Merge pull request #883 from ayeshLK/kafka_hub_impr

Refactor security configurations in the `hub`
ballerina-platform · Sep 21, 2023 · fd9637e · fd9637e
2 parents f77f58e + 17990fa
commit fd9637e
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 8 deletions.
diff --git a/examples/kafka-hub/hub/Config.toml b/examples/kafka-hub/hub/Config.toml
@@ -33,5 +33,11 @@ MESSAGE_DELIVERY_COUNT = 3
 # The message delivery timeout
 MESSAGE_DELIVERY_TIMEOUT = 10.0
 
+[kafkaHub.config.OAUTH2_CONFIG]
+issuer = "https://localhost:9443/oauth2/token"
+jwksUrl = "https://localhost:9443/oauth2/jwks"
+trustStore = "./resources/client-truststore.jks"
+trustStorePassword = "wso2carbon"
+
 [ballerina.log]
 level = "DEBUG"
diff --git a/examples/kafka-hub/hub/modules/config/configurations.bal b/examples/kafka-hub/hub/modules/config/configurations.bal
@@ -14,6 +14,7 @@
 // specific language governing permissions and limitations
 // under the License.
 
+import kafkaHub.types;
 import kafkaHub.util;
 
 # Flag to check whether to enable/disable security
@@ -51,9 +52,6 @@ public configurable int MESSAGE_DELIVERY_COUNT = 3;
 public configurable decimal MESSAGE_DELIVERY_TIMEOUT = 10;
 
 # The base URL of IDP
-public configurable string MOSIP_AUTH_BASE_URL = "https://host/";
-
-# The token validation URL of IDP
-public configurable string MOSIP_AUTH_VALIDATE_TOKEN_URL = "https://host/oauth2/token";
+public configurable types:OAuth2Config OAUTH2_CONFIG = ?;
 
 public final string CONSTRUCTED_SERVER_ID = string `${SERVER_ID}-${util:generateRandomString()}`;
diff --git a/examples/kafka-hub/hub/modules/security/security.bal b/examples/kafka-hub/hub/modules/security/security.bal
@@ -16,19 +16,20 @@
 
 import ballerina/log;
 import ballerina/http;
+import kafkaHub.config;
 import ballerina/jwt;
 
 final http:ListenerJwtAuthHandler handler = new({
-    issuer: "https://localhost:9443/oauth2/token",
+    issuer: config:OAUTH2_CONFIG.issuer,
     audience: "ballerina",
     signatureConfig: {
         jwksConfig: {
-            url: "https://localhost:9443/oauth2/jwks",
+            url: config:OAUTH2_CONFIG.jwksUrl,
             clientConfig: {
                 secureSocket: {
                     cert: {
-                        path: "./resources/client-truststore.jks",
-                        password: "wso2carbon"
+                        path: config:OAUTH2_CONFIG.trustStore,
+                        password: config:OAUTH2_CONFIG.trustStorePassword
                     }
                 }
             }

diff --git a/examples/kafka-hub/hub/modules/types/types.bal b/examples/kafka-hub/hub/modules/types/types.bal
@@ -20,3 +20,10 @@ public type SystemStateSnapshot record {|
     websubhub:TopicRegistration[] topics;
     websubhub:VerifiedSubscription[] subscriptions;
 |};
+
+public type OAuth2Config record {|
+    string issuer;
+    string jwksUrl;
+    string trustStore;
+    string trustStorePassword;
+|};