
 StringBuilder sb = new StringBuilder();
 sb.append("class SettingsDTO {\n");
     sb.append("    scopes: ").append(toIndentedString(scopes)).append("\n");
+    sb.append("    gatewayTypes: ").append(toIndentedString(gatewayTypes)).append("\n");
     sb.append("    keyManagerConfiguration: ").append(toIndentedString(keyManagerConfiguration)).append("\n");
     sb.append("    analyticsEnabled: ").append(toIndentedString(analyticsEnabled)).append("\n");
 sb.append("}");