diff --git a/runtime/config-deployer-service/ballerina/APIClient.bal b/runtime/config-deployer-service/ballerina/APIClient.bal index 0a6d3d8a51..728d737ee9 100644 --- a/runtime/config-deployer-service/ballerina/APIClient.bal +++ b/runtime/config-deployer-service/ballerina/APIClient.bal @@ -361,17 +361,29 @@ public class APIClient { } else if authentication.authType == "JWT" { JWTAuthentication jwtAuthentication = check authentication.cloneWithType(JWTAuthentication); authTypes.jwt = {header: jwtAuthentication.headerName, sendTokenToUpstream: jwtAuthentication.sendTokenToUpstream, disabled: !jwtAuthentication.enabled, audience: jwtAuthentication.audience}; - } else if authentication.authType == "APIKey" && authentication is APIKeyAuthentication { - APIKeyAuthentication apiKeyAuthentication = check authentication.cloneWithType(APIKeyAuthentication); + } else if authentication.authType == "APIKey" { + APIKeyAuthentication apiKeyAuthentication; + if authentication is OAuth2Authentication { + apiKeyAuthentication = { + required: authentication.required, + sendTokenToUpstream: authentication.sendTokenToUpstream, + headerName: authentication.headerName, + headerEnable: authentication.headerEnable + }; + } else { + apiKeyAuthentication = check authentication.cloneWithType(APIKeyAuthentication); + } model:APIKey[] apiKeys = []; - if apiKeyAuthentication.headerEnable { apiKeys.push({'in: "Header", name: apiKeyAuthentication.headerName, sendTokenToUpstream: apiKeyAuthentication.sendTokenToUpstream}); } if apiKeyAuthentication.queryParamEnable { apiKeys.push({'in: "Query", name: apiKeyAuthentication.queryParamName, sendTokenToUpstream: apiKeyAuthentication.sendTokenToUpstream}); } - authTypes.apiKey = apiKeys; + authTypes.apiKey = { + required: apiKeyAuthentication.required, + keys: apiKeys + }; } else if authentication.authType == "mTLS" { MTLSAuthentication mtlsAuthentication = check authentication.cloneWithType(MTLSAuthentication); isMTLSMandatory = mtlsAuthentication.required == "mandatory"; diff --git a/runtime/config-deployer-service/ballerina/modules/model/Authentication.bal b/runtime/config-deployer-service/ballerina/modules/model/Authentication.bal index ad876f71b4..912bd37067 100644 --- a/runtime/config-deployer-service/ballerina/modules/model/Authentication.bal +++ b/runtime/config-deployer-service/ballerina/modules/model/Authentication.bal @@ -36,9 +36,9 @@ public type AuthenticationData record { public type AuthenticationExtensionType record { OAuth2Authentication oauth2?; - APIKey[] apiKey = []; MutualSSL mtls?; JWTAuthentication jwt?; + APIKeyAuthentication apiKey?; }; public type MutualSSL record { @@ -63,6 +63,11 @@ public type JWTAuthentication record { string[] audience = []; }; +public type APIKeyAuthentication record { + string required; + APIKey[] keys = []; +}; + public type InternalKey record { string header?; string sendTokenToUpstream?; diff --git a/runtime/config-deployer-service/ballerina/tests/APIClientTest.bal b/runtime/config-deployer-service/ballerina/tests/APIClientTest.bal index 8f7f4997b5..3bc80e4141 100644 --- a/runtime/config-deployer-service/ballerina/tests/APIClientTest.bal +++ b/runtime/config-deployer-service/ballerina/tests/APIClientTest.bal @@ -1,8 +1,10 @@ -import ballerina/test; import config_deployer_service.model; import config_deployer_service.org.wso2.apk.config.model as runtimeModels; -import wso2/apk_common_lib; + import ballerina/io; +import ballerina/test; + +import wso2/apk_common_lib; import wso2/apk_common_lib as commons; commons:Organization organization = { @@ -505,18 +507,21 @@ public function testAPIKeyOnlyEnable() returns error? { model:AuthenticationData expectedAuthenticationData = { disabled: false, authTypes: { - apiKey: [ - { - 'in: "Header", - name: "apiKey", - sendTokenToUpstream: false - }, - { - 'in: "Query", - name: "apiKey", - sendTokenToUpstream: false - } - ] + apiKey: { + required: "optional", + keys: [ + { + 'in: "Header", + name: "apiKey", + sendTokenToUpstream: false + }, + { + 'in: "Query", + name: "apiKey", + sendTokenToUpstream: false + } + ] + } } }; @@ -545,18 +550,22 @@ public function testAPIKeyAndJWTEnable() returns error? { model:AuthenticationData expectedAuthenticationData = { disabled: false, authTypes: { - apiKey: [ - { - 'in: "Header", - name: "apiKey", - sendTokenToUpstream: false - }, - { - 'in: "Query", - name: "apiKey", - sendTokenToUpstream: false - } - ], + apiKey: { + required: "optional", + keys: + [ + { + 'in: "Header", + name: "apiKey", + sendTokenToUpstream: false + }, + { + 'in: "Query", + name: "apiKey", + sendTokenToUpstream: false + } + ] + }, oauth2: { required: "mandatory", disabled: false, diff --git a/runtime/config-deployer-service/ballerina/types.bal b/runtime/config-deployer-service/ballerina/types.bal index 1f59fd5d36..0fb5d75dc7 100644 --- a/runtime/config-deployer-service/ballerina/types.bal +++ b/runtime/config-deployer-service/ballerina/types.bal @@ -469,6 +469,7 @@ public type RetryPolicy record { # Configuration for API Key Auth Type # +# + required - If APIKey is optional or mandatory # + sendTokenToUpstream - Enables sending the API Key to upstream. # + headerName - Name of APIKey header. # + queryParamName - Name of APIKey query parameter. @@ -476,6 +477,7 @@ public type RetryPolicy record { # + queryParamEnable - Enable sending API Key as a query param. public type APIKeyAuthentication record {| *Authentication; + string required = "optional"; boolean sendTokenToUpstream = false; string headerName = "apiKey"; string queryParamName = "apiKey";