[TT-7885] Refactor custom authenticationPlugin (TykTechnologies#4751)

[TT-7885](https://tyktech.atlassian.net/browse/TT-7885)
refactor authenticationPlugin as per new contract.

apidef/oas/authentication.go

@@ -586,6 +586,10 @@ type CustomPluginAuthentication struct {
 	// Tyk native API definition: `enable_coprocess_auth`/`use_go_plugin_auth`.
 	Enabled bool `bson:"enabled" json:"enabled"` // required
 
+	// Config contains configuration related to custom authentication plugin.
+	// Tyk native API definition: `custom_middleware.auth_check`.
+	Config *AuthenticationPlugin `bson:"config,omitempty" json:"config,omitempty"`
+
 	// Authentication token sources (header, cookie, query).
 	// valid only when driver is coprocess.
 	AuthSources `bson:",inline" json:",inline"`
@@ -595,6 +599,15 @@ type CustomPluginAuthentication struct {
 func (c *CustomPluginAuthentication) Fill(api apidef.APIDefinition) {
 	c.Enabled = api.CustomPluginAuthEnabled
 
+	if c.Config == nil {
+		c.Config = &AuthenticationPlugin{}
+	}
+
+	c.Config.Fill(api)
+	if ShouldOmit(c.Config) {
+		c.Config = nil
+	}
+
 	if ShouldOmit(api.AuthConfigs[apidef.CoprocessType]) {
 		return
 	}
@@ -606,6 +619,10 @@ func (c *CustomPluginAuthentication) Fill(api apidef.APIDefinition) {
 func (c *CustomPluginAuthentication) ExtractTo(api *apidef.APIDefinition) {
 	api.CustomPluginAuthEnabled = c.Enabled
 
+	if c.Config != nil {
+		c.Config.ExtractTo(api)
+	}
+
 	authConfig := apidef.AuthConfig{}
 	c.AuthSources.ExtractTo(&authConfig)
 
@@ -619,3 +636,29 @@ func (c *CustomPluginAuthentication) ExtractTo(api *apidef.APIDefinition) {
 
 	api.AuthConfigs[apidef.CoprocessType] = authConfig
 }
+
+// AuthenticationPlugin holds the configuration for custom authentication plugin.
+type AuthenticationPlugin struct {
+	// Enabled enables custom authentication plugin.
+	Enabled bool `bson:"enabled" json:"enabled"` // required.
+	// FunctionName is the name of authentication method.
+	FunctionName string `bson:"functionName" json:"functionName"` // required.
+	// Path is the path to shared object file in case of gopluign mode or path to js code in case of otto auth plugin.
+	Path string `bson:"path" json:"path"` // required.
+	// RawBodyOnly if set to true, do not fill body in request or response object.
+	RawBodyOnly bool `bson:"rawBodyOnly,omitempty" json:"rawBodyOnly,omitempty"`
+}
+
+func (ap *AuthenticationPlugin) Fill(api apidef.APIDefinition) {
+	ap.FunctionName = api.CustomMiddleware.AuthCheck.Name
+	ap.Path = api.CustomMiddleware.AuthCheck.Path
+	ap.RawBodyOnly = api.CustomMiddleware.AuthCheck.RawBodyOnly
+	ap.Enabled = !api.CustomMiddleware.AuthCheck.Disabled
+}
+
+func (ap *AuthenticationPlugin) ExtractTo(api *apidef.APIDefinition) {
+	api.CustomMiddleware.AuthCheck.Disabled = !ap.Enabled
+	api.CustomMiddleware.AuthCheck.Name = ap.FunctionName
+	api.CustomMiddleware.AuthCheck.Path = ap.Path
+	api.CustomMiddleware.AuthCheck.RawBodyOnly = ap.RawBodyOnly
+}

apidef/oas/authentication_test.go

@@ -111,6 +111,7 @@ func TestCustomPlugin(t *testing.T) {
 		var emptyCustomPlugin CustomPluginAuthentication
 
 		var convertedAPI apidef.APIDefinition
+		convertedAPI.SetDisabledFlags()
 		emptyCustomPlugin.ExtractTo(&convertedAPI)
 
 		var resultCustomPlugin CustomPluginAuthentication
@@ -123,9 +124,15 @@ func TestCustomPlugin(t *testing.T) {
 		t.Run("goplugin", func(t *testing.T) {
 			var expectedCustomPluginAuth = CustomPluginAuthentication{
 				Enabled: true,
+				Config: &AuthenticationPlugin{
+					Enabled:      true,
+					FunctionName: "Auth",
+					Path:         "/path/to/plugin",
+				},
 			}
 
 			var convertedAPI apidef.APIDefinition
+			convertedAPI.SetDisabledFlags()
 			expectedCustomPluginAuth.ExtractTo(&convertedAPI)
 
 			var actualCustomPluginAuth CustomPluginAuthentication
@@ -138,6 +145,11 @@ func TestCustomPlugin(t *testing.T) {
 		t.Run("coprocess", func(t *testing.T) {
 			var expectedCustomPluginAuth = CustomPluginAuthentication{
 				Enabled: true,
+				Config: &AuthenticationPlugin{
+					Enabled:      true,
+					FunctionName: "Auth",
+					Path:         "/path/to/plugin",
+				},
 				AuthSources: AuthSources{
 					Header: &AuthSource{
 						Enabled: true,
@@ -147,6 +159,7 @@ func TestCustomPlugin(t *testing.T) {
 			}
 
 			var convertedAPI apidef.APIDefinition
+			convertedAPI.SetDisabledFlags()
 			expectedCustomPluginAuth.ExtractTo(&convertedAPI)
 
 			var actualCustomPluginAuth CustomPluginAuthentication

apidef/oas/middleware.go

@@ -49,10 +49,6 @@ type Global struct {
 	// Tyk native API definition: `custom_middleware.pre`.
 	PrePlugin *PrePlugin `bson:"prePlugin,omitempty" json:"prePlugin,omitempty"`
 
-	// AuthenticationPlugin contains configuration related to custom authentication plugin.
-	// Tyk native API definition: `custom_middleware.auth_check`.
-	AuthenticationPlugin *AuthenticationPlugin `bson:"authenticationPlugin,omitempty" json:"authenticationPlugin,omitempty"`
-
 	// PostAuthenticationPlugin contains configuration related to custom post authentication plugin.
 	// Tyk native API definition: `custom_middleware.post_key_auth`.
 	PostAuthenticationPlugin *PostAuthenticationPlugin `bson:"postAuthenticationPlugin,omitempty" json:"postAuthenticationPlugin,omitempty"`
@@ -99,15 +95,6 @@ func (g *Global) Fill(api apidef.APIDefinition) {
 		g.PrePlugin = nil
 	}
 
-	if g.AuthenticationPlugin == nil {
-		g.AuthenticationPlugin = &AuthenticationPlugin{}
-	}
-
-	g.AuthenticationPlugin.Fill(api)
-	if ShouldOmit(g.AuthenticationPlugin) {
-		g.AuthenticationPlugin = nil
-	}
-
 	if g.PostAuthenticationPlugin == nil {
 		g.PostAuthenticationPlugin = &PostAuthenticationPlugin{}
 	}
@@ -159,10 +146,6 @@ func (g *Global) ExtractTo(api *apidef.APIDefinition) {
 		g.PrePlugin.ExtractTo(api)
 	}
 
-	if g.AuthenticationPlugin != nil {
-		g.AuthenticationPlugin.ExtractTo(api)
-	}
-
 	if g.PostAuthenticationPlugin != nil {
 		g.PostAuthenticationPlugin.ExtractTo(api)
 	}
@@ -847,32 +830,6 @@ func (et *EnforceTimeout) ExtractTo(meta *apidef.HardTimeoutMeta) {
 	meta.TimeOut = et.Value
 }
 
-// AuthenticationPlugin holds the configuration for custom authentication plugin.
-type AuthenticationPlugin struct {
-	// Enabled enables custom authentication plugin.
-	Enabled bool `bson:"enabled" json:"enabled"` // required.
-	// FunctionName is the name of authentication method.
-	FunctionName string `bson:"functionName" json:"functionName"` // required.
-	// Path is the path to shared object file in case of gopluign mode or path to js code in case of otto auth plugin.
-	Path string `bson:"path" json:"path"` // required.
-	// RawBodyOnly if set to true, do not fill body in request or response object.
-	RawBodyOnly bool `bson:"rawBodyOnly,omitempty" json:"rawBodyOnly,omitempty"`
-}
-
-func (ap *AuthenticationPlugin) Fill(api apidef.APIDefinition) {
-	ap.FunctionName = api.CustomMiddleware.AuthCheck.Name
-	ap.Path = api.CustomMiddleware.AuthCheck.Path
-	ap.RawBodyOnly = api.CustomMiddleware.AuthCheck.RawBodyOnly
-	ap.Enabled = !api.CustomMiddleware.AuthCheck.Disabled
-}
-
-func (ap *AuthenticationPlugin) ExtractTo(api *apidef.APIDefinition) {
-	api.CustomMiddleware.AuthCheck.Disabled = !ap.Enabled
-	api.CustomMiddleware.AuthCheck.Name = ap.FunctionName
-	api.CustomMiddleware.AuthCheck.Path = ap.Path
-	api.CustomMiddleware.AuthCheck.RawBodyOnly = ap.RawBodyOnly
-}
-
 // CustomPlugin configures custom plugin.
 type CustomPlugin struct {
 	// Enabled enables the custom pre plugin.

apidef/oas/oas_test.go

@@ -691,16 +691,15 @@ func TestMigrateAndFillOAS_CustomPluginAuth(t *testing.T) {
 			Enabled: true,
 			Custom: &CustomPluginAuthentication{
 				Enabled: true,
+				Config: &AuthenticationPlugin{
+					Enabled:      true,
+					FunctionName: "AuthFunc",
+					Path:         "/path/to/plugin",
+				},
 			},
 		}
 
-		expectedAuthenticationPlugin := AuthenticationPlugin{
-			Enabled:      true,
-			FunctionName: "AuthFunc",
-			Path:         "/path/to/plugin",
-		}
 		assert.Equal(t, expectedAuthentication, *migratedAPI.OAS.GetTykExtension().Server.Authentication)
-		assert.Equal(t, expectedAuthenticationPlugin, *migratedAPI.OAS.GetTykExtension().Middleware.Global.AuthenticationPlugin)
 		assert.Equal(t, apidef.GoPluginDriver, migratedAPI.OAS.GetTykExtension().Middleware.Global.PluginConfig.Driver)
 	})
 	t.Run("coprocess", func(t *testing.T) {
@@ -734,6 +733,11 @@ func TestMigrateAndFillOAS_CustomPluginAuth(t *testing.T) {
 			Enabled: true,
 			Custom: &CustomPluginAuthentication{
 				Enabled: true,
+				Config: &AuthenticationPlugin{
+					Enabled:      true,
+					FunctionName: "AuthFunc",
+					Path:         "/path/to/plugin",
+				},
 				AuthSources: AuthSources{
 					Header: &AuthSource{
 						Enabled: true,
@@ -743,13 +747,7 @@ func TestMigrateAndFillOAS_CustomPluginAuth(t *testing.T) {
 			},
 		}
 
-		expectedAuthenticationPlugin := AuthenticationPlugin{
-			Enabled:      true,
-			FunctionName: "AuthFunc",
-			Path:         "/path/to/plugin",
-		}
 		assert.Equal(t, expectedAuthentication, *migratedAPI.OAS.GetTykExtension().Server.Authentication)
-		assert.Equal(t, expectedAuthenticationPlugin, *migratedAPI.OAS.GetTykExtension().Middleware.Global.AuthenticationPlugin)
 		assert.Equal(t, apidef.PythonDriver, migratedAPI.OAS.GetTykExtension().Middleware.Global.PluginConfig.Driver)
 	})
 }

apidef/oas/schema/x-tyk-gateway.md

@@ -494,6 +494,11 @@ Enabled enables the CustomPluginAuthentication authentication mode.
 
 Tyk native API definition: `enable_coprocess_auth`/`use_go_plugin_auth`.
 
+**Field: `config` ([AuthenticationPlugin](#authenticationplugin))**
+Config contains configuration related to custom authentication plugin.
+
+Tyk native API definition: `custom_middleware.auth_check`.
+
 **Field: `header` ([AuthSource](#authsource))**
 Header contains configurations for the header value auth source, it is enabled by default.
 
@@ -510,6 +515,21 @@ Query contains configurations for the query parameters auth source.
 Tyk native API definition: `auth_configs[x].query`.
 
 
+### **AuthenticationPlugin**
+
+**Field: `enabled` (`boolean`)**
+Enabled enables custom authentication plugin.
+
+**Field: `functionName` (`string`)**
+FunctionName is the name of authentication method.
+
+**Field: `path` (`string`)**
+Path is the path to shared object file in case of gopluign mode or path to js code in case of otto auth plugin.
+
+**Field: `rawBodyOnly` (`boolean`)**
+RawBodyOnly if set to true, do not fill body in request or response object.
+
+
 ### **ClientCertificates**
 
 **Field: `enabled` (`boolean`)**
@@ -561,11 +581,6 @@ PrePlugin contains configuration related to custom pre-authentication plugin.
 
 Tyk native API definition: `custom_middleware.pre`.
 
-**Field: `authenticationPlugin` ([AuthenticationPlugin](#authenticationplugin))**
-AuthenticationPlugin contains configuration related to custom authentication plugin.
-
-Tyk native API definition: `custom_middleware.auth_check`.
-
 **Field: `postAuthenticationPlugin` ([PostAuthenticationPlugin](#postauthenticationplugin))**
 PostAuthenticationPlugin contains configuration related to custom post authentication plugin.
 
@@ -692,21 +707,6 @@ RequireSession if set to true passes down the session information for plugins af
 RequireSession is used only with JSVM custom middleware.
 
 
-### **AuthenticationPlugin**
-
-**Field: `enabled` (`boolean`)**
-Enabled enables custom authentication plugin.
-
-**Field: `functionName` (`string`)**
-FunctionName is the name of authentication method.
-
-**Field: `path` (`string`)**
-Path is the path to shared object file in case of gopluign mode or path to js code in case of otto auth plugin.
-
-**Field: `rawBodyOnly` (`boolean`)**
-RawBodyOnly if set to true, do not fill body in request or response object.
-
-
 ### **PostAuthenticationPlugin**
 
 **Field: `plugins` (`[]`[CustomPlugin](#customplugin))**