fix review comments

wso2 · Mar 13, 2023 · b3b82ab · b3b82ab
1 parent 0bc74db
commit b3b82ab
Show file tree

Hide file tree

Showing 9 changed files with 99 additions and 49 deletions.
diff --git a/build-apk.sh b/build-apk.sh
@@ -25,3 +25,5 @@ cd $current_dir;
 cd idp/idp-domain-service;./gradlew build;
 cd $current_dir;
 cd idp/idp-ui;./gradlew build;
+cd $current_dir;
+cd ratelimiter;./gradlew build;
diff --git a/helm-charts/templates/cert-manager/certificates/ratelimiter-server-certificate.yaml b/helm-charts/templates/cert-manager/certificates/ratelimiter-server-certificate.yaml
@@ -0,0 +1,39 @@
+# Copyright (c) 2023, WSO2 LLC. (https://www.wso2.com) All Rights Reserved.
+#
+# WSO2 LLC. licenses this file to you under the Apache License,
+# Version 2.0 (the "License"); you may not use this file except
+# in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# The following manifests contain a self-signed issuer CR and a certificate CR.
+# More document can be found at https://docs.cert-manager.io
+
+{{- if and .Values.wso2.apk.dp.enabled .Values.wso2.apk.dp.ratelimiter.enabled }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: {{ template "apk-helm.resource.prefix" . }}-ratelimiter-server-cert
+ namespace: {{ .Release.Namespace }}
+spec:
+ commonName: ratelimiter-service
+ privateKey:
+ algorithm: RSA
+ encoding: PKCS8
+ size: 2048
+ dnsNames:
+ - {{ template "apk-helm.resource.prefix" . }}-ratelimiter-service.{{ .Release.Namespace }}.svc
+ - {{ template "apk-helm.resource.prefix" . }}-ratelimiter-service.{{ .Release.Namespace }}.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: selfsigned-issuer
+ secretName: {{ template "apk-helm.resource.prefix" . }}-ratelimiter-server-cert
+{{- end -}}
diff --git a/helm-charts/templates/control-plane/admin-ds/admin-ds-jwt-validation-secret.yaml b/helm-charts/templates/control-plane/admin-ds/admin-ds-jwt-validation-secret.yaml
@@ -7,5 +7,4 @@ metadata:
 type: Opaque
 data:
  mg.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURrekNDQW51Z0F3SUJBZ0lKQVBEOGVTM2VtY3JRTUEwR0NTcUdTSWIzRFFFQkN3VUFNR1F4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlEQUpEUVRFV01CUUdBMVVFQnd3TlRXOTFiblJoYVc0Z1ZtbGxkekVOTUFzRwpBMVVFQ2d3RVYxTlBNakVOTUFzR0ExVUVDd3dFVjFOUE1qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNQ0FYCkRUSXlNVEV4TnpFNE1EWXpPRm9ZRHpJd05USXhNVEE1TVRnd05qTTRXakJrTVFzd0NRWURWUVFHRXdKVlV6RUwKTUFrR0ExVUVDQXdDUTBFeEZqQVVCZ05WQkFjTURVMXZkVzUwWVdsdUlGWnBaWGN4RFRBTEJnTlZCQW9NQkZkVApUekl4RFRBTEJnTlZCQXNNQkZkVFR6SXhFakFRQmdOVkJBTU1DV3h2WTJGc2FHOXpkRENDQVNJd0RRWUpLb1pJCmh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTjlaRUQyb1JDbTljZjF2RUV2UjFKL1R3TGFrSmNQeVN2UDIKT1p1Y3hiVlBDeVhvbnlsZEtJbUVoSjZMZnVNcnV4NW9wQmVYRnpJZWhjOElJalkvSlUyR2xpaG5ybFBFbE1EUQoyUXVjelpqUTZuYWlrWVRrcU5zTk5NRitXdml0N0lIVVljejM2cEliK21KbSt4ZlNubFRaWVA2MGtsY2xDK3g2CmloVzVJUG5EcUxqS1F0OTFYWFVCRkczRFYrbHVoT1NzQXJuRHBWZzBreGdqd2MvRkxJMXNpY0JoWVMxWXpPWU0Kd08zWFh4ZFlUMlNJS3VaM0ZxMk5TSGQzSEUwamNIU2FIbXBjMWpONDRrTzRPRWJsdzhjMlJDT21WRkN6YXY3SApQQVVveG1JQUEyRHNNRTN2OHdwSGM2L0lFZkZTVVU3blFNbFVhTjN1QUpVeFpBVmh5YzhDQXdFQUFhTkdNRVF3ClFnWURWUjBSQkRzd09ZSUhZV1JoY0hSbGNvSUlaVzVtYjNKalpYS0NCbkp2ZFhSbGNvSUpiRzlqWVd4b2IzTjAKZ2hGdFlXNWhaMlZ0Wlc1MExYTmxjblpsY2pBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWNsY0NqWGppS3J1UwpyWUhNRjNDeDBPSmEwS2tlWkoxVkxFY0xseXAvTXp4VEdvdnk5MXR3NlhNVVFFbndqVkxLWUc5T3Q1MU9wc3pyCmdqQXBGSnE1QlZyblJsNHp0ajFsdHVMUmpyVzBlSnIrckNpbUFKdVI0ZUhMRTUrRU5uc2t1cGVNUXdyUG50dFMKdkVMUkZmMm1Zd3JqY2sxZFdNUGhsOGUyQmh4bDN3QXgwb1o0Z0k4d2dSSThndlVNYW0xd0hzeWR1NEpCYVRuWgpSM2FpOFpIU1Q2QlZHTUhBMFdUVTFpVWJyK0dDUkFjRE5kSkJpNHpCY0JzejREN09RdTBVK1dPbTBXWlNWNGZjCmNXdTE5K0pydk1KN0llWDNaaHFSdkdiblQzWVVSSFpoUGZsbGFoYWZTNlhMYzBzeExYMFV5RGJybkk2enZoRWMKb1NySFI0WGcwUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
- ratelimiter.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZnVENDQTJtZ0F3SUJBZ0lKQUsrQ1gzcUFoMXhzTUEwR0NTcUdTSWIzRFFFQkN3VUFNR1F4RWpBUUJnTlYKQkFNTUNXeHZZMkZzYUc5emRERUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdNQWtOQk1SWXdGQVlEVlFRSApEQTFOYjNWdWRHRnBiaUJXYVdWM01RMHdDd1lEVlFRS0RBUlhVMDh5TVEwd0N3WURWUVFMREFSWFUwOHlNQjRYCkRUSXpNREV3T1RBMk5ESXlPVm9YRFRNek1ERXdOakEyTkRJeU9Wb3daREVTTUJBR0ExVUVBd3dKYkc5allXeG8KYjNOME1Rc3dDUVlEVlFRR0V3SlZVekVMTUFrR0ExVUVDQXdDUTBFeEZqQVVCZ05WQkFjTURVMXZkVzUwWVdsdQpJRlpwWlhjeERUQUxCZ05WQkFvTUJGZFRUekl4RFRBTEJnTlZCQXNNQkZkVFR6SXdnZ0lpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRRGVWTjd2T2pONEFWampFUDBtbVVGblZpQnFMWGxsSVJWaFhmK2gKOWlwaFZ2WjRKQ0hkUHRJcmZGQjIzZVlka2t2cWswMkh5L1JJTkhvVnlrbTJCMGRIM1B2dmc0OENlcTZIQlNYMwp4d3lLVFkzak42S0l5SzNoWG1SQm90K3l5OE9Nam5RSHBFUTNLTnhoT0Q2ZlJLUmdwWHY5ZzVZaUhkQkVoQlNVCjRDOWlKNDBzV3I5Vksxd0g0bitRbDZHWjROQnpONnVFZGtmVkFNVzg4bmdrWmV4RjNZUEVDUTR1UGlrd0N0NTgKN1pyN0dwOW0wS2NidE55L0tFa2JZbGJhaXZCeWJMMGIwRjlub2FZa2VEKzFTQkIwRHNuYUROU2pZdWIyRS83awoxdXBGakFaWU5GbmpkcUhhb0NDVTZzVk9ZVlNwelJqK0psOHJpdUZDaSt6NDNhVGFBQXZsWmZIVEFZSGVLaVNuCmFvcTZ3c29mUDFCR3ZnSk8vVHJHNFFBRGpoby9WYVc5VTVNRDdnWnFaeGFBNzZFMWVmZ25FSHg2aVRGNmY1ajMKaXI3TUlnd3Badms1eXZOVkNTSkMxVTBzWkFkQ2svdkdicE1MajIzR0RiUE9UMVR5NWpKbm53NTJlRXBnbHBmeQoxMlhYcnhvNzFBRWdNbTljN0VjSURCd3hFaHE5MU5LSnQ1SUY4bStyOERwc3ZKNUdNS2Y2eFR1YSt3Y2RRUG9HCjNhS1k0RktEOHBQaEdES1dpaFZhYTIxU0FqU2p1YklEYndDNFcvcGhnU0hCekJQTVpaSUtWYkFPSWo1WEdQZWgKclRiOGt1TTNDZFExeU5KdkN5aWh0MG0wc1JBK0xrZmk0dy9SdUlyOENsMW5tTnVRSG1IT3NRVDJUQjJEano4Lwo5V0VqZ3dJREFRQUJvell3TkRBeUJnTlZIUkVFS3pBcGdnbHNiMk5oYkdodmMzU0NESEpoZEdVdGJHbHRhWFJsCmNvSU9ZMmh2Y21WdkxXTnZibTVsWTNRd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFFUXA4N2p1NWNBYVdyT3YKcjhweXZpcFg2Y29JdkdaSHB2cE05OWFxc3ZYaEJrRW9OUGQrTzduTE9nYnVKOExjaUllaWVpZ3ZvL1NPRmJsYQpUUlpBNkRpMDZCSGtSV2hiTG95WmpHd1hkVnVzdmErMkNIcUZ2K0xWdE9IT09icUk1bXZlSEtnWmRsMUFkT2xpCnhDazFHemt6bkRSY3BVVDVwSFNuU2lUa1hpWHEwelBWRFRvdDFUR1VNWHRsVVkzTHA5SXhMbHV4V2ovMmRZbDQKQlhqN21XYXdOaWNZV0pPN0xTZG1UVlczOW9WblVQSmtMK2NhcjlPR2Roc2hGU0VtRlBFZjV1ZkVQNXhVOC83bgplWWdUYlNrdGVWYmpZdlNYQ3FESzFHZnVXaXlENjIwTk1XU3BtWTNVOHZFSjA0RkZzMTYrb2FpVzZPT3BUZjM5CnBvWXQrV3dUTnpIQ0lqcm1GN2Rua212c3BFd3h2ZERqTU9qZnl2WjVBWFZVcVlxa2IwZDJqY3AzWVZpOUt5MC8Kc2dSdzlMRzJXTlVSbGFaRVRUQTdGemVic1Z1Nmw3VmdmNVhoTjUxVTd4bFVsb1hDaTJNMDZ6LzAya0tUWnlFKwo2dnQ5TkRSNjJaVWNZSUpDdDdmVnlONGgvWjJpRU9ZQkJrWDJxNHFMNzlsY0hpS3M4Z3JRdmoxRWNkcTZ3SDBKCmhkQkhEVlpFUmkvT29GcHp2RUkrcDN6QldIckFlczlnLyt5ZTVVYUtidVhwY2xQM1ZrdmhTYndZU0ZWd1ZycXEKcGJiWmJRT1Npa2tiNVJOMHBHM2MyZ0E0Njk1SUpmdmcvODVLbUxFQVJqUzB6Y3J3UElKUGRuQUt4NHI2ZkY2SwpTcmt2MWdDdE5OVE4rWkxNaDNuU1M3WGQ3Qy9PCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
 {{- end -}}
diff --git a/helm-charts/templates/data-plane/gateway-components/adapter/adapter-deployment.yaml b/helm-charts/templates/data-plane/gateway-components/adapter/adapter-deployment.yaml
@@ -84,6 +84,13 @@ spec:
  {{- else }}
  subPath: tls.crt
  {{- end }}
+ - name: ratelimiter-truststore-secret-volume
+ mountPath: /home/wso2/security/truststore/ratelimiter.crt
+ {{- if and .Values.wso2.apk.dp.ratelimiter.configs .Values.wso2.apk.dp.ratelimiter.configs.tls }}
+ subPath: {{ .Values.wso2.apk.dp.ratelimiter.configs.publicKey | default "tls.crt" }}
+ {{- else }}
+ subPath: tls.crt
+ {{- end }}
  - name: adapter-truststore-consul-secret-volume
  mountPath: /home/wso2/security/truststore/consul
  - name: log-conf-volume
@@ -136,6 +143,13 @@ spec:
  {{- else }}
  secretName: {{ template "apk-helm.resource.prefix" . }}-router-server-cert
  {{- end }}
+ - name: ratelimiter-truststore-secret-volume
+ secret:
+ {{- if and .Values.wso2.apk.dp.ratelimiter.configs .Values.wso2.apk.dp.ratelimiter.configs.tls }}
+ secretName: {{ .Values.wso2.apk.dp.ratelimiter.configs.secretName | default (printf "%s-ratelimiter-server-cert" (include "apk-helm.resource.prefix" .)) }}
+ {{- else }}
+ secretName: {{ template "apk-helm.resource.prefix" . }}-ratelimiter-server-cert
+ {{- end }}
  - name: enforcer-truststore-secret-volume
  secret: 
  {{- if and .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.tls }}

diff --git a/helm-charts/templates/data-plane/ratelimiter/ratelimiter-deployment.yaml b/helm-charts/templates/data-plane/ratelimiter/ratelimiter-deployment.yaml
@@ -14,7 +14,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
-{{- if .Values.wso2.apk.dp.enabled }}
+{{- if and .Values.wso2.apk.dp.enabled .Values.wso2.apk.dp.ratelimiter.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -50,14 +50,41 @@ spec:
 
  volumeMounts:
  - name: ratelimiter-keystore-secret-volume
- mountPath: /home/wso2/security/keystore
- - name: ratelimiter-truststore-secret-volume
- mountPath: /home/wso2/security/truststore
- volumes: 
+ mountPath: /home/wso2/security/keystore/ratelimiter.key
+ {{- if and .Values.wso2.apk.dp.ratelimiter.configs .Values.wso2.apk.dp.ratelimiter.configs.tls }}
+ subPath: {{ .Values.wso2.apk.dp.ratelimiter.configs.tls.certKeyFilename | default "tls.key" }}
+ {{- else }}
+ subPath: tls.key
+ {{- end }}
+ - name: ratelimiter-keystore-secret-volume
+ mountPath: /home/wso2/security/keystore/ratelimiter.crt
+ {{- if and .Values.wso2.apk.dp.ratelimiter.configs .Values.wso2.apk.dp.ratelimiter.configs.tls }}
+ subPath: {{ .Values.wso2.apk.dp.ratelimiter.configs.tls.certFilename | default "tls.crt" }}
+ {{- else }}
+ subPath: tls.crt
+ {{- end }}
+ - name: adapter-truststore-secret-volume
+ mountPath: /home/wso2/security/truststore/adapter.crt
+ {{- if and .Values.wso2.apk.dp.adapter.configs .Values.wso2.apk.dp.adapter.configs.tls }}
+ subPath: {{ .Values.wso2.apk.dp.adapter.configs.tls.certFilename | default "tls.crt" }}
+ {{- else }}
+ subPath: tls.crt
+ {{- end }}
+ volumes:
  - name: ratelimiter-keystore-secret-volume
- secret: 
- secretName: {{ template "apk-helm.resource.prefix" . }}-ratelimiter-keystore-secret
- - name: ratelimiter-truststore-secret-volume
- secret: 
- secretName: {{ template "apk-helm.resource.prefix" . }}-ratelimiter-truststore-secret
+ secret:
+ {{- if and .Values.wso2.apk.dp.ratelimiter.configs .Values.wso2.apk.dp.ratelimiter.configs.tls }}
+ secretName: {{ .Values.wso2.apk.dp.ratelimiter.configs.tls.certificatesSecret | default (printf "%s-ratelimiter-server-cert" (include "apk-helm.resource.prefix" .)) }}
+ {{- else }}
+ secretName: {{ template "apk-helm.resource.prefix" . }}-ratelimiter-server-cert
+ {{- end }}
+ defaultMode: 420
+ - name: adapter-truststore-secret-volume
+ secret:
+ {{- if and .Values.wso2.apk.dp.adapter.configs .Values.wso2.apk.dp.adapter.configs.tls }}
+ secretName: {{ .Values.wso2.apk.dp.adapter.configs.tls.certificatesSecret | default (printf "%s-adapter-server-cert" (include "apk-helm.resource.prefix" .)) }}
+ {{- else }}
+ secretName: {{ template "apk-helm.resource.prefix" . }}-adapter-server-cert
+ {{- end }}
+ defaultMode: 420
 {{- end -}}
diff --git a/helm-charts/templates/data-plane/ratelimiter/ratelimiter-keystore-secret.yaml b/helm-charts/templates/data-plane/ratelimiter/ratelimiter-keystore-secret.yaml
diff --git a/helm-charts/templates/data-plane/ratelimiter/ratelimiter-service.yaml b/helm-charts/templates/data-plane/ratelimiter/ratelimiter-service.yaml
@@ -14,7 +14,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
-{{- if .Values.wso2.apk.dp.enabled }}
+{{- if and .Values.wso2.apk.dp.enabled .Values.wso2.apk.dp.ratelimiter.enabled }}
 apiVersion: v1
 kind: Service
 metadata: