Closed andrei-tyk closed 3 days ago
This PR is too huge for one to review :broken_heart:
<table>
<tr>
<th>Additions</th>
<td>1198 :no_good_woman: </td>
</tr>
<tr>
<th>Expected</th>
<td>:arrow_down: 800</td>
</tr>
</table>
<p>
Consider breaking it down into multiple small PRs.
</p>
<p>
Check out this <a href="https://www.atlassian.com/blog/git/written-unwritten-guide-pull-requests">guide</a> to learn more about PR best-practices.
</p>
Let's make that PR title a 💯 shall we? 💪
<p>
Your <em>PR title</em> and <em>story title</em> look <strong>slightly different</strong>. Just checking in to know if it was intentional!
</p>
<table>
<tr>
<th>Story Title</th>
<td>Implement OAuth 2.0 Password Flow for API Gateway Authentication with Upstream Server</td>
</tr>
<tr>
<th>PR Title</th>
<td>[TT-13185] reorganize contract in upstream oauth</td>
</tr>
</table>
<p>
Check out this <a href="https://www.atlassian.com/blog/git/written-unwritten-guide-pull-requests">guide</a> to learn more about PR best-practices.
</p>
API Changes
--- prev.txt 2024-10-25 10:46:03.499956815 +0000
+++ current.txt 2024-10-25 10:45:57.227853129 +0000
@@ -93,860 +93,1132 @@
ResponseProcessorResponseBodyTransform = "response_body_transform"
)
const Schema = `{
- "type": ["object", "null"],
- "$schema": "http://json-schema.org/draft-04/schema",
- "id": "http://jsonschema.net",
- "additionalProperties": false,
- "properties": {
- "is_site": {
- "type": "boolean"
- },
- "uptime_tests": {
- "type": ["object", "null"]
- },
- "expire_analytics_after": {
- "type": "number"
- },
- "id": {
- "type": "string"
- },
- "org_id": {
- "type": "string"
- },
- "api_id": {
- "type": "string"
- },
- "expiration": {
- "type": "string"
- },
- "tags_disabled": {
- "type": "boolean"
- },
- "enable_ip_whitelisting": {
- "type": "boolean"
- },
- "enable_ip_blacklisting": {
- "type": "boolean"
+ "type": [
+ "object",
+ "null"
+ ],
+ "$schema": "http://json-schema.org/draft-04/schema",
+ "id": "http://jsonschema.net",
+ "additionalProperties": false,
+ "properties": {
+ "is_site": {
+ "type": "boolean"
+ },
+ "uptime_tests": {
+ "type": [
+ "object",
+ "null"
+ ]
+ },
+ "expire_analytics_after": {
+ "type": "number"
+ },
+ "id": {
+ "type": "string"
+ },
+ "org_id": {
+ "type": "string"
+ },
+ "api_id": {
+ "type": "string"
+ },
+ "expiration": {
+ "type": "string"
+ },
+ "tags_disabled": {
+ "type": "boolean"
+ },
+ "enable_ip_whitelisting": {
+ "type": "boolean"
+ },
+ "enable_ip_blacklisting": {
+ "type": "boolean"
+ },
+ "enable_context_vars": {
+ "type": "boolean"
+ },
+ "strip_auth_data": {
+ "type": "boolean"
+ },
+ "do_not_track": {
+ "type": "boolean"
+ },
+ "enable_jwt": {
+ "type": "boolean"
+ },
+ "use_openid": {
+ "type": "boolean"
+ },
+ "openid_options": {
+ "type": [
+ "object",
+ "null"
+ ]
+ },
+ "use_standard_auth": {
+ "type": "boolean"
+ },
+ "use_go_plugin_auth": {
+ "type": "boolean"
+ },
+ "enable_coprocess_auth": {
+ "type": "boolean"
+ },
+ "custom_plugin_auth_enabled": {
+ "type": "boolean"
+ },
+ "jwt_skip_kid": {
+ "type": "boolean"
+ },
+ "base_identity_provided_by": {
+ "type": "string"
+ },
+ "disable_rate_limit": {
+ "type": "boolean"
+ },
+ "disable_quota": {
+ "type": "boolean"
+ },
+ "custom_middleware_bundle": {
+ "type": "string"
+ },
+ "custom_middleware_bundle_disabled": {
+ "type": "boolean"
+ },
+ "jwt_policy_field_name": {
+ "type": "string"
+ },
+ "jwt_default_policies": {
+ "type": [
+ "array",
+ "null"
+ ]
+ },
+ "jwt_signing_method": {
+ "type": "string"
+ },
+ "jwt_source": {
+ "type": "string"
+ },
+ "jwt_identity_base_field": {
+ "type": "string"
+ },
+ "jwt_client_base_field": {
+ "type": "string"
+ },
+ "jwt_disable_issued_at_validation": {
+ "type": "boolean"
+ },
+ "jwt_disable_expires_at_validation": {
+ "type": "boolean"
+ },
+ "jwt_disable_not_before_validation": {
+ "type": "boolean"
+ },
+ "jwt_issued_at_validation_skew": {
+ "type": "number"
+ },
+ "jwt_expires_at_validation_skew": {
+ "type": "number"
+ },
+ "jwt_not_before_validation_skew": {
+ "type": "number"
+ },
+ "jwt_scope_to_policy_mapping": {
+ "type": [
+ "object",
+ "null"
+ ]
+ },
+ "jwt_scope_claim_name": {
+ "type": "string"
+ },
+ "scopes": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "jwt": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "scope_claim_name": {
+ "type": "string"
+ },
+ "scope_to_policy": {
+ "type": [
+ "object",
+ "null"
+ ]
+ }
+ }
},
- "enable_context_vars": {
- "type": "boolean"
+ "oidc": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "scope_claim_name": {
+ "type": "string"
+ },
+ "scope_to_policy": {
+ "type": [
+ "object",
+ "null"
+ ]
+ }
+ }
+ }
+ }
+ },
+ "idp_client_id_mapping_disabled": {
+ "type": "boolean"
+ },
+ "use_keyless": {
+ "type": "boolean"
+ },
+ "use_basic_auth": {
+ "type": "boolean"
+ },
+ "use_mutual_tls_auth": {
+ "type": "boolean"
+ },
+ "client_certificates": {
+ "type": [
+ "array",
+ "null"
+ ]
+ },
+ "upstream_certificates": {
+ "type": [
+ "object",
+ "null"
+ ]
+ },
+ "upstream_certificates_disabled": {
+ "type": "boolean"
+ },
+ "pinned_public_keys": {
+ "type": [
+ "object",
+ "null"
+ ]
+ },
+ "certificate_pinning_disabled": {
+ "type": "boolean"
+ },
+ "allowed_ips": {
+ "type": [
+ "array",
+ "null"
+ ]
+ },
+ "blacklisted_ips": {
+ "type": [
+ "array",
+ "null"
+ ]
+ },
+ "enable_batch_request_support": {
+ "type": "boolean"
+ },
+ "event_handlers": {
+ "type": [
+ "object",
+ "null"
+ ]
+ },
+ "notifications": {
+ "type": [
+ "object",
+ "null"
+ ]
+ },
+ "use_oauth2": {
+ "type": "boolean"
+ },
+ "oauth_meta": {
+ "type": [
+ "object",
+ "null"
+ ]
+ },
+ "external_oauth": {
+ "type": [
+ "object",
+ "null"
+ ]
+ },
+ "cache_options": {
+ "type": [
+ "object",
+ "null"
+ ]
+ },
+ "tags": {
+ "type": [
+ "array",
+ "null"
+ ]
+ },
+ "tag_headers": {
+ "type": [
+ "array",
+ "null"
+ ]
+ },
+ "basic_auth": {
+ "type": [
+ "object",
+ "null"
+ ]
+ },
+ "CORS": {
+ "type": [
+ "object",
+ "null"
+ ]
+ },
+ "response_processors": {
+ "type": [
+ "array",
+ "null"
+ ]
+ },
+ "auth_provider": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "name": {
+ "type": "string",
+ "enum": [
+ ""
+ ]
+ },
+ "storage_engine": {
+ "type": "string",
+ "enum": [
+ ""
+ ]
+ }
+ }
+ },
+ "session_provider": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "name": {
+ "type": "string",
+ "enum": [
+ ""
+ ]
+ },
+ "storage_engine": {
+ "type": "string",
+ "enum": [
+ ""
+ ]
+ }
+ }
+ },
+ "hmac_allowed_clock_skew": {
+ "type": "number"
+ },
+ "hmac_allowed_algorithms": {
+ "type": [
+ "array",
+ "null"
+ ]
+ },
+ "dont_set_quota_on_create": {
+ "type": "boolean"
+ },
+ "custom_middleware": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "pre": {
+ "type": [
+ "array",
+ "null"
+ ]
+ },
+ "post": {
+ "type": [
+ "array",
+ "null"
+ ]
+ }
+ }
+ },
+ "session_lifetime_respects_key_expiration": {
+ "type": "boolean"
+ },
+ "session_lifetime": {
+ "type": "number"
+ },
+ "enable_detailed_recording": {
+ "type": "boolean"
+ },
+ "enable_signature_checking": {
+ "type": "boolean"
+ },
+ "active": {
+ "type": "boolean"
+ },
+ "internal": {
+ "type": "boolean"
+ },
+ "auth": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "id": "http://jsonschema.net/auth",
+ "properties": {
+ "auth_header_name": {
+ "type": "string",
+ "id": "http://jsonschema.net/auth/auth_header_name"
},
- "strip_auth_data": {
+ "use_certificate": {
"type": "boolean"
+ }
+ }
+ },
+ "auth_configs": {
+ "type": [
+ "object",
+ "null"
+ ]
+ },
+ "definition": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "id": "http://jsonschema.net/definition",
+ "properties": {
+ "key": {
+ "type": "string",
+ "id": "http://jsonschema.net/definition/key"
+ },
+ "location": {
+ "type": "string",
+ "id": "http://jsonschema.net/definition/location"
+ },
+ "strip_path": {
+ "type": "boolean",
+ "id": "http://jsonschema.net/definition/location"
+ }
+ },
+ "required": [
+ "key",
+ "location"
+ ]
+ },
+ "name": {
+ "type": "string",
+ "id": "http://jsonschema.net/name"
+ },
+ "slug": {
+ "type": "string",
+ "pattern": "[a-zA-Z0-9]*",
+ "id": "http://jsonschema.net/name"
+ },
+ "domain": {
+ "type": "string"
+ },
+ "domain_disabled": {
+ "type": "boolean"
+ },
+ "listen_port": {
+ "type": "number"
+ },
+ "protocol": {
+ "type": "string"
+ },
+ "enable_proxy_protocol": {
+ "type": "boolean"
+ },
+ "certificates": {
+ "type": [
+ "array",
+ "null"
+ ]
+ },
+ "check_host_against_uptime_tests": {
+ "type": "boolean"
+ },
+ "proxy": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "id": "http://jsonschema.net/proxy",
+ "properties": {
+ "target_url": {
+ "type": "string",
+ "id": "http://jsonschema.net/proxy/target_url"
},
- "do_not_track": {
- "type": "boolean"
- },
- "enable_jwt": {
- "type": "boolean"
- },
- "use_openid": {
- "type": "boolean"
- },
- "openid_options": {
- "type": ["object", "null"]
- },
- "use_standard_auth": {
- "type": "boolean"
- },
- "use_go_plugin_auth": {
- "type": "boolean"
- },
- "enable_coprocess_auth": {
- "type": "boolean"
- },
- "custom_plugin_auth_enabled": {
- "type": "boolean"
- },
- "jwt_skip_kid": {
- "type": "boolean"
- },
- "base_identity_provided_by": {
- "type": "string"
- },
- "disable_rate_limit": {
- "type": "boolean"
- },
- "disable_quota": {
- "type": "boolean"
- },
- "custom_middleware_bundle": {
- "type": "string"
- },
- "custom_middleware_bundle_disabled": {
- "type": "boolean"
- },
- "jwt_policy_field_name": {
- "type": "string"
- },
- "jwt_default_policies": {
- "type": ["array", "null"]
- },
- "jwt_signing_method": {
- "type": "string"
- },
- "jwt_source": {
- "type": "string"
- },
- "jwt_identity_base_field": {
- "type": "string"
- },
- "jwt_client_base_field": {
- "type": "string"
- },
- "jwt_disable_issued_at_validation": {
- "type": "boolean"
- },
- "jwt_disable_expires_at_validation": {
- "type": "boolean"
- },
- "jwt_disable_not_before_validation": {
- "type": "boolean"
- },
- "jwt_issued_at_validation_skew": {
- "type": "number"
- },
- "jwt_expires_at_validation_skew": {
- "type": "number"
- },
- "jwt_not_before_validation_skew": {
- "type": "number"
- },
- "jwt_scope_to_policy_mapping": {
- "type": ["object", "null"]
- },
- "jwt_scope_claim_name": {
- "type": "string"
- },
- "scopes" : {
- "type":["object", "null"],
- "properties": {
- "jwt": {
- "type":["object", "null"],
- "properties" : {
- "scope_claim_name": {
- "type": "string"
- },
- "scope_to_policy": {
- "type":["object", "null"]
- }
- }
- },
- "oidc": {
- "type":["object", "null"],
- "properties" : {
- "scope_claim_name": {
- "type": "string"
- },
- "scope_to_policy": {
- "type":["object", "null"]
- }
- }
- }
- }
- },
- "idp_client_id_mapping_disabled": {
- "type": "boolean"
- },
- "use_keyless": {
- "type": "boolean"
- },
- "use_basic_auth": {
- "type": "boolean"
- },
- "use_mutual_tls_auth": {
- "type": "boolean"
- },
- "client_certificates": {
- "type": ["array", "null"]
- },
- "upstream_certificates": {
- "type": ["object", "null"]
- },
- "upstream_certificates_disabled": {
- "type": "boolean"
- },
- "pinned_public_keys": {
- "type": ["object", "null"]
- },
- "certificate_pinning_disabled": {
- "type": "boolean"
- },
- "allowed_ips": {
- "type": ["array", "null"]
- },
- "blacklisted_ips": {
- "type": ["array", "null"]
- },
- "enable_batch_request_support": {
- "type": "boolean"
- },
- "event_handlers": {
- "type":["object", "null"]
- },
- "notifications": {
- "type":["object", "null"]
- },
- "use_oauth2": {
- "type": "boolean"
- },
- "oauth_meta": {
- "type":["object", "null"]
- },
- "external_oauth": {
- "type":["object", "null"]
- },
- "cache_options": {
- "type":["object", "null"]
- },
- "tags": {
- "type": ["array", "null"]
- },
- "tag_headers": {
- "type": ["array", "null"]
- },
- "basic_auth": {
- "type": ["object", "null"]
- },
- "CORS": {
- "type":["object", "null"]
+ "check_host_against_uptime_tests": {
+ "type": "boolean"
},
- "response_processors": {
- "type": ["array", "null"]
+ "preserve_host_header": {
+ "type": "boolean"
},
- "auth_provider": {
- "type":["object", "null"],
- "properties": {
- "name": {
- "type": "string",
- "enum": [""]
- },
- "storage_engine": {
- "type": "string",
- "enum": [""]
- }
+ "transport": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "ssl_ciphers": {
+ "type": [
+ "array",
+ "null"
+ ]
+ },
+ "ssl_min_version": {
+ "type": "number"
+ },
+ "ssl_max_version": {
+ "type": "number"
+ },
+ "proxy_url": {
+ "type": "string"
+ },
+ "ssl_force_common_name_check": {
+ "type": "boolean"
}
- },
- "session_provider": {
- "type":["object", "null"],
- "properties": {
+ }
+ }
+ },
+ "required": [
+ "target_url"
+ ]
+ },
+ "hook_references": {
+ "type": [
+ "object",
+ "null"
+ ]
+ },
+ "version_data": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "id": "http://jsonschema.net/version_data",
+ "properties": {
+ "not_versioned": {
+ "type": "boolean",
+ "id": "http://jsonschema.net/version_data/not_versioned"
+ },
+ "default_version": {
+ "type": "string",
+ "id": "http://jsonschema.net/version_data/default_version"
+ },
+ "versions": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "id": "http://jsonschema.net/version_data/versions",
+ "patternProperties": {
+ "^[a-zA-Z0-9]+$": {
+ "title": "versionInfoProperty",
+ "type": [
+ "object",
+ "null"
+ ],
+ "id": "http://jsonschema.net/access_rights/versionInfoProperty",
+ "properties": {
+ "expires": {
+ "type": "string",
+ "id": "http://jsonschema.net/version_data/versions/versionInfoProperty/expires"
+ },
"name": {
- "type": "string",
- "enum": [""]
+ "type": "string",
+ "id": "http://jsonschema.net/version_data/versions/versionInfoProperty/name"
},
- "storage_engine": {
- "type": "string",
- "enum": [""]
+ "paths": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "id": "http://jsonschema.net/version_data/versions/versionInfoProperty/paths",
+ "properties": {
+ "black_list": {
+ "type": [
+ "array",
+ "null"
+ ],
+ "id": "http://jsonschema.net/version_data/versions/versionInfoProperty/paths/black_list"
+ },
+ "ignored": {
+ "type": [
+ "array",
+ "null"
+ ],
+ "id": "http://jsonschema.net/version_data/versions/versionInfoProperty/paths/ignored"
+ },
+ "white_list": {
+ "type": [
+ "array",
+ "null"
+ ],
+ "id": "http://jsonschema.net/version_data/versions/versionInfoProperty/paths/white_list"
+ }
+ }
}
+ },
+ "required": [
+ "name"
+ ]
}
+ }
+ }
+ },
+ "required": [
+ "not_versioned",
+ "versions"
+ ]
+ },
+ "config_data": {
+ "type": [
+ "object",
+ "null"
+ ]
+ },
+ "config_data_disabled": {
+ "type": "boolean"
+ },
+ "global_rate_limit": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "rate": {
+ "type": "number"
+ },
+ "per": {
+ "type": "number"
+ }
+ }
+ },
+ "request_signing": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "is_enabled": {
+ "type": "boolean"
},
- "hmac_allowed_clock_skew": {
- "type": "number"
+ "secret": {
+ "type": "string"
},
- "hmac_allowed_algorithms": {
- "type": ["array", "null"]
+ "key_id": {
+ "type": "string"
+ },
+ "algorithm": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "is_enabled"
+ ]
+ },
+ "graphql": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "enabled": {
+ "type": "boolean"
},
- "dont_set_quota_on_create": {
- "type": "boolean"
+ "version": {
+ "type": "string"
+ },
+ "execution_mode": {
+ "type": "string",
+ "enum": [
+ "proxyOnly",
+ "executionEngine",
+ "subgraph",
+ "supergraph",
+ ""
+ ]
+ },
+ "schema": {
+ "type": "string"
+ },
+ "last_schema_update": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "type_field_configurations": {
+ "type": [
+ "array",
+ "null"
+ ],
+ "properties": {
+ "type_name": {
+ "type": "string"
+ },
+ "field_name": {
+ "type": "string"
},
- "custom_middleware": {
- "type":["object", "null"],
- "properties": {
- "pre": {
- "type": ["array", "null"]
+ "mapping": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "disabled": {
+ "type": "boolean"
},
- "post": {
- "type": ["array", "null"]
+ "path": {
+ "type": "string"
}
- }
- },
- "session_lifetime_respects_key_expiration": {
- "type": "boolean"
- },
- "session_lifetime": {
- "type": "number"
- },
- "enable_detailed_recording": {
- "type": "boolean"
- },
- "enable_signature_checking": {
- "type": "boolean"
- },
- "active": {
- "type": "boolean"
- },
- "internal": {
- "type": "boolean"
- },
- "auth": {
- "type": ["object", "null"],
- "id": "http://jsonschema.net/auth",
- "properties": {
- "auth_header_name": {
- "type": "string",
- "id": "http://jsonschema.net/auth/auth_header_name"
+ },
+ "required": [
+ "disabled"
+ ]
+ },
+ "data_source": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "kind": {
+ "type": "boolean"
},
- "use_certificate": {
- "type": "boolean"
+ "data_source_config": {
+ "type": [
+ "object",
+ "null"
+ ]
}
+ },
+ "required": [
+ "kind"
+ ]
}
- },
- "auth_configs":{
- "type": ["object", "null"]
- },
- "definition": {
- "type": ["object", "null"],
- "id": "http://jsonschema.net/definition",
- "properties": {
- "key": {
- "type": "string",
- "id": "http://jsonschema.net/definition/key"
+ },
+ "required": [
+ "type_name",
+ "field_name"
+ ]
+ },
+ "engine": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "field_configs": {
+ "type": [
+ "array",
+ "null"
+ ],
+ "properties": {
+ "type_name": {
+ "type": "string"
},
- "location": {
- "type": "string",
- "id": "http://jsonschema.net/definition/location"
+ "field_name": {
+ "type": "string"
},
- "strip_path": {
- "type": "boolean",
- "id": "http://jsonschema.net/definition/location"
+ "disable_default_mapping": {
+ "type": "boolean"
+ },
+ "path": {
+ "type": [
+ "array",
+ "null"
+ ]
}
+ }
},
- "required": [
- "key",
- "location"
- ]
- },
- "name": {
- "type": "string",
- "id": "http://jsonschema.net/name"
- },
- "slug": {
- "type": "string",
- "pattern": "[a-zA-Z0-9]*",
- "id": "http://jsonschema.net/name"
- },
- "domain": {
- "type": "string"
- },
- "domain_disabled": {
- "type": "boolean"
- },
- "listen_port": {
- "type": "number"
- },
- "protocol": {
- "type": "string"
- },
- "enable_proxy_protocol": {
- "type": "boolean"
- },
- "certificates": {
- "type": ["array", "null"]
- },
- "check_host_against_uptime_tests": {
- "type": "boolean"
- },
- "proxy": {
- "type": ["object", "null"],
- "id": "http://jsonschema.net/proxy",
- "properties": {
- "target_url": {
- "type": "string",
- "id": "http://jsonschema.net/proxy/target_url"
+ "data_sources": {
+ "type": [
+ "array",
+ "null"
+ ],
+ "properties": {
+ "kind": {
+ "type": "string",
+ "enum": [
+ "REST",
+ "GraphQL",
+ ""
+ ]
},
- "check_host_against_uptime_tests": {
- "type": "boolean"
+ "name": {
+ "type": "string"
},
- "preserve_host_header": {
- "type": "boolean"
+ "internal": {
+ "type": "boolean"
},
- "transport": {
- "type": ["object", "null"],
- "properties": {
- "ssl_ciphers": {
- "type": ["array", "null"]
- },
- "ssl_min_version": {
- "type": "number"
- },
- "ssl_max_version": {
- "type": "number"
- },
- "proxy_url": {
- "type": "string"
- },
- "ssl_force_common_name_check": {
- "type": "boolean"
- }
+ "root_fields": {
+ "type": [
+ "array",
+ "null"
+ ],
+ "properties": {
+ "type": {
+ "type": "string"
+ },
+ "fields": {
+ "type": [
+ "array",
+ "null"
+ ]
}
- }
- },
- "required": [
- "target_url"
- ]
- },
- "hook_references": {
- "type": ["object", "null"]
- },
- "version_data": {
- "type": ["object", "null"],
- "id": "http://jsonschema.net/version_data",
- "properties": {
- "not_versioned": {
- "type": "boolean",
- "id": "http://jsonschema.net/version_data/not_versioned"
+ }
},
- "default_version":{
- "type": "string",
- "id": "http://jsonschema.net/version_data/default_version"
- },
- "versions": {
- "type": ["object", "null"],
- "id": "http://jsonschema.net/version_data/versions",
- "patternProperties": {
- "^[a-zA-Z0-9]+$": {
- "title": "versionInfoProperty",
- "type": ["object", "null"],
- "id": "http://jsonschema.net/access_rights/versionInfoProperty",
- "properties": {
- "expires": {
- "type": "string",
- "id": "http://jsonschema.net/version_data/versions/versionInfoProperty/expires"
- },
- "name": {
- "type": "string",
- "id": "http://jsonschema.net/version_data/versions/versionInfoProperty/name"
- },
- "paths": {
- "type": ["object", "null"],
- "id": "http://jsonschema.net/version_data/versions/versionInfoProperty/paths",
- "properties": {
- "black_list": {
- "type": ["array", "null"],
- "id": "http://jsonschema.net/version_data/versions/versionInfoProperty/paths/black_list"
- },
- "ignored": {
- "type": ["array", "null"],
- "id": "http://jsonschema.net/version_data/versions/versionInfoProperty/paths/ignored"
- },
- "white_list": {
- "type": ["array", "null"],
- "id": "http://jsonschema.net/version_data/versions/versionInfoProperty/paths/white_list"
- }
- }
- }
- },
- "required": [
- "name"
- ]
- }
- }
+ "config": {
+ "type": [
+ "object",
+ "null"
+ ]
}
+ },
+ "required": [
+ "kind"
+ ]
},
- "required": [
- "not_versioned",
- "versions"
- ]
- },
- "config_data": {
- "type": ["object", "null"]
- },
- "config_data_disabled": {
- "type": "boolean"
- },
- "global_rate_limit": {
- "type": ["object", "null"],
- "properties": {
- "rate": {
- "type": "number"
+ "global_headers": {
+ "type": [
+ "array",
+ "null"
+ ],
+ "properties": {
+ "key": {
+ "type": "string"
},
- "per": {
- "type": "number"
+ "value": {
+ "type": "string"
}
+ },
+ "required": [
+ "key",
+ "value"
+ ]
}
+ }
},
- "request_signing": {
- "type": ["object", "null"],
- "properties": {
- "is_enabled": {
+ "proxy": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "features": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "use_immutable_headers": {
+ "type": "boolean"
+ }
+ }
+ },
+ "auth_headers": {
+ "type": [
+ "object",
+ "null"
+ ]
+ },
+ "request_headers_rewrite": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "additionalProperties": {
+ "type": "object",
+ "properties": {
+ "value": {
+ "type": "string"
+ },
+ "remove": {
"type": "boolean"
+ }
},
- "secret": {
- "type": "string"
+ "required": [
+ "value",
+ "remove"
+ ]
+ }
+ }
+ }
+ },
+ "subgraph": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "sdl": {
+ "type": "string"
+ }
+ }
+ },
+ "supergraph": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "updated_at": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "disable_query_batching": {
+ "type": "boolean"
+ },
+ "subgraphs": {
+ "type": [
+ "array",
+ "null"
+ ],
+ "properties": {
+ "api_id": {
+ "type": "string"
},
- "key_id": {
- "type": "string"
+ "name": {
+ "type": "string"
},
- "algorithm": {
- "type": "string"
+ "url": {
+ "type": "string"
+ },
+ "sdl": {
+ "type": "string"
+ },
+ "headers": {
+ "type": [
+ "object",
+ "null"
+ ]
}
+ }
+ },
+ "global_headers": {
+ "type": [
+ "object",
+ "null"
+ ]
+ },
+ "merged_sdl": {
+ "type": "string"
+ }
+ }
+ },
+ "introspection": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "disabled": {
+ "type": "boolean"
+ }
+ }
+ },
+ "playground": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "path": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "enabled"
+ ]
+ }
+ },
+ "required": [
+ "enabled"
+ ]
+ },
+ "analytics_plugin": {
+ "type": [
+ "object",
+ "null"
+ ],
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "plugin_path": {
+ "type": "string"
+ },
+ "func_name": {
+ "type": "string"
+ }
+ }
+ },
+ "is_oas": {
+ "type": "boolean"
+ },
+ "detailed_tracing": {
+ "type": "boolean"
+ },
+ "upstream_auth": {
+ "type": "object",
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "basic_auth": {
+ "type": "object",
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "username": {
+ "type": "string"
},
- "required": [
- "is_enabled"
- ]
+ "password": {
+ "type": "string"
+ },
+ "header_name": {
+ "type": "string"
+ }
+ }
},
- "graphql": {
- "type": ["object", "null"],
- "properties": {
+ "oauth": {
+ "type": "object",
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "client_credentials": {
+ "type": "object",
+ "properties": {
"enabled": {
- "type": "boolean"
+ "type": "boolean"
},
- "version": {
- "type": "string"
+ "client_id": {
+ "type": "string"
},
- "execution_mode": {
- "type": "string",
- "enum": [
- "proxyOnly",
- "executionEngine",
- "subgraph",
- "supergraph",
- ""
- ]
+ "client_secret": {
+ "type": "string"
},
- "schema": {
- "type": "string"
+ "token_url": {
+ "type": "string"
},
- "last_schema_update": {
- "type": "string",
- "format": "date-time"
+ "scopes": {
+ "type": [
+ "array",
+ "null"
+ ]
},
- "type_field_configurations": {
- "type": ["array", "null"],
- "properties": {
- "type_name": {
- "type": "string"
- },
- "field_name": {
- "type": "string"
- },
- "mapping": {
- "type": ["object", "null"],
- "properties": {
- "disabled": {
- "type": "boolean"
- },
- "path": {
- "type": "string"
- }
- },
- "required": [
- "disabled"
- ]
- },
- "data_source": {
- "type": ["object", "null"],
- "properties": {
- "kind": {
- "type": "boolean"
- },
- "data_source_config": {
- "type": ["object", "null"]
- }
- },
- "required": [
- "kind"
- ]
- }
+ "header": {
+ "type": "object",
+ "properties": {
+ "enabled": {
+ "type": "boolean"
},
- "required": [
- "type_name",
- "field_name"
- ]
- },
- "engine": {
- "type": ["object", "null"],
- "properties": {
- "field_configs": {
- "type": ["array", "null"],
- "properties": {
- "type_name": {
- "type": "string"
- },
- "field_name": {
- "type": "string"
- },
- "disable_default_mapping": {
- "type": "boolean"
- },
- "path": {
- "type": ["array", "null"]
- }
- }
- },
- "data_sources": {
- "type": ["array", "null"],
- "properties": {
- "kind": {
- "type": "string",
- "enum": [
- "REST",
- "GraphQL",
- ""
- ]
- },
- "name": {
- "type": "string"
- },
- "internal": {
- "type": "boolean"
- },
- "root_fields": {
- "type": ["array", "null"],
- "properties": {
- "type": {
- "type": "string"
- },
- "fields": {
- "type": ["array", "null"]
- }
- }
- },
- "config": {
- "type": ["object", "null"]
- }
- },
- "required": [
- "kind"
- ]
- },
- "global_headers": {
- "type": [
- "array",
- "null"
- ],
- "properties": {
- "key": {
- "type": "string"
- },
- "value": {
- "type": "string"
- }
- },
- "required": [
- "key",
- "value"
- ]
- }
+ "name": {
+ "type": "string"
}
+ },
+ "required": [
+ "enabled"
+ ]
+ }
+ },
+ "required": [
+ "enabled",
+ "client_id",
+ "client_secret",
+ "token_url"
+ ]
+ },
+ "password_authentication": {
+ "type": "object",
+ "properties": {
+ "enabled": {
+ "type": "boolean"
},
- "proxy": {
- "type": ["object", "null"],
- "properties": {
- "features": {
- "type": ["object", "null"],
- "properties": {
- "use_immutable_headers": {
- "type": "boolean"
- }
- }
- },
- "auth_headers": {
- "type": ["object", "null"]
- },
- "request_headers_rewrite": {
- "type": ["object", "null"],
- "additionalProperties": {
- "type": "object",
- "properties": {
- "value": {
- "type": "string"
- },
- "remove": {
- "type": "boolean"
- }
- },
- "required": ["value", "remove"]
- }
- }
- }
+ "client_id": {
+ "type": "string"
},
- "subgraph": {
- "type": ["object", "null"],
- "properties": {
- "sdl": {
- "type": "string"
- }
- }
+ "client_secret": {
+ "type": "string"
},
- "supergraph": {
- "type": ["object", "null"],
- "properties": {
- "updated_at": {
- "type": "string",
- "format": "date-time"
- },
- "disable_query_batching": {
- "type": "boolean"
- },
- "subgraphs": {
- "type": ["array", "null"],
- "properties": {
- "api_id": {
- "type": "string"
- },
- "name": {
- "type": "string"
- },
- "url": {
- "type": "string"
- },
- "sdl": {
- "type": "string"
- },
- "headers": {
- "type": ["object", "null"]
- }
- }
- },
- "global_headers": {
- "type": ["object", "null"]
- },
- "merged_sdl": {
- "type": "string"
- }
- }
+ "username": {
+ "type": "string"
},
- "introspection": {
- "type": ["object", "null"],
- "properties": {
- "disabled": {
- "type": "boolean"
- }
- }
+ "password": {
+ "type": "string"
},
- "playground": {
- "type": ["object", "null"],
- "properties": {
- "enabled": {
- "type": "boolean"
- },
- "path": {
- "type": "string"
- }
- },
- "required": [
- "enabled"
- ]
- }
- },
- "required": [
- "enabled"
- ]
- },
- "analytics_plugin": {
- "type": ["object", "null"],
- "properties": {
- "enabled": {
- "type": "boolean"
+ "token_url": {
+ "type": "string"
},
- "plugin_path": {
- "type": "string"
+ "scopes": {
+ "type": [
+ "array",
+ "null"
+ ]
},
- "func_name": {
- "type": "string"
+ "header": {
+ "type": "object",
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "name": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "enabled"
+ ]
}
+ },
+ "required": [
+ "enabled",
+ "client_id",
+ "client_secret",
+ "token_url",
+ "username",
+ "password"
+ ]
}
- },
- "is_oas": {
- "type": "boolean"
- },
- "detailed_tracing": {
- "type": "boolean"
- },
- "upstream_auth": {
- "type": "object",
- "properties": {
- "enabled": {
- "type": "boolean"
- },
- "basic_auth": {
- "type": "object",
- "properties": {
- "enabled": {
- "type": "boolean"
- },
- "username": {
- "type": "string"
- },
- "password": {
- "type": "string"
- },
- "header_name": {
- "type": "string"
- }
- }
- },
- "oauth": {
- "type":"object",
- "properties": {
- "enabled": {
- "type": "boolean"
- },
- "client_credentials": {
- "type": "object",
- "properties": {
- "enabled": {
- "type": "boolean"
- },
- "client_id": {
- "type": "string"
- },
- "client_secret": {
- "type": "string"
- },
- "token_url": {
- "type": "string"
- },
- "scopes":{
- "type": ["array", "null"]
- },
- "header_name": {
- "type": "string"
- }
- }
- },
- "password_authentication": {
- "type": "object",
- "properties": {
- "enabled": {
- "type": "boolean"
- },
- "client_id": {
- "type": "string"
- },
- "client_secret": {
- "type": "string"
- },
- "username": {
- "type": "string"
- },
- "password": {
- "type": "string"
- },
- "token_url": {
- "type": "string"
- },
- "scopes": {
- "type": ["array", "null"]
- },
- "header_name": {
- "type": "string"
- }
- }
- }
- }
- }
- }
- }
- }
- },
- "required": [
- "name",
- "proxy",
- "version_data"
- ]
-}`
+ }
+ }
+ }
+ }
+ },
+ "required": [
+ "name",
+ "proxy",
+ "version_data"
+ ]
+}
+`
VARIABLES
@@ -1185,6 +1457,20 @@
Meta map[string]interface{} `bson:"meta" json:"meta"`
}
+type AuthSource struct {
+ // Enabled enables the auth source.
+ Enabled bool `bson:"enabled" json:"enabled"`
+ // Name specifies the key to be used in the auth source.
+ Name string `bson:"name" json:"name"`
+}
+ AuthSource is a common type to be used for auth configurations.
+
+func (a AuthSource) AuthKeyName() string
+ AuthKeyName returns the key name to be used for the auth source.
+
+func (a AuthSource) IsEnabled() bool
+ IsEnabled returns the enabled status of the auth source.
+
type AuthTypeEnum string
type BundleManifest struct {
@@ -1251,6 +1537,8 @@
type ClientCredentials struct {
ClientAuthData
+ // Header holds the configuration for the custom header to be used for OAuth authentication.
+ Header AuthSource `bson:"header" json:"header"`
// Enabled activates upstream OAuth2 client credentials authentication.
Enabled bool `bson:"enabled" json:"enabled"`
// TokenURL is the resource server's token endpoint
@@ -1258,9 +1546,6 @@
TokenURL string `bson:"token_url" json:"token_url"`
// Scopes specifies optional requested permissions.
Scopes []string `bson:"scopes" json:"scopes,omitempty"`
- // HeaderName is the custom header name to be used for OAuth client credential flow authentication.
- // Defaults to `Authorization`.
- HeaderName string `bson:"header_name" json:"header_name"`
// TokenProvider is the OAuth2 token provider for internal use.
TokenProvider oauth2.TokenSource `bson:"-" json:"-"`
@@ -1760,8 +2045,8 @@
type PasswordAuthentication struct {
ClientAuthData
- // Enabled activates upstream OAuth2 password authentication.
- Enabled bool `bson:"enabled" json:"enabled"`
+ // Header holds the configuration for the custom header to be used for OAuth authentication.
+ Header AuthSource `bson:"header" json:"header"`
// Username is the username to be used for upstream OAuth2 password authentication.
Username string `bson:"username" json:"username"`
// Password is the password to be used for upstream OAuth2 password authentication.
@@ -1771,9 +2056,6 @@
TokenURL string `bson:"token_url" json:"token_url"`
// Scopes specifies optional requested permissions.
Scopes []string `bson:"scopes" json:"scopes,omitempty"`
- // HeaderName is the custom header name to be used for OAuth password authentication flow.
- // Defaults to `Authorization`.
- HeaderName string `bson:"header_name" json:"header_name"`
// TokenProvider is the OAuth2 password authentication flow token for internal use.
Token *oauth2.Token `bson:"-" json:"-"`
@@ -2141,6 +2423,8 @@
type UpstreamOAuth struct {
// Enabled enables upstream OAuth2 authentication.
Enabled bool `bson:"enabled" json:"enabled"`
+ // AllowedAuthorizeTypes specifies the allowed authorization types for upstream OAuth2 authentication.
+ AllowedAuthorizeTypes []string `bson:"allowed_authorize_types" json:"allowed_authorize_types"`
// ClientCredentials holds the client credentials for upstream OAuth2 authentication.
ClientCredentials ClientCredentials `bson:"client_credentials" json:"client_credentials"`
// PasswordAuthentication holds the configuration for upstream OAauth password authentication flow.
@@ -3193,16 +3477,13 @@
type ClientCredentials struct {
ClientAuthData
- // Enabled activates upstream OAuth2 client credentials authentication.
- Enabled bool `bson:"enabled" json:"enabled"`
+ // Header holds the configuration for the custom header to be used for OAuth authentication.
+ Header *AuthSource `bson:"header" json:"header"`
// TokenURL is the resource server's token endpoint
// URL. This is a constant specific to each server.
- TokenURL string `bson:"tokenURL" json:"tokenURL"`
+ TokenURL string `bson:"tokenUrl" json:"tokenUrl"`
// Scopes specifies optional requested permissions.
Scopes []string `bson:"scopes,omitempty" json:"scopes,omitempty"`
- // HeaderName is the custom header name to be used for OAuth client credential flow authentication.
- // Defaults to `Authorization`.
- HeaderName string `bson:"headerName" json:"headerName"`
}
ClientCredentials holds the configuration for OAuth2 Client Credentials
flow.
@@ -4109,20 +4390,17 @@
type PasswordAuthentication struct {
ClientAuthData
- // Enabled activates upstream OAuth2 password authentication.
- Enabled bool `bson:"enabled" json:"enabled"`
+ // Header holds the configuration for the custom header to be used for OAuth authentication.
+ Header *AuthSource `bson:"header" json:"header"`
// Username is the username to be used for upstream OAuth2 password authentication.
Username string `bson:"username" json:"username"`
// Password is the password to be used for upstream OAuth2 password authentication.
Password string `bson:"password" json:"password"`
// TokenURL is the resource server's token endpoint
// URL. This is a constant specific to each server.
- TokenURL string `bson:"tokenURL" json:"tokenURL"`
+ TokenURL string `bson:"tokenUrl" json:"tokenUrl"`
// Scopes specifies optional requested permissions.
Scopes []string `bson:"scopes" json:"scopes,omitempty"`
- // HeaderName is the custom header name to be used for OAuth password authentication flow.
- // Defaults to `Authorization`.
- HeaderName string `bson:"headerName" json:"headerName"`
}
PasswordAuthentication holds the configuration for upstream OAuth2 password
authentication flow.
@@ -4984,6 +5262,8 @@
type UpstreamOAuth struct {
// Enabled activates upstream OAuth2 authentication.
Enabled bool `bson:"enabled" json:"enabled"`
+ // AllowedAuthorizeTypes specifies the allowed authorization types for upstream OAuth2 authentication.
+ AllowedAuthorizeTypes []string `bson:"allowedAuthorizeTypes" json:"allowedAuthorizeTypes"`
// ClientCredentials holds the configuration for OAuth2 Client Credentials flow.
ClientCredentials *ClientCredentials `bson:"clientCredentials,omitempty" json:"clientCredentials,omitempty"`
// PasswordAuthentication holds the configuration for upstream OAauth password authentication flow.
@@ -8032,8 +8312,10 @@
ECDSASign = "ecdsa"
)
const (
- UpstreamOAuthErrorEventName = "UpstreamOAuthError"
- UpstreamOAuthMiddlewareName = "UpstreamOAuth"
+ UpstreamOAuthErrorEventName = "UpstreamOAuthError"
+ UpstreamOAuthMiddlewareName = "UpstreamOAuth"
+ ClientCredentialsAuthorizeType = "clientCredentials"
+ PasswordAuthorizeType = "password"
)
const (
ErrOAuthAuthorizationFieldMissing = "oauth.auth_field_missing"
Failed conditions
0.0% Coverage on New Code (required ≥ 80%)
TT-13185
Description
Modified the spec of the upstream OAS to align with new contract.
Related Issue
Motivation and Context
How This Has Been Tested
Screenshots (if appropriate)
Types of changes
Checklist