Skip to content

Commit

Permalink
Merge branch 'main' into APIGOV-26780
Browse files Browse the repository at this point in the history
  • Loading branch information
@dgghinea
dgghinea authored Dec 8, 2023
2 parents c3eeb64 + af42a02 commit bcf3101
Show file tree
Hide file tree
Showing 11 changed files with 621 additions and 104 deletions.
41 changes: 22 additions & 19 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,24 +66,27 @@ On startup the Kong traceability agent first validates that it is able to connec

All Kong specific environment variables available are listed below

| Name | Description |
| -------------------------------------- | --------------------------------------------------------------------------------------------- |
| Discovery Agent Variables | |
| **KONG_ADMIN_URL** | The Kong admin API URL that the agent will query against |
| **KONG_ADMIN_AUTH_APIKEY_HEADER** | The API Key header name the agent will use when authenticating |
| **KONG_ADMIN_AUTH_APIKEY_VALUE** | The API Key value the agent will use when authenticating |
| **KONG_ADMIN_AUTH_BASICAUTH_USERNAME** | The HTTP Basic username that the agent will use when authenticating |
| **KONG_ADMIN_AUTH_BASICAUTH_PASSWORD** | The HTTP Basic password that the agent will use when authenticating |
| **KONG_PROXY_HOST** | The proxy endpoint that the agent will use in API Services for discovered Kong routes |
| **KONG_PROXY_PORTS_HTTP** | The HTTP port number that the agent will set for discovered APIS |
| **KONG_PROXY_PORTS_HTTPS** | The HTTPs port number that the agent will set for discovered APIS |
| **KONG_SPEC_LOCALPATH** | The local path that the agent will look in for API definitions |
| **KONG_SPEC_URLPATHS** | The URL paths that the agent will query on the gateway service for API definitions |
| **KONG_SPEC_DEVPORTALENABLED** | Set to true if hte agent should look for spec files in the Kong Dev Portal (default: `false`) |
| | |
| Traceability Agent Variables | |
| **KONG_LOGS_HTTP_PATH** | The path endpoint that the Traceability agent will listen on (default: `/requestlogs`) |
| **KONG_LOGS_HTTP_PORT** | The port that the Traceability agent HTTP server will listen on (default: `9000`) |
| Name | Description |
| -------------------------------------- | --------------------------------------------------------------------------------------------------------- |
| Discovery Agent Variables | |
| **KONG_ADMIN_URL** | The Kong admin API URL that the agent will query against |
| **KONG_ADMIN_AUTH_APIKEY_HEADER** | The API Key header name the agent will use when authenticating |
| **KONG_ADMIN_AUTH_APIKEY_VALUE** | The API Key value the agent will use when authenticating |
| **KONG_ADMIN_AUTH_BASICAUTH_USERNAME** | The HTTP Basic username that the agent will use when authenticating |
| **KONG_ADMIN_AUTH_BASICAUTH_PASSWORD** | The HTTP Basic password that the agent will use when authenticating |
| **KONG_PROXY_HOST** | The proxy host that the agent will use in API Services when the Kong route does not specify hosts |
| **KONG_PROXY_PORTS_HTTP** | The HTTP port number that the agent will set for discovered APIS |
| **KONG_PROXY_PORTS_HTTPS** | The HTTPs port number that the agent will set for discovered APIS |
| **KONG_PROXY_PORTS_HTTP_DISABLE** | Set to true if the agent should ignore routes that serve over HTTP |
| **KONG_PROXY_PORTS_HTTPS_DISABLE** | Set to true if the agent should ignore routes that serve over HTTPs |
| **KONG_PROXY_BASEPATH** | The proxy base path that will be added between the proxy host and Kong route path when building endpoints |
| **KONG_SPEC_LOCALPATH** | The local path that the agent will look in for API definitions |
| **KONG_SPEC_URLPATHS** | The URL paths that the agent will query on the gateway service for API definitions |
| **KONG_SPEC_DEVPORTALENABLED** | Set to true if the agent should look for spec files in the Kong Dev Portal (default: `false`) |
| | |
| Traceability Agent Variables | |
| **KONG_LOGS_HTTP_PATH** | The path endpoint that the Traceability agent will listen on (default: `/requestlogs`) |
| **KONG_LOGS_HTTP_PORT** | The port that the Traceability agent HTTP server will listen on (default: `9000`) |

## Setup

Expand Down Expand Up @@ -549,6 +552,6 @@ kubectl apply -f kong-agent-keys.yaml
Install the helm chart using the created overrides file. Set the release version to install.

```shell
release=v0.0.1
release=v0.0.2
helm upgrade -i kong-agents https://github.com/Axway/agents-kong/releases/download/${release}/kong-agents.tgz -f overrides.yaml
```
17 changes: 14 additions & 3 deletions helm/kong-agents/templates/discovery-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,10 +70,16 @@ spec:
value: "{{ .Values.kong.proxy.host }}"
- name: KONG_ACL_REQUIRED
value: "{{ .Values.kong.acl.required }}"
- name: KONG_PROXY_BASEPATH
value: "{{ .Values.kong.proxy.basePath }}"
- name: KONG_PROXY_PORTS_HTTP
value: "{{ .Values.kong.proxy.ports.http }}"
value: "{{ .Values.kong.proxy.ports.http.value }}"
- name: KONG_PROXY_PORTS_HTTPS
value: "{{ .Values.kong.proxy.ports.https }}"
value: "{{ .Values.kong.proxy.ports.https.value }}"
- name: KONG_PROXY_PORTS_HTTP_DISABLE
value: "{{ .Values.kong.proxy.ports.http.disable }}"
- name: KONG_PROXY_PORTS_HTTPS_DISABLE
value: "{{ .Values.kong.proxy.ports.https.disable }}"
- name: KONG_ADMIN_URL
value: "{{ .Values.kong.admin.url }}"
{{- if (include "kong-agents.specDownloadPathsString" .) }}
Expand Down Expand Up @@ -118,10 +124,15 @@ spec:
(not (eq (toString $key) ""))
(not (has (toString $key) (list "KONG_ADMIN_URL"
"KONG_ADMIN_AUTH_APIKEY_HEADER"
"KONG_ADMIN_AUTH_APIKEY_VALUE"
"KONG_ADMIN_AUTH_APIKEY_VALUE"
"KONG_ADMIN_AUTH_BASICAUTH_USERNAME"
"KONG_ADMIN_AUTH_BASICAUTH_PASSWORD"
"KONG_PROXY_HOST"
"KONG_PROXY_BASEPATH"
"KONG_PROXY_PORTS_HTTP"
"KONG_PROXY_PORTS_HTTPS"
"KONG_PROXY_PORTS_HTTP_DISABLE"
"KONG_PROXY_PORTS_HTTPS_DISABLE"
"KONG_SPEC_LOCALPATH"
"KONG_SPEC_URLPATHS"
"KONG_LOGS_HTTP_SERVER_PATH"
Expand Down
7 changes: 6 additions & 1 deletion helm/kong-agents/templates/traceability-statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,10 +80,15 @@ spec:
(not (eq (toString $key) ""))
(not (has (toString $key) (list "KONG_ADMIN_URL"
"KONG_ADMIN_AUTH_APIKEY_HEADER"
"KONG_ADMIN_AUTH_APIKEY_VALUE"
"KONG_ADMIN_AUTH_APIKEY_VALUE"
"KONG_ADMIN_AUTH_BASICAUTH_USERNAME"
"KONG_ADMIN_AUTH_BASICAUTH_PASSWORD"
"KONG_PROXY_HOST"
"KONG_PROXY_BASEPATH"
"KONG_PROXY_PORTS_HTTP"
"KONG_PROXY_PORTS_HTTPS"
"KONG_PROXY_PORTS_HTTP_DISABLE"
"KONG_PROXY_PORTS_HTTPS_DISABLE"
"KONG_SPEC_LOCALPATH"
"KONG_SPEC_URLPATHS"
"KONG_LOGS_HTTP_SERVER_PATH"
Expand Down
15 changes: 10 additions & 5 deletions helm/kong-agents/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,18 +35,23 @@ kong:
username:
password:
proxy:
host:
host:
basePath:
ports:
http: 8000
https: 8443
http:
disable:
value:
https:
disable:
value:
spec:
filter:
urlPaths: []
localPath:
logs:
http:
path: /requestlogs
port: 9000
path:
port:

# Add any environment variable overrides here
env: {}
Expand Down
130 changes: 94 additions & 36 deletions pkg/discovery/config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,39 +5,57 @@ import (
"net/url"
"strings"

"github.com/Axway/agent-sdk/pkg/cmd/properties"
corecfg "github.com/Axway/agent-sdk/pkg/config"
"github.com/Axway/agent-sdk/pkg/util/log"
)

type props interface {
AddStringProperty(name string, defaultVal string, description string)
AddStringSliceProperty(name string, defaultVal []string, description string)
AddIntProperty(name string, defaultVal int, description string)
AddBoolProperty(name string, defaultVal bool, description string)
StringPropertyValue(name string) string
StringSlicePropertyValue(name string) []string
IntPropertyValue(name string) int
BoolPropertyValue(name string) bool
}

const (
cfgKongACLRequired = "kong.acl.required"
cfgKongProxyHost = "kong.proxy.host"
cfgKongAdminUrl = "kong.admin.url"
cfgKongAdminAPIKey = "kong.admin.auth.apiKey.value"
cfgKongAdminAPIKeyHeader = "kong.admin.auth.apiKey.header"
cfgKongAdminUsername = "kong.admin.auth.basicauth.username"
cfgKongAdminPassword = "kong.admin.auth.basicauth.password"
cfgKongProxyPortHttp = "kong.proxy.ports.http"
cfgKongProxyPortHttps = "kong.proxy.ports.https"
cfgKongSpecURLPaths = "kong.spec.urlPaths"
cfgKongSpecLocalPath = "kong.spec.localPath"
cfgKongSpecFilter = "kong.spec.filter"
cfgKongACLRequired = "kong.acl.required"
cfgKongAdminUrl = "kong.admin.url"
cfgKongAdminAPIKey = "kong.admin.auth.apiKey.value"
cfgKongAdminAPIKeyHeader = "kong.admin.auth.apiKey.header"
cfgKongAdminBasicUsername = "kong.admin.auth.basicauth.username"
cfgKongAdminBasicPassword = "kong.admin.auth.basicauth.password"
cfgKongProxyHost = "kong.proxy.host"
cfgKongProxyPortHttp = "kong.proxy.ports.http"
cfgKongProxyPortHttpDisabled = "kong.proxy.ports.http.disabled"
cfgKongProxyPortHttps = "kong.proxy.ports.https"
cfgKongProxyPortHttpsDisabled = "kong.proxy.ports.https.disabled"
cfgKongProxyBasePath = "kong.proxy.basePath"
cfgKongSpecURLPaths = "kong.spec.urlPaths"
cfgKongSpecLocalPath = "kong.spec.localPath"
cfgKongSpecFilter = "kong.spec.filter"
cfgKongSpecDevPortal = "kong.spec.devPortalEnabled"
)

func AddKongProperties(rootProps properties.Properties) {
rootProps.AddBoolProperty(cfgKongACLRequired, false, "Whether or not an ACL plugin on Kong is required. False by default.")
func AddKongProperties(rootProps props) {
rootProps.AddBoolProperty(cfgKongACLRequired, false, "Whether or not an ACL plugin on Kong is required. False by default.")
rootProps.AddStringProperty(cfgKongAdminUrl, "", "The Admin API url")
rootProps.AddStringProperty(cfgKongAdminAPIKey, "", "API Key value to authenticate with Kong Gateway")
rootProps.AddStringProperty(cfgKongAdminAPIKeyHeader, "", "API Key header to authenticate with Kong Gateway")
rootProps.AddStringProperty(cfgKongAdminUsername, "", "Username for basic auth to authenticate with Kong Admin API")
rootProps.AddStringProperty(cfgKongAdminPassword, "", "Password for basic auth to authenticate with Kong Admin API")
rootProps.AddStringProperty(cfgKongAdminBasicUsername, "", "Username for basic auth to authenticate with Kong Admin API")
rootProps.AddStringProperty(cfgKongAdminBasicPassword, "", "Password for basic auth to authenticate with Kong Admin API")
rootProps.AddStringProperty(cfgKongProxyHost, "", "The Kong proxy endpoint")
rootProps.AddIntProperty(cfgKongProxyPortHttp, 80, "The Kong proxy http port")
rootProps.AddBoolProperty(cfgKongProxyPortHttpDisabled, false, "Set to true to disable adding an http endpoint to discovered routes")
rootProps.AddIntProperty(cfgKongProxyPortHttps, 443, "The Kong proxy https port")
rootProps.AddBoolProperty(cfgKongProxyPortHttpsDisabled, false, "Set to true to disable adding an https endpoint to discovered routes")
rootProps.AddStringProperty(cfgKongProxyBasePath, "", "The base path for the Kong proxy endpoint")
rootProps.AddStringSliceProperty(cfgKongSpecURLPaths, []string{}, "URL paths that the agent will look in for spec files")
rootProps.AddStringProperty(cfgKongSpecLocalPath, "", "Local paths where the agent will look for spec files")
rootProps.AddStringProperty(cfgKongSpecFilter, "", "SDK Filter format. Empty means filters are ignored.")
rootProps.AddBoolProperty(cfgKongSpecDevPortal, false, "Set to true to enable gathering specs from teh Kong's dev portal.")
}

// AgentConfig - represents the config for agent
Expand Down Expand Up @@ -67,13 +85,19 @@ type KongAdminAuthAPIKeyConfig struct {
}

type KongProxyConfig struct {
Host string `config:"host"`
Ports KongPortConfig `config:"ports"`
Host string `config:"host"`
Ports KongPortConfig `config:"ports"`
BasePath string `config:"basePath"`
}

type KongPortConfig struct {
HTTP int `config:"http"`
HTTPS int `config:"https"`
HTTP KongPortSettingsConfig `config:"http"`
HTTPS KongPortSettingsConfig `config:"https"`
}

type KongPortSettingsConfig struct {
Value int `config:"value"`
Disable bool `config:"disabled"`
}

type KongSpecConfig struct {
Expand All @@ -97,22 +121,38 @@ type KongGatewayConfig struct {
}

const (
hostErr = "kong host must be provided."
proxyPortErr = "both proxy port values of http https are required"
invalidUrlErr = "invalid Admin API url provided. Must contain protocol + hostname + port." +
hostErr = "kong host must be provided"
httpPortErr = "a non-zero value is required for the http port number when it is enabled"
httpsPortErr = "a non-zero value is required for the https port number when it is enabled"
basePathPrefixErr = "the base path must start with a '/' character"
basePathSuffixErr = "the base path must not end with a '/' character"
portErr = "at least one port endpoint needs to be enabled"
invalidUrlErr = "invalid Admin API url provided. Must contain protocol + hostname + port." +
"Examples: <http://kong.com:8001>, <https://kong.com:8444>"
credentialConfigErr = "invalid authorization configuration provided. " +
"If provided, (Username and Password) or (ClientID and ClientSecret) must be non-empty"
)

// ValidateCfg - Validates the gateway config
func (c *KongGatewayConfig) ValidateCfg() (err error) {
func (c *KongGatewayConfig) ValidateCfg() error {
logger := log.NewFieldLogger().WithPackage("config").WithComponent("ValidateConfig")
if c.Proxy.Host == "" {
return fmt.Errorf(hostErr)
}
if c.Proxy.Ports.HTTP == 0 || c.Proxy.Ports.HTTPS == 0 {
return fmt.Errorf(proxyPortErr)
if !c.Proxy.Ports.HTTP.Disable && c.Proxy.Ports.HTTP.Value == 0 {
return fmt.Errorf(httpPortErr)
}
if len(c.Proxy.BasePath) > 0 && !strings.HasPrefix(c.Proxy.BasePath, "/") {
return fmt.Errorf(basePathPrefixErr)
}
if len(c.Proxy.BasePath) > 0 && strings.HasSuffix(c.Proxy.BasePath, "/") {
return fmt.Errorf(basePathSuffixErr)
}
if !c.Proxy.Ports.HTTPS.Disable && c.Proxy.Ports.HTTPS.Value == 0 {
return fmt.Errorf(httpsPortErr)
}
if c.Proxy.Ports.HTTP.Disable && c.Proxy.Ports.HTTPS.Disable {
return fmt.Errorf(portErr)
}
if invalidAdminUrl(c.Admin.Url) {
return fmt.Errorf(invalidUrlErr)
Expand All @@ -123,7 +163,7 @@ func (c *KongGatewayConfig) ValidateCfg() (err error) {
if invalidCredentialConfig(c) {
return fmt.Errorf(credentialConfigErr)
}
return
return nil
}

func noCredentialsProvided(c *KongGatewayConfig) bool {
Expand Down Expand Up @@ -160,8 +200,24 @@ func invalidCredentialConfig(c *KongGatewayConfig) bool {
return false
}

func ParseProperties(rootProps properties.Properties) *KongGatewayConfig {
func ParseProperties(rootProps props) *KongGatewayConfig {
// Parse the config from bound properties and setup gateway config
httpPortConf := KongPortSettingsConfig{
Disable: rootProps.BoolPropertyValue(cfgKongProxyPortHttpDisabled),
Value: rootProps.IntPropertyValue(cfgKongProxyPortHttp),
}
if httpPortConf.Disable {
httpPortConf.Value = 0
}

httpsPortConf := KongPortSettingsConfig{
Disable: rootProps.BoolPropertyValue(cfgKongProxyPortHttpsDisabled),
Value: rootProps.IntPropertyValue(cfgKongProxyPortHttps),
}
if httpsPortConf.Disable {
httpsPortConf.Value = 0
}

return &KongGatewayConfig{
ACL: KongACLConfig{
Required: rootProps.BoolPropertyValue(cfgKongACLRequired),
Expand All @@ -174,22 +230,24 @@ func ParseProperties(rootProps properties.Properties) *KongGatewayConfig {
Header: rootProps.StringPropertyValue(cfgKongAdminAPIKeyHeader),
},
BasicAuth: KongAdminBasicAuthConfig{
Username: rootProps.StringPropertyValue(cfgKongAdminUsername),
Password: rootProps.StringPropertyValue(cfgKongAdminPassword),
Username: rootProps.StringPropertyValue(cfgKongAdminBasicUsername),
Password: rootProps.StringPropertyValue(cfgKongAdminBasicPassword),
},
},
},
Proxy: KongProxyConfig{
Host: rootProps.StringPropertyValue(cfgKongProxyHost),
Ports: KongPortConfig{
HTTP: rootProps.IntPropertyValue(cfgKongProxyPortHttp),
HTTPS: rootProps.IntPropertyValue(cfgKongProxyPortHttps),
HTTP: httpPortConf,
HTTPS: httpsPortConf,
},
BasePath: rootProps.StringPropertyValue(cfgKongProxyBasePath),
},
Spec: KongSpecConfig{
URLPaths: rootProps.StringSlicePropertyValue(cfgKongSpecURLPaths),
LocalPath: rootProps.StringPropertyValue(cfgKongSpecLocalPath),
Filter: rootProps.StringPropertyValue(cfgKongSpecFilter),
DevPortalEnabled: rootProps.BoolPropertyValue(cfgKongSpecDevPortal),
URLPaths: rootProps.StringSlicePropertyValue(cfgKongSpecURLPaths),
LocalPath: rootProps.StringPropertyValue(cfgKongSpecLocalPath),
Filter: rootProps.StringPropertyValue(cfgKongSpecFilter),
},
}
}
Loading

0 comments on commit bcf3101

Please sign in to comment.