wso2 · AmaliMatharaarachchi · Jan 9, 2024 · Dec 6, 2023 · Jan 2, 2024 · Jan 2, 2024
@@ -21,7 +21,9 @@ package wso2.discovery.api;
 import "wso2/discovery/api/Resource.proto";
 import "wso2/discovery/api/Certificate.proto";
 import "wso2/discovery/api/BackendJWTTokenInfo.proto";
-// import "wso2/discovery/api/graphql.proto";
+import "wso2/discovery/api/endpoint_cluster.proto";
+import "wso2/discovery/api/security_info.proto";
+import "wso2/discovery/api/graphql.proto";
 
 option go_package = "github.com/envoyproxy/go-control-plane/wso2/discovery/api;api";
 option java_package = "org.wso2.apk.enforcer.discovery.api";
@@ -50,10 +52,12 @@ message Api {
 	string mutualSSL = 15;
 	bool applicationSecurity = 16;
 	/// string graphQLSchema = 22;
-	// repeated GraphqlComplexity graphqlComplexityInfo = 23;
+	repeated GraphqlComplexity graphqlComplexityInfo = 23;
 	bool systemAPI = 24;
 	BackendJWTTokenInfo backendJWTTokenInfo = 25;
 	bytes apiDefinitionFile = 26;
 	string environment = 27;
 	bool subscriptionValidation = 28;
+	EndpointCluster endpoints = 29;
+	repeated SecurityInfo endpointSecurity = 30;
 }
@@ -18,8 +18,6 @@ syntax = "proto3";
 
 package wso2.discovery.config.enforcer;
 
-import "wso2/discovery/config/enforcer/service.proto";
-
 option go_package = "github.com/envoyproxy/go-control-plane/wso2/discovery/config/enforcer;enforcer";
 option java_package = "org.wso2.apk.enforcer.discovery.config.enforcer";
 option java_outer_classname = "AnalyticsPublisherProto";

@@ -95,7 +95,6 @@ var defaultConfig = &Config{
 			},
 		},
 		PayloadPassingToEnforcer: payloadPassingToEnforcer{
-			PassRequestPayload:  false,
 			MaxRequestBytes:     102400,
 			AllowPartialMessage: false,
 			PackAsBytes:         false,

@@ -185,7 +185,6 @@ type consul struct {
 
 // Router to enforcer request body passing configurations
 type payloadPassingToEnforcer struct {
-	PassRequestPayload  bool
 	MaxRequestBytes     uint32
 	AllowPartialMessage bool
 	PackAsBytes         bool

@@ -2,6 +2,8 @@ module github.com/wso2/apk/adapter
 
 go 1.19
 
+replace github.com/wso2/apk/common-go-libs => ../common-go-libs
+
 require (
 	github.com/envoyproxy/go-control-plane v0.11.2-0.20230802074621-eea0b3bd0f81
 	github.com/fsnotify/fsnotify v1.6.0

@@ -170,8 +170,6 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/wso2/apk/common-go-libs v0.0.0-20231208100153-24bee7b4bd81 h1:Iobh0zi81XVNjC8dCckNWvr5VkpDwHlbJWq5jmOZtww=
-github.com/wso2/apk/common-go-libs v0.0.0-20231208100153-24bee7b4bd81/go.mod h1:fvkFU/8JJpx4Pem9srTjWmD3c89AKsyRpLyNPdQriDc=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=

@@ -165,7 +165,7 @@ func init() {
 	orgIDvHostBasepathMap = make(map[string]map[string]string)
 
 	enforcerLabelMap = make(map[string]*EnforcerInternalAPI)
-	//TODO(amali) currently subscriptions, configs, applications, applicationPolicies, subscriptionPolicies,
+	// currently subscriptions, configs, applications, applicationPolicies, subscriptionPolicies,
 	// applicationKeyMappings, keyManagerConfigList, revokedTokens are supported with the hard coded label for Enforcer
 	enforcerLabelMap[commonEnforcerLabel] = &EnforcerInternalAPI{}
 	rand.Seed(time.Now().UnixNano())

@@ -211,6 +211,8 @@ func GetEnforcerAPI(adapterInternalAPI model.AdapterInternalAPI, vhost string) *
 		Vhost:                  vhost,
 		EnvType:                adapterInternalAPI.EnvType,
 		BackendJWTTokenInfo:    backendJWTTokenInfo,
+		Endpoints:              generateRPCEndpointCluster(adapterInternalAPI.Endpoints),
+		EndpointSecurity:       generateRPCEndpointSecurity(adapterInternalAPI.EndpointSecurity),
 		// IsMockedApi:         isMockedAPI,
 		ClientCertificates:  clientCertificates,
 		MutualSSL:           adapterInternalAPI.GetXWSO2MutualSSL(),

@@ -97,7 +97,7 @@ const (
 	REST                  string = "REST"
 	SOAP                  string = "SOAP"
 	WS                    string = "WS"
-	GRAPHQL               string = "GRAPHQL"
+	GRAPHQL               string = "GraphQL"
 	WEBHOOK               string = "WEBHOOK"
 	SSE                   string = "SSE"
 	Prototyped            string = "prototyped"
@@ -131,3 +131,9 @@ const (
 	KindScope           = "Scope"
 	KindRateLimitPolicy = "RateLimitPolicy"
 )
+
+// API environment types
+const (
+	Production = "Production"
+	Sandbox    = "Sandbox"
+)
@@ -73,7 +73,7 @@ func TestCreateRoute(t *testing.T) {
 
 	resourceWithGet := model.CreateMinimalDummyResourceForTests("/xWso2BasePath/resourcePath",
 		[]*model.Operation{model.NewOperationWithPolicies("GET", policies)},
-		"resource_operation_id", []model.Endpoint{}, true)
+		"resource_operation_id", []model.Endpoint{endpoint}, true)
 	clusterName := "resource_operation_id"
 	hostRewriteSpecifier := &routev3.RouteAction_AutoHostRewrite{
 		AutoHostRewrite: &wrapperspb.BoolValue{
@@ -107,11 +107,11 @@ func TestCreateRoute(t *testing.T) {
 		},
 	}
 
-	routeParams := generateRouteCreateParamsForUnitTests(title, apiType, vHost, xWso2BasePath, version,
-		endpoint.Basepath, &resourceWithGet, clusterName, nil, false)
-	routeParams.routeConfig = &model.EndpointConfig{
+	resourceWithGet.GetEndpoints().Config = &model.EndpointConfig{
 		IdleTimeoutInSeconds: 300,
 	}
+	routeParams := generateRouteCreateParamsForUnitTests(title, apiType, vHost, xWso2BasePath, version,
+		endpoint.Basepath, &resourceWithGet, clusterName, nil, false)
 
 	generatedRouteArrayWithXWso2BasePath, err := createRoutes(routeParams)
 	assert.Nil(t, err, "Error while creating routes WithXWso2BasePath")
@@ -136,8 +136,14 @@ func TestCreateRouteClusterSpecifier(t *testing.T) {
 	version := "1.0.0"
 	apiType := "HTTP"
 
+	endpoint := model.Endpoint{
+		Host:    "abc.com",
+		URLType: "http",
+		Port:    80,
+		RawURL:  "http://abc.com",
+	}
 	resourceWithGet := model.CreateMinimalDummyResourceForTests("/resourcePath", []*model.Operation{model.NewOperation("GET", nil, nil)},
-		"resource_operation_id", []model.Endpoint{}, false)
+		"resource_operation_id", []model.Endpoint{endpoint}, false)
 
 	route, err := createRoutes(generateRouteCreateParamsForUnitTests(title, apiType, vHost, xWso2BasePath, version, endpointBasePath,
 		&resourceWithGet, clusterName, nil, false))
@@ -161,8 +167,14 @@ func TestCreateRouteExtAuthzContext(t *testing.T) {
 	version := "1.0.0"
 	apiType := "HTTP"
 
+	endpoint := model.Endpoint{
+		Host:    "abc.com",
+		URLType: "http",
+		Port:    80,
+		RawURL:  "http://abc.com",
+	}
 	resourceWithGet := model.CreateMinimalDummyResourceForTests("/resourcePath", []*model.Operation{model.NewOperation("GET", nil, nil)},
-		"resource_operation_id", []model.Endpoint{}, false)
+		"resource_operation_id", []model.Endpoint{endpoint}, false)
 
 	route, err := createRoutes(generateRouteCreateParamsForUnitTests(title, apiType, vHost, xWso2BasePath, version,
 		endpointBasePath, &resourceWithGet, clusterName, nil, false))
@@ -518,6 +530,12 @@ func TestGetCorsPolicy(t *testing.T) {
 		AccessControlAllowMethods: []string{"GET"},
 		AccessControlAllowOrigins: []string{"http://test1.com", "http://test2.com"},
 	}
+	endpoint := model.Endpoint{
+		Host:    "abc.com",
+		URLType: "http",
+		Port:    80,
+		RawURL:  "http://abc.com",
+	}
 
 	// Test the configuration when cors is disabled.
 	corsPolicy1 := getCorsPolicy(corsConfigModel1)
@@ -553,7 +571,7 @@ func TestGetCorsPolicy(t *testing.T) {
 	assert.Empty(t, corsPolicy3.GetAllowCredentials(), "Allow Credential property should not be assigned.")
 
 	resourceWithGet := model.CreateMinimalDummyResourceForTests("/resourcePath", []*model.Operation{model.NewOperation("GET", nil, nil)},
-		"resource_operation_id", []model.Endpoint{}, false)
+		"resource_operation_id", []model.Endpoint{endpoint}, false)
 
 	// Route without CORS configuration
 	routeWithoutCors, err := createRoutes(generateRouteCreateParamsForUnitTests("test", "HTTP", "localhost", "/test", "1.0.0", "/test",

@@ -33,7 +33,7 @@ type routeCreateParams struct {
 	endpointBasePath             string
 	resource                     *model.Resource
 	clusterName                  string
-	routeConfig                  *model.EndpointConfig
+	endpoints                    *model.EndpointCluster
 	authHeader                   string
 	requestInterceptor           map[string]model.InterceptEndpoint
 	responseInterceptor          map[string]model.InterceptEndpoint

@@ -189,17 +189,24 @@ func testCreateRoutesForUnitTests(t *testing.T) []*routev3.Route {
 		AccessControlAllowOrigins: []string{"http://test1.com", "http://test2.com"},
 	}
 
+	endpoint := model.Endpoint{
+		Host:    "abc.com",
+		URLType: "http",
+		Port:    80,
+		RawURL:  "http://abc.com",
+	}
+
 	operationGet := model.NewOperation("GET", nil, nil)
 	operationPost := model.NewOperation("POST", nil, nil)
 	operationPut := model.NewOperation("PUT", nil, nil)
 	resourceWithGet := model.CreateMinimalDummyResourceForTests("/resourcePath", []*model.Operation{operationGet},
-		"resource_operation_id", []model.Endpoint{}, false)
+		"resource_operation_id", []model.Endpoint{endpoint}, false)
 	resourceWithPost := model.CreateMinimalDummyResourceForTests("/resourcePath", []*model.Operation{operationPost},
-		"resource_operation_id", []model.Endpoint{}, false)
+		"resource_operation_id", []model.Endpoint{endpoint}, false)
 	resourceWithPut := model.CreateMinimalDummyResourceForTests("/resourcePath", []*model.Operation{operationPut},
-		"resource_operation_id", []model.Endpoint{}, false)
+		"resource_operation_id", []model.Endpoint{endpoint}, false)
 	resourceWithMultipleOperations := model.CreateMinimalDummyResourceForTests("/resourcePath", []*model.Operation{operationGet, operationPut},
-		"resource_operation_id", []model.Endpoint{}, false)
+		"resource_operation_id", []model.Endpoint{endpoint}, false)
 
 	route1, err := createRoutes(generateRouteCreateParamsForUnitTests("test", "HTTP", "localhost", "/test", "1.0.0", "/test",
 		&resourceWithGet, "test-cluster", corsConfigModel3, false))

@@ -207,9 +207,8 @@ func generateHeaderMatcher(headerName, valueRegex string) *routev3.HeaderMatcher
 	return headerMatcherArray
 }
 
-func generateRegexMatchAndSubstitute(routePath, endpointBasePath,
-	endpointResourcePath string, pathMatchType gwapiv1b1.PathMatchType) *envoy_type_matcherv3.RegexMatchAndSubstitute {
-
+func generateRegexMatchAndSubstitute(routePath, endpointResourcePath string,
+	pathMatchType gwapiv1b1.PathMatchType) *envoy_type_matcherv3.RegexMatchAndSubstitute {
 	substitutionString := generateSubstitutionString(endpointResourcePath, pathMatchType)
 	return &envoy_type_matcherv3.RegexMatchAndSubstitute{
 		Pattern: &envoy_type_matcherv3.RegexMatcher{
@@ -259,8 +258,8 @@ func generateHeaderToRemoveString(policyParams interface{}) (string, error) {
 	return requestHeaderToRemove, nil
 }
 
-func generateRewritePathRouteConfig(routePath, endpointBasepath string,
-	policyParams interface{}, pathMatchType gwapiv1b1.PathMatchType, isDefaultVersion bool) (*envoy_type_matcherv3.RegexMatchAndSubstitute, error) {
+func generateRewritePathRouteConfig(routePath string, policyParams interface{}, pathMatchType gwapiv1b1.PathMatchType,
+	isDefaultVersion bool) (*envoy_type_matcherv3.RegexMatchAndSubstitute, error) {
 
 	var paramsToSetHeader map[string]interface{}
 	var ok bool