Adding environment field for TokenIssuer

wso2 · Oct 3, 2023 · 4c96d9b · 4c96d9b
1 parent 032e399
commit 4c96d9b
Show file tree

Hide file tree

Showing 16 changed files with 387 additions and 61 deletions.
diff --git a/adapter/api/proto/wso2/discovery/subscription/jwtIssuer.proto b/adapter/api/proto/wso2/discovery/subscription/jwtIssuer.proto
@@ -35,6 +35,7 @@ message JWTIssuer {
     string consumerKeyClaim = 6;
     string scopesClaim = 7;
     map<string, string> claimMapping = 8;
+    repeated string environments = 9;
 }
 message Certificate {
     string certificate = 1;

diff --git a/adapter/internal/operator/apis/dp/v1alpha1/resolvedJWTIssuer.go b/adapter/internal/operator/apis/dp/v1alpha1/resolvedJWTIssuer.go
@@ -31,6 +31,7 @@ type ResolvedJWTIssuer struct {
 	ScopesClaim         string
 	SignatureValidation ResolvedSignatureValidation
 	ClaimMappings       map[string]string
+	Environments        []string
 }
 
 // ResolvedSignatureValidation holds the resolved properties of SignatureValidation

diff --git a/adapter/internal/operator/apis/dp/v1alpha1/tokenIssuer_types.go b/adapter/internal/operator/apis/dp/v1alpha1/tokenIssuer_types.go
@@ -62,6 +62,12 @@ type TokenIssuerSpec struct {
 
 	// TargetRef denotes the reference to the which gateway it applies to
 	TargetRef *gwapiv1b1.PolicyTargetReference `json:"targetRef,omitempty"`
+
+	// Environments denotes the environments that are applicable for the token issuer.
+	//
+	// +optional
+	// +nullable
+	Environments []string `json:"environments,omitempty"`
 }
 
 // ClaimMapping defines the reference configuration

diff --git a/adapter/internal/operator/apis/dp/v1alpha1/zz_generated.deepcopy.go b/adapter/internal/operator/apis/dp/v1alpha1/zz_generated.deepcopy.go
diff --git a/adapter/internal/operator/config/crd/bases/dp.wso2.com_tokenissuers.yaml b/adapter/internal/operator/config/crd/bases/dp.wso2.com_tokenissuers.yaml
@@ -56,6 +56,13 @@ spec:
                   key.
                 minLength: 1
                 type: string
+              environments:
+                description: Environments denotes the environments that are applicable
+                  for the token issuer.
+                items:
+                  type: string
+                nullable: true
+                type: array
               issuer:
                 description: Issuer denotes the issuer of the Token Issuer.
                 minLength: 1

diff --git a/adapter/internal/operator/controllers/dp/tokenissuer_controller.go b/adapter/internal/operator/controllers/dp/tokenissuer_controller.go
@@ -45,6 +45,7 @@ const (
 	tokenIssuerIndex       = "tokenIssuerIndex"
 	secretTokenIssuerIndex = "secretTokenIssuerIndex"
 	configmapIssuerIndex   = "configmapIssuerIndex"
+	defaultAllEnvironments = "*"
 )
 
 // TokenssuerReconciler reconciles a TokenIssuer object
@@ -192,6 +193,7 @@ func marshalJWTIssuerList(jwtIssuerMapping dpv1alpha1.JWTIssuerMapping) *subscri
 		}
 		jwtIssuer.ClaimMapping = internalJWTIssuer.ClaimMappings
 		jwtIssuer.Certificate = certificate
+		jwtIssuer.Environments = internalJWTIssuer.Environments
 		jwtIssuers = append(jwtIssuers, jwtIssuer)
 
 	}
@@ -213,6 +215,8 @@ func getJWTIssuers(ctx context.Context, client k8client.Client, namespace types.
 		resolvedJwtIssuer.ConsumerKeyClaim = jwtIssuer.Spec.ConsumerKeyClaim
 		resolvedJwtIssuer.ScopesClaim = jwtIssuer.Spec.ScopesClaim
 		resolvedJwtIssuer.Organization = jwtIssuer.Spec.Organization
+		resolvedJwtIssuer.Environments = getTokenIssuerEnvironments(jwtIssuer.Spec.Environments)
+
 		signatureValidation := dpv1alpha1.ResolvedSignatureValidation{}
 		if jwtIssuer.Spec.SignatureValidation.JWKS != nil && len(jwtIssuer.Spec.SignatureValidation.JWKS.URL) > 0 {
 			jwks := &dpv1alpha1.ResolvedJWKS{}
@@ -256,3 +260,15 @@ func getResolvedClaimMapping(claimMappings []dpv1alpha1.ClaimMapping) map[string
 	}
 	return resolvedClaimMappings
 }
+
+func getTokenIssuerEnvironments(environments []string) []string {
+
+	resolvedEnvirenvironments := []string{}
+	if len(environments) == 0 {
+		resolvedEnvirenvironments = append(resolvedEnvirenvironments, defaultAllEnvironments)
+	} else {
+		resolvedEnvirenvironments = environments
+	}
+
+	return resolvedEnvirenvironments
+}
diff --git a/adapter/pkg/discovery/api/wso2/discovery/subscription/jwtIssuer.pb.go b/adapter/pkg/discovery/api/wso2/discovery/subscription/jwtIssuer.pb.go
diff --git a/...forcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/constants/Constants.java b/...forcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/constants/Constants.java
@@ -76,4 +76,8 @@ since new lines in different OSs differ (Linux: \n, Windows: \r\n) */
     public static final String PROP_CON_FACTORY = "connectionfactory.TopicConnectionFactory";
     public static final String DEFAULT_DESTINATION_TYPE = "Topic";
     public static final String DEFAULT_CON_FACTORY_JNDI_NAME = "TopicConnectionFactory";
+
+    // multi-env constants
+    public static final String DEFAULT_ENVIRONMENT_TOKEN_ISSUER = "*";
+    public static final String DEFAULT_ENVIRONMENT = "Default";
 }