From bcbeaa7bf36baf9ea49fa0c12dfec8cbd95e2453 Mon Sep 17 00:00:00 2001 From: sgayangi Date: Thu, 28 Mar 2024 16:37:55 +0530 Subject: [PATCH] Update agent test helm chart for internal key iss --- adapter/config/default_config.go | 2 +- .../gateway-runtime/enforcer-truststore-secret.yaml | 3 ++- .../gateway-runtime/gateway-runtime-deployment.yaml | 8 +++++++- .../agent-helm-chart/templates/log-conf.yaml | 1 + test/apim-apk-agent-test/agent-helm-chart/values.yaml | 3 ++- .../apim-cp-helm-chart/confs/instance-1/deployment.toml | 1 + 6 files changed, 14 insertions(+), 4 deletions(-) diff --git a/adapter/config/default_config.go b/adapter/config/default_config.go index b30d833dd..ce30cd1ab 100644 --- a/adapter/config/default_config.go +++ b/adapter/config/default_config.go @@ -161,7 +161,7 @@ var defaultConfig = &Config{ APIkey: apiKey{ Enabled: true, Issuer: "https://apim.wso2.com/publisher", - CertificateFilePath: "/home/wso2/security/truststore/wso2carbon.pem", + CertificateFilePath: "/home/wso2/security/truststore/wso2-apim-carbon.pem", }, InternalKey: internalKey{ Enabled: true, diff --git a/helm-charts/templates/data-plane/gateway-components/gateway-runtime/enforcer-truststore-secret.yaml b/helm-charts/templates/data-plane/gateway-components/gateway-runtime/enforcer-truststore-secret.yaml index a042efd6c..200c9bb2b 100644 --- a/helm-charts/templates/data-plane/gateway-components/gateway-runtime/enforcer-truststore-secret.yaml +++ b/helm-charts/templates/data-plane/gateway-components/gateway-runtime/enforcer-truststore-secret.yaml @@ -7,5 +7,6 @@ metadata: type: Opaque data: mg.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURrekNDQW51Z0F3SUJBZ0lKQVBEOGVTM2VtY3JRTUEwR0NTcUdTSWIzRFFFQkN3VUFNR1F4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlEQUpEUVRFV01CUUdBMVVFQnd3TlRXOTFiblJoYVc0Z1ZtbGxkekVOTUFzRwpBMVVFQ2d3RVYxTlBNakVOTUFzR0ExVUVDd3dFVjFOUE1qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNQ0FYCkRUSXlNVEV4TnpFNE1EWXpPRm9ZRHpJd05USXhNVEE1TVRnd05qTTRXakJrTVFzd0NRWURWUVFHRXdKVlV6RUwKTUFrR0ExVUVDQXdDUTBFeEZqQVVCZ05WQkFjTURVMXZkVzUwWVdsdUlGWnBaWGN4RFRBTEJnTlZCQW9NQkZkVApUekl4RFRBTEJnTlZCQXNNQkZkVFR6SXhFakFRQmdOVkJBTU1DV3h2WTJGc2FHOXpkRENDQVNJd0RRWUpLb1pJCmh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTjlaRUQyb1JDbTljZjF2RUV2UjFKL1R3TGFrSmNQeVN2UDIKT1p1Y3hiVlBDeVhvbnlsZEtJbUVoSjZMZnVNcnV4NW9wQmVYRnpJZWhjOElJalkvSlUyR2xpaG5ybFBFbE1EUQoyUXVjelpqUTZuYWlrWVRrcU5zTk5NRitXdml0N0lIVVljejM2cEliK21KbSt4ZlNubFRaWVA2MGtsY2xDK3g2CmloVzVJUG5EcUxqS1F0OTFYWFVCRkczRFYrbHVoT1NzQXJuRHBWZzBreGdqd2MvRkxJMXNpY0JoWVMxWXpPWU0Kd08zWFh4ZFlUMlNJS3VaM0ZxMk5TSGQzSEUwamNIU2FIbXBjMWpONDRrTzRPRWJsdzhjMlJDT21WRkN6YXY3SApQQVVveG1JQUEyRHNNRTN2OHdwSGM2L0lFZkZTVVU3blFNbFVhTjN1QUpVeFpBVmh5YzhDQXdFQUFhTkdNRVF3ClFnWURWUjBSQkRzd09ZSUhZV1JoY0hSbGNvSUlaVzVtYjNKalpYS0NCbkp2ZFhSbGNvSUpiRzlqWVd4b2IzTjAKZ2hGdFlXNWhaMlZ0Wlc1MExYTmxjblpsY2pBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWNsY0NqWGppS3J1UwpyWUhNRjNDeDBPSmEwS2tlWkoxVkxFY0xseXAvTXp4VEdvdnk5MXR3NlhNVVFFbndqVkxLWUc5T3Q1MU9wc3pyCmdqQXBGSnE1QlZyblJsNHp0ajFsdHVMUmpyVzBlSnIrckNpbUFKdVI0ZUhMRTUrRU5uc2t1cGVNUXdyUG50dFMKdkVMUkZmMm1Zd3JqY2sxZFdNUGhsOGUyQmh4bDN3QXgwb1o0Z0k4d2dSSThndlVNYW0xd0hzeWR1NEpCYVRuWgpSM2FpOFpIU1Q2QlZHTUhBMFdUVTFpVWJyK0dDUkFjRE5kSkJpNHpCY0JzejREN09RdTBVK1dPbTBXWlNWNGZjCmNXdTE5K0pydk1KN0llWDNaaHFSdkdiblQzWVVSSFpoUGZsbGFoYWZTNlhMYzBzeExYMFV5RGJybkk2enZoRWMKb1NySFI0WGcwUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - wso2carbon.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR1VENDQXFHZ0F3SUJBZ0lVWXlTK2JjenM4R1N3Y3hoUUUyWUJqZEFFakw4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdNQWtOQk1SWXdGQVlEVlFRSERBMU5iM1Z1ZEdGcApiaUJXYVdWM01RMHdDd1lEVlFRS0RBUlhVMDh5TVEwd0N3WURWUVFMREFSWFUwOHlNUkl3RUFZRFZRUUREQWxzCmIyTmhiR2h2YzNRd0hoY05NalF3TWpJeU1EZzFNalUxV2hjTk1qWXdOVEkzTURnMU1qVTFXakJrTVFzd0NRWUQKVlFRR0V3SlZVekVMTUFrR0ExVUVDQXdDUTBFeEZqQVVCZ05WQkFjTURVMXZkVzUwWVdsdUlGWnBaWGN4RFRBTApCZ05WQkFvTUJGZFRUekl4RFRBTEJnTlZCQXNNQkZkVFR6SXhFakFRQmdOVkJBTU1DV3h2WTJGc2FHOXpkRENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT2JIZTRycjIxRlQ3WHVveXozQ1MwcisKeThRTGhweW9nRmxYdzBMQ0lQRmpWcUxVbUFCSTlTRkl6N3BWekpwcVRQbDRCbGFVcUc3N0I3MjJTSXNrQm5MUgpHczVHVzVBSEd1akhVZmpyUlVDL0xFMGh3YWE3QTVrU1RueHB2cUxVOWd6UGw1R1EyOHdib3BpcHcwWTJDTkdxCmxZclRKd0wwL1MyN0JDZU9iWWtSeFprNEovRlZiS2VNVm5SQVVZZUE3UjZJUjh3QnU2d2FQUzVDTk9Ua2kvWncKNTBBb2pHYWRWZm1HeTZRQzZnVmFpQzhJYW1CWktrdk9qYy90Q2F1UDlCTmtIZ3BBbkFhWE9adFNyRVg2aS9xSgpHL1pYbU9jSlNGR0hLempIT3VGaTYrOGJQK0t3czNVTS92RmZkNEdoMmFTMmI2Z093MjV0L1IwbERKVit3dEVDCkF3RUFBYU5qTUdFd0ZBWURWUjBSQkEwd0M0SUpiRzlqWVd4b2IzTjBNQjBHQTFVZERnUVdCQlNIQXhLb0tlWnMKWnMxbmkrRVhZVzc1Zk03MGJqQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3Q3dZRApWUjBQQkFRREFnVHdNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUURHTDlTU0FjOHplWnBVb2loU2ExVnowZGNXCm5FR1lkdDdkQnB4U3ppcVJWSDVPNjJxVU92ZDhtbGh5M0h4N3B2Wm0yK2pKYjVMeEdKM2MvVzhGM211dDFTdGoKQVNFRXVsOWF4dXhvNWZuelVXazZBV20ycGFobEttZTBiSk8vdUJyY010WlU2TXdCdkU3NkEzZmgra1p6VlREbApMbjJUVG9ySlhydC9JQm5KdVZHT2UzWGxGTlMyMEo3bEtFUmt3UHZEZlhkZ25aSWlUYkcwdzliQUxVSmpROFUyCkFBUDlha2d1N3BMV0w3RzU1c1NWb2JGckJMSkVMZ3FxU1VUVXhBOXVybzYwRjFRMFVhWHBOd2h0MUJ3QTFVUEIKcys1T3ZmVzhnMWhkVmdWdmNmZUZIQk9oSTJOa1RtemRGRldKZTBFeE9Db3liR1dJZkZkYlZtalVZL2JSCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= + wso2carbon.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxVENDQXBHZ0F3SUJBZ0lFWWZFVlNqQU5CZ2txaGtpRzl3MEJBUXNGQURCa01Rc3dDUVlEVlFRR0V3SlYKVXpFTE1Ba0dBMVVFQ0F3Q1EwRXhGakFVQmdOVkJBY01EVTF2ZFc1MFlXbHVJRlpwWlhjeERUQUxCZ05WQkFvTQpCRmRUVHpJeERUQUxCZ05WQkFzTUJGZFRUekl4RWpBUUJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERBZUZ3MHlNakF4Ck1qWXdPVE15TlRoYUZ3MHlOREEwTXpBd09UTXlOVGhhTUdReEN6QUpCZ05WQkFZVEFsVlRNUXN3Q1FZRFZRUUkKREFKRFFURVdNQlFHQTFVRUJ3d05UVzkxYm5SaGFXNGdWbWxsZHpFTk1Bc0dBMVVFQ2d3RVYxTlBNakVOTUFzRwpBMVVFQ3d3RVYxTlBNakVTTUJBR0ExVUVBd3dKYkc5allXeG9iM04wTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGCkFBT0NBUThBTUlJQkNnS0NBUUVBa2RnbmNvQ3J6NjU1THE4cFRkWDA3ZW9WQmpkWkRDVUU2dWVCZDBEMWhwSjAKL3pFM3gzQXo2dGx2enM5OFBzUHVHemFRT01tdUxhNHF4TkorT0t4Sm11dERVbENscHV2eHVmK2p5cTRnQ1Y1dApFSUlMV1JNQmpsQkVwSmZXbTYzK1ZLS1U0bnZCV05KN0tmaFdqbDgrRFVkTlNoMnBDRExwVU9ibWI5S3F1cWMxCng0Qmd0dGpONHJ4L1ArMy92KzFqRVRYeklQMUw0NHlIdHBRTnYwa2hZZjRqL2FIamNFcmk5eWt2cHoxbXRkYWMKYnJLSzI1TjRWMUhIUndEcVppSnpPQ0NJU1hEdXFCNndndVkvdjRuMGwxWHRyRXM3aUN5ZlJGd05TS05yTHFyMgozdFIxQ3NjbUxmYkg2WkxnNUNZSlREKzF1UFN4MEhNT0I0V3Y1MVBiV3dJREFRQUJvMk13WVRBVUJnTlZIUkVFCkRUQUxnZ2xzYjJOaGJHaHZjM1F3SFFZRFZSME9CQllFRkgwS1EzWVRaSnhUc05zUHlyWk9TRmdYWGhHK01CMEcKQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTEJnTlZIUThFQkFNQ0JQQXdEUVlKS29aSQpodmNOQVFFTEJRQURnZ0VCQUZOSjM0Q0lpSWxDeG15cDI3K0tBMjI0TGFIVnRMNUR1Y0ZLMFAyMkZRK1FLa09OCmlVd083MEtvVkZyZUJIMVNteHU0ZVBXazZyTVpGT001b0w4SFhZZzN0d3krNWVHY0wzUFFkN1g1ZHdBcWxWaXYKem9rb2k2U0RhQS9iSUc2Si9PMVU5UWQ0WEVWSmRWdUxxamsxK2NwNzBBTHQwWDZCN3NOTGZqRmNiejNqUVVMTgpuSzhITnZxYm43elF1UDEwczhwNXkycVZrUEJBL3BqaWdSRHNJV1I2cDc4UUVTRitUYUhGanhmY0Q2ZjljbllpCmUreUVIRVJ0RzhrOHg1akxGZStvZEkxL1FHWlA4Rnkwb0tUK0UvVEoxRkJoNHJCMUZ0S3lscUdlYXVQdTg5RG4KYUo5K2t2cE5ROTR5Rm1FdWh0REJ5dkRpanhBcXZsaW4zVFBJZnk4PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + wso2-apim-carbon.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR1VENDQXFHZ0F3SUJBZ0lVWXlTK2JjenM4R1N3Y3hoUUUyWUJqZEFFakw4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdNQWtOQk1SWXdGQVlEVlFRSERBMU5iM1Z1ZEdGcApiaUJXYVdWM01RMHdDd1lEVlFRS0RBUlhVMDh5TVEwd0N3WURWUVFMREFSWFUwOHlNUkl3RUFZRFZRUUREQWxzCmIyTmhiR2h2YzNRd0hoY05NalF3TWpJeU1EZzFNalUxV2hjTk1qWXdOVEkzTURnMU1qVTFXakJrTVFzd0NRWUQKVlFRR0V3SlZVekVMTUFrR0ExVUVDQXdDUTBFeEZqQVVCZ05WQkFjTURVMXZkVzUwWVdsdUlGWnBaWGN4RFRBTApCZ05WQkFvTUJGZFRUekl4RFRBTEJnTlZCQXNNQkZkVFR6SXhFakFRQmdOVkJBTU1DV3h2WTJGc2FHOXpkRENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT2JIZTRycjIxRlQ3WHVveXozQ1MwcisKeThRTGhweW9nRmxYdzBMQ0lQRmpWcUxVbUFCSTlTRkl6N3BWekpwcVRQbDRCbGFVcUc3N0I3MjJTSXNrQm5MUgpHczVHVzVBSEd1akhVZmpyUlVDL0xFMGh3YWE3QTVrU1RueHB2cUxVOWd6UGw1R1EyOHdib3BpcHcwWTJDTkdxCmxZclRKd0wwL1MyN0JDZU9iWWtSeFprNEovRlZiS2VNVm5SQVVZZUE3UjZJUjh3QnU2d2FQUzVDTk9Ua2kvWncKNTBBb2pHYWRWZm1HeTZRQzZnVmFpQzhJYW1CWktrdk9qYy90Q2F1UDlCTmtIZ3BBbkFhWE9adFNyRVg2aS9xSgpHL1pYbU9jSlNGR0hLempIT3VGaTYrOGJQK0t3czNVTS92RmZkNEdoMmFTMmI2Z093MjV0L1IwbERKVit3dEVDCkF3RUFBYU5qTUdFd0ZBWURWUjBSQkEwd0M0SUpiRzlqWVd4b2IzTjBNQjBHQTFVZERnUVdCQlNIQXhLb0tlWnMKWnMxbmkrRVhZVzc1Zk03MGJqQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3Q3dZRApWUjBQQkFRREFnVHdNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUURHTDlTU0FjOHplWnBVb2loU2ExVnowZGNXCm5FR1lkdDdkQnB4U3ppcVJWSDVPNjJxVU92ZDhtbGh5M0h4N3B2Wm0yK2pKYjVMeEdKM2MvVzhGM211dDFTdGoKQVNFRXVsOWF4dXhvNWZuelVXazZBV20ycGFobEttZTBiSk8vdUJyY010WlU2TXdCdkU3NkEzZmgra1p6VlREbApMbjJUVG9ySlhydC9JQm5KdVZHT2UzWGxGTlMyMEo3bEtFUmt3UHZEZlhkZ25aSWlUYkcwdzliQUxVSmpROFUyCkFBUDlha2d1N3BMV0w3RzU1c1NWb2JGckJMSkVMZ3FxU1VUVXhBOXVybzYwRjFRMFVhWHBOd2h0MUJ3QTFVUEIKcys1T3ZmVzhnMWhkVmdWdmNmZUZIQk9oSTJOa1RtemRGRldKZTBFeE9Db3liR1dJZkZkYlZtalVZL2JSCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= {{- end -}} diff --git a/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml b/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml index 17e8fdb66..c3d525d20 100644 --- a/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml +++ b/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml @@ -94,7 +94,7 @@ spec: {{- if and .Values.wso2.apk.metrics .Values.wso2.apk.metrics.enabled }} value: -Dhttpclient.hostnameVerifier=AllowAll -Xms512m -Xmx512m -XX:MaxRAMFraction=2 -Dapk.jmx.metrics.enabled=true -javaagent:/home/wso2/lib/jmx_prometheus_javaagent-0.20.0.jar=18006:/tmp/metrics/prometheus-jmx-config-enforcer.yml {{- else }} - value: -Dhttpclient.hostnameVerifier=AllowAll -Xms512m -Xmx512m -XX:MaxRAMFraction=2 + value: -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5006 -Dhttpclient.hostnameVerifier=AllowAll -Xms512m -Xmx512m -XX:MaxRAMFraction=2 {{- end }} {{- if .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis }} - name: REDIS_USERNAME @@ -217,6 +217,9 @@ spec: - name: enforcer-trusted-certs mountPath: /home/wso2/security/truststore/wso2carbon.pem subPath: wso2carbon.pem + - name: enforcer-apikey-cert + mountPath: /home/wso2/security/truststore/wso2-apim-carbon.pem + subPath: wso2-apim-carbon.pem - name: idp-certificate-secret-volume mountPath: /home/wso2/security/truststore/idp.pem {{ if and .Values.wso2.apk.idp.signing .Values.wso2.apk.idp.signing.fileName }} @@ -430,6 +433,9 @@ spec: - name: enforcer-trusted-certs secret: secretName: {{ template "apk-helm.resource.prefix" . }}-enforcer-truststore-secret + - name: enforcer-apikey-cert + secret: + secretName: {{ template "apk-helm.resource.prefix" . }}-enforcer-truststore-secret - name: idp-certificate-secret-volume secret: {{ if and .Values.wso2.apk.idp.signing .Values.wso2.apk.idp.signing.secretName }} diff --git a/test/apim-apk-agent-test/agent-helm-chart/templates/log-conf.yaml b/test/apim-apk-agent-test/agent-helm-chart/templates/log-conf.yaml index 1e5ad464e..a6702bc48 100644 --- a/test/apim-apk-agent-test/agent-helm-chart/templates/log-conf.yaml +++ b/test/apim-apk-agent-test/agent-helm-chart/templates/log-conf.yaml @@ -12,6 +12,7 @@ data: password = "{{ .Values.controlPlane.password }}" environmentLabels = ["{{ .Values.controlPlane.environmentLabels }}"] skipSSLVerification = {{ .Values.controlPlane.skipSSLVerification }} + internalKeyIssuer = {{ .Values.controlPlane.internalKeyIssuer | default "http://am.wso2.com:443/token" }} [controlPlane.brokerConnectionParameters] eventListeningEndpoints = ["{{ .Values.controlPlane.eventListeningEndpoints }}"] diff --git a/test/apim-apk-agent-test/agent-helm-chart/values.yaml b/test/apim-apk-agent-test/agent-helm-chart/values.yaml index b76f9ed06..af768b303 100644 --- a/test/apim-apk-agent-test/agent-helm-chart/values.yaml +++ b/test/apim-apk-agent-test/agent-helm-chart/values.yaml @@ -30,6 +30,7 @@ controlPlane: environmentLabels: Default skipSSLVerification: true eventListeningEndpoints: amqp://admin:admin@apim-wso2am-cp-1-service.apk.svc.cluster.local:5672?retries='10'&connectdelay='30' + # internalKeyIssuer: http://am.wso2.com:443/token dataPlane: enabled: true k8ResourceEndpoint: https://apk-wso2-apk-config-ds-service.apk.svc.cluster.local:9443/api/configurator/apis/generate-k8s-resources @@ -37,4 +38,4 @@ dataPlane: metrics: enabled: false agent: - mode: CPtoDP \ No newline at end of file + mode: CPtoDP diff --git a/test/apim-apk-agent-test/apim-cp-helm-chart/confs/instance-1/deployment.toml b/test/apim-apk-agent-test/apim-cp-helm-chart/confs/instance-1/deployment.toml index 38c3d7560..0a19cac9e 100644 --- a/test/apim-apk-agent-test/apim-cp-helm-chart/confs/instance-1/deployment.toml +++ b/test/apim-apk-agent-test/apim-cp-helm-chart/confs/instance-1/deployment.toml @@ -147,6 +147,7 @@ iat_validity_period = "1h" oauth2_jwks_url = "https://apim-wso2am-cp-1-service:9443/oauth2/jwks" #[apim.publisher] +#internal_key_issuer = "http://am.wso2.com:443/token" #{{- if .Values.wso2.apim.configurations.publisher.supportedDocumentTypes }} #supported_document_types = {{ toJson .Values.wso2.apim.configurations.publisher.supportedDocumentTypes }} #{{- end }}