[TT-11909]: Added Session Lifetime to OAS (#6835)

### **User description** <details open> <summary><a href="https://tyktech.atlassian.net/browse/TT-11909" title="TT-11909" target="_blank">TT-11909</a></summary> <br /> <table> <tr> <th>Summary</th> <td>[OAS] Session lifetime </td> </tr> <tr> <th>Type</th> <td> <img alt="Story" src="https://tyktech.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10315?size=medium" /> Story </td> </tr> <tr> <th>Status</th> <td>In Dev</td> </tr> <tr> <th>Points</th> <td>N/A</td> </tr> <tr> <th>Labels</th> <td>-</td> </tr> </table> </details>  ---  ## Description  [TT-1909](https://tyktech.atlassian.net/browse/TT-11909) ## Related Issue     ## Motivation and Context  ## How This Has Been Tested     ## Screenshots (if appropriate) ## Types of changes  - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] Refactoring or add test (improvements in base code or adds test coverage to functionality) ## Checklist    - [ ] I ensured that the documentation is up to date - [ ] I explained why this PR updates go.mod in detail with reasoning why it's required - [ ] I would like a code coverage CI quality gate exception and have explained why [TT-1909]: https://tyktech.atlassian.net/browse/TT-1909?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ ___ ### **PR Type** Enhancement, Tests ___ ### **Description** - Added `session_lifetime_disabled` field to API definition. - Introduced `KeyRetentionPeriod` struct for token TTL management. - Updated OpenAPI schema to include `keyRetentionPeriod`. - Enhanced migration and linter tests to cover new fields. ___ ### **Changes walkthrough** 📝 <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Enhancement</strong></td><td><table> <tr> <td> <details> <summary><strong>api_definitions.go</strong><dd><code>Introduced `session_lifetime_disabled` field</code>                          </dd></summary> <hr> apidef/api_definitions.go <li>Added <code>session_lifetime_disabled</code> field to API definition.<br> <li> Enhanced session lifetime management capabilities. </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6835/files#diff-9961ccc89a48d32db5b47ba3006315ef52f6e5007fb4b09f8c5d6d299c669d67">+1/-0</a>      </td> </tr> <tr> <td> <details> <summary><strong>migration.go</strong><dd><code>Updated migration logic for session lifetime</code>                          </dd></summary> <hr> apidef/migration.go - Set `SessionLifetimeDisabled` flag in migration logic. </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6835/files#diff-e1d9b55a26f9d6225d56d6f0161959217308e5ad4d6934e7d7df4595d9c2a130">+1/-0</a>      </td> </tr> <tr> <td> <details> <summary><strong>authentication.go</strong><dd><code>Introduced `KeyRetentionPeriod` for token TTL</code>                        </dd></summary> <hr> apidef/oas/authentication.go <li>Added <code>KeyRetentionPeriod</code> struct for token TTL management.<br> <li> Implemented <code>Fill</code> and <code>ExtractTo</code> methods for <code>KeyRetentionPeriod</code>. </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6835/files#diff-e51c9d24d4235e7cc53048cc1d92967d177585ba5e073f14876308a97bef6326">+35/-0</a>    </td> </tr> <tr> <td> <details> <summary><strong>x-tyk-api-gateway.json</strong><dd><code>Updated OpenAPI schema for `keyRetentionPeriod`</code>                    </dd></summary> <hr> apidef/oas/schema/x-tyk-api-gateway.json <li>Extended OpenAPI schema with <code>keyRetentionPeriod</code> definition.<br> <li> Defined properties and validation for <code>keyRetentionPeriod</code>. </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6835/files#diff-78828969c0c04cc1a776dfc93a8bad3c499a8c83e6169f83e96d090bed3e7dd0">+16/-0</a>    </td> </tr> <tr> <td> <details> <summary><strong>schema.json</strong><dd><code>Updated schema with `session_lifetime_disabled`</code>                    </dd></summary> <hr> apidef/schema.json - Added `session_lifetime_disabled` field to schema. </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6835/files#diff-32c8b876e77d1639afb2d20c37b74ed9e149b72cc7de429def13d3d454e075f3">+3/-0</a>      </td> </tr> </table></td></tr><tr><td><strong>Tests</strong></td><td><table> <tr> <td> <details> <summary><strong>migration_test.go</strong><dd><code>Enhanced migration tests for session lifetime</code>                        </dd></summary> <hr> apidef/migration_test.go - Added test coverage for `SessionLifetimeDisabled` flag. </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6835/files#diff-d79d77f814074b9e483554e36687e22fda759045141c3b094b039428744ff94c">+1/-0</a>      </td> </tr> <tr> <td> <details> <summary><strong>linter_test.go</strong><dd><code>Added linter test for `KeyRetentionPeriod`</code>                              </dd></summary> <hr> apidef/oas/linter_test.go - Updated linter tests to include `KeyRetentionPeriod`. </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6835/files#diff-b92239afd81e77a829fe7fe8410044dfd4dfda525d17dbf5f8811714a9c986d3">+1/-0</a>      </td> </tr> </table></td></tr></tr></tbody></table> ___ > 💡 **PR-Agent usage**: Comment `/help "your question"` on any pull request to receive relevant information --------- Co-authored-by: Tit Petric <[email protected]>
TykTechnologies · Jan 17, 2025 · 4070fe0 · 4070fe0
1 parent 155e11b
commit 4070fe0
Show file tree

Hide file tree

Showing 8 changed files with 87 additions and 1 deletion.
diff --git a/apidef/api_definitions.go b/apidef/api_definitions.go
@@ -738,6 +738,7 @@ type APIDefinition struct {
 	CacheOptions                         CacheOptions           `bson:"cache_options" json:"cache_options"`
 	SessionLifetimeRespectsKeyExpiration bool                   `bson:"session_lifetime_respects_key_expiration" json:"session_lifetime_respects_key_expiration,omitempty"`
 	SessionLifetime                      int64                  `bson:"session_lifetime" json:"session_lifetime"`
+	SessionLifetimeDisabled              bool                   `bson:"session_lifetime_disabled" json:"session_lifetime_disabled"`
 	Active                               bool                   `bson:"active" json:"active"`
 	Internal                             bool                   `bson:"internal" json:"internal"`
 	AuthProvider                         AuthProviderMeta       `bson:"auth_provider" json:"auth_provider"`

diff --git a/apidef/migration.go b/apidef/migration.go
@@ -439,6 +439,7 @@ func (a *APIDefinition) SetDisabledFlags() {
 	a.Proxy.ServiceDiscovery.CacheDisabled = true
 	a.UptimeTests.Config.ServiceDiscovery.CacheDisabled = true
 	a.DisableExpireAnalytics = true
+	a.SessionLifetimeDisabled = true
 
 	for i := 0; i < len(a.CustomMiddleware.Pre); i++ {
 		a.CustomMiddleware.Pre[i].Disabled = true

diff --git a/apidef/migration_test.go b/apidef/migration_test.go
@@ -677,6 +677,7 @@ func TestSetDisabledFlags(t *testing.T) {
 		DomainDisabled:                 true,
 		CustomMiddlewareBundleDisabled: true,
 		ConfigDataDisabled:             true,
+		SessionLifetimeDisabled:        true,
 		Proxy: ProxyConfig{
 			ServiceDiscovery: ServiceDiscoveryConfiguration{
 				CacheDisabled: true,

diff --git a/apidef/oas/authentication.go b/apidef/oas/authentication.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"reflect"
 	"sort"
+	"time"
 
 	"github.com/getkin/kin-openapi/openapi3"
 	"github.com/mitchellh/mapstructure"
@@ -57,6 +58,45 @@ type Authentication struct {
 
 	// SecuritySchemes contains security schemes definitions.
 	SecuritySchemes SecuritySchemes `bson:"securitySchemes,omitempty" json:"securitySchemes,omitempty"`
+
+	// KeyRetentionPeriod contains configuration for key retention.
+	KeyRetentionPeriod *KeyRetentionPeriod `bson:"keyRetentionPeriod,omitempty" json:"keyRetentionPeriod,omitempty"`
+}
+
+// KeyRetentionPeriod contains configuration for key retention.
+type KeyRetentionPeriod struct {
+	// Enabled enables Key retention for the API
+	//
+	// Tyk classic API definition: `disable_expire_analytics`.
+	Enabled bool `bson:"enabled,omitempty" json:"enabled,omitempty"`
+	// Value configures the expiry interval for a Key.
+	// The value is a string that specifies the interval in a compact form,
+	// where hours, minutes and seconds are denoted by 'h', 'm' and 's' respectively.
+	// Multiple units can be combined to represent the duration.
+	//
+	// Examples of valid shorthand notations:
+	// - "1h"   : one hour
+	// - "20m"  : twenty minutes
+	// - "30s"  : thirty seconds
+	// - "1m29s": one minute and twenty-nine seconds
+	// - "1h30m" : one hour and thirty minutes
+	//
+	// An empty value is interpreted as "0s"
+	//
+	// Tyk classic API definition: `expire_analytics_after`.
+	Value ReadableDuration `bson:"value" json:"value"`
+}
+
+// Fill fills *KeyRetentionPeriod from apidef.APIDefinition.
+func (k *KeyRetentionPeriod) Fill(api apidef.APIDefinition) {
+	k.Enabled = !api.SessionLifetimeDisabled
+	k.Value = ReadableDuration(time.Duration(api.ExpireAnalyticsAfter) * time.Second)
+}
+
+// ExtractTo extracts *Authentication into *apidef.APIDefinition.
+func (k *KeyRetentionPeriod) ExtractTo(api *apidef.APIDefinition) {
+	api.SessionLifetimeDisabled = !k.Enabled
+	api.SessionLifetime = int64(k.Value.Seconds())
 }
 
 // Fill fills *Authentication from apidef.APIDefinition.
@@ -75,6 +115,14 @@ func (a *Authentication) Fill(api apidef.APIDefinition) {
 		a.Custom = nil
 	}
 
+	if a.KeyRetentionPeriod == nil {
+		a.KeyRetentionPeriod = &KeyRetentionPeriod{}
+	}
+	a.KeyRetentionPeriod.Fill(api)
+	if ShouldOmit(a.KeyRetentionPeriod) {
+		a.KeyRetentionPeriod = nil
+	}
+
 	if api.AuthConfigs == nil || len(api.AuthConfigs) == 0 {
 		return
 	}
@@ -126,6 +174,14 @@ func (a *Authentication) ExtractTo(api *apidef.APIDefinition) {
 	}
 
 	a.Custom.ExtractTo(api)
+
+	if a.KeyRetentionPeriod == nil {
+		a.KeyRetentionPeriod = &KeyRetentionPeriod{}
+		defer func() {
+			a.KeyRetentionPeriod = nil
+		}()
+	}
+	a.KeyRetentionPeriod.ExtractTo(api)
 }
 
 // SecuritySchemes holds security scheme values, filled with Import().

diff --git a/apidef/oas/linter_test.go b/apidef/oas/linter_test.go
@@ -83,6 +83,7 @@ func TestXTykGateway_Lint(t *testing.T) {
 		}
 
 		settings.Upstream.RateLimit.Per = ReadableDuration(10 * time.Second)
+		settings.Server.Authentication.KeyRetentionPeriod.Value = ReadableDuration(10 * time.Second)
 
 		settings.Upstream.Authentication = &UpstreamAuth{
 			Enabled:   false,

diff --git a/apidef/oas/oas_test.go b/apidef/oas/oas_test.go
@@ -175,6 +175,7 @@ func TestOAS_ExtractTo_ResetAPIDefinition(t *testing.T) {
 	a.DoNotTrack = false
 	a.IPAccessControlDisabled = false
 	a.DisableExpireAnalytics = false
+	a.SessionLifetimeDisabled = false
 
 	// deprecated fields
 	a.Auth = apidef.AuthConfig{}
@@ -254,7 +255,6 @@ func TestOAS_ExtractTo_ResetAPIDefinition(t *testing.T) {
 		"APIDefinition.Proxy.Transport.ProxyURL",
 		"APIDefinition.DisableQuota",
 		"APIDefinition.SessionLifetimeRespectsKeyExpiration",
-		"APIDefinition.SessionLifetime",
 		"APIDefinition.AuthProvider.Name",
 		"APIDefinition.AuthProvider.StorageEngine",
 		"APIDefinition.AuthProvider.Meta[0]",
@@ -1055,6 +1055,10 @@ func TestMigrateAndFillOAS_CustomPluginAuth(t *testing.T) {
 					Path:         "/path/to/plugin",
 				},
 			},
+			KeyRetentionPeriod: &KeyRetentionPeriod{
+				Enabled: true,
+				Value:   0,
+			},
 		}
 
 		assert.Equal(t, expectedAuthentication, *migratedAPI.OAS.GetTykExtension().Server.Authentication)
@@ -1105,6 +1109,10 @@ func TestMigrateAndFillOAS_CustomPluginAuth(t *testing.T) {
 					},
 				},
 			},
+			KeyRetentionPeriod: &KeyRetentionPeriod{
+				Enabled: true,
+				Value:   0,
+			},
 		}
 
 		assert.Equal(t, expectedAuthentication, *migratedAPI.OAS.GetTykExtension().Server.Authentication)

diff --git a/apidef/oas/schema/x-tyk-api-gateway.json b/apidef/oas/schema/x-tyk-api-gateway.json
@@ -1203,6 +1203,21 @@
               ]
             }
           }
+        },
+        "keyRetentionPeriod": {
+          "type": "object",
+          "properties": {
+            "enabled": {
+              "type": "boolean"
+            },
+            "value": {
+              "type": "string",
+              "pattern": "^(\\d+h)?(\\d+m)?(\\d+s)?$"
+            }
+          },
+          "required": [
+            "enabled"
+          ]
         }
       },
       "required": [

diff --git a/apidef/schema.json b/apidef/schema.json
@@ -55,6 +55,9 @@
     "do_not_track": {
       "type": "boolean"
     },
+    "session_lifetime_disabled": {
+      "type": "boolean"
+    },
     "enable_jwt": {
       "type": "boolean"
     },