Skip to content

Commit

Permalink
Adding ConfigMaps upon enabling mTLS
Browse files Browse the repository at this point in the history
  • Loading branch information
O-sura committed Feb 19, 2024
1 parent 94a941e commit 96c907c
Show file tree
Hide file tree
Showing 4 changed files with 81 additions and 9 deletions.
2 changes: 1 addition & 1 deletion apim-apk-agent/internal/utils/apis_fetcher.go
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ func FetchAPIsOnEvent(conf *config.Config, apiUUID *string, k8sClient client.Cli
return nil, err
}
k8ResourceEndpoint := conf.DataPlane.K8ResourceEndpoint
crResponse, err := transformer.GenerateCRs(apkConf, artifact.Swagger, k8ResourceEndpoint)
crResponse, err := transformer.GenerateCRs(apkConf, artifact.Swagger, artifact.CertMeta, k8ResourceEndpoint)
if err != nil {
logger.LoggerSync.Errorf("Error occured in receiving the updated CRDs: %v", err)
return nil, err
Expand Down
21 changes: 14 additions & 7 deletions apim-apk-agent/pkg/transformer/api_model.go
Original file line number Diff line number Diff line change
Expand Up @@ -108,11 +108,18 @@ type APIYaml struct {
// APIArtifact represents the artifact details of an API, including api details, environment configuration,
// Swagger definition, deployment descriptor, and revision ID extracted from the API Project Zip.
type APIArtifact struct {
APIJson string `json:"apiJson"`
APIFileName string `json:"apiFileName"`
EnvConfig string `json:"envConfig"`
Swagger string `json:"swagger"`
DeploymentDescriptor string `json:"deploymentDescriptor"`
ClientCerts string `json:"clientCert"`
RevisionID uint32 `json:"revisionId"`
APIJson string `json:"apiJson"`
APIFileName string `json:"apiFileName"`
EnvConfig string `json:"envConfig"`
Swagger string `json:"swagger"`
DeploymentDescriptor string `json:"deploymentDescriptor"`
ClientCerts string `json:"clientCert"`
RevisionID uint32 `json:"revisionId"`
CertMeta CertMetadata `json:"certMeta"`
}

// CertMetadata marks the availability of the cert files provided by the client and their contents
type CertMetadata struct {
CertAvailable bool `json:"certAvailable"`
ClientCertFiles map[string]string `json:"clientCertFiles"`
}
36 changes: 35 additions & 1 deletion apim-apk-agent/pkg/transformer/transformer.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ import (
"encoding/json"
"errors"
"fmt"
"strings"

"io"
"mime/multipart"
Expand Down Expand Up @@ -237,7 +238,7 @@ func mapAuthConfigs(authHeader string, secSchemes []string, certAvailable bool,

// GenerateCRs takes the .apk-conf, api definition, vHost and the organization for a particular API and then generate and returns
// the relavant CRD set as a zip
func GenerateCRs(apkConf string, apiDefinition string, k8ResourceGenEndpoint string) (*K8sArtifacts, error) {
func GenerateCRs(apkConf string, apiDefinition string, clientCertData CertMetadata, k8ResourceGenEndpoint string) (*K8sArtifacts, error) {
k8sArtifact := K8sArtifacts{HTTPRoutes: make(map[string]*gwapiv1b1.HTTPRoute), Backends: make(map[string]*dpv1alpha1.Backend), Scopes: make(map[string]*dpv1alpha1.Scope), Authentication: make(map[string]*dpv1alpha2.Authentication), APIPolicies: make(map[string]*dpv1alpha2.APIPolicy), InterceptorServices: make(map[string]*dpv1alpha1.InterceptorService), ConfigMaps: make(map[string]*corev1.ConfigMap), Secrets: make(map[string]*corev1.Secret), RateLimitPolicies: make(map[string]*dpv1alpha1.RateLimitPolicy)}
if apkConf == "" {
logger.LoggerTransformer.Error("Empty apk-conf parameter provided. Unable to generate CRDs.")
Expand Down Expand Up @@ -433,6 +434,20 @@ func GenerateCRs(apkConf string, apiDefinition string, k8ResourceGenEndpoint str
logger.LoggerSync.Errorf("[!]Unknown Kind parsed from the YAML File: %v", kind)
}
}
// Create ConfigMap to store the cert data if mTLS has enabled
if clientCertData.CertAvailable {
for confKey, confValue := range clientCertData.ClientCertFiles {
i := 0
i++
pathSegments := strings.Split(confKey, ".")
configName := pathSegments[0]
certConfigMap := createCongigMap(configName, confKey, confValue)
logger.LoggerTransformer.Debugf("New ConfigMap Data: %v", *certConfigMap)
k8sArtifact.ConfigMaps[certConfigMap.ObjectMeta.Name] = certConfigMap
}

}

return &k8sArtifact, nil
}

Expand Down Expand Up @@ -552,3 +567,22 @@ func generateSHA1Hash(input string) string {
h.Write([]byte(input))
return hex.EncodeToString(h.Sum(nil))
}

// createConfigMap returns a marshalled yaml of ConfigMap kind after adding the given values
func createCongigMap(configName, dataKey, dataValue string) *corev1.ConfigMap {
cm := corev1.ConfigMap{}
cm.APIVersion = "v1"
cm.Kind = "ConfigMap"
cm.ObjectMeta.Name = configName
cm.ObjectMeta.Namespace = "apk-integration-test"

if cm.ObjectMeta.Labels == nil {
cm.ObjectMeta.Labels = make(map[string]string)
}

if cm.Data == nil {
cm.Data = make(map[string]string)
}
cm.Data[dataKey] = dataValue
return &cm
}
31 changes: 31 additions & 0 deletions apim-apk-agent/pkg/transformer/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,9 @@ package transformer
import (
"archive/zip"
"bytes"
"encoding/base64"
"encoding/json"
"errors"

"io"
"os"
Expand Down Expand Up @@ -94,6 +96,35 @@ func readZipFile(file *zip.File) (*APIArtifact, error) {
return nil, err
}
apiArtifact.ClientCerts = string(certificateJSON)
apiArtifact.CertMeta.CertAvailable = true
}

if strings.Contains(file.Name, ".crt") {
certificateData, err := ReadContent(file)
if err != nil {
return nil, err
}
if apiArtifact.CertMeta.ClientCertFiles == nil {
apiArtifact.CertMeta.ClientCertFiles = make(map[string]string)
}

// Find the start and end positions of the base64 encoded data
start := bytes.Index(certificateData, []byte("-----BEGIN CERTIFICATE-----"))
end := bytes.Index(certificateData, []byte("-----END CERTIFICATE-----"))
if start == -1 || end == -1 {
return nil, errors.New("Certificate data does not contain valid PEM format")
}

// Extract the base64 encoded data
pemData := certificateData[start+len("-----BEGIN CERTIFICATE-----") : end]
decodedBytes, err := base64.StdEncoding.DecodeString(string(pemData))
if err != nil {
logger.LoggerTransformer.Errorf("Error decoding: %v", err)
return nil, err
}

pathSegments := strings.Split(file.Name, "/")
apiArtifact.CertMeta.ClientCertFiles[pathSegments[len(pathSegments)-1]] = string(decodedBytes)
}
}
return apiArtifact, nil
Expand Down

0 comments on commit 96c907c

Please sign in to comment.