wso2 · Tharsanan1 · Dec 20, 2024 · Dec 20, 2024
@@ -1,5 +1,5 @@
 # --------------------------------------------------------------------
-# Copyright (c) 2024, WSO2 LLC. (http://wso2.com) All Rights Reserved.
+# Copyright (c) 2022, WSO2 LLC. (http://wso2.com) All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,101 +14,43 @@
 # limitations under the License.
 # -----------------------------------------------------------------------
 
-FROM ubuntu:24.10
-
-ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
-
-# Upgrade Ubuntu Dependencies
-RUN apt-get update \
-    && apt-get upgrade -y
-
-# install JDK Dependencies
-RUN apt-get update \
-    && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata curl wget ca-certificates fontconfig locales \
-    && echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen \
-    && locale-gen en_US.UTF-8 \
-    && rm -rf /var/lib/apt/lists/*
-
-ENV JAVA_VERSION jdk-17.0.8.1+1
-
-RUN set -eux; \
-    ARCH="$(dpkg --print-architecture)"; \
-    case "${ARCH}" in \
-        amd64|i386:x86-64) \
-             ESUM='ab68857594792474a3049ede09ea1178e42df29803a6a41be771794f571b2d4e'; \
-             BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.8.1%2B1/OpenJDK17U-jre_x64_linux_hotspot_17.0.8.1_1.tar.gz'; \
-            ;; \
-        aarch64|arm64) \
-             ESUM='0a1c5c9ee9d20832c87bd1e99a4c4a96947b59bb35c72683fe895d705f202737'; \
-             BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.8.1%2B1/OpenJDK17U-jre_aarch64_linux_hotspot_17.0.8.1_1.tar.gz'; \
-            ;; \
-        *) \
-            echo "Unsupported arch: ${ARCH}"; \
-            exit 1; \
-            ;; \
-    esac; \
-    curl -LfsSo /tmp/openjdk.tar.gz ${BINARY_URL}; \
-    echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \
-    mkdir -p /opt/java/openjdk; \
-    cd /opt/java/openjdk; \
-    tar -xf /tmp/openjdk.tar.gz --strip-components=1; \
-    rm -rf /tmp/openjdk.tar.gz;
-
-ENV JAVA_HOME=/opt/java/openjdk \
-    PATH="/opt/java/openjdk/bin:$PATH"
-
+FROM alpine:3.20.3
 LABEL maintainer="WSO2 Docker Maintainers <wso2.com>"
 
+RUN apk update && apk upgrade --no-cache \
+    && apk add  --no-cache tzdata && apk upgrade libssl3 libcrypto3
+
 ENV LANG=C.UTF-8
 
 ARG APK_USER=wso2
 ARG APK_USER_ID=10001
+ARG CHECKSUM_AMD64="3ddaf85583613c97693e9b8aaa251dac07e73e366e159a7ccadbcf553117fcef"
+ARG CHECKSUM_ARM64="5e17ff4c055f075b58a1cd7ec37843d989cd0072340222a4fd0730773382027e"
 ARG APK_USER_GROUP=wso2
 ARG APK_USER_GROUP_ID=10001
 ARG APK_USER_HOME=/home/${APK_USER}
 ARG GRPC_HEALTH_PROBE_PATH=/bin/grpc_health_probe
 ARG TARGETARCH
-ARG APK_VERSION=1.0-SNAPSHOT
-ENV VERSION=${APK_VERSION}
-ENV JAVA_OPTS=""
-ENV ENFORCER_HOME=${APK_USER_HOME}
-ARG CHECKSUM_AMD64="3ddaf85583613c97693e9b8aaa251dac07e73e366e159a7ccadbcf553117fcef"
-ARG CHECKSUM_ARM64="5e17ff4c055f075b58a1cd7ec37843d989cd0072340222a4fd0730773382027e"
-ENV ENFORCER_PRIVATE_KEY_PATH=/home/wso2/security/keystore/mg.key
-ENV ENFORCER_PUBLIC_CERT_PATH=/home/wso2/security/keystore/mg.pem
-ENV TRUSTED_CA_CERTS_PATH=/home/wso2/security/truststore
-ENV ADAPTER_HOST_NAME=adapter
-ENV ADAPTER_HOST=adapter
-ENV ADAPTER_XDS_PORT=18000
-ENV COMMON_CONTROLLER_HOST_NAME=common-controller
-ENV COMMON_CONTROLLER_HOST=common-controller
-ENV COMMON_CONTROLLER_XDS_PORT=18002
-ENV ENFORCER_LABEL="default"
-ENV XDS_MAX_MSG_SIZE=4194304
-ENV XDS_MAX_RETRIES=3
-#todo update the connection string
-ENV APPLICATIONINSIGHTS_CONNECTION_STRING=InstrumentationKey=;IngestionEndpoint=https://westus2-2.in.applicationinsights.azure.com/
 
 ARG MOTD="\n\
  Welcome to WSO2 Docker Resources \n\
  --------------------------------- \n\
- This Docker container comprises of a WSO2 product, which is under the Apache License, Version 2.0. \n\
+ This Docker container comprises of a WSO2 product, running with its latest GA release \n\
+ which is under the Apache License, Version 2.0. \n\
  Read more about Apache License, Version 2.0 here @ http://www.apache.org/licenses/LICENSE-2.0.\n"
 
 RUN \
-    apt-get update && apt-get dist-upgrade -y && apt-get autoclean -y && apt-get autoremove -y
-RUN \
-    groupadd --system -g ${APK_USER_GROUP_ID} ${APK_USER_GROUP} \
-    && useradd --system --create-home --home-dir ${APK_USER_HOME} --no-log-init -g ${APK_USER_GROUP} -u ${APK_USER_ID} ${APK_USER} \
-    && mkdir ${APK_USER_HOME}/logs && mkdir -p ${APK_USER_HOME}/lib/dropins \
+    addgroup -S -g ${APK_USER_GROUP_ID} ${APK_USER_GROUP} \
+    && adduser -S -u ${APK_USER_ID} -h ${APK_USER_HOME} -G ${APK_USER_GROUP} ${APK_USER} \
+    && mkdir ${APK_USER_HOME}/logs && mkdir -p ${APK_USER_HOME}/artifacts/apis \
     && chown -R ${APK_USER}:${APK_USER_GROUP} ${APK_USER_HOME} \
     && echo '[ ! -z "${TERM}" -a -r /etc/motd ] && cat /etc/motd' >> /etc/bash.bashrc; echo "${MOTD}" > /etc/motd
 
 RUN \
     wget -q https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/v0.4.34/grpc_health_probe-linux-${TARGETARCH} \
-    && mv grpc_health_probe-linux-${TARGETARCH} ${GRPC_HEALTH_PROBE_PATH}\
+    && mv grpc_health_probe-linux-${TARGETARCH} ${GRPC_HEALTH_PROBE_PATH} \
     && if [ "${TARGETARCH}" = "amd64" ]; then echo "${CHECKSUM_AMD64}  ${GRPC_HEALTH_PROBE_PATH}" | sha256sum -c -; fi
-
+    
 RUN \
     chmod +x ${GRPC_HEALTH_PROBE_PATH} \
     && chown ${APK_USER}:${APK_USER_GROUP} ${GRPC_HEALTH_PROBE_PATH} \
@@ -118,13 +60,9 @@ RUN \
 WORKDIR ${APK_USER_HOME}
 USER ${APK_USER_ID}
 
-COPY resources/lib lib/
-COPY resources/conf/log4j2.properties conf/log4j2.properties
-COPY resources/security security
+COPY resources/conf/config.toml conf/
 COPY resources/check_health.sh .
+COPY resources/conf/log_config.toml conf/
+COPY ./${TARGETARCH}/main enforcer
 
-#todo add applicationinsights.json file and point it to the appInsightsAgent jar
-#Add the agent using JVM arg -javaagent:/home/wso2/conf/applicationinsights-agent-3.1.1.jar
-#Add the config file using System property -Dapplicationinsights.configuration.file=/home/wso2/conf/applicationinsights.json
-
-CMD java -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="${ENFORCER_HOME}/logs/heap-dump.hprof" $JAVA_OPTS -Dlog4j.configurationFile="${ENFORCER_HOME}/conf/log4j2.properties" -DtracingEnabled="true" -cp "lib/*:lib/dropins/*" org.wso2.apk.enforcer.server.AuthServer
+CMD ./enforcer
@@ -1,53 +1,61 @@
 /*
- * Copyright (c) 2022, WSO2 LLC. (https://www.wso2.com) All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
+ * Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com) All Rights Reserved.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License"); 
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- *
+ * 
  * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
+ * 
+ * Unless required by applicable law or agreed to in writing, software 
+ * distributed under the License is distributed on an "AS IS" BASIS, 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+ * See the License for the specific language governing permissions and 
  * limitations under the License.
  *
  */
 
 plugins {
     id 'net.researchgate.release' version '2.8.0'
 }
+
 apply from: "$rootDir/../../common-gradle-scripts/docker.gradle"
-repositories {
-    mavenCentral()
-}
+apply from: "$rootDir/../../common-gradle-scripts/go.gradle"
 
 release {
     tagTemplate = 'enforcer-$version'
 
     git {
         requireBranch = project.hasProperty('releaseBranch') ? project.releaseBranch : 'main'
-
         pushToRemote= "origin"
     }
 }
 
-task build{
-    dependsOn("resources:build")
-    finalizedBy docker_build
-}
-
 allprojects {
     group = project.group
     version = project.version
 }
 
-subprojects {
-    apply from: "$rootDir/../../common-gradle-scripts/java.gradle"
-    afterReleaseBuild.dependsOn publish
+tasks.register('go_test', Exec) {
+    group 'go'
+    description 'Automates testing the packages named by the import paths.'
+}
+
+tasks.named('go_revive_run').configure { 
+    finalizedBy go_tidy
+    // finalizedBy go_test
+}
+
+tasks.named('go_build').configure {
+    dependsOn go_revive_run
+    dependsOn go_vet
+    println("Running go build")
+    finalizedBy docker_build
 }
 
-tasks.named("afterReleaseBuild").configure {
-    dependsOn "docker_push"
+task build{
+    dependsOn go_build
+    dependsOn docker_build
 }
+
+afterReleaseBuild.dependsOn "docker_push"
@@ -4,19 +4,20 @@ go 1.23.2
 
 require (
 	github.com/envoyproxy/gateway v1.2.3
+	github.com/envoyproxy/go-control-plane v0.13.1
 	github.com/go-logr/logr v1.4.2
 	github.com/go-logr/zapr v1.3.0
 	github.com/kelseyhightower/envconfig v1.4.0
 	github.com/stretchr/testify v1.10.0
-	github.com/wso2/apk/adapter v0.0.0-00010101000000-000000000000
+	github.com/wso2/apk/adapter v0.0.0-20231207051518-6dd728943082
+	github.com/wso2/apk/common-go-libs v0.0.0-20241016075419-fc842057860d
 	go.uber.org/zap v1.27.0
 	google.golang.org/grpc v1.67.1
 )
 
 require (
 	github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/envoyproxy/go-control-plane v0.13.1 // indirect
 	github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
 	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
@@ -61,3 +62,5 @@ require (
 replace github.com/wso2/apk/gateway/enforcer => ../enforcer
 
 replace github.com/wso2/apk/adapter => ../../adapter
+
+replace github.com/wso2/apk/common-go-libs => ../../common-go-libs
@@ -16,5 +16,6 @@
 
 group=org.wso2.apk
 version=1.2.0-SNAPSHOT
+file=cmd/main.go
 docker_image_name=apk-enforcer
 
@@ -8,6 +8,7 @@ import (
 	"github.com/wso2/apk/gateway/enforcer/internal/logging"
 )
 
+// Server holds the configuration parameters for the application.
 type Server struct {
 	TrustedAdapterCertsPath     string `envconfig:"TRUSTED_CA_CERTS_PATH" default:"/home/wso2/security/truststore"`
 	TrustDefaultCerts           string `envconfig:"TRUST_DEFAULT_CERTS" default:"true"`
@@ -25,22 +26,22 @@ type Server struct {
 	CommonControllerXdsPort     string `envconfig:"COMMON_CONTROLLER_XDS_PORT" default:"18002"`
 	CommonControllerRestPort    string `envconfig:"COMMON_CONTROLLER_REST_PORT" default:"18003"`
 	XdsMaxMsgSize               int    `envconfig:"XDS_MAX_MSG_SIZE" default:"4194304"`
-	EnforcerRegionId            string `envconfig:"ENFORCER_REGION" default:"UNKNOWN"`
-	XdsMaxRetries               int    `envconfig:"XDS_MAX_RETRIES" default:"3"`     // Change to integer as needed
+	EnforcerRegionID            string `envconfig:"ENFORCER_REGION" default:"UNKNOWN"`
+	XdsMaxRetries               int    `envconfig:"XDS_MAX_RETRIES" default:"3"`
 	XdsRetryPeriod              int    `envconfig:"XDS_RETRY_PERIOD" default:"5000"` // milliseconds
 	InstanceIdentifier          string `envconfig:"HOSTNAME" default:"Unassigned"`
 	RedisUsername               string `envconfig:"REDIS_USERNAME" default:""`
 	RedisPassword               string `envconfig:"REDIS_PASSWORD" default:""`
 	RedisHost                   string `envconfig:"REDIS_HOST" default:"redis-master"`
 	RedisPort                   int    `envconfig:"REDIS_PORT" default:"6379"`
-	IsRedisTlsEnabled           bool   `envconfig:"IS_REDIS_TLS_ENABLED" default:"false"`
+	IsRedisTLSEnabled           bool   `envconfig:"IS_REDIS_TLS_ENABLED" default:"false"`
 	RevokedTokensRedisChannel   string `envconfig:"REDIS_REVOKED_TOKENS_CHANNEL" default:"wso2-apk-revoked-tokens-channel"`
 	RedisKeyFile                string `envconfig:"REDIS_KEY_FILE" default:"/home/wso2/security/redis/redis.key"`
 	RedisCertFile               string `envconfig:"REDIS_CERT_FILE" default:"/home/wso2/security/redis/redis.crt"`
 	RedisCaCertFile             string `envconfig:"REDIS_CA_CERT_FILE" default:"/home/wso2/security/redis/ca.crt"`
 	RevokedTokenCleanupInterval int    `envconfig:"REVOKED_TOKEN_CLEANUP_INTERVAL" default:"3600"` // seconds
 	ChoreoAnalyticsAuthToken    string `envconfig:"CHOREO_ANALYTICS_AUTH_TOKEN" default:""`
-	ChoreoAnalyticsAuthUrl      string `envconfig:"CHOREO_ANALYTICS_AUTH_URL" default:""`
+	ChoreoAnalyticsAuthURL      string `envconfig:"CHOREO_ANALYTICS_AUTH_URL" default:""`
 	MoesifToken                 string `envconfig:"MOESIF_TOKEN" default:""`
 	LogLevel                    string `envconfig:"LOG_LEVEL" default:"INFO"`
 	ExternalProcessingPort      string `envconfig:"EXTERNAL_PROCESSING_PORT" default:"8080"`
@@ -53,7 +54,7 @@ var (
 	settingInstance *Server
 )
 
-// GetSettings initializes and returns a singleton instance of the Settings struct.
+// GetConfig initializes and returns a singleton instance of the Settings struct.
 // It uses sync.Once to ensure that the initialization logic is executed only once,
 // making it safe for concurrent use. If there is an error during the initialization,
 // the function will panic.

@@ -1,4 +1,4 @@
-package ext_proc
+package extproc
 
 import (
 	"io"
@@ -12,10 +12,21 @@ import (
 	"google.golang.org/grpc/status"
 )
 
+// ExternalProcessingServer represents a server for handling external processing requests.
+// It contains a logger for logging purposes.
 type ExternalProcessingServer struct {
 	log logging.Logger
 }
 
+// StartExternalProcessingServer initializes and starts the external processing server.
+// It creates a gRPC server using the provided configuration and registers the external
+// processor server with it.
+//
+// Parameters:
+//   - cfg: A pointer to the Server configuration which includes paths to the enforcer's
+//          public and private keys, and a logger instance.
+//
+// If there is an error during the creation of the gRPC server, the function will panic.
 func StartExternalProcessingServer(cfg *config.Server) {
 	server, err := util.CreateGRPCServer(cfg.EnforcerPublicKeyPath, cfg.EnforcerPrivateKeyPath)
 	if err != nil {
@@ -24,6 +35,24 @@ func StartExternalProcessingServer(cfg *config.Server) {
 	envoy_service_proc_v3.RegisterExternalProcessorServer(server, &ExternalProcessingServer{cfg.Logger})
 }
 
+// Process handles the external processing server stream. It continuously receives
+// requests from the stream, processes them, and sends back appropriate responses.
+// The function supports different types of processing requests including request headers,
+// response headers, request body, and response body.
+//
+// Parameters:
+// - srv: The stream server for processing external requests.
+//
+// Returns:
+// - error: Returns an error if the context is done or if there is an issue receiving or sending the stream request.
+//
+// The function processes the following request types:
+// - envoy_service_proc_v3.ProcessingRequest_RequestHeaders: Logs and processes request headers.
+// - envoy_service_proc_v3.ProcessingRequest_ResponseHeaders: Logs and processes response headers.
+// - envoy_service_proc_v3.ProcessingRequest_RequestBody: Logs and processes request body.
+// - envoy_service_proc_v3.ProcessingRequest_ResponseBody: Logs and processes response body.
+//
+// If an unknown request type is received, it logs the unknown request type.
 func (s *ExternalProcessingServer) Process(srv envoy_service_proc_v3.ExternalProcessor_ProcessServer) error {
 	ctx := srv.Context()
 	for {