From 0297875dc0fe96fb276afa326bbcc1453c86d73e Mon Sep 17 00:00:00 2001
From: CrowleyRajapakse <srrajapakse1@gmail.com>
Date: Mon, 4 Mar 2024 17:23:11 +0530
Subject: [PATCH] template control plane related configurations

---
 .github/workflows/agent-integration-test.yml    |  7 ++++++-
 .../gateway-components/common-log-conf.yaml     | 17 ++++++++++++++---
 .../data-plane/gateway-components/log-conf.yaml |  6 ++++++
 helm-charts/values.yaml                         | 17 ++++++++++++-----
 4 files changed, 38 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/agent-integration-test.yml b/.github/workflows/agent-integration-test.yml
index 1dc014981..e9ad98cf1 100644
--- a/.github/workflows/agent-integration-test.yml
+++ b/.github/workflows/agent-integration-test.yml
@@ -73,7 +73,12 @@ jobs:
       run: |
         cd apk-repo/helm-charts
         helm dependency build
-        helm install apk-test-setup -n apk . --debug --wait --timeout 15m0s 
+        helm install apk-test-setup -n apk . --debug --wait --timeout 15m0s \
+        --set wso2.apk.dp.commonController.deployment.controlplane.enabled=true \
+        --set wso2.apk.dp.commonController.deployment.controlplane.host="apim-apk-agent-service.apk.svc.cluster.local" \
+        --set wso2.apk.dp.commonController.deployment.controlplane.skipSSLVerification=true \
+        --set wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.JWKSClient.skipSSLVerification=false \
+        --set wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.JWKSClient.hostnameVerifier="AllowAll" 
         kubectl get pods -n apk
         kubectl get svc -n apk
 
diff --git a/helm-charts/templates/data-plane/gateway-components/common-log-conf.yaml b/helm-charts/templates/data-plane/gateway-components/common-log-conf.yaml
index 98563eb4b..0fa0bb360 100644
--- a/helm-charts/templates/data-plane/gateway-components/common-log-conf.yaml
+++ b/helm-charts/templates/data-plane/gateway-components/common-log-conf.yaml
@@ -22,6 +22,19 @@ data:
 
     [commoncontroller.truststore]
       location = "/home/wso2/security/truststore"
+    
+     {{- if .Values.wso2.apk.dp.commonController.deployment.controlplane }}
+    [commoncontroller.controlplane]
+       enabled = {{ .Values.wso2.apk.dp.commonController.deployment.controlplane.enabled | default true }}
+       host = "{{ .Values.wso2.apk.dp.commonController.deployment.controlplane.host | default "apim-apk-agent-service.apk.svc.cluster.local" }}"
+       port = "{{ .Values.wso2.apk.dp.commonController.deployment.controlplane.port | default "18000" }}"
+       skipSSLVerification = {{ .Values.wso2.apk.dp.commonController.deployment.controlplane.skipSSLVerification | default false }}
+    {{- else }}
+    [commoncontroller.controlplane]
+       enabled = false
+       host = "apim-apk-agent-service.apk.svc.cluster.local"
+       skipSSLVerification = true
+    {{- end }}
 
     [commoncontroller.redis]
     {{- if .Values.wso2.apk.dp.commonController.deployment.redis }}
@@ -51,9 +64,7 @@ data:
     
     [commoncontroller.webServer]
       port = 9543
-    # [commoncontroller.controlplane]
-    #   host= "apim-apk-agent-service.apk-agent.svc.cluster.local"
-    #   port= 18000
+
   log_config.toml: |
     # The logging configuration for Adapter
 
diff --git a/helm-charts/templates/data-plane/gateway-components/log-conf.yaml b/helm-charts/templates/data-plane/gateway-components/log-conf.yaml
index 7da8ba20d..7b775168b 100644
--- a/helm-charts/templates/data-plane/gateway-components/log-conf.yaml
+++ b/helm-charts/templates/data-plane/gateway-components/log-conf.yaml
@@ -110,6 +110,12 @@ data:
     [enforcer.metrics]
       enabled = false
     
+    {{- if and .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.JWKSClient }}
+    [enforcer.client]
+       skipSSL = {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.JWKSClient.skipSSLVerification | default false }}
+       hostnameVerifier = "{{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.JWKSClient.hostnameVerifier | default "AllowAll" }}"
+    {{- end }}
+    
     {{ if and .Values.wso2.apk.dp.gatewayRuntime.tracing .Values.wso2.apk.dp.gatewayRuntime.tracing.enabled }}
     [tracing]
       enabled = true
diff --git a/helm-charts/values.yaml b/helm-charts/values.yaml
index 287caf812..dadb28be3 100644
--- a/helm-charts/values.yaml
+++ b/helm-charts/values.yaml
@@ -147,6 +147,10 @@ wso2:
           image: wso2/apk-common-controller:latest
           security:
             sslHostname: "commoncontroller"
+#          controlplane:
+#            enabled: true
+#            host: "apim-apk-agent-service.apk.svc.cluster.local"
+#            skipSSLVerification: true
           # configs:
           #   apiNamespaces:
           #     - "apk-v12"
@@ -237,11 +241,14 @@ wso2:
               sslHostname: "enforcer"
 #            logging:
 #              level: DEBUG
-            # configs:
-            #   tls:
-            #     secretName: "router-cert"
-            #     certKeyFilename: ""
-            #     certFilename: ""
+#            configs:
+#              tls:
+#                secretName: "router-cert"
+#                certKeyFilename: ""
+#                certFilename: ""
+#              JWKSClient:
+#                skipSSLVerification: false
+#                hostnameVerifier: "AllowAll"
 idp:
   enabled: true
   listener: