From dd80a3373a37f95d1ec17186f60f070ba9e033bb Mon Sep 17 00:00:00 2001 From: sgayangi Date: Sat, 6 Apr 2024 12:31:28 +0530 Subject: [PATCH 1/2] Add secret for choreo analytics URL and token --- .../analytics/publisher/util/Constants.java | 4 +-- .../analytics/AnalyticsConstants.java | 2 -- .../apk/enforcer/config/ConfigHolder.java | 8 +++++ .../apk/enforcer/config/EnvVarConfig.java | 19 +++++++++++ .../constants/AnalyticsConstants.java | 2 -- .../apk/enforcer/constants/Constants.java | 3 ++ .../gateway-runtime-deployment.yaml | 32 ++++++++++++------- helm-charts/values.yaml.template | 11 +------ 8 files changed, 53 insertions(+), 28 deletions(-) diff --git a/gateway/enforcer/org.wso2.apk.enforcer.analytics.publishers/src/main/java/org/wso2/apk/enforcer/analytics/publisher/util/Constants.java b/gateway/enforcer/org.wso2.apk.enforcer.analytics.publishers/src/main/java/org/wso2/apk/enforcer/analytics/publisher/util/Constants.java index 40602fbb8..10820cc53 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer.analytics.publishers/src/main/java/org/wso2/apk/enforcer/analytics/publisher/util/Constants.java +++ b/gateway/enforcer/org.wso2.apk.enforcer.analytics.publishers/src/main/java/org/wso2/apk/enforcer/analytics/publisher/util/Constants.java @@ -66,8 +66,8 @@ public class Constants { public static final String FAULT_EVENT_TYPE = "fault"; //Reporter config properties - public static final String AUTH_API_URL = "auth.api.url"; - public static final String AUTH_API_TOKEN = "auth.api.token"; + public static final String AUTH_API_URL = "authURL"; + public static final String AUTH_API_TOKEN = "authToken"; //Proxy configs public static final String PROXY_ENABLE = "proxy_config_enable"; diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/analytics/AnalyticsConstants.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/analytics/AnalyticsConstants.java index af3bb74ae..70969eeb0 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/analytics/AnalyticsConstants.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/analytics/AnalyticsConstants.java @@ -27,8 +27,6 @@ public class AnalyticsConstants { protected static final String IS_CHOREO_DEPLOYMENT_CONFIG_KEY = "isChoreoDeployment"; protected static final String TYPE_CONFIG_KEY = "type"; protected static final String PUBLISHER_REPORTER_CLASS_CONFIG_KEY = "publisher.reporter.class"; - public static final String AUTH_URL_CONFIG_KEY = "authURL"; - public static final String AUTH_TOKEN_CONFIG_KEY = "authToken"; public static final String RESPONSE_SCHEMA = "RESPONSE"; public static final String ERROR_SCHEMA = "ERROR"; diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/ConfigHolder.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/ConfigHolder.java index 3f9f63212..aef4cea3e 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/ConfigHolder.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/ConfigHolder.java @@ -434,6 +434,14 @@ private void populateAnalyticsConfig(Analytics analyticsConfig) { for (Map.Entry config : configPropertiesMap.entrySet()) { resolvedConfigMap.put(config.getKey(), getEnvValue(config.getValue()).toString()); } + String authURL = envVarConfig.getChoreoAnalyticsAuthUrl(); + String authToken = envVarConfig.getChoreoAnalyticsAuthToken(); + + // if the analytics publisher is of default type, retrieve authURL and authToken + if (analyticsPublisher.getType().equalsIgnoreCase(Constants.DEFAULT_ANALYTICS_PUBLISHER)){ + resolvedConfigMap.put(Constants.AUTH_URL_CONFIG_KEY, authURL); + resolvedConfigMap.put(Constants.AUTH_URL_CONFIG_TOKEN, authToken); + } analyticsDTO.addAnalyticsPublisherConfig(new AnalyticsPublisherConfigDTO(analyticsPublisher.getEnabled(), analyticsPublisher.getType(), resolvedConfigMap)); } diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/EnvVarConfig.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/EnvVarConfig.java index 1d4367285..4b7586131 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/EnvVarConfig.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/EnvVarConfig.java @@ -55,6 +55,8 @@ public class EnvVarConfig { public static final String REDIS_CERT_FILE = "REDIS_CERT_FILE"; public static final String REDIS_CA_CERT_FILE = "REDIS_CA_CERT_FILE"; public static final String REVOKED_TOKEN_CLEANUP_INTERVAL = "REVOKED_TOKEN_CLEANUP_INTERVAL"; + public static final String CHOREO_ANALYTICS_AUTH_TOKEN = "CHOREO_ANALYTICS_AUTH_TOKEN"; + public static final String CHOREO_ANALYTICS_AUTH_URL = "CHOREO_ANALYTICS_AUTH_URL"; // Since the container is running in linux container, path separator is not needed. @@ -85,6 +87,10 @@ public class EnvVarConfig { public static final String DEFAULT_REDIS_CERT_FILE = "/home/wso2/security/redis/redis.crt"; public static final String DEFAULT_REDIS_CA_CERT_FILE = "/home/wso2/security/redis/ca.crt"; public static final int DEFAULT_REVOKED_TOKEN_CLEANUP_INTERVAL = 60*60; // In seconds + + public static final String DEFAULT_CHOREO_ANALYTICS_AUTH_TOKEN = ""; + public static final String DEFAULT_CHOREO_ANALYTICS_AUTH_URL = ""; + private static EnvVarConfig instance; private final String trustedAdapterCertsPath; private final String trustDefaultCerts; @@ -116,6 +122,9 @@ public class EnvVarConfig { private final String redisKeyFile; private final String redisCertFile; private final String redisCaCertFile; + + private final String choreoAnalyticsAuthToken; + private final String choreoAnalyticsAuthUrl; private final int revokedTokenCleanupInterval; private EnvVarConfig() { @@ -160,6 +169,8 @@ private EnvVarConfig() { redisCertFile = retrieveEnvVarOrDefault(REDIS_CERT_FILE, DEFAULT_REDIS_CERT_FILE); redisCaCertFile = retrieveEnvVarOrDefault(REDIS_CA_CERT_FILE, DEFAULT_REDIS_CA_CERT_FILE); revokedTokenCleanupInterval = getRevokedTokenCleanupIntervalFromEnv(); + choreoAnalyticsAuthToken = retrieveEnvVarOrDefault(CHOREO_ANALYTICS_AUTH_TOKEN, DEFAULT_CHOREO_ANALYTICS_AUTH_TOKEN); + choreoAnalyticsAuthUrl = retrieveEnvVarOrDefault(CHOREO_ANALYTICS_AUTH_URL, DEFAULT_CHOREO_ANALYTICS_AUTH_URL); } public static EnvVarConfig getInstance() { @@ -319,5 +330,13 @@ public String getCommonControllerRestPort() { return commonControllerRestPort; } + + public String getChoreoAnalyticsAuthToken() { + return choreoAnalyticsAuthToken; + } + + public String getChoreoAnalyticsAuthUrl() { + return choreoAnalyticsAuthUrl; + } } diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/constants/AnalyticsConstants.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/constants/AnalyticsConstants.java index 129ce0d99..a27a33b94 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/constants/AnalyticsConstants.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/constants/AnalyticsConstants.java @@ -23,8 +23,6 @@ */ public class AnalyticsConstants { - public static final String AUTH_URL_CONFIG_KEY = "authURL"; - public static final String AUTH_TOKEN_CONFIG_KEY = "authToken"; public static final String UPSTREAM_SUCCESS_RESPONSE_DETAIL = "via_upstream"; public static final String EXT_AUTH_DENIED_RESPONSE_DETAIL = "ext_authz_denied"; public static final String EXT_AUTH_ERROR_RESPONSE_DETAIL = "ext_authz_error"; diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/constants/Constants.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/constants/Constants.java index 989f18101..f37c48c70 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/constants/Constants.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/constants/Constants.java @@ -81,4 +81,7 @@ since new lines in different OSs differ (Linux: \n, Windows: \r\n) */ // multi-env constants public static final String DEFAULT_ALL_ENVIRONMENTS_TOKEN_ISSUER = "*"; + public static final String AUTH_URL_CONFIG_KEY = "authURL"; + public static final String AUTH_URL_CONFIG_TOKEN = "authToken"; + public static final String DEFAULT_ANALYTICS_PUBLISHER = "default"; } diff --git a/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml b/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml index b0d8ed0b2..0ac14e8e9 100644 --- a/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml +++ b/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml @@ -96,6 +96,26 @@ spec: {{- else }} value: -Dhttpclient.hostnameVerifier=AllowAll -Xms512m -Xmx512m -XX:MaxRAMFraction=2 {{- end }} + {{- if and .Values.wso2.apk.dp.gatewayRuntime.analytics .Values.wso2.apk.dp.gatewayRuntime.analytics.publishers }} + {{- $defaultPublisherSecretName := "" }} + {{- range .Values.wso2.apk.dp.gatewayRuntime.analytics.publishers }} + {{- if eq .type "default" }} + {{- $defaultPublisherSecretName = .secretName }} + {{- end }} + {{- end }} + {{- if $defaultPublisherSecretName }} + - name: CHOREO_ANALYTICS_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: {{ $defaultPublisherSecretName }} + key: "authToken" + - name: CHOREO_ANALYTICS_AUTH_URL + valueFrom: + secretKeyRef: + name: {{ $defaultPublisherSecretName }} + key: "authURL" + {{- end }} + {{- end }} {{- if .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis }} - name: REDIS_USERNAME value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.username | default "default" }} @@ -139,18 +159,6 @@ spec: - name: REVOKED_TOKEN_CLEANUP_INTERVAL value: "3600" {{- end }} - {{- if and .Values.wso2.apk.dp.gatewayRuntime.analytics .Values.wso2.apk.dp.gatewayRuntime.analytics.secretName }} - - name: analytics_authToken - valueFrom: - secretKeyRef: - name: {{ .Values.wso2.apk.dp.gatewayRuntime.analytics.secretName }} - key: "analytics_authToken" - - name: analytics_authURL - valueFrom: - secretKeyRef: - name: {{ .Values.wso2.apk.dp.gatewayRuntime.analytics.secretName }} - key: "analytics_authURL" - {{- end }} volumeMounts: - name: tmp mountPath: /tmp diff --git a/helm-charts/values.yaml.template b/helm-charts/values.yaml.template index dcdf05928..151741bf1 100644 --- a/helm-charts/values.yaml.template +++ b/helm-charts/values.yaml.template @@ -591,20 +591,11 @@ wso2: analytics: # -- Enable/Disable analytics in gateway runtime. enabled: true - # -- Type of analytics data publisher. Can be "Choreo" or "ELK". - type: "Choreo" - # -- Choreo analytics secret. - secretName: "choreo-analytics-secret" - # -- Property values for the analytics. - properties: - property_name : property_value # -- Analytics Publishers publishers: - enabled: true type: "default" - configProperties: - auth.api.url: "$env{analytics_authURL}" - auth.api.token: "$env{analytics_authToken}" + secretName: "choreo-analytics-secret" # user created secret name - enabled: true type: "elk" # -- Optional: File name of the log file. From 4704c2d318a86bf6815ce5dfb1e328e134b8bc45 Mon Sep 17 00:00:00 2001 From: sgayangi Date: Sun, 7 Apr 2024 17:56:43 +0530 Subject: [PATCH 2/2] Add secret for Moesif token --- .../enforcer/analytics/publisher/util/Constants.java | 1 + .../org/wso2/apk/enforcer/config/ConfigHolder.java | 3 +++ .../org/wso2/apk/enforcer/config/EnvVarConfig.java | 9 ++++++++- .../org/wso2/apk/enforcer/constants/Constants.java | 2 ++ .../gateway-runtime/gateway-runtime-deployment.yaml | 11 +++++++++++ helm-charts/values.yaml.template | 3 +++ 6 files changed, 28 insertions(+), 1 deletion(-) diff --git a/gateway/enforcer/org.wso2.apk.enforcer.analytics.publishers/src/main/java/org/wso2/apk/enforcer/analytics/publisher/util/Constants.java b/gateway/enforcer/org.wso2.apk.enforcer.analytics.publishers/src/main/java/org/wso2/apk/enforcer/analytics/publisher/util/Constants.java index 10820cc53..ae55fb192 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer.analytics.publishers/src/main/java/org/wso2/apk/enforcer/analytics/publisher/util/Constants.java +++ b/gateway/enforcer/org.wso2.apk.enforcer.analytics.publishers/src/main/java/org/wso2/apk/enforcer/analytics/publisher/util/Constants.java @@ -68,6 +68,7 @@ public class Constants { //Reporter config properties public static final String AUTH_API_URL = "authURL"; public static final String AUTH_API_TOKEN = "authToken"; + public static final String MOESIF_TOKEN = "moesifToken"; //Proxy configs public static final String PROXY_ENABLE = "proxy_config_enable"; diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/ConfigHolder.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/ConfigHolder.java index aef4cea3e..c10358f33 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/ConfigHolder.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/ConfigHolder.java @@ -436,11 +436,14 @@ private void populateAnalyticsConfig(Analytics analyticsConfig) { } String authURL = envVarConfig.getChoreoAnalyticsAuthUrl(); String authToken = envVarConfig.getChoreoAnalyticsAuthToken(); + String moesifToken = envVarConfig.getMoesifToken(); // if the analytics publisher is of default type, retrieve authURL and authToken if (analyticsPublisher.getType().equalsIgnoreCase(Constants.DEFAULT_ANALYTICS_PUBLISHER)){ resolvedConfigMap.put(Constants.AUTH_URL_CONFIG_KEY, authURL); resolvedConfigMap.put(Constants.AUTH_URL_CONFIG_TOKEN, authToken); + } else if (analyticsPublisher.getType().equalsIgnoreCase(Constants.MOESIF_ANALYTICS_PUBLISHER)){ + resolvedConfigMap.put(Constants.MOESIF_TOKEN, moesifToken); } analyticsDTO.addAnalyticsPublisherConfig(new AnalyticsPublisherConfigDTO(analyticsPublisher.getEnabled(), analyticsPublisher.getType(), resolvedConfigMap)); diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/EnvVarConfig.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/EnvVarConfig.java index 4b7586131..a3b31bce7 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/EnvVarConfig.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/config/EnvVarConfig.java @@ -57,7 +57,7 @@ public class EnvVarConfig { public static final String REVOKED_TOKEN_CLEANUP_INTERVAL = "REVOKED_TOKEN_CLEANUP_INTERVAL"; public static final String CHOREO_ANALYTICS_AUTH_TOKEN = "CHOREO_ANALYTICS_AUTH_TOKEN"; public static final String CHOREO_ANALYTICS_AUTH_URL = "CHOREO_ANALYTICS_AUTH_URL"; - + public static final String MOESIF_TOKEN = "MOESIF_TOKEN"; // Since the container is running in linux container, path separator is not needed. private static final String DEFAULT_TRUSTED_CA_CERTS_PATH = "/home/wso2/security/truststore"; @@ -90,6 +90,7 @@ public class EnvVarConfig { public static final String DEFAULT_CHOREO_ANALYTICS_AUTH_TOKEN = ""; public static final String DEFAULT_CHOREO_ANALYTICS_AUTH_URL = ""; + public static final String DEFAULT_MOESIF_TOKEN = ""; private static EnvVarConfig instance; private final String trustedAdapterCertsPath; @@ -125,6 +126,7 @@ public class EnvVarConfig { private final String choreoAnalyticsAuthToken; private final String choreoAnalyticsAuthUrl; + private final String moesifToken; private final int revokedTokenCleanupInterval; private EnvVarConfig() { @@ -171,6 +173,7 @@ private EnvVarConfig() { revokedTokenCleanupInterval = getRevokedTokenCleanupIntervalFromEnv(); choreoAnalyticsAuthToken = retrieveEnvVarOrDefault(CHOREO_ANALYTICS_AUTH_TOKEN, DEFAULT_CHOREO_ANALYTICS_AUTH_TOKEN); choreoAnalyticsAuthUrl = retrieveEnvVarOrDefault(CHOREO_ANALYTICS_AUTH_URL, DEFAULT_CHOREO_ANALYTICS_AUTH_URL); + moesifToken = retrieveEnvVarOrDefault(MOESIF_TOKEN, DEFAULT_MOESIF_TOKEN); } public static EnvVarConfig getInstance() { @@ -338,5 +341,9 @@ public String getChoreoAnalyticsAuthToken() { public String getChoreoAnalyticsAuthUrl() { return choreoAnalyticsAuthUrl; } + + public String getMoesifToken() { + return moesifToken; + } } diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/constants/Constants.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/constants/Constants.java index f37c48c70..ed2cdb542 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/constants/Constants.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/constants/Constants.java @@ -83,5 +83,7 @@ since new lines in different OSs differ (Linux: \n, Windows: \r\n) */ public static final String DEFAULT_ALL_ENVIRONMENTS_TOKEN_ISSUER = "*"; public static final String AUTH_URL_CONFIG_KEY = "authURL"; public static final String AUTH_URL_CONFIG_TOKEN = "authToken"; + public static final String MOESIF_TOKEN = "moesifToken"; public static final String DEFAULT_ANALYTICS_PUBLISHER = "default"; + public static final String MOESIF_ANALYTICS_PUBLISHER = "moesif"; } diff --git a/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml b/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml index 0ac14e8e9..33a5e83e3 100644 --- a/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml +++ b/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml @@ -98,10 +98,14 @@ spec: {{- end }} {{- if and .Values.wso2.apk.dp.gatewayRuntime.analytics .Values.wso2.apk.dp.gatewayRuntime.analytics.publishers }} {{- $defaultPublisherSecretName := "" }} + {{- $moesifPublisherSecretName := "" }} {{- range .Values.wso2.apk.dp.gatewayRuntime.analytics.publishers }} {{- if eq .type "default" }} {{- $defaultPublisherSecretName = .secretName }} {{- end }} + {{- if eq .type "moesif" }} + {{- $moesifPublisherSecretName = .secretName }} + {{- end }} {{- end }} {{- if $defaultPublisherSecretName }} - name: CHOREO_ANALYTICS_AUTH_TOKEN @@ -115,6 +119,13 @@ spec: name: {{ $defaultPublisherSecretName }} key: "authURL" {{- end }} + {{- if $moesifPublisherSecretName }} + - name: MOESIF_TOKEN + valueFrom: + secretKeyRef: + name: {{ $moesifPublisherSecretName }} + key: "moesifToken" + {{- end }} {{- end }} {{- if .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis }} - name: REDIS_USERNAME diff --git a/helm-charts/values.yaml.template b/helm-charts/values.yaml.template index 151741bf1..434736f67 100644 --- a/helm-charts/values.yaml.template +++ b/helm-charts/values.yaml.template @@ -598,6 +598,9 @@ wso2: secretName: "choreo-analytics-secret" # user created secret name - enabled: true type: "elk" + - enabled: true + type: "moesif" + secretName: "moesif-secret" # -- Optional: File name of the log file. logFileName: "logs/enforcer_analytics.log" # -- Optional: Log level the analytics data. Can be one of DEBUG, INFO, WARN, ERROR, OFF.