Skip to content

Commit

Permalink
Update adapter impl. for multiple certs in CR
Browse files Browse the repository at this point in the history
  • Loading branch information
@sgayangi
sgayangi committed Dec 3, 2023
1 parent 441d930 commit faa159b
Show file tree
Hide file tree
Showing 7 changed files with 288 additions and 206 deletions.
2 changes: 1 addition & 1 deletion adapter/internal/oasparser/model/http_route.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -587,7 +587,7 @@ func getSecurity(authScheme *dpv1alpha1.Authentication) *Authentication {
} else {
authFound = true
}
if authScheme.Spec.Override.AuthTypes.APIKey != nil {
if authScheme.Spec.Override.AuthTypes != nil && authScheme.Spec.Override.AuthTypes.APIKey != nil {
authFound = authFound || len(authScheme.Spec.Override.AuthTypes.APIKey) > 0
var apiKeys []APIKey
for _, apiKey := range authScheme.Spec.Override.AuthTypes.APIKey {
Expand Down
12 changes: 6 additions & 6 deletions adapter/internal/operator/apis/dp/v1alpha1/authentication_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,14 +70,14 @@ type MutualSSLConfig struct {
// +kubebuilder:validation:Enum=mandatory;optional
Required string `json:"required"`

// CertificateInline is the Inline Certificate entry
CertificateInline *string `json:"certificateInline,omitempty"`
// CertificatesInline is the Inline Certificate entry
CertificatesInline []*string `json:"certificatesInline,omitempty"`

// SecretRef denotes the reference to the Secret that contains the Certificate
SecretRef *RefConfig `json:"secretRef,omitempty"`
// SecretRefs denotes the reference to the Secret that contains the Certificate
SecretRefs []*RefConfig `json:"secretRefs,omitempty"`

// ConfigMapRef denotes the reference to the ConfigMap that contains the Certificate
ConfigMapRef *RefConfig `json:"configMapRef,omitempty"`
// ConfigMapRefs denotes the reference to the ConfigMap that contains the Certificate
ConfigMapRefs []*RefConfig `json:"configMapRefs,omitempty"`
}

// TestConsoleKeyAuth Test Console Key Authentication scheme details
Expand Down
42 changes: 30 additions & 12 deletions adapter/internal/operator/apis/dp/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

154 changes: 88 additions & 66 deletions adapter/internal/operator/config/crd/bases/dp.wso2.com_authentications.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,48 +109,59 @@ spec:
description: MutualSSL is to specify the features and certificates
for mutual SSL
properties:
certificateInline:
description: CertificateInline is the Inline Certificate entry
type: string
configMapRef:
description: ConfigMapRef denotes the reference to the ConfigMap
certificatesInline:
description: CertificatesInline is the Inline Certificate
entry
items:
type: string
type: array
configMapRefs:
description: ConfigMapRefs denotes the reference to the ConfigMap
that contains the Certificate
properties:
key:
description: Key of the secret or configmap
minLength: 1
type: string
name:
description: Name of the secret or configmap
minLength: 1
type: string
required:
- key
- name
type: object
items:
description: RefConfig holds a config for a secret or a
configmap
properties:
key:
description: Key of the secret or configmap
minLength: 1
type: string
name:
description: Name of the secret or configmap
minLength: 1
type: string
required:
- key
- name
type: object
type: array
required:
description: Required indicates whether mutualSSL is mandatory
or optional
enum:
- mandatory
- optional
type: string
secretRef:
description: SecretRef denotes the reference to the Secret
secretRefs:
description: SecretRefs denotes the reference to the Secret
that contains the Certificate
properties:
key:
description: Key of the secret or configmap
minLength: 1
type: string
name:
description: Name of the secret or configmap
minLength: 1
type: string
required:
- key
- name
type: object
items:
description: RefConfig holds a config for a secret or a
configmap
properties:
key:
description: Key of the secret or configmap
minLength: 1
type: string
name:
description: Name of the secret or configmap
minLength: 1
type: string
required:
- key
- name
type: object
type: array
required:
- required
type: object
Expand Down Expand Up @@ -229,48 +240,59 @@ spec:
description: MutualSSL is to specify the features and certificates
for mutual SSL
properties:
certificateInline:
description: CertificateInline is the Inline Certificate entry
type: string
configMapRef:
description: ConfigMapRef denotes the reference to the ConfigMap
certificatesInline:
description: CertificatesInline is the Inline Certificate
entry
items:
type: string
type: array
configMapRefs:
description: ConfigMapRefs denotes the reference to the ConfigMap
that contains the Certificate
properties:
key:
description: Key of the secret or configmap
minLength: 1
type: string
name:
description: Name of the secret or configmap
minLength: 1
type: string
required:
- key
- name
type: object
items:
description: RefConfig holds a config for a secret or a
configmap
properties:
key:
description: Key of the secret or configmap
minLength: 1
type: string
name:
description: Name of the secret or configmap
minLength: 1
type: string
required:
- key
- name
type: object
type: array
required:
description: Required indicates whether mutualSSL is mandatory
or optional
enum:
- mandatory
- optional
type: string
secretRef:
description: SecretRef denotes the reference to the Secret
secretRefs:
description: SecretRefs denotes the reference to the Secret
that contains the Certificate
properties:
key:
description: Key of the secret or configmap
minLength: 1
type: string
name:
description: Name of the secret or configmap
minLength: 1
type: string
required:
- key
- name
type: object
items:
description: RefConfig holds a config for a secret or a
configmap
properties:
key:
description: Key of the secret or configmap
minLength: 1
type: string
name:
description: Name of the secret or configmap
minLength: 1
type: string
required:
- key
- name
type: object
type: array
required:
- required
type: object
Expand Down
84 changes: 40 additions & 44 deletions adapter/internal/operator/controllers/dp/api_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -770,27 +770,9 @@ func (apiReconciler *APIReconciler) getAPIPolicyChildrenRefs(ctx context.Context
func (apiReconciler *APIReconciler) resolveAuthentications(ctx context.Context,
authentications map[string]dpv1alpha1.Authentication) (*dpv1alpha1.MutualSSL, error) {
resolvedMutualSSL := dpv1alpha1.MutualSSL{}
var err error
var certificate string
for _, authentication := range authentications {
resolvedMutualSSL = utils.GetResolvedMutualSSL(ctx, apiReconciler.client, authentication)

if authentication.Spec.Default != nil && authentication.Spec.Default.MutualSSL != nil {
resolvedMutualSSL.Required = authentication.Spec.Default.MutualSSL.Required
certificate, err = utils.ResolveCertificate(ctx, apiReconciler.client,
authentication.Namespace, authentication.Spec.Default.MutualSSL.CertificateInline, authentication.Spec.Default.MutualSSL.ConfigMapRef, authentication.Spec.Default.MutualSSL.SecretRef)
}
if authentication.Spec.Override != nil && authentication.Spec.Override.MutualSSL != nil {
resolvedMutualSSL.Required = authentication.Spec.Override.MutualSSL.Required
certificate, err = utils.ResolveCertificate(ctx, apiReconciler.client,
authentication.Namespace, authentication.Spec.Override.MutualSSL.CertificateInline, authentication.Spec.Override.MutualSSL.ConfigMapRef, authentication.Spec.Override.MutualSSL.SecretRef)
}
}

if err != nil {
loggers.LoggerAPKOperator.ErrorC(logging.PrintError(logging.Error2622, logging.TRIVIAL, "Error in resolving client certificate %v in authentication", certificate))
}
resolvedMutualSSL.ClientCertificates = append(resolvedMutualSSL.ClientCertificates, certificate)
return &resolvedMutualSSL, nil
}

Expand Down Expand Up @@ -1351,21 +1333,28 @@ func addIndexes(ctx context.Context, mgr manager.Manager) error {
func(rawObj k8client.Object) []string {
authentication := rawObj.(*dpv1alpha1.Authentication)
var secrets []string
if authentication.Spec.Default != nil && authentication.Spec.Default.MutualSSL != nil && authentication.Spec.Default.MutualSSL.SecretRef != nil && len(authentication.Spec.Default.MutualSSL.SecretRef.Name) > 0 {
secrets = append(secrets,
types.NamespacedName{
Name: string(authentication.Spec.Default.MutualSSL.SecretRef.Name),
Namespace: authentication.Namespace,
}.String())

if authentication.Spec.Default != nil && authentication.Spec.Default.MutualSSL != nil && authentication.Spec.Default.MutualSSL.SecretRefs != nil && len(authentication.Spec.Default.MutualSSL.SecretRefs) > 0 {
for _, secret := range authentication.Spec.Default.MutualSSL.SecretRefs {
if len(secret.Name) > 0 {
secrets = append(secrets,
types.NamespacedName{
Name: string(secret.Name),
Namespace: authentication.Namespace,
}.String())
}
}
}

if authentication.Spec.Override != nil && authentication.Spec.Override.MutualSSL != nil && authentication.Spec.Override.MutualSSL.SecretRef != nil && len(authentication.Spec.Override.MutualSSL.SecretRef.Name) > 0 {
secrets = append(secrets,
types.NamespacedName{
Name: string(authentication.Spec.Override.MutualSSL.SecretRef.Name),
Namespace: authentication.Namespace,
}.String())
if authentication.Spec.Override != nil && authentication.Spec.Override.MutualSSL != nil && authentication.Spec.Override.MutualSSL.SecretRefs != nil && len(authentication.Spec.Override.MutualSSL.SecretRefs) > 0 {
for _, secret := range authentication.Spec.Override.MutualSSL.SecretRefs {
if len(secret.Name) > 0 {
secrets = append(secrets,
types.NamespacedName{
Name: string(secret.Name),
Namespace: authentication.Namespace,
}.String())
}
}

}
return secrets
Expand All @@ -1378,21 +1367,28 @@ func addIndexes(ctx context.Context, mgr manager.Manager) error {
func(rawObj k8client.Object) []string {
authentication := rawObj.(*dpv1alpha1.Authentication)
var configMaps []string
if authentication.Spec.Default != nil && authentication.Spec.Default.MutualSSL != nil && authentication.Spec.Default.MutualSSL.ConfigMapRef != nil && len(authentication.Spec.Default.MutualSSL.ConfigMapRef.Name) > 0 {
configMaps = append(configMaps,
types.NamespacedName{
Name: string(authentication.Spec.Default.MutualSSL.ConfigMapRef.Name),
Namespace: authentication.Namespace,
}.String())

if authentication.Spec.Default != nil && authentication.Spec.Default.MutualSSL != nil && authentication.Spec.Default.MutualSSL.ConfigMapRefs != nil && len(authentication.Spec.Default.MutualSSL.ConfigMapRefs) > 0 {
for _, configMap := range authentication.Spec.Default.MutualSSL.ConfigMapRefs {
if len(configMap.Name) > 0 {
configMaps = append(configMaps,
types.NamespacedName{
Name: string(configMap.Name),
Namespace: authentication.Namespace,
}.String())
}
}
}

if authentication.Spec.Override != nil && authentication.Spec.Override.MutualSSL != nil && authentication.Spec.Override.MutualSSL.ConfigMapRef != nil && len(authentication.Spec.Override.MutualSSL.ConfigMapRef.Name) > 0 {
configMaps = append(configMaps,
types.NamespacedName{
Name: string(authentication.Spec.Override.MutualSSL.ConfigMapRef.Name),
Namespace: authentication.Namespace,
}.String())
if authentication.Spec.Override != nil && authentication.Spec.Override.MutualSSL != nil && authentication.Spec.Override.MutualSSL.ConfigMapRefs != nil && len(authentication.Spec.Override.MutualSSL.ConfigMapRefs) > 0 {
for _, configMap := range authentication.Spec.Override.MutualSSL.ConfigMapRefs {
if len(configMap.Name) > 0 {
configMaps = append(configMaps,
types.NamespacedName{
Name: string(configMap.Name),
Namespace: authentication.Namespace,
}.String())
}
}

}
return configMaps
Expand Down
Loading

0 comments on commit faa159b

Please sign in to comment.