Merge pull request #131 from ramgrandhi/feat/support-for-oauth-and-mtls

Aded support for oauth and mtls.

README.md

@@ -171,7 +171,9 @@ Serverless Framework plugin to manage APIs on [WSO2 API Manager](https://wso2.co
 > | `securityScheme.mutualssl.clientCert`     | Required with mutualssl, your client certificate chain in PEM (base64) format. <br><br> It supports: <br> a. **File system** - Path must be relative to where `serverless.yml` is located. <br> b. **AWS Certificate ARN** <br> c. **AWS CloudFormation Export** - Exported value must contain a valid AWS Certificate ARN. | `file://certs/backend.cer` <br> (or) <br> `arn:aws:acm:..` <br> (or) <br> `!ImportValue xx` |
 > | `securityScheme.mutualssl.enabled`        | Required with `securityScheme.mutualssl`. Expects `true` or `false` <br>.                                                                                                                                                                                                                                                   |
 > | `securityScheme.oauth2`                   | Requires `securityScheme.oauth2.enabled` to be defined. <br>.                                                                                                                                                                                                                                                               |
-> | `securityScheme.oauth2.enabled`           | Required with `securityScheme.oauth2`. Expects `true` or `false` <br>.                                                                                                                                                                                                                                                      |
+> | `securityScheme.oauth2.enabled`           | Required with `securityScheme.oauth2`. Expects `true` or `false` <br>.                                                                                                                                                 
+> | `securityScheme.oauth2.mandatory`           | Optional with `securityScheme.oauth2`. Expects `true` or `false` <br>.                                                                                                
+> | `securityScheme.oauth2.keyManager`           | Optional with `securityScheme.oauth2`. Array of keys to be used by API
 > | `mediationPolicies`                       | Optional, your choice of mediation policies (or) sequences. They can manipulate input/output/fault messages as described [here](https://docs.wso2.com/display/AM260/Adding+Mediation+Extensions).                                                                                                                           |                                                                                             |
 > | `mediationPolicies.in`                    | Input mediation policy, it manipulates the request going to your backend.                                                                                                                                                                                                                                                   |                                                                            `log_in_message` |
 > | `mediationPolicies.out`                   | Output mediation policy, it manipulates the response going back to your API consumer.                                                                                                                                                                                                                                       |                                                                            `json_validator` |

package.json

@@ -1,6 +1,6 @@
 {
   "name": "serverless-wso2-apim",
-  "version": "0.7.0",
+  "version": "0.7.1",
   "description": "Serverless Framework plugin for WSO2 API Manager",
   "main": "src/index.js",
   "scripts": {

src/3.2.0/wso2apim.js

@@ -200,10 +200,12 @@ async function constructAPIDef(user, gatewayEnv, apiDef, apiId) {
       securityScheme.push('mutualssl');
       securityScheme.push('mutualssl_mandatory');
     }
-    if(apiDef.securityScheme && apiDef.securityScheme.oauth2 && apiDef.securityScheme.oauth2.enabled === false) {
-      //do nothing
-    } else {
-      securityScheme.push('oauth2');
+    if (apiDef.securityScheme && apiDef.securityScheme.oauth2 && apiDef.securityScheme.oauth2.enabled === true) {
+      securityScheme.push("oauth2");
+      if (apiDef.securityScheme.oauth2.mandatory) {
+        securityScheme.push("oauth_basic_auth_api_key_mandatory");
+      }
+
     }
     const wso2ApiDefinition = {
       id: apiId,
@@ -237,6 +239,7 @@ async function constructAPIDef(user, gatewayEnv, apiDef, apiId) {
       mediationPolicies: mediationPolicies,
       additionalProperties: ((apiDef.apiProperties) && (Object.keys(apiDef.apiProperties).length > 0)) ? apiDef.apiProperties : undefined,
       subscriptionAvailability: 'CURRENT_TENANT',
+      keyManagers: apiDef.securityScheme?.oauth2?.keyManager,
       subscriptionAvailableTenants: [],
       businessInformation: apiDef.businessInformation ? {
         businessOwnerEmail: apiDef.businessInformation.businessOwnerEmail,
@@ -815,4 +818,4 @@ module.exports = {
   removeAPIDef,
   listInvokableAPIUrl,
   upsertSwaggerSpec,
-};
+};

src/3.2.0/wso2apim.spec.js

@@ -58,7 +58,8 @@ const wso2APIM = {
         mutualssl: {
           enabled: true,
           clientCert: 'file://xxx.cer'
-        }
+        },
+        oauth2: { enabled: true, keyManager: ["Resident Key Manager"] }
       },
       tags: [ 'awesomeness', 'myawesomeapi'],
       maxTps: 999,
@@ -782,4 +783,4 @@ describe('wso2apim-3.2.0', () => {
     });
   });
 
-});
+});

src/__tests__/e2e/valid-mtls-enabled-and-oauth-enabled-3.2.0/cert.cer

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1TCCAb2gAwIBAgIJAOnghp4UWa/lMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV
+BAMTD3d3dy5leGFtcGxlLmNvbTAeFw0yMTA0MTExNDIwNDlaFw0zMTA0MDkxNDIw
+NDlaMBoxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAKm/cmcYhWOL4jn+1Y/eHLnF6dbNzzuxByF5I4Ei0Aa2
+vRnmmCFJLb9MI03Dj4H99RK7WEvx8g7YF4WqAZc3n9ztPrHu1sGnMGsnaPPpvCdl
+BLo2AD6ZQ07K5O6jsKLIno/qQi4dUXvfQ5io11xeRbUTROQiTgOsVoWSYeIyeJmY
+hmg4owtnoIBvZfWyXKrqy1nb8yNggDP8C35bUFXtOavdTCPrREe58l89wJggmukT
+QqHFPmB7rpwOyJI9dSVavC8v/WbV/LbaS3auaTkUCHkQL5NIKZNyXOxbReDyJ0jS
+7eMk2ZEQB+87HCfLORyB/zbj5jG6ftRu4TsVm/A8Ak0CAwEAAaMeMBwwGgYDVR0R
+BBMwEYIPd3d3LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQB7NbyoQCaL
+ijan0pyDRW3joDj2xXVEnHSEd8jeKdURY4ADIcb3+CFZ78IA+KHoG3m7yVAdebCw
+HA3yRoZXgWc2fG92xMIJsOabF19k6grnaAkJR+/Zzh0CuXZWvkLETKjqZ7opx0jB
+hW8ZnSxtaM/91rmW6gNOcnmLknBD2oiDjo1s9Ntax8UQtWgXgEWEE9tC4DeRUx4t
+3RqmliCqWMLFb67mkWnsXYzbavHESVx2KmTzcnw4Q3xE2VyVvl5i1l34Tv2/QoPu
+ntq9V6GqFmJbxPfWydIXYr7leCCnX9r65MSN3sDtV+/I7JUegR4z6UgeF1z7kuVo
+GFKdTX4n4OyD
+-----END CERTIFICATE-----

src/__tests__/e2e/valid-mtls-enabled-and-oauth-enabled-3.2.0/serverless.yml

@@ -0,0 +1,91 @@
+service: serverless-wso2-apim
+provider:
+  name: aws
+  stackName: ${env:STACK_NAME}
+  deploymentBucket:
+    name: ${env:TEST_ID_NORMALIZED}
+plugins:
+  - serverless-localstack
+  - serverless-deployment-bucket
+  - "../../../../../src"
+
+#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ Modify the configuration below to suit your test case.
+#⬇⬇⬇ START HERE ⬇⬇⬇⬇ Help: https://github.com/ramgrandhi/serverless-wso2-apim#configuration-reference
+#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ For a full list of env vars that you can use, refer `src/__tests__/e2e/e2e.test.js`
+custom:
+  wso2apim:
+    enabled: true
+    host: ${env:WSO2_HOST}
+    port: ${env:WSO2_PORT}
+    user: ${env:WSO2_USER}
+    pass: ${env:WSO2_PASS}
+    gatewayEnv: ${env:WSO2_ENV}
+    apidefs:
+      - name: ${env:TEST_ID}-1
+        description: ${env:TEST_ID}-1
+        rootContext: /${env:TEST_ID}-1
+        version: "v1"
+        visibility: "PRIVATE"
+        securityScheme:
+          mutualssl:
+            enabled: true
+            clientCert: 'file://cert.cer'
+          oauth2:
+            enabled: true
+            mandatory: true
+            keyManager:
+              - 'Resident Key Manager'
+        backend:
+          http:
+            baseUrl: "https://baseUrl"
+        maxTps: 10
+        tags:
+          - ${env:TEST_ID}-1
+        swaggerSpec:
+          swagger: "2.0"
+          info:
+            title: ${env:TEST_ID}-1
+            version: "v1"
+            contact:
+              name: ${env:TEST_ID}-1
+              email: ${env:TEST_ID}-1
+          paths:
+            /*:
+              post:
+                responses:
+                  "201":
+                    description: Created
+                x-auth-type: "None"
+      # - name: ${env:TEST_ID}-2
+      #   description: ${env:TEST_ID}-2
+      #   rootContext: /${env:TEST_ID}-2
+      #   version: "1"
+      #   visibility: "PUBLIC"
+      #   backend:
+      #     http:
+      #       baseUrl: "https://baseUrl"
+      #   maxTps: 10
+      #   tags:
+      #     - ${env:TEST_ID}-2
+      #   swaggerSpec:
+      #     openapi: 3.0.0
+      #     info:
+      #       title: ${env:TEST_ID}-2
+      #       version: "1"
+      #       contact:
+      #         name: ${env:TEST_ID}-2
+      #         email: ${env:TEST_ID}-2
+      #     paths:
+      #       /*:
+      #         post:
+      #           responses:
+      #             "201":
+      #               description: Created
+      #           x-auth-type: "None"
+
+# Optionally, add your other AWS provider-specific resources below.
+# Make sure there is at least one resource listed below, otherwise stack deployment would fail.
+resources:
+  Resources:
+    Topic:
+      Type: AWS::SNS::Topic