[TT-13186/TT-13199] implement upstream basic authentication #6596
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jeffy-mathew
force-pushed
the
feat/TT-13186/upstream-basic-auth
branch
from
c4dfd99 to
808b3b9
Compare
|
I'm a bot and I 👍 this PR title. 🤖 |
1 similar comment
|
I'm a bot and I 👍 this PR title. 🤖 |
PR Reviewer Guide 🔍Here are some key observations to aid the review process:
|
|
API Changes --- prev.txt 2024-10-08 14:24:52.604678118 +0000
+++ current.txt 2024-10-08 14:24:46.760731659 +0000
@@ -853,7 +853,32 @@
},
"detailed_tracing": {
"type": "boolean"
- }
+ },
+ "upstream_auth": {
+ "type": "object",
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "basic_auth": {
+ "type": "object",
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "username": {
+ "type": "string"
+ },
+ "password": {
+ "type": "string"
+ },
+ "header_name": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ }
},
"required": [
"name",
@@ -1034,6 +1059,9 @@
VersionName string `bson:"-" json:"-"`
DetailedTracing bool `bson:"detailed_tracing" json:"detailed_tracing"`
+
+ // UpstreamAuth stores information about authenticating against upstream.
+ UpstreamAuth UpstreamAuth `bson:"upstream_auth" json:"upstream_auth"`
}
APIDefinition represents the configuration for a single proxied API and it's
versions.
@@ -1959,6 +1987,31 @@
MatchRegexp *regexp.Regexp `json:"-"`
}
+type UpstreamAuth struct {
+ // Enabled enables upstream API authentication.
+ Enabled bool `bson:"enabled" json:"enabled"`
+ // BasicAuth holds the basic authentication configuration for upstream API authentication.
+ BasicAuth UpstreamBasicAuth `bson:"basic_auth" json:"basic_auth"`
+}
+ UpstreamAuth holds the configurations related to upstream API
+ authentication.
+
+func (u *UpstreamAuth) IsEnabled() bool
+ IsEnabled checks if UpstreamAuthentication is enabled for the API.
+
+type UpstreamBasicAuth struct {
+ // Enabled enables upstream basic authentication.
+ Enabled bool `bson:"enabled" json:"enabled,omitempty"`
+ // Username is the username to be used for upstream basic authentication.
+ Username string `bson:"username" json:"username"`
+ // Password is the password to be used for upstream basic authentication.
+ Password string `bson:"password" json:"password"`
+ // HeaderName is the custom header name to be used for upstream basic authentication.
+ // Defaults to `Authorization`.
+ HeaderName string `bson:"header_name" json:"header_name"`
+}
+ UpstreamBasicAuth holds upstream basic authentication configuration.
+
type UptimeTests struct {
CheckList []HostCheckObject `bson:"check_list" json:"check_list"`
Config UptimeTestsConfig `bson:"config" json:"config"`
@@ -4682,6 +4735,9 @@
// RateLimit contains the configuration related to API level rate limit.
RateLimit *RateLimit `bson:"rateLimit,omitempty" json:"rateLimit,omitempty"`
+
+ // Authentication contains the configuration related to upstream authentication.
+ Authentication *UpstreamAuth `bson:"authentication,omitempty" json:"authentication,omitempty"`
}
Upstream holds configuration for the upstream server to which Tyk should
proxy requests.
@@ -4692,6 +4748,40 @@
func (u *Upstream) Fill(api apidef.APIDefinition)
Fill fills *Upstream from apidef.APIDefinition.
+type UpstreamAuth struct {
+ // Enabled enables upstream API authentication.
+ Enabled bool `bson:"enabled" json:"enabled"`
+ // BasicAuth holds the basic authentication configuration for upstream API authentication.
+ BasicAuth *UpstreamBasicAuth `bson:"basicAuth,omitempty" json:"basicAuth,omitempty"`
+}
+ UpstreamAuth holds the configurations related to upstream API
+ authentication.
+
+func (u *UpstreamAuth) ExtractTo(api *apidef.UpstreamAuth)
+ ExtractTo extracts *UpstreamAuth into *apidef.UpstreamAuth.
+
+func (u *UpstreamAuth) Fill(api apidef.UpstreamAuth)
+ Fill fills *UpstreamAuth from apidef.UpstreamAuth.
+
+type UpstreamBasicAuth struct {
+ // Enabled enables upstream basic authentication.
+ Enabled bool `bson:"enabled" json:"enabled"`
+ // HeaderName is the custom header name to be used for upstream basic authentication.
+ // Defaults to `Authorization`.
+ HeaderName string `bson:"headerName" json:"headerName"`
+ // Username is the username to be used for upstream basic authentication.
+ Username string `bson:"username" json:"username"`
+ // Password is the password to be used for upstream basic authentication.
+ Password string `bson:"password" json:"password"`
+}
+ UpstreamBasicAuth holds upstream basic authentication configuration.
+
+func (u *UpstreamBasicAuth) ExtractTo(api *apidef.UpstreamBasicAuth)
+ ExtractTo extracts *UpstreamBasicAuth into *apidef.UpstreamBasicAuth.
+
+func (u *UpstreamBasicAuth) Fill(api apidef.UpstreamBasicAuth)
+ Fill fills *UpstreamBasicAuth from apidef.UpstreamBasicAuth.
+
type ValidateRequest struct {
// Enabled is a boolean flag, if set to `true`, it enables request validation.
Enabled bool `bson:"enabled" json:"enabled"`
@@ -10713,6 +10803,34 @@
Enums representing the various statuses for a VersionInfo Path match during
a proxy request
+type UpstreamBasicAuth struct {
+ *BaseMiddleware
+}
+ UpstreamBasicAuth is a middleware that will do basic authentication for
+ upstream connections. UpstreamBasicAuth middleware is only supported in Tyk
+ OAS API definitions.
+
+func (t *UpstreamBasicAuth) EnabledForSpec() bool
+ EnabledForSpec returns true if the middleware is enabled based on API Spec.
+
+func (t *UpstreamBasicAuth) Name() string
+ Name returns the name of middleware.
+
+func (t *UpstreamBasicAuth) ProcessRequest(_ http.ResponseWriter, r *http.Request, _ interface{}) (error, int)
+ ProcessRequest will inject basic auth info into request context so that it
+ can be used during reverse proxy.
+
+type UpstreamBasicAuthProvider struct {
+ // HeaderName is the header name to be used to fill upstream auth with.
+ HeaderName string
+ // AuthValue is the value of auth header.
+ AuthValue string
+}
+ UpstreamBasicAuthProvider implements upstream auth provider.
+
+func (u UpstreamBasicAuthProvider) Fill(r *http.Request)
+ Fill sets the request's HeaderName with AuthValue
+
type UptimeReportData struct {
URL string
RequestTime int64
@@ -12213,6 +12331,8 @@
ControlRequest bool `json:",omitempty"`
}
+type TestCases []TestCase
+
type TransportOption func(*http.Transport)
Options for populating a http.Transport
|
PR Code Suggestions ✨Explore these optional code suggestions:
|
jeffy-mathew
force-pushed
the
feat/TT-13186/upstream-basic-auth
branch
from
869dbd1 to
5e1f483
Compare
|
API integration tests are passing locally. |
titpetric
reviewed
Oct 8, 2024
titpetric
reviewed
Oct 8, 2024
titpetric
reviewed
Oct 8, 2024
titpetric
reviewed
Oct 8, 2024
titpetric
reviewed
Oct 8, 2024
titpetric
reviewed
Oct 8, 2024
internal/ctxutil/ctx_test.go
Outdated
| return req | ||
| } | ||
|
|
||
| type mockUpstreamAuthProvider struct{} |
There was a problem hiding this comment.
This shouldn't live here. If it's an accessible mock object, it shouldn't be declared in tests, should be importable by tests code;
Similar RPC mock exists under model, also the interface for the filler could be in model/ too (same location). Suggest moving this and the interface for it to model
titpetric
reviewed
Oct 8, 2024
titpetric
reviewed
Oct 8, 2024
jeffy-mathew
force-pushed
the
feat/TT-13186/upstream-basic-auth
branch
from
5b82e5c to
a63094b
Compare
titpetric
reviewed
Oct 8, 2024
titpetric
reviewed
Oct 8, 2024
titpetric
approved these changes
Oct 8, 2024
|
Closed
7 tasks
titpetric
pushed a commit
that referenced
this pull request
Oct 9, 2024
### **User description** <details open> <summary><a href="https://tyktech.atlassian.net/browse/TT-13199" title="TT-13199" target="_blank">TT-13199</a></summary> <br /> <table> <tr> <th>Summary</th> <td>Implement upstream basic authentication as a gateway middleware</td> </tr> <tr> <th>Type</th> <td> <img alt="Sub-task" src="https://tyktech.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10316?size=medium" /> Sub-task </td> </tr> <tr> <th>Status</th> <td>In Dev</td> </tr> <tr> <th>Points</th> <td>N/A</td> </tr> <tr> <th>Labels</th> <td>-</td> </tr> </table> </details> <!-- do not remove this marker as it will break jira-lint's functionality. added_by_jira_lint --> --- <!-- Provide a general summary of your changes in the Title above --> ## Description Implement upstream basic authentication as a middleware. Now users can configure upstream authentication using basic auth in - `upstream_auth.basic_auth` in Tyk classic API def. - `upstream.authentication.basicAuth` in Tyk OAS API def. ## Related Issue Parent: https://tyktech.atlassian.net/browse/TT-13186 Subtask: https://tyktech.atlassian.net/browse/TT-13199 ## Motivation and Context <!-- Why is this change required? What problem does it solve? --> ## How This Has Been Tested <!-- Please describe in detail how you tested your changes --> <!-- Include details of your testing environment, and the tests --> <!-- you ran to see how your change affects other areas of the code, etc. --> <!-- This information is helpful for reviewers and QA. --> ## Screenshots (if appropriate) ## Types of changes <!-- What types of changes does your code introduce? Put an `x` in all the boxes that apply: --> - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] Refactoring or add test (improvements in base code or adds test coverage to functionality) ## Checklist <!-- Go over all the following points, and put an `x` in all the boxes that apply --> <!-- If there are no documentation updates required, mark the item as checked. --> <!-- Raise up any additional concerns not covered by the checklist. --> - [ ] I ensured that the documentation is up to date - [ ] I explained why this PR updates go.mod in detail with reasoning why it's required - [ ] I would like a code coverage CI quality gate exception and have explained why ___ ### **PR Type** Enhancement, Tests ___ ### **Description** - Implemented upstream basic authentication as a middleware, allowing users to configure authentication using basic auth in Tyk API definitions. - Added `UpstreamAuth` and `UpstreamBasicAuth` structs to manage authentication details. - Integrated upstream authentication into the OAS upstream configuration and reverse proxy handling. - Developed `UpstreamBasicAuth` middleware to handle basic authentication for upstream connections. - Added comprehensive tests to verify the functionality of the `UpstreamBasicAuth` middleware. ___ ### **Changes walkthrough** 📝 <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Enhancement</strong></td><td><table> <tr> <td> <details> <summary><strong>api_definitions.go</strong><dd><code>Add upstream authentication structures and methods</code> </dd></summary> <hr> apidef/api_definitions.go <li>Added <code>UpstreamAuth</code> struct to store upstream authentication <br>information.<br> <li> Introduced <code>UpstreamBasicAuth</code> struct for basic authentication details.<br> <li> Added methods to check if upstream authentication is enabled.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6596/files#diff-9961ccc89a48d32db5b47ba3006315ef52f6e5007fb4b09f8c5d6d299c669d67">+19/-0</a> </td> </tr> <tr> <td> <details> <summary><strong>upstream.go</strong><dd><code>Integrate upstream authentication into OAS upstream configuration</code></dd></summary> <hr> apidef/oas/upstream.go <li>Added <code>Authentication</code> field to <code>Upstream</code> struct for upstream <br>authentication configuration.<br> <li> Implemented methods to fill and extract authentication data.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6596/files#diff-7b0941c7f37fe5a2a23047e0822a65519ca11c371660f36555b59a60f000e3f4">+78/-0</a> </td> </tr> <tr> <td> <details> <summary><strong>ctx.go</strong><dd><code>Add context management for upstream authentication</code> </dd></summary> <hr> ctx/ctx.go <li>Added constants for upstream authentication header and value.<br> <li> Implemented functions to set and get upstream authentication header <br>and value.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6596/files#diff-600f5f552779994b15324fda108549eec7e7be30b1d8a1a16ee8344243e0cbc7">+35/-0</a> </td> </tr> <tr> <td> <details> <summary><strong>api_loader.go</strong><dd><code>Append UpstreamBasicAuth middleware to chain</code> </dd></summary> <hr> gateway/api_loader.go - Appended `UpstreamBasicAuth` middleware to the middleware chain. </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6596/files#diff-cdf0b7f176c9d18e1a314b78ddefc2cb3a94b3de66f1f360174692c915734c68">+2/-0</a> </td> </tr> <tr> <td> <details> <summary><strong>mw_upstream_basic_auth.go</strong><dd><code>Implement UpstreamBasicAuth middleware for basic authentication</code></dd></summary> <hr> gateway/mw_upstream_basic_auth.go <li>Implemented <code>UpstreamBasicAuth</code> middleware for basic authentication.<br> <li> Added logic to inject basic auth info into request context.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6596/files#diff-ba603a8b249fdf72522258e825b7f9c64064203129c167795b206d66e9ebcda7">+49/-0</a> </td> </tr> <tr> <td> <details> <summary><strong>reverse_proxy.go</strong><dd><code>Integrate upstream authentication into reverse proxy</code> </dd></summary> <hr> gateway/reverse_proxy.go <li>Added method to add authentication info to outgoing requests.<br> <li> Integrated upstream authentication into request handling.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6596/files#diff-e6e07722257f7e41691e471185ad6d84fd56dc9e5459526ea32e9a5e8fa1a01b">+16/-0</a> </td> </tr> </table></td></tr><tr><td><strong>Tests</strong></td><td><table> <tr> <td> <details> <summary><strong>mw_upstream_basic_auth_test.go</strong><dd><code>Add tests for UpstreamBasicAuth middleware functionality</code> </dd></summary> <hr> gateway/mw_upstream_basic_auth_test.go <li>Added tests for <code>UpstreamBasicAuth</code> middleware.<br> <li> Verified basic authentication with default and custom headers.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6596/files#diff-15f78fac7fd4c8c0a1dcbd86ac6068e5a1a39f948f40afba6a6081e5f90f0ecd">+143/-0</a> </td> </tr> <tr> <td> <details> <summary><strong>http.go</strong><dd><code>Add TestCases type for test management</code> </dd></summary> <hr> test/http.go - Introduced `TestCases` type for managing multiple test cases. </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6596/files#diff-a5530e34c740ce6fe2efe8dda5a356463c450696b39b97b91228f1be2491e05e">+1/-0</a> </td> </tr> </table></td></tr></tr></tbody></table> ___ > 💡 **PR-Agent usage**: Comment `/help "your question"` on any pull request to receive relevant information
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
User description
TT-13199
Description
Implement upstream basic authentication as a middleware.
Now users can configure upstream authentication using basic auth in
upstream_auth.basic_authin Tyk classic API def.upstream.authentication.basicAuthin Tyk OAS API def.Related Issue
Parent: https://tyktech.atlassian.net/browse/TT-13186
Subtask: https://tyktech.atlassian.net/browse/TT-13199
Motivation and Context
How This Has Been Tested
Screenshots (if appropriate)
Types of changes
Checklist
PR Type
Enhancement, Tests
Description
UpstreamAuthandUpstreamBasicAuthstructs to manage authentication details.UpstreamBasicAuthmiddleware to handle basic authentication for upstream connections.UpstreamBasicAuthmiddleware.Changes walkthrough 📝
api_definitions.go
Add upstream authentication structures and methodsapidef/api_definitions.go
UpstreamAuthstruct to store upstream authenticationinformation.
UpstreamBasicAuthstruct for basic authentication details.upstream.go
Integrate upstream authentication into OAS upstream configurationapidef/oas/upstream.go
Authenticationfield toUpstreamstruct for upstreamauthentication configuration.
ctx.go
Add context management for upstream authenticationctx/ctx.go
and value.
api_loader.go
Append UpstreamBasicAuth middleware to chaingateway/api_loader.go
UpstreamBasicAuthmiddleware to the middleware chain.mw_upstream_basic_auth.go
Implement UpstreamBasicAuth middleware for basic authenticationgateway/mw_upstream_basic_auth.go
UpstreamBasicAuthmiddleware for basic authentication.reverse_proxy.go
Integrate upstream authentication into reverse proxygateway/reverse_proxy.go
mw_upstream_basic_auth_test.go
Add tests for UpstreamBasicAuth middleware functionalitygateway/mw_upstream_basic_auth_test.go
UpstreamBasicAuthmiddleware.http.go
Add TestCases type for test managementtest/http.go
TestCasestype for managing multiple test cases.