3scale_toolbox 0.14.0 → 0.15.0

data/lib/3scale_toolbox/commands/import_command/openapi/update_service_oidc_conf_step.rb

@@ -27,31 +27,16 @@ module ThreeScaleToolbox
 
           def add_flow_settings(settings)
             # only applies to oauth2 sec type
-            return if security.nil? || security.type != 'oauth2'
+            return if api_spec.security.nil? || api_spec.security[:type] != 'oauth2'
 
             oidc_configuration = {
               standard_flow_enabled: false,
               implicit_flow_enabled: false,
               service_accounts_enabled: false,
               direct_access_grants_enabled: false
-            }.merge(flow => true)
+            }.merge(api_spec.security[:flow] => true)
             settings.merge!(oidc_configuration)
           end
-
-          def flow
-            case (flow_f = security.flow)
-            when 'implicit'
-              :implicit_flow_enabled
-            when 'password'
-              :direct_access_grants_enabled
-            when 'application'
-              :service_accounts_enabled
-            when 'accessCode'
-              :standard_flow_enabled
-            else
-              raise ThreeScaleToolbox::Error, "Unexpected security flow field #{flow_f}"
-            end
-          end
         end
       end
     end

data/lib/3scale_toolbox/commands/import_command/openapi/update_service_proxy_step.rb

@@ -40,29 +40,29 @@ module ThreeScaleToolbox
           end
 
           def add_api_backend_settings(settings)
-            return if private_base_url.nil?
-
-            settings[:api_backend] = private_base_url
+            settings[:api_backend] = private_base_url unless private_base_url.nil?
+            settings[:secret_token] = backend_api_secret_token unless backend_api_secret_token.nil?
+            settings[:hostname_rewrite] = backend_api_host_header unless backend_api_host_header.nil?
           end
 
           def add_security_proxy_settings(settings)
             # nothing to add on proxy settings when no security required in openapi
-            return if security.nil?
+            return if api_spec.security.nil?
 
-            case security.type
+            case (type = api_spec.security[:type])
             when 'oauth2'
               settings[:credentials_location] = 'headers'
               settings[:oidc_issuer_endpoint] = oidc_issuer_endpoint unless oidc_issuer_endpoint.nil?
             when 'apiKey'
               settings[:credentials_location] = credentials_location
-              settings[:auth_user_key] = security.name
+              settings[:auth_user_key] = api_spec.security[:name]
             else
-              raise ThreeScaleToolbox::Error, "Unexpected security scheme type #{security.type}"
+              raise ThreeScaleToolbox::Error, "Unexpected security scheme type #{type}"
             end
           end
 
           def credentials_location
-            case (in_f = security.in_f)
+            case (in_f = api_spec.security[:in_f])
             when 'query'
               'query'
             when 'header'
@@ -73,13 +73,13 @@ module ThreeScaleToolbox
           end
 
           def private_base_url
-              override_private_base_url || private_base_url_from_openapi
+            override_private_base_url || private_base_url_from_openapi
           end
 
           def private_base_url_from_openapi
             return if api_spec.host.nil?
 
-            "#{api_spec.schemes.first || 'https'}://#{api_spec.host}"
+            "#{api_spec.scheme || 'https'}://#{api_spec.host}"
           end
         end
       end

data/lib/3scale_toolbox/openapi.rb

@@ -0,0 +1,2 @@
+require '3scale_toolbox/openapi/swagger'
+require '3scale_toolbox/openapi/oas3'

data/lib/3scale_toolbox/openapi/oas3.rb

@@ -0,0 +1,232 @@
+module ThreeScaleToolbox
+  module OpenAPI
+    ##
+    #
+    # OAS3 object
+    # * OAS3.title -> string
+    # * OAS3.description -> string
+    # * OAS3.version -> string
+    # * OAS3.base_path -> string
+    # * OAS3.host -> string
+    # * OAS3.scheme -> string
+    # * OAS3.operation -> array of operation hash
+    #   * operation hash properties
+    #     * :verb
+    #     * :path
+    #     * :description
+    #     * :operation_id
+    # * OAS3.security ->  security hash
+    #   * security hash properties
+    #     * :id -> string
+    #     * :type -> string
+    #     * :name -> string
+    #     * :in_f -> string
+    #     * :flow -> symbol (:implicit_flow_enabled, :direct_access_grants_enabled, :service_accounts_enabled, :standard_flow_enabled)
+    #     * :scopes -> array of string
+    # * OAS3.service_backend_version -> string ('1','2','oidc')
+    # * OAS3.set_server_url -> def(spec, url)
+    # * OAS3.set_oauth2_urls-> def(spec, scheme_id, authorization_url, token_url)
+    class OAS3
+      META_SCHEMA_PATH = File.expand_path('../../../resources/oas3_meta_schema.json', __dir__)
+
+      def self.validate(raw)
+        meta_schema = JSON.parse(File.read(META_SCHEMA_PATH))
+        JSON::Validator.validate!(meta_schema, raw)
+      end
+
+      def self.build(path, raw, validate: true)
+        self.validate(raw) if validate
+
+        new(path, raw)
+      end
+
+      attr_reader :definition
+
+      def title
+        definition.info['title']
+      end
+
+      def description
+        definition.info['description']
+      end
+
+      def version
+        definition.info['version']
+      end
+
+      def base_path
+        # If there are many? take first
+        # From https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#openapi-object
+        # If the servers property is not provided, or is an empty array,
+        # the default value would be a Server Object with a url value of /
+        server_objects(&:path).first || '/'
+      end
+
+      def host
+        # If there are many? take first
+        server_objects(&:host).first
+      end
+
+      def scheme
+        # If there are many? take first
+        server_objects(&:scheme).first
+      end
+
+      def operations
+        @operations ||= parse_operations
+      end
+
+      def security
+        @security ||= parse_security
+      end
+
+      def service_backend_version
+        # default authentication mode if no security requirement
+        return '1' if security.nil?
+
+        case security[:type]
+        when 'oauth2'
+          'oidc'
+        when 'apiKey'
+          '1'
+        else
+          raise ThreeScaleToolbox::Error, "Unexpected security scheme type #{security[:type]}"
+        end
+      end
+
+      ##
+      # Update given spec with urls
+      # It is expected identified security scheme to be oauth2 type
+      def set_oauth2_urls(spec, sec_scheme_id, authorization_url, token_url)
+        sec_scheme_obj = spec.dig('components', 'securitySchemes', sec_scheme_id)
+        if sec_scheme_obj.nil? || sec_scheme_obj['type'] != 'oauth2'
+          raise ThreeScaleToolbox::Error, "Expected security scheme {#{sec_scheme_id}} not found or not oauth2"
+        end
+
+        flow_key, flow_obj = sec_scheme_obj['flows'].first
+        flow_obj['authorizationUrl'] = authorization_url if %w[implicit authorizationCode].include?(flow_key)
+        flow_obj['tokenUrl'] = token_url if %w[password clientCredentials authorizationCode].include?(flow_key)
+      end
+
+      def set_server_url(spec, url)
+        spec['servers'] = [{ 'url' => url }]
+      end
+
+      private
+
+      def initialize(path, raw)
+        parser = OasParser::Parser.new(path, raw).resolve
+        @definition = OasParser::Definition.new(parser, path)
+      end
+
+      def server_objects
+        servers.map do |s|
+          yield Helper.parse_uri rendered_url(s)
+        end
+      end
+
+      # OAS3 server object variable substitution
+      def rendered_url(server_object)
+        template = erbfying_template(server_object.fetch('url'))
+        vars = server_object_variables(server_object['variables'])
+        ERB.new(template).result(OpenStruct.new(vars).instance_eval { binding })
+      end
+
+      def server_object_variables(variables)
+        vars = (variables || {}).each_with_object({}) do |(key, value), a|
+          a[key] = value['default']
+        end
+        JSON.parse(vars.to_json, symbolize_names: true)
+      end
+
+      def erbfying_template(template)
+        # A URL is composed from a limited set of characters belonging to the US-ASCII character set.
+        # These characters include digits (0-9), letters(A-Z, a-z), and a few special characters ("-", ".", "_", "~").
+        # https://www.urlencoder.io/learn/
+        tmp = template.gsub '{', '<%='
+        tmp.gsub '}', '%>'
+      end
+
+      def servers
+        definition.servers || []
+      end
+
+      def parse_operations
+        definition.paths.flat_map do |path_obj|
+          path_obj.endpoints.flat_map do |endpoint|
+            {
+              verb: endpoint.method,
+              path: endpoint.path.path,
+              description: endpoint.description,
+              operation_id: endpoint.operationId
+            }
+          end
+        end
+      end
+
+      def parse_security
+        raise ThreeScaleToolbox::Error, 'Invalid OAS: multiple security requirements' \
+          if global_security_requirements.size > 1
+
+        global_security_requirements.first
+      end
+
+      def global_security_requirements
+        @global_security_requirements ||= parse_global_security_reqs
+      end
+
+      def parse_global_security_reqs
+        security_requirements.flat_map do |sec_req|
+          sec_req.map do |sec_item_name, sec_item|
+            sec_def = fetch_security_scheme(sec_item_name)
+            {
+              id: sec_item_name,
+              type: sec_def['type'],
+              name: sec_def['name'],
+              in_f: sec_def['in'],
+              flow: parse_flows(sec_def['flows']),
+              scopes: sec_item
+            }
+          end
+        end
+      end
+
+      def fetch_security_scheme(name)
+        security_schemes.fetch(name) do |el|
+          raise ThreeScaleToolbox::Error, "OAS3 parsing error: #{el} not found in security schemes"
+        end
+      end
+
+      def security_requirements
+        definition.security || []
+      end
+
+      def security_schemes
+        (definition.components || {})['securitySchemes'] || {}
+      end
+
+      def parse_flows(flows_object)
+        return nil if flows_object.nil?
+
+        raise ThreeScaleToolbox::Error, 'Invalid OAS: multiple flows' if flows_object.size > 1
+
+        convert_flow(flows_object.keys.first)
+      end
+
+      def convert_flow(flow_name)
+        case flow_name
+        when 'implicit'
+          :implicit_flow_enabled
+        when 'password'
+          :direct_access_grants_enabled
+        when 'clientCredentials'
+          :service_accounts_enabled
+        when 'authorizationCode'
+          :standard_flow_enabled
+        else
+          raise ThreeScaleToolbox::Error, "Unexpected security flow field #{flow_name}"
+        end
+      end
+    end
+  end
+end

data/lib/3scale_toolbox/openapi/swagger.rb

@@ -0,0 +1,192 @@
+module ThreeScaleToolbox
+  module OpenAPI
+    ##
+    #
+    # Swagger object
+    # * Swagger.title -> string
+    # * Swagger.description -> string
+    # * Swagger.version -> string
+    # * Swagger.basePath -> string
+    # * Swagger.host -> string
+    # * Swagger.scheme -> string
+    # * Swagger.operation -> array of operation hash
+    #   * operation hash properties
+    #     * :verb
+    #     * :path
+    #     * :description
+    #     * :operation_id
+    # * Swagger.security ->  security hash
+    #   * security hash properties
+    #     * :id -> string
+    #     * :type -> string
+    #     * :name -> string
+    #     * :in_f -> string
+    #     * :flow -> symbol (:implicit_flow_enabled, :direct_access_grants_enabled, :service_accounts_enabled, :standard_flow_enabled)
+    #     * :scopes -> array of string
+    # * Swagger.service_backend_version -> string ('1','2','oidc')
+    # * Swagger.set_server_url -> def(spec, url)
+    # * Swagger.set_oauth2_urls-> def(spec, scheme_id, authorization_url, token_url)
+    class Swagger
+      META_SCHEMA_PATH = File.expand_path('../../../resources/swagger_meta_schema.json', __dir__)
+
+      def self.validate(raw)
+        meta_schema = JSON.parse(File.read(META_SCHEMA_PATH))
+        JSON::Validator.validate!(meta_schema, raw)
+      end
+
+      def self.build(raw, validate: true)
+        self.validate(raw) if validate
+
+        new(raw)
+      end
+
+      attr_reader :raw
+
+      def title
+        raw.dig('info', 'title')
+      end
+
+      def description
+        raw.dig('info', 'description')
+      end
+
+      def version
+        raw.dig('info', 'version')
+      end
+
+      def base_path
+        raw['basePath']
+      end
+
+      def host
+        raw['host']
+      end
+
+      def scheme
+        Array(raw['schemes']).first
+      end
+
+      def operations
+        @operations ||= parse_operations
+      end
+
+      def security
+        @security ||= parse_security
+      end
+
+      def service_backend_version
+        # default authentication mode if no security requirement
+        return '1' if security.nil?
+
+        case security[:type]
+        when 'oauth2'
+          'oidc'
+        when 'apiKey'
+          '1'
+        else
+          raise ThreeScaleToolbox::Error, "Unexpected security scheme type #{security[:type]}"
+        end
+      end
+
+      def set_server_url(spec, url)
+        URI(url).tap do |uri|
+          spec['host'] = "#{uri.host}:#{uri.port}"
+          spec['schemes'] = [uri.scheme]
+          spec['basePath'] = uri.path
+        end
+      end
+
+      ##
+      # Update given spec with urls
+      # It is expected identified security scheme to be oauth2 type
+      def set_oauth2_urls(spec, sec_scheme_id, authorization_url, token_url)
+        sec_scheme_obj = spec.dig('securityDefinitions', sec_scheme_id)
+        if sec_scheme_obj.nil? || sec_scheme_obj['type'] != 'oauth2'
+          raise ThreeScaleToolbox::Error, "Expected security scheme {#{sec_scheme_id}} not found or not oauth2"
+        end
+
+        sec_scheme_obj['authorizationUrl'] = authorization_url if %w[implicit accessCode].include?(sec_scheme_obj['flow'])
+        sec_scheme_obj['tokenUrl'] = token_url if %w[password application accessCode].include?(sec_scheme_obj['flow'])
+      end
+
+      private
+
+      def initialize(raw)
+        @raw = raw
+      end
+
+      def parse_operations
+        raw['paths'].flat_map do |path, path_obj|
+          path_obj.flat_map do |method, operation|
+            next unless %w[get head post put patch delete trace options].include? method
+
+            {
+              verb: method,
+              path: path,
+              description: operation['description'],
+              operation_id: operation['operationId']
+            }
+          end.compact
+        end
+      end
+
+      def parse_security
+        raise ThreeScaleToolbox::Error, 'Invalid OAS: multiple security requirements' \
+          if global_security_requirements.size > 1
+
+        global_security_requirements.first
+      end
+
+      def global_security_requirements
+        @global_security_requirements ||= parse_global_security_reqs
+      end
+
+      def parse_global_security_reqs
+        security_requirements.flat_map do |sec_req|
+          sec_req.map do |sec_item_name, sec_item|
+            sec_def = fetch_security_definition(sec_item_name)
+            {
+              id: sec_item_name,
+              type: sec_def['type'],
+              name: sec_def['name'],
+              in_f: sec_def['in'],
+              flow: convert_flow(sec_def['flow']),
+              scopes: sec_item
+            }
+          end
+        end
+      end
+
+      def fetch_security_definition(name)
+        security_definitions.fetch(name) do |el|
+          raise ThreeScaleToolbox::Error, "Swagger parsing error: #{el} not found in security definitions"
+        end
+      end
+
+      def security_requirements
+        raw['security'] || []
+      end
+
+      def security_definitions
+        raw['securityDefinitions'] || {}
+      end
+
+      def convert_flow(flow_name)
+        return nil if flow_name.nil?
+
+        case flow_name
+        when 'implicit'
+          :implicit_flow_enabled
+        when 'password'
+          :direct_access_grants_enabled
+        when 'application'
+          :service_accounts_enabled
+        when 'accessCode'
+          :standard_flow_enabled
+        else
+          raise ThreeScaleToolbox::Error, "Unexpected security flow field #{flow_name}"
+        end
+      end
+    end
+  end
+end