diff --git a/README.md b/README.md
index 02c41e9..bbb11d5 100644
--- a/README.md
+++ b/README.md
@@ -171,7 +171,9 @@ Serverless Framework plugin to manage APIs on [WSO2 API Manager](https://wso2.co
> | `securityScheme.mutualssl.clientCert` | Required with mutualssl, your client certificate chain in PEM (base64) format.
It supports:
a. **File system** - Path must be relative to where `serverless.yml` is located.
b. **AWS Certificate ARN**
c. **AWS CloudFormation Export** - Exported value must contain a valid AWS Certificate ARN. | `file://certs/backend.cer`
(or)
`arn:aws:acm:..`
(or)
`!ImportValue xx` |
> | `securityScheme.mutualssl.enabled` | Required with `securityScheme.mutualssl`. Expects `true` or `false`
. |
> | `securityScheme.oauth2` | Requires `securityScheme.oauth2.enabled` to be defined.
. |
-> | `securityScheme.oauth2.enabled` | Required with `securityScheme.oauth2`. Expects `true` or `false`
. |
+> | `securityScheme.oauth2.enabled` | Required with `securityScheme.oauth2`. Expects `true` or `false`
.
+> | `securityScheme.oauth2.mandatory` | Optional with `securityScheme.oauth2`. Expects `true` or `false`
.
+> | `securityScheme.oauth2.keyManager` | Optional with `securityScheme.oauth2`. Array of keys to be used by API
> | `mediationPolicies` | Optional, your choice of mediation policies (or) sequences. They can manipulate input/output/fault messages as described [here](https://docs.wso2.com/display/AM260/Adding+Mediation+Extensions). | |
> | `mediationPolicies.in` | Input mediation policy, it manipulates the request going to your backend. | `log_in_message` |
> | `mediationPolicies.out` | Output mediation policy, it manipulates the response going back to your API consumer. | `json_validator` |
diff --git a/package.json b/package.json
index 4335c55..a9b6e25 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "serverless-wso2-apim",
- "version": "0.7.0",
+ "version": "0.7.1",
"description": "Serverless Framework plugin for WSO2 API Manager",
"main": "src/index.js",
"scripts": {
diff --git a/src/3.2.0/wso2apim.js b/src/3.2.0/wso2apim.js
index 3e39d56..4c0c52f 100644
--- a/src/3.2.0/wso2apim.js
+++ b/src/3.2.0/wso2apim.js
@@ -200,10 +200,12 @@ async function constructAPIDef(user, gatewayEnv, apiDef, apiId) {
securityScheme.push('mutualssl');
securityScheme.push('mutualssl_mandatory');
}
- if(apiDef.securityScheme && apiDef.securityScheme.oauth2 && apiDef.securityScheme.oauth2.enabled === false) {
- //do nothing
- } else {
- securityScheme.push('oauth2');
+ if (apiDef.securityScheme && apiDef.securityScheme.oauth2 && apiDef.securityScheme.oauth2.enabled === true) {
+ securityScheme.push("oauth2");
+ if (apiDef.securityScheme.oauth2.mandatory) {
+ securityScheme.push("oauth_basic_auth_api_key_mandatory");
+ }
+
}
const wso2ApiDefinition = {
id: apiId,
@@ -237,6 +239,7 @@ async function constructAPIDef(user, gatewayEnv, apiDef, apiId) {
mediationPolicies: mediationPolicies,
additionalProperties: ((apiDef.apiProperties) && (Object.keys(apiDef.apiProperties).length > 0)) ? apiDef.apiProperties : undefined,
subscriptionAvailability: 'CURRENT_TENANT',
+ keyManagers: apiDef.securityScheme?.oauth2?.keyManager,
subscriptionAvailableTenants: [],
businessInformation: apiDef.businessInformation ? {
businessOwnerEmail: apiDef.businessInformation.businessOwnerEmail,
@@ -815,4 +818,4 @@ module.exports = {
removeAPIDef,
listInvokableAPIUrl,
upsertSwaggerSpec,
-};
+};
\ No newline at end of file
diff --git a/src/3.2.0/wso2apim.spec.js b/src/3.2.0/wso2apim.spec.js
index 109dbae..f92ac6d 100644
--- a/src/3.2.0/wso2apim.spec.js
+++ b/src/3.2.0/wso2apim.spec.js
@@ -58,7 +58,8 @@ const wso2APIM = {
mutualssl: {
enabled: true,
clientCert: 'file://xxx.cer'
- }
+ },
+ oauth2: { enabled: true, keyManager: ["Resident Key Manager"] }
},
tags: [ 'awesomeness', 'myawesomeapi'],
maxTps: 999,
@@ -782,4 +783,4 @@ describe('wso2apim-3.2.0', () => {
});
});
-});
+});
\ No newline at end of file
diff --git a/src/__tests__/e2e/valid-mtls-enabled-and-oauth-enabled-3.2.0/cert.cer b/src/__tests__/e2e/valid-mtls-enabled-and-oauth-enabled-3.2.0/cert.cer
new file mode 100644
index 0000000..72cc9c3
--- /dev/null
+++ b/src/__tests__/e2e/valid-mtls-enabled-and-oauth-enabled-3.2.0/cert.cer
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1TCCAb2gAwIBAgIJAOnghp4UWa/lMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV
+BAMTD3d3dy5leGFtcGxlLmNvbTAeFw0yMTA0MTExNDIwNDlaFw0zMTA0MDkxNDIw
+NDlaMBoxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAKm/cmcYhWOL4jn+1Y/eHLnF6dbNzzuxByF5I4Ei0Aa2
+vRnmmCFJLb9MI03Dj4H99RK7WEvx8g7YF4WqAZc3n9ztPrHu1sGnMGsnaPPpvCdl
+BLo2AD6ZQ07K5O6jsKLIno/qQi4dUXvfQ5io11xeRbUTROQiTgOsVoWSYeIyeJmY
+hmg4owtnoIBvZfWyXKrqy1nb8yNggDP8C35bUFXtOavdTCPrREe58l89wJggmukT
+QqHFPmB7rpwOyJI9dSVavC8v/WbV/LbaS3auaTkUCHkQL5NIKZNyXOxbReDyJ0jS
+7eMk2ZEQB+87HCfLORyB/zbj5jG6ftRu4TsVm/A8Ak0CAwEAAaMeMBwwGgYDVR0R
+BBMwEYIPd3d3LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQB7NbyoQCaL
+ijan0pyDRW3joDj2xXVEnHSEd8jeKdURY4ADIcb3+CFZ78IA+KHoG3m7yVAdebCw
+HA3yRoZXgWc2fG92xMIJsOabF19k6grnaAkJR+/Zzh0CuXZWvkLETKjqZ7opx0jB
+hW8ZnSxtaM/91rmW6gNOcnmLknBD2oiDjo1s9Ntax8UQtWgXgEWEE9tC4DeRUx4t
+3RqmliCqWMLFb67mkWnsXYzbavHESVx2KmTzcnw4Q3xE2VyVvl5i1l34Tv2/QoPu
+ntq9V6GqFmJbxPfWydIXYr7leCCnX9r65MSN3sDtV+/I7JUegR4z6UgeF1z7kuVo
+GFKdTX4n4OyD
+-----END CERTIFICATE-----
diff --git a/src/__tests__/e2e/valid-mtls-enabled-and-oauth-enabled-3.2.0/serverless.yml b/src/__tests__/e2e/valid-mtls-enabled-and-oauth-enabled-3.2.0/serverless.yml
new file mode 100644
index 0000000..dd174de
--- /dev/null
+++ b/src/__tests__/e2e/valid-mtls-enabled-and-oauth-enabled-3.2.0/serverless.yml
@@ -0,0 +1,91 @@
+service: serverless-wso2-apim
+provider:
+ name: aws
+ stackName: ${env:STACK_NAME}
+ deploymentBucket:
+ name: ${env:TEST_ID_NORMALIZED}
+plugins:
+ - serverless-localstack
+ - serverless-deployment-bucket
+ - "../../../../../src"
+
+#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ Modify the configuration below to suit your test case.
+#⬇⬇⬇ START HERE ⬇⬇⬇⬇ Help: https://github.com/ramgrandhi/serverless-wso2-apim#configuration-reference
+#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ For a full list of env vars that you can use, refer `src/__tests__/e2e/e2e.test.js`
+custom:
+ wso2apim:
+ enabled: true
+ host: ${env:WSO2_HOST}
+ port: ${env:WSO2_PORT}
+ user: ${env:WSO2_USER}
+ pass: ${env:WSO2_PASS}
+ gatewayEnv: ${env:WSO2_ENV}
+ apidefs:
+ - name: ${env:TEST_ID}-1
+ description: ${env:TEST_ID}-1
+ rootContext: /${env:TEST_ID}-1
+ version: "v1"
+ visibility: "PRIVATE"
+ securityScheme:
+ mutualssl:
+ enabled: true
+ clientCert: 'file://cert.cer'
+ oauth2:
+ enabled: true
+ mandatory: true
+ keyManager:
+ - 'Resident Key Manager'
+ backend:
+ http:
+ baseUrl: "https://baseUrl"
+ maxTps: 10
+ tags:
+ - ${env:TEST_ID}-1
+ swaggerSpec:
+ swagger: "2.0"
+ info:
+ title: ${env:TEST_ID}-1
+ version: "v1"
+ contact:
+ name: ${env:TEST_ID}-1
+ email: ${env:TEST_ID}-1
+ paths:
+ /*:
+ post:
+ responses:
+ "201":
+ description: Created
+ x-auth-type: "None"
+ # - name: ${env:TEST_ID}-2
+ # description: ${env:TEST_ID}-2
+ # rootContext: /${env:TEST_ID}-2
+ # version: "1"
+ # visibility: "PUBLIC"
+ # backend:
+ # http:
+ # baseUrl: "https://baseUrl"
+ # maxTps: 10
+ # tags:
+ # - ${env:TEST_ID}-2
+ # swaggerSpec:
+ # openapi: 3.0.0
+ # info:
+ # title: ${env:TEST_ID}-2
+ # version: "1"
+ # contact:
+ # name: ${env:TEST_ID}-2
+ # email: ${env:TEST_ID}-2
+ # paths:
+ # /*:
+ # post:
+ # responses:
+ # "201":
+ # description: Created
+ # x-auth-type: "None"
+
+# Optionally, add your other AWS provider-specific resources below.
+# Make sure there is at least one resource listed below, otherwise stack deployment would fail.
+resources:
+ Resources:
+ Topic:
+ Type: AWS::SNS::Topic