helm fixes + rename disabled + MR issues

README.md

@@ -38,7 +38,7 @@ The Kong agents are used to discover, provision access to, and track usages of K
 
 ## Discovery process
 
-On startup the Kong discovery agent first validates that it is able to connect to all required services. Once connected to Kong the agent begins looking at the Plugins configured, more specifically for the ACL. The default option is to require having it. This can be changed from the config by disabling this check. By having it disabled, it is assumed that access is allowed for everyone. Then the agent will determine, from the plugins, which credential types the Kong Gateway has configured and create the Central representation of those types.
+On startup the Kong discovery agent first validates that it is able to connect to all required services. Once connected to Kong the agent begins looking at the Plugins configured, more specifically for the ACL. The default option is to require having it. This can be changed from the config by disabling this check. By having the check disabled, it is assumed that access is allowed for everyone. Then the agent will determine, from the plugins, which credential types the Kong Gateway has configured and create the Central representation of those types.
 
 After that initial startup process the discovery agent begins running its main discovery loop. In this loop the agent first gets a list of all Gateway Services. With each service the agent looks for all configured routes. The agent then looks to gather the specification file, see [Specification discovery methods](#specification-discovery-methods), if found the process continues. Using the route the agent checks for plugins to determine the types of credentials to associate with it. After gathering all of this information the agent creates a new API service with the specification file and linking the appropriate credentials. The endpoints associated to the API service are constructed using the **KONG_PROXY_HOST**, **KONG_PROXY_PORTS_HTTP**, and **KONG_PROXY_PORTS_HTTPS** settings.
 
@@ -69,7 +69,7 @@ All Kong specific environment variables available are listed below
 | Name                                   | Description                                                                                               |
 | -------------------------------------- | --------------------------------------------------------------------------------------------------------- |
 | Discovery Agent Variables              |                                                                                                           |
-| **KONG_ACL_DISABLED**                  | Set to true to disable the check for a globally enabled ACL plugin on Kong. False by default.             |
+| **KONG_ACL_DISABLE**                   | Set to true to disable the check for a globally enabled ACL plugin on Kong. False by default.             |
 | **KONG_ADMIN_URL**                     | The Kong admin API URL that the agent will query against                                                  |
 | **KONG_ADMIN_AUTH_APIKEY_HEADER**      | The API Key header name the agent will use when authenticating                                            |
 | **KONG_ADMIN_AUTH_APIKEY_VALUE**       | The API Key value the agent will use when authenticating                                                  |

build/discovery/kong_discovery_agent.yml

@@ -1,7 +1,7 @@
 # Settings for Kong Discovery Agent
 kong:
   acl:
-    disabled: ${KONG_ACL_DISABLED:""}
+    disable: ${KONG_ACL_DISABLE:""}
   admin:
     url: ${KONG_ADMIN_URL:""}
     auth:
@@ -16,10 +16,10 @@ kong:
     ports:
       http:
         value: ${KONG_PROXY_PORTS_HTTP_VALUE:""}
-        disabled: ${KONG_PROXY_PORTS_HTTP_DISABLED:""}
+        disable: ${KONG_PROXY_PORTS_HTTP_DISABLE:""}
       https:
         value: ${KONG_PROXY_PORTS_HTTPS_VALUE:""}
-        disabled: ${KONG_PROXY_PORTS_HTTPS_DISABLED:""}
+        disable: ${KONG_PROXY_PORTS_HTTPS_DISABLE:""}
     basePath: ${KONG_PROXY_BASEPATH:""}
   spec:
     urlPaths: ${KONG_SPEC_URLPATHS:""}

helm/kong-agents/templates/discovery-deployment.yaml

@@ -68,13 +68,13 @@ spec:
           env:
             - name: KONG_PROXY_HOST
               value: "{{ .Values.kong.proxy.host }}"
-            - name: KONG_ACL_REQUIRED
-              value: "{{ .Values.kong.acl.required }}"
+            - name: KONG_ACL_DISABLE
+              value: "{{ .Values.kong.acl.disable }}"
             - name: KONG_PROXY_BASEPATH
               value: "{{ .Values.kong.proxy.basePath }}"
-            - name: KONG_PROXY_PORTS_HTTP
+            - name: KONG_PROXY_PORTS_HTTP_VALUE
               value: "{{ .Values.kong.proxy.ports.http.value }}"
-            - name: KONG_PROXY_PORTS_HTTPS
+            - name: KONG_PROXY_PORTS_HTTPS_VALUE
               value: "{{ .Values.kong.proxy.ports.https.value }}"
             - name: KONG_PROXY_PORTS_HTTP_DISABLE
               value: "{{ .Values.kong.proxy.ports.http.disable }}"
@@ -122,15 +122,16 @@ spec:
           {{- range $key, $value := . }}
           {{- if and (not (eq (toString $value) ""))
                      (not (eq (toString $key) ""))
-                     (not (has (toString $key) (list "KONG_ADMIN_URL" 
+                     (not (has (toString $key) (list "KONG_ACL_DISABLE"
+                                                     "KONG_ADMIN_URL" 
                                                      "KONG_ADMIN_AUTH_APIKEY_HEADER" 
                                                      "KONG_ADMIN_AUTH_APIKEY_VALUE"
                                                      "KONG_ADMIN_AUTH_BASICAUTH_USERNAME"
                                                      "KONG_ADMIN_AUTH_BASICAUTH_PASSWORD"
                                                      "KONG_PROXY_HOST" 
                                                      "KONG_PROXY_BASEPATH" 
-                                                     "KONG_PROXY_PORTS_HTTP" 
-                                                     "KONG_PROXY_PORTS_HTTPS" 
+                                                     "KONG_PROXY_PORTS_HTTP_VALUE" 
+                                                     "KONG_PROXY_PORTS_HTTPS_VALUE" 
                                                      "KONG_PROXY_PORTS_HTTP_DISABLE" 
                                                      "KONG_PROXY_PORTS_HTTPS_DISABLE" 
                                                      "KONG_SPEC_LOCALPATH"

helm/kong-agents/values.yaml

@@ -22,7 +22,7 @@ statusPort: 8989
 
 kong:
   acl:
-    required: false
+    disable: false
   enable:
     traceability: false
   admin:

pkg/discovery/config/config.go

@@ -21,36 +21,36 @@ type props interface {
 }
 
 const (
-	cfgKongACLDisabled            = "kong.acl.disabled"
-	cfgKongAdminUrl               = "kong.admin.url"
-	cfgKongAdminAPIKey            = "kong.admin.auth.apiKey.value"
-	cfgKongAdminAPIKeyHeader      = "kong.admin.auth.apiKey.header"
-	cfgKongAdminBasicUsername     = "kong.admin.auth.basicauth.username"
-	cfgKongAdminBasicPassword     = "kong.admin.auth.basicauth.password"
-	cfgKongProxyHost              = "kong.proxy.host"
-	cfgKongProxyPortHttp          = "kong.proxy.ports.http.value"
-	cfgKongProxyPortHttpDisabled  = "kong.proxy.ports.http.disabled"
-	cfgKongProxyPortHttps         = "kong.proxy.ports.https.value"
-	cfgKongProxyPortHttpsDisabled = "kong.proxy.ports.https.disabled"
-	cfgKongProxyBasePath          = "kong.proxy.basePath"
-	cfgKongSpecURLPaths           = "kong.spec.urlPaths"
-	cfgKongSpecLocalPath          = "kong.spec.localPath"
-	cfgKongSpecFilter             = "kong.spec.filter"
-	cfgKongSpecDevPortal          = "kong.spec.devPortalEnabled"
+	cfgKongACLDisable            = "kong.acl.disable"
+	cfgKongAdminUrl              = "kong.admin.url"
+	cfgKongAdminAPIKey           = "kong.admin.auth.apiKey.value"
+	cfgKongAdminAPIKeyHeader     = "kong.admin.auth.apiKey.header"
+	cfgKongAdminBasicUsername    = "kong.admin.auth.basicauth.username"
+	cfgKongAdminBasicPassword    = "kong.admin.auth.basicauth.password"
+	cfgKongProxyHost             = "kong.proxy.host"
+	cfgKongProxyPortHttp         = "kong.proxy.ports.http.value"
+	cfgKongProxyPortHttpDisable  = "kong.proxy.ports.http.disable"
+	cfgKongProxyPortHttps        = "kong.proxy.ports.https.value"
+	cfgKongProxyPortHttpsDisable = "kong.proxy.ports.https.disable"
+	cfgKongProxyBasePath         = "kong.proxy.basePath"
+	cfgKongSpecURLPaths          = "kong.spec.urlPaths"
+	cfgKongSpecLocalPath         = "kong.spec.localPath"
+	cfgKongSpecFilter            = "kong.spec.filter"
+	cfgKongSpecDevPortal         = "kong.spec.devPortalEnabled"
 )
 
 func AddKongProperties(rootProps props) {
-	rootProps.AddBoolProperty(cfgKongACLDisabled, false, "Disable the check for a globally enabled ACL plugin on Kong. False by default.")
+	rootProps.AddBoolProperty(cfgKongACLDisable, false, "Disable the check for a globally enabled ACL plugin on Kong. False by default.")
 	rootProps.AddStringProperty(cfgKongAdminUrl, "", "The Admin API url")
 	rootProps.AddStringProperty(cfgKongAdminAPIKey, "", "API Key value to authenticate with Kong Gateway")
 	rootProps.AddStringProperty(cfgKongAdminAPIKeyHeader, "", "API Key header to authenticate with Kong Gateway")
 	rootProps.AddStringProperty(cfgKongAdminBasicUsername, "", "Username for basic auth to authenticate with Kong Admin API")
 	rootProps.AddStringProperty(cfgKongAdminBasicPassword, "", "Password for basic auth to authenticate with Kong Admin API")
 	rootProps.AddStringProperty(cfgKongProxyHost, "", "The Kong proxy endpoint")
 	rootProps.AddIntProperty(cfgKongProxyPortHttp, 80, "The Kong proxy http port")
-	rootProps.AddBoolProperty(cfgKongProxyPortHttpDisabled, false, "Set to true to disable adding an http endpoint to discovered routes")
+	rootProps.AddBoolProperty(cfgKongProxyPortHttpDisable, false, "Set to true to disable adding an http endpoint to discovered routes")
 	rootProps.AddIntProperty(cfgKongProxyPortHttps, 443, "The Kong proxy https port")
-	rootProps.AddBoolProperty(cfgKongProxyPortHttpsDisabled, false, "Set to true to disable adding an https endpoint to discovered routes")
+	rootProps.AddBoolProperty(cfgKongProxyPortHttpsDisable, false, "Set to true to disable adding an https endpoint to discovered routes")
 	rootProps.AddStringProperty(cfgKongProxyBasePath, "", "The base path for the Kong proxy endpoint")
 	rootProps.AddStringSliceProperty(cfgKongSpecURLPaths, []string{}, "URL paths that the agent will look in for spec files")
 	rootProps.AddStringProperty(cfgKongSpecLocalPath, "", "Local paths where the agent will look for spec files")
@@ -97,7 +97,7 @@ type KongPortConfig struct {
 
 type KongPortSettingsConfig struct {
 	Value   int  `config:"value"`
-	Disable bool `config:"disabled"`
+	Disable bool `config:"disable"`
 }
 
 type KongSpecConfig struct {
@@ -108,7 +108,7 @@ type KongSpecConfig struct {
 }
 
 type KongACLConfig struct {
-	Disabled bool `config:"disabled"`
+	Disable bool `config:"disable"`
 }
 
 // KongGatewayConfig - represents the config for gateway
@@ -203,15 +203,15 @@ func invalidCredentialConfig(c *KongGatewayConfig) bool {
 func ParseProperties(rootProps props) *KongGatewayConfig {
 	// Parse the config from bound properties and setup gateway config
 	httpPortConf := KongPortSettingsConfig{
-		Disable: rootProps.BoolPropertyValue(cfgKongProxyPortHttpDisabled),
+		Disable: rootProps.BoolPropertyValue(cfgKongProxyPortHttpDisable),
 		Value:   rootProps.IntPropertyValue(cfgKongProxyPortHttp),
 	}
 	if httpPortConf.Disable {
 		httpPortConf.Value = 0
 	}
 
 	httpsPortConf := KongPortSettingsConfig{
-		Disable: rootProps.BoolPropertyValue(cfgKongProxyPortHttpsDisabled),
+		Disable: rootProps.BoolPropertyValue(cfgKongProxyPortHttpsDisable),
 		Value:   rootProps.IntPropertyValue(cfgKongProxyPortHttps),
 	}
 	if httpsPortConf.Disable {
@@ -220,7 +220,7 @@ func ParseProperties(rootProps props) *KongGatewayConfig {
 
 	return &KongGatewayConfig{
 		ACL: KongACLConfig{
-			Disabled: rootProps.BoolPropertyValue(cfgKongACLDisabled),
+			Disable: rootProps.BoolPropertyValue(cfgKongACLDisable),
 		},
 		Admin: KongAdminConfig{
 			Url: rootProps.StringPropertyValue(cfgKongAdminUrl),

pkg/discovery/config/config_test.go

@@ -120,17 +120,17 @@ func TestKongProperties(t *testing.T) {
 
 	// validate add props
 	AddKongProperties(newProps)
-	assert.Contains(t, newProps.props, cfgKongACLDisabled)
+	assert.Contains(t, newProps.props, cfgKongACLDisable)
 	assert.Contains(t, newProps.props, cfgKongAdminUrl)
 	assert.Contains(t, newProps.props, cfgKongAdminAPIKey)
 	assert.Contains(t, newProps.props, cfgKongAdminAPIKeyHeader)
 	assert.Contains(t, newProps.props, cfgKongAdminBasicUsername)
 	assert.Contains(t, newProps.props, cfgKongAdminBasicPassword)
 	assert.Contains(t, newProps.props, cfgKongProxyHost)
 	assert.Contains(t, newProps.props, cfgKongProxyPortHttp)
-	assert.Contains(t, newProps.props, cfgKongProxyPortHttpDisabled)
+	assert.Contains(t, newProps.props, cfgKongProxyPortHttpDisable)
 	assert.Contains(t, newProps.props, cfgKongProxyPortHttps)
-	assert.Contains(t, newProps.props, cfgKongProxyPortHttpsDisabled)
+	assert.Contains(t, newProps.props, cfgKongProxyPortHttpsDisable)
 	assert.Contains(t, newProps.props, cfgKongProxyBasePath)
 	assert.Contains(t, newProps.props, cfgKongSpecURLPaths)
 	assert.Contains(t, newProps.props, cfgKongSpecLocalPath)
@@ -139,7 +139,7 @@ func TestKongProperties(t *testing.T) {
 
 	// validate defaults
 	cfg := ParseProperties(newProps)
-	assert.Equal(t, false, cfg.ACL.Disabled)
+	assert.Equal(t, false, cfg.ACL.Disable)
 	assert.Equal(t, "", cfg.Admin.Url)
 	assert.Equal(t, "", cfg.Admin.Auth.APIKey.Value)
 	assert.Equal(t, "", cfg.Admin.Auth.APIKey.Header)
@@ -157,7 +157,7 @@ func TestKongProperties(t *testing.T) {
 	assert.Equal(t, false, cfg.Spec.DevPortalEnabled)
 
 	// validate changed values
-	newProps.props[cfgKongACLDisabled] = propData{"bool", "", true}
+	newProps.props[cfgKongACLDisable] = propData{"bool", "", true}
 	newProps.props[cfgKongAdminUrl] = propData{"string", "", "http://host:port/path"}
 	newProps.props[cfgKongAdminAPIKey] = propData{"string", "", "apikey"}
 	newProps.props[cfgKongAdminAPIKeyHeader] = propData{"string", "", "header"}
@@ -172,7 +172,7 @@ func TestKongProperties(t *testing.T) {
 	newProps.props[cfgKongSpecFilter] = propData{"string", "", "tag_filter"}
 	newProps.props[cfgKongSpecDevPortal] = propData{"bool", "", true}
 	cfg = ParseProperties(newProps)
-	assert.Equal(t, true, cfg.ACL.Disabled)
+	assert.Equal(t, true, cfg.ACL.Disable)
 	assert.Equal(t, "http://host:port/path", cfg.Admin.Url)
 	assert.Equal(t, "apikey", cfg.Admin.Auth.APIKey.Value)
 	assert.Equal(t, "header", cfg.Admin.Auth.APIKey.Header)
@@ -190,8 +190,8 @@ func TestKongProperties(t *testing.T) {
 	assert.Equal(t, true, cfg.Spec.DevPortalEnabled)
 
 	// validate no port configured when port type disabled
-	newProps.props[cfgKongProxyPortHttpDisabled] = propData{"bool", "", true}
-	newProps.props[cfgKongProxyPortHttpsDisabled] = propData{"bool", "", true}
+	newProps.props[cfgKongProxyPortHttpDisable] = propData{"bool", "", true}
+	newProps.props[cfgKongProxyPortHttpsDisable] = propData{"bool", "", true}
 	cfg = ParseProperties(newProps)
 	assert.Equal(t, 0, cfg.Proxy.Ports.HTTP.Value)
 	assert.Equal(t, 0, cfg.Proxy.Ports.HTTPS.Value)

pkg/discovery/gateway/client.go

@@ -49,15 +49,15 @@ func NewClient(agentConfig config.AgentConfig) (*Client, error) {
 		return nil, err
 	}
 
-	if err = hasGlobalACLEnabledInPlugins(logger, plugins, agentConfig.KongGatewayCfg.ACL.Disabled); err != nil {
+	if err = hasGlobalACLEnabledInPlugins(logger, plugins, agentConfig.KongGatewayCfg.ACL.Disable); err != nil {
 		logger.WithError(err).Error("ACL Plugin configured as required, but none found in Kong plugins.")
 		return nil, err
 	}
 
 	provisionLogger := log.NewFieldLogger().WithComponent("provision").WithPackage("kong")
 	opts := []subscription.ProvisionerOption{}
-	if agentConfig.KongGatewayCfg.ACL.Disabled {
-		opts = append(opts, subscription.WithACLDisabled())
+	if agentConfig.KongGatewayCfg.ACL.Disable {
+		opts = append(opts, subscription.WithACLDisable())
 	}
 	subscription.NewProvisioner(kongClient, provisionLogger, opts...)
 
@@ -69,7 +69,6 @@ func NewClient(agentConfig config.AgentConfig) (*Client, error) {
 		cache:          daCache,
 		mode:           common.Marketplace,
 		filter:         discoveryFilter,
-		aclDisabled:    fmt.Sprint(agentConfig.KongGatewayCfg.ACL.Disabled),
 	}, nil
 }
 
@@ -81,9 +80,9 @@ func pluginIsGlobal(p *klib.Plugin) bool {
 }
 
 // Returns no error in case a global ACL plugin which is enabled is found
-func hasGlobalACLEnabledInPlugins(logger log.FieldLogger, plugins []*klib.Plugin, aclDisabled bool) error {
-	if aclDisabled {
-		logger.Warn("ACL Plugin disabled. Assuming global access is allowed for all services.")
+func hasGlobalACLEnabledInPlugins(logger log.FieldLogger, plugins []*klib.Plugin, aclDisable bool) error {
+	if aclDisable {
+		logger.Warn("ACL Plugin check disabled. Assuming global access is allowed for all services.")
 		return nil
 	}
 	for _, plugin := range plugins {

pkg/discovery/gateway/definitions.go

@@ -20,7 +20,6 @@ type Client struct {
 	cache          cache.Cache
 	mode           string
 	filter         filter.Filter
-	aclDisabled    string
 }
 
 type KongAPI struct {

pkg/discovery/subscription/access/access.go

@@ -29,30 +29,30 @@ type accessRequest interface {
 }
 
 type AccessProvisioner struct {
-	ctx         context.Context
-	logger      log.FieldLogger
-	client      accessClient
-	quota       provisioning.Quota
-	routeID     string
-	appID       string
-	aclDisabled bool
+	ctx        context.Context
+	logger     log.FieldLogger
+	client     accessClient
+	quota      provisioning.Quota
+	routeID    string
+	appID      string
+	aclDisable bool
 }
 
-func NewAccessProvisioner(ctx context.Context, client accessClient, request accessRequest, aclDisabled bool) AccessProvisioner {
+func NewAccessProvisioner(ctx context.Context, client accessClient, request accessRequest, aclDisable bool) AccessProvisioner {
 	instDetails := request.GetInstanceDetails()
 	routeID := sdkUtil.ToString(instDetails[common.AttrRouteID])
 	logger := log.NewFieldLogger().
 		WithComponent("AccessProvisioner").
 		WithPackage("access")
 
 	a := AccessProvisioner{
-		ctx:         context.Background(),
-		logger:      logger,
-		client:      client,
-		quota:       request.GetQuota(),
-		routeID:     routeID,
-		appID:       request.GetApplicationDetailsValue(common.AttrAppID),
-		aclDisabled: aclDisabled,
+		ctx:        context.Background(),
+		logger:     logger,
+		client:     client,
+		quota:      request.GetQuota(),
+		routeID:    routeID,
+		appID:      request.GetApplicationDetailsValue(common.AttrAppID),
+		aclDisable: aclDisable,
 	}
 
 	if a.routeID != "" {
@@ -78,8 +78,8 @@ func (a AccessProvisioner) Provision() (provisioning.RequestStatus, provisioning
 		return rs.SetMessage("route ID not found").Failed(), nil
 	}
 
-	if a.aclDisabled {
-		a.logger.Info("ACL plugin is disabled or not existing for current spec. Skipping access request provisioning")
+	if a.aclDisable {
+		a.logger.Info("ACL plugin check is disabled or not existing for current spec. Skipping access request provisioning")
 		return rs.Success(), nil
 	}
 
@@ -125,8 +125,8 @@ func (a AccessProvisioner) Deprovision() provisioning.RequestStatus {
 		return rs.SetMessage("route ID not found").Failed()
 	}
 
-	if a.aclDisabled {
-		a.logger.Info("ACL plugin is disabled or not existing for current spec. Skipping access request deprovisioning")
+	if a.aclDisable {
+		a.logger.Info("ACL plugin check is disabled or not existing for current spec. Skipping access request deprovisioning")
 		return rs.Success()
 	}