Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove unnecessary configs passed from Adapter to Enforcer through xDS messages #3491

Merged
merged 3 commits into from
Feb 19, 2024
Merged

Remove unnecessary configs passed from Adapter to Enforcer through xDS messages #3491

merged 3 commits into from
Feb 19, 2024

Conversation

renuka-fernando
Copy link
Contributor

@renuka-fernando renuka-fernando commented Feb 16, 2024
edited
Loading

Purpose

$subject

Logs

adapter-1 | 2024-02-16 15:10:13 INFO [marshaller.go:346] - [xds.MarshalKeyManager] [-] [Renuka] Key Manager Configuration Before Filter: map[AuthorizeURL:https://choreo-am-service:9443/oauth2/authorize LogoutURL:https://choreo-am-service:9443/oidc/logout OAuthConfigurations.EncryptPersistedTokens:true RevokeURL:https://choreo-am-service:9443/oauth2/revoke ServerURL:https://choreo-am-service:9443/services/ TokenURL:https://choreo-am-service:9443/oauth2/token VALIDITY_PERIOD:3600 authorize_endpoint:https://choreo-am-service:9443/oauth2/authorize certificate_type:JWKS certificate_value:https://sts.preview-dv.choreo.dev/oauth2/jwks enable_map_oauth_consumer_apps:false enable_oauth_app_creation:true enable_token_encryption:false enable_token_generation:true enable_token_hash:false grant_types:[refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer password client_credentials iwa:ntlm authorization_code urn:ietf:params:oauth:grant-type:token-exchange urn:ietf:params:oauth:grant-type:jwt-bearer] issuer:https://sts.preview-dv.choreo.dev:443/oauth2/token logout_endpoint:https://choreo-am-service:9443/oidc/logout revoke_endpoint:https://choreo-am-service:9443/oauth2/revoke self_validate_jwt:true token_endpoint:https://choreo-am-service:9443/oauth2/token token_format_string:[{"enable":true,"type":"REFERENCE","value":"[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}"}] validation_enable:true]
adapter-1 | 2024-02-16 15:10:13 INFO [marshaller.go:350] - [xds.MarshalKeyManager] [-] [Renuka] Key Manager Configuration After Filter: {"certificate_type":"JWKS","certificate_value":"https://sts.preview-dv.choreo.dev/oauth2/jwks","issuer":"https://sts.preview-dv.choreo.dev:443/oauth2/token","self_validate_jwt":true}
adapter-1 | 2024-02-16 15:10:13 INFO [marshaller.go:346] - [xds.MarshalKeyManager] [-] [Renuka] Key Manager Configuration Before Filter: map[authorize_endpoint:https://dev.api.asgardeo.io/t/renukafernando/oauth2/authorize certificate_type:JWKS certificate_value:https://dev.api.asgardeo.io/t/renukafernando/oauth2/jwks claim_mappings:[] client_registration_endpoint:https://dev.api.asgardeo.io/t/renukafernando/api/server/v1 consumer_key_claim:azp enable_map_oauth_consumer_apps:false enable_oauth_app_creation:true enable_token_encryption:false enable_token_generation:true enable_token_hash:false grant_types:[refresh_token password client_credentials authorization_code implicit] issuer:https://dev.api.asgardeo.io/t/renukafernando/oauth2/token revoke_endpoint:https://dev.api.asgardeo.io/t/renukafernando/oauth2/revoke scopes_claim:scope self_validate_jwt:true token_endpoint:https://dev.api.asgardeo.io/t/renukafernando/oauth2/token]
adapter-1 | 2024-02-16 15:10:13 INFO [marshaller.go:350] - [xds.MarshalKeyManager] [-] [Renuka] Key Manager Configuration After Filter: {"certificate_type":"JWKS","certificate_value":"https://dev.api.asgardeo.io/t/renukafernando/oauth2/jwks","claim_mappings":[],"consumer_key_claim":"azp","issuer":"https://dev.api.asgardeo.io/t/renukafernando/oauth2/token","scopes_claim":"scope","self_validate_jwt":true}

Formatted Config

{
  "certificate_type": "JWKS",
  "certificate_value": "https://sts.preview-dv.choreo.dev/oauth2/jwks",
  "issuer": "https://sts.preview-dv.choreo.dev:443/oauth2/token",
  "self_validate_jwt": true
}
{
  "certificate_type": "JWKS",
  "certificate_value": "https://dev.api.asgardeo.io/t/renukafernando/oauth2/jwks",
  "claim_mappings": [],
  "consumer_key_claim": "azp",
  "issuer": "https://dev.api.asgardeo.io/t/renukafernando/oauth2/token",
  "scopes_claim": "scope",
  "self_validate_jwt": true
}

Event based key manager configs

adapter-1 | 2024-02-16 15:22:42 INFO [notification_listener.go:164] - [messaging.handleKeyManagerEvents] [-] decoded Key Manager stream {"claim_mappings":[],"authorize_endpoint":"https://dev.api.asgardeo.io/t/renukafernando/oauth2/authorize","grant_types":["refresh_token","password","client_credentials","authorization_code","implicit"],"enable_oauth_app_creation":true,"certificate_value":"https://dev.api.asgardeo.io/t/renukafernando/oauth2/jwks","enable_token_generation":true,"issuer":"https://dev.api.asgardeo.io/t/renukafernando/oauth2/token","enable_map_oauth_consumer_apps":false,"enable_token_hash":false,"self_validate_jwt":true,"revoke_endpoint":"https://dev.api.asgardeo.io/t/renukafernando/oauth2/revoke","scopes_claim":"scope","enable_token_encryption":false,"client_registration_endpoint":"https://dev.api.asgardeo.io/t/renukafernando/api/server/v1","consumer_key_claim":"azp","certificate_type":"JWKS","token_endpoint":"https://dev.api.asgardeo.io/t/renukafernando/oauth2/token"}
adapter-1 | 2024-02-16 15:22:42 INFO [notification_listener.go:177] - [messaging.handleKeyManagerEvents] [-] Key Manager data map[authorize_endpoint:https://dev.api.asgardeo.io/t/renukafernando/oauth2/authorize certificate_type:JWKS certificate_value:https://dev.api.asgardeo.io/t/renukafernando/oauth2/jwks claim_mappings:[] client_registration_endpoint:https://dev.api.asgardeo.io/t/renukafernando/api/server/v1 consumer_key_claim:azp enable_map_oauth_consumer_apps:false enable_oauth_app_creation:true enable_token_encryption:false enable_token_generation:true enable_token_hash:false grant_types:[refresh_token password client_credentials authorization_code implicit] issuer:https://dev.api.asgardeo.io/t/renukafernando/oauth2/token revoke_endpoint:https://dev.api.asgardeo.io/t/renukafernando/oauth2/revoke scopes_claim:scope self_validate_jwt:true token_endpoint:https://dev.api.asgardeo.io/t/renukafernando/oauth2/token]
adapter-1 | 2024-02-16 15:22:42 INFO [marshaller.go:346] - [xds.MarshalKeyManager] [-] [Renuka] Key Manager Configuration Before Filter: map[authorize_endpoint:https://dev.api.asgardeo.io/t/renukafernando/oauth2/authorize certificate_type:JWKS certificate_value:https://dev.api.asgardeo.io/t/renukafernando/oauth2/jwks claim_mappings:[] client_registration_endpoint:https://dev.api.asgardeo.io/t/renukafernando/api/server/v1 consumer_key_claim:azp enable_map_oauth_consumer_apps:false enable_oauth_app_creation:true enable_token_encryption:false enable_token_generation:true enable_token_hash:false grant_types:[refresh_token password client_credentials authorization_code implicit] issuer:https://dev.api.asgardeo.io/t/renukafernando/oauth2/token revoke_endpoint:https://dev.api.asgardeo.io/t/renukafernando/oauth2/revoke scopes_claim:scope self_validate_jwt:true token_endpoint:https://dev.api.asgardeo.io/t/renukafernando/oauth2/token]
adapter-1 | 2024-02-16 15:22:42 INFO [marshaller.go:350] - [xds.MarshalKeyManager] [-] [Renuka] Key Manager Configuration After Filter: {"certificate_type":"JWKS","certificate_value":"https://dev.api.asgardeo.io/t/renukafernando/oauth2/jwks","claim_mappings":[],"consumer_key_claim":"azp","issuer":"https://dev.api.asgardeo.io/t/renukafernando/oauth2/token","scopes_claim":"scope","self_validate_jwt":true}

Issues

Fixes #

Automation tests

  • Unit tests added: Yes
  • Integration tests added: No

Tested environments

Not Tested

Maintainers: Check before merge

  • Assigned 'Type' label
  • Assigned the project
  • Validated respective github issues
  • Assigned milestone to the github issue(s)

@renuka-fernando renuka-fernando force-pushed the choreo-remove-unused-key-manager-configs branch from bf71bff to ef35627 Compare February 16, 2024 15:29
malinthaprasan
malinthaprasan previously approved these changes Feb 17, 2024
View reviewed changes
slahirucd7
slahirucd7 reviewed Feb 19, 2024
View reviewed changes
adapter/config/types.go
KeyManagerConfigs keyManagerConfigs
}

type keyManagerConfigs struct {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need a new struct ?

type xdsPayloadFormatter struct {
	RetainKeysForKeyManagerConfigs []string
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, looks good. But in case we need to add another config for key managers, for example, filter out some keys we can add just another field in TOML for key managers.

[adapter.xdsPayloadFormatter.keyManagerConfigs]
# Retain only the following keys in the Key Manager configurations from Control Plane events and send to Enforcer
retainKeys = ["self_validate_jwt", "issuer", "claim_mappings", "consumer_key_claim", "scopes_claim", "jwks_endpoint", "certificate_type", "certificate_value", "environments"]

@renuka-fernando renuka-fernando merged commit 900154a into wso2:choreo Feb 19, 2024
2 of 3 checks passed
@choreo-cicd
Copy link

[succeeded] Dataplane(NorthEU) cluster : dev-deployment-v2 : 20240222.15

@choreo-cicd
Copy link

[succeeded] : dev-deployment-v2 : 20240222.15

@choreo-cicd
Copy link

[succeeded] Controlplane cluster : dev-deployment-v2 : 20240222.15

@choreo-cicd
Copy link

[succeeded] Dataplane(EastUS) cluster : dev-deployment-v2 : 20240222.15

@choreo-cicd
Copy link

[succeeded] : stage-deployment-v2 : 20240223.1

@choreo-cicd
Copy link

[failed] Dataplane(EastUS) cluster : stage-deployment-v2 : 20240223.1

@choreo-cicd
Copy link

[failed] Controlplane cluster : stage-deployment-v2 : 20240223.1

@choreo-cicd
Copy link

[succeeded] Dataplane(NorthEU) cluster : stage-deployment-v2 : 20240223.1

@choreo-cicd
Copy link

[] Dataplane(NorthEU) cluster : stage-deployment-v2 : 20240224.1

@choreo-cicd
Copy link

[] : stage-deployment-v2 : 20240224.1

@choreo-cicd
Copy link

[] Dataplane(EastUS) cluster : stage-deployment-v2 : 20240224.1

@choreo-cicd
Copy link

[] Controlplane cluster : stage-deployment-v2 : 20240224.1

@choreo-cicd
Copy link

[succeeded] : prod-deployment-v2 : 20240227.2

@choreo-cicd
Copy link

[failed] Controlplane cluster : prod-deployment-v2 : 20240227.2

@choreo-cicd
Copy link

[succeeded] Controlplane cluster : prod-deployment-v2 : 20240227.2

@choreo-cicd
Copy link

[succeeded] : prod-deployment-v2 : 20240227.2

@choreo-cicd
Copy link

[] Dataplane(NorthEU) cluster : prod-deployment-v2 : 20240227.5

@choreo-cicd
Copy link

[] Dataplane(EastUS) cluster : prod-deployment-v2 : 20240227.5

@choreo-cicd
Copy link

[] : prod-deployment-v2 : 20240227.5

@choreo-cicd
Copy link

[] Controlplane cluster : prod-deployment-v2 : 20240227.5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@slahirucd7 slahirucd7 slahirucd7 left review comments

@VirajSalaka VirajSalaka VirajSalaka approved these changes

@malinthaprasan malinthaprasan malinthaprasan left review comments

Assignees
No one assigned
Labels
Status/DeployedToDev Status/DeployedToProd Status/DeployedToStage
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@renuka-fernando @choreo-cicd @malinthaprasan @VirajSalaka @slahirucd7