init commit

adapter/api/proto/wso2/discovery/api/api_authentication.proto

@@ -35,16 +35,17 @@ message APIKey {
 message JWT {
   string header         = 1; // name of the header containing the JWT
   bool sendTokenToUpstream  = 2; // send the token to upstream
+  repeated string audience = 3;
+}
+
+message Oauth2 {
+  string header         = 1; // name of the header containing the JWT
+  bool sendTokenToUpstream  = 2; // send the token to upstream
 }
 
 message APIAuthentication {
   bool disabled          = 1; // disable authentication
   JWT jwt = 2;
   repeated APIKey apikey = 3;
-  TestConsoleKey testConsoleKey = 4;
-}
-
-message TestConsoleKey {
-  string header         = 1; // name of the header containing the test key
-  bool sendTokenToUpstream  = 2; // send the token to upstream
-}
+  Oauth2 Oauth2 = 4;
+}

adapter/internal/oasparser/config_generator.go

@@ -273,19 +273,13 @@ func castAPIAuthenticationsToEnforcerAPIAuthentications(authentication *model.Au
 		})
 	}
 	enforcerAuthentication.Apikey = apiKeys
-	if authentication.TestConsoleKey != nil {
-		enforcerAuthentication.TestConsoleKey = &api.TestConsoleKey{
-			Header:              strings.ToLower(authentication.TestConsoleKey.Header),
-			SendTokenToUpstream: authentication.TestConsoleKey.SendTokenToUpstream,
+	if authentication.Oauth2 != nil {
+		enforcerAuthentication.Oauth2 = &api.Oauth2{
+			Header:              strings.ToLower(authentication.Oauth2.Header),
+			SendTokenToUpstream: authentication.Oauth2.SendTokenToUpstream,
 		}
 	}
-	if authentication.TestConsoleKey != nil {
-		enforcerAuthentication.TestConsoleKey = &api.TestConsoleKey{
-			Header:              strings.ToLower(authentication.TestConsoleKey.Header),
-			SendTokenToUpstream: authentication.TestConsoleKey.SendTokenToUpstream,
-		}
-	}
-
+	logger.LoggerOasparser.Infof("authentication: %+v, next: %+v", authentication, enforcerAuthentication)
 	return enforcerAuthentication
 }
 

adapter/internal/oasparser/model/adapter_internal_api.go

@@ -694,6 +694,7 @@ func (adapterInternalAPI *AdapterInternalAPI) SetInfoHTTPRouteCR(httpRoute *gwap
 
 		loggers.LoggerOasparser.Debugf("Calculating auths for API ..., API_UUID = %v", adapterInternalAPI.UUID)
 		apiAuth := getSecurity(resourceAuthScheme)
+		loggers.LoggerOasparser.Infof("API auth %+v, api: %+v, resource auth scheme: %+v, rule: %+v", apiAuth, adapterInternalAPI.UUID, resourceAuthScheme, *rule.Matches[0].Path.Value)
 		if len(rule.BackendRefs) < 1 {
 			return fmt.Errorf("no backendref were provided")
 		}

adapter/internal/oasparser/model/api_operation.go

@@ -50,17 +50,18 @@ type Authentication struct {
 	Disabled       bool
 	JWT            *JWT
 	APIKey         []APIKey
-	TestConsoleKey *TestConsoleKey
+	Oauth2 				 *Oauth2
 }
 
 // JWT holds JWT related configurations
 type JWT struct {
 	Header              string
 	SendTokenToUpstream bool
+	Audience []string
 }
 
-// TestConsoleKey holds testkey related configurations
-type TestConsoleKey struct {
+// Oauth2 holds JWT related configurations
+type Oauth2 struct {
 	Header              string
 	SendTokenToUpstream bool
 }

adapter/internal/oasparser/model/http_route.go

@@ -225,6 +225,10 @@ func concatAuthSchemes(schemeUp *dpv1alpha2.Authentication, schemeDown *dpv1alph
 // make sure authscheme only has external service override values. (i.e. empty default values)
 // tip: use concatScheme method
 func getSecurity(authScheme *dpv1alpha2.Authentication) *Authentication {
+	loggers.LoggerAPK.Infof("Auth: name : %+v", authScheme.ObjectMeta.Name)
+	if (authScheme.Spec.Override != nil && authScheme.Spec.Override.AuthTypes != nil) {
+		loggers.LoggerAPK.Infof("Auth: %+v", *(authScheme.Spec.Override.AuthTypes))
+	}
 	authHeader := constants.AuthorizationHeader
 	if authScheme != nil && authScheme.Spec.Override != nil && authScheme.Spec.Override.AuthTypes != nil && len(authScheme.Spec.Override.AuthTypes.Oauth2.Header) > 0 {
 		authHeader = authScheme.Spec.Override.AuthTypes.Oauth2.Header
@@ -234,19 +238,30 @@ func getSecurity(authScheme *dpv1alpha2.Authentication) *Authentication {
 		sendTokenToUpstream = authScheme.Spec.Override.AuthTypes.Oauth2.SendTokenToUpstream
 	}
 	auth := &Authentication{Disabled: false,
-		TestConsoleKey: &TestConsoleKey{Header: constants.TestConsoleKeyHeader},
-		JWT:            &JWT{Header: authHeader, SendTokenToUpstream: sendTokenToUpstream},
+		Oauth2: &Oauth2{Header: authHeader, SendTokenToUpstream: sendTokenToUpstream},
 	}
 	if authScheme != nil && authScheme.Spec.Override != nil {
 		if authScheme.Spec.Override.Disabled != nil && *authScheme.Spec.Override.Disabled {
 			return &Authentication{Disabled: true}
 		}
 		authFound := false
-		if authScheme.Spec.Override.AuthTypes != nil && authScheme.Spec.Override.AuthTypes.Oauth2.Disabled {
-			auth = &Authentication{Disabled: false,
-				TestConsoleKey: &TestConsoleKey{Header: constants.TestConsoleKeyHeader},
-			}
+		if authScheme.Spec.Override.AuthTypes == nil || !authScheme.Spec.Override.AuthTypes.Oauth2.Disabled {
+			authFound = true
 		} else {
+			auth = &Authentication{Disabled: false}
+		}
+		if authScheme.Spec.Override.AuthTypes == nil || !authScheme.Spec.Override.AuthTypes.JWT.Disabled {
+			audience := make([]string, 0)
+			if (len(authScheme.Spec.Override.AuthTypes.JWT.Audience) > 0) {
+				loggers.LoggerAPK.Infof("Auth: aud exists")
+				audience = authScheme.Spec.Override.AuthTypes.JWT.Audience
+			}
+			jwtHeader := constants.TestConsoleKeyHeader
+			if (len(authScheme.Spec.Override.AuthTypes.JWT.Header) > 0) {
+				loggers.LoggerAPK.Infof("Auth: header exists")
+				jwtHeader = authScheme.Spec.Override.AuthTypes.JWT.Header
+			}
+			auth.JWT = &JWT{Header: jwtHeader, SendTokenToUpstream: sendTokenToUpstream, Audience: audience}
 			authFound = true
 		}
 		if authScheme.Spec.Override.AuthTypes != nil && authScheme.Spec.Override.AuthTypes.APIKey != nil {
@@ -266,6 +281,7 @@ func getSecurity(authScheme *dpv1alpha2.Authentication) *Authentication {
 			return &Authentication{Disabled: true}
 		}
 	}
+	loggers.LoggerAPK.Infof("Auth: final auth %+v", *auth)
 	return auth
 }