Are there any plans for supporting configuration of inbound security profiles that can

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Support for per method overrides,about axway-api-management-plus/apimanager-swagger-promote

Comments (10)

cwiechmann commented on September 27, 2024 3

Both options, I mean for Inbound- and Outbound-Method configuration, rely on one big question: How to identify/configure the API-Method in the API-Configuration file?

Internally, each operation gets a unique ID when importing the API into API-Manager and is used when loading on the WebUI.
But to manage the API-Method configuration externally in the config file, Swagger-Promote must map the external "logical" method name into that internal Method-ID. What should be the logical name?

My idea would be to use the operationID, which is shown in API-Manager like this:

With that, for Inbound-Settings this would look like this

  "inboundProfiles": {
    "_default": { 
      "securityProfile": "_default",
      "corsProfile": "_default",
      "monitorAPI": true,
      "monitorSubject": "authentication.subject.id"
    },
    "weatherImagine": {
      "securityProfile": "TestInboundSecProfile", 
      "corsProfile": null,
      "monitorAPI": true,
      "monitorSubject": null
    }

Of course, the referenced security-profile must be declared as well in the config file otherwise the config is invalid and would be rejected.
This leads to the following config:

For Outbound settings it will look similar:

  "outboundProfiles": {
    "_default": {
      "authenticationProfile": "_default",
      "routeType": "proxy",
      "requestPolicy": null,
      "responsePolicy": null,
      "routePolicy": null,
      "faultHandlerPolicy": null,
      "apiId": null,
      "apiMethodId": null,
      "parameters": [
        
      ]
    },
    "Country and City": {
      "authenticationProfile": "HTTP Basic Outbound",
      "routeType": null,
      "requestPolicy": null,
      "responsePolicy": null,
      "routePolicy": null,
      "parameters": [
        {
          "name": "additionalOutboundParam",
          "required": false,
          "type": "string",
          "paramType": "header",
          "value": "Test-Value",
          "exclude": false,
          "additional": true
        }
      ]
    }
  },

This creates the following configuration:

You would basically need to duplicate the default Inbound- or Outbound-Profile, configure it as you want for your API-Method and setup the operationId to map it to the correct API-Method.

Would that be an acceptable solution? I'm a bit worried about that the configuration might be become pretty complex. Even if I do plan to add better default support, which means that Swagger-Promote should also accept the following in the future:

  "outboundProfiles": {
    "_default": {
      "authenticationProfile": "_default",
      "routeType": "policy",
      "requestPolicy": "Custom Routing Policy"
    },
    "Country and City": {
      "authenticationProfile": "HTTP Basic Outbound",
      "parameters": [
        {
          "name": "additionalOutboundParam",
          "required": false,
          "type": "string",
          "paramType": "header",
          "value": "Test-Value",
          "exclude": false,
          "additional": true
        }
      ]
    }
  },

I believe also this option would useful to configure method setting to a number of API-Methods. Like this:

  "outboundProfiles": {
    "_default": {
      "authenticationProfile": "_default",
      "routeType": "policy",
      "requestPolicy": "Custom Routing Policy"
    },
    "Country and City, weatherImagine": {
      "authenticationProfile": "HTTP Basic Outbound",
      "parameters": [
        {

Please note, for now, I don't plan to add support to configure routing to a different Backend-API or API-Method. I marked this in red on the screenshot.

from apimanager-swagger-promote.

gfonteneau commented on September 27, 2024 1

Hello,
What about the Outbound Per Method-Configuration ? we use it to pass value of attribute calculate during authentification.
PS : I have push a request to Axway to be able to pass "outbound parameters" directly on the simple api outbound configuration and not for all per-methode override.

from apimanager-swagger-promote.

cwiechmann commented on September 27, 2024

Yes, there are plans to support per Method-Configuration settings as well. Ultimately you will be able to control all aspects of your APIs.
The structure internally has been prepared to support per Method-Settings, so far it was just a matter of time, but it will come.

from apimanager-swagger-promote.

gfonteneau commented on September 27, 2024

it’s really what we wanted and we don't use the routing to a different Backend-API or API-Method.

from apimanager-swagger-promote.

shan916 commented on September 27, 2024

@cwiechmann makes sense to use the operationID. So for inbound override for a method, would the config file look something like below? In this case, I want the default to be PassThrough but require a KeyId for one of the method.

"securityProfiles": [
    {
        "name": "KeyIdProfile",
        "isDefault": false,
        "devices": [
            {
                "name": "API Key",
                "type": "apiKey",
                "order": 0,
                "properties": {
                    "apiKeyFieldName": "KeyId",
                    "takeFrom": "HEADER",
                    "removeCredentialsOnSuccess": "true"
                }
            }
        ]
    }
],
"inboundProfiles": {
    "_default": {
        "securityProfile": "_default",
        "corsProfile": "_default",
        "monitorAPI": true,
        "monitorSubject": "authentication.subject.id"
    },
    "weatherImagine": {
        "securityProfile": "KeyIdProfile",
        "corsProfile": null,
        "monitorAPI": true,
        "monitorSubject": null
    }
}

I agree the config file is going to become complex but I'm not sure there's a better way to support this. I am planning on building a GUI for my developers to generate this config file to make their lives easier.

Another thought, why not use the Authorizations in the Swagger file itself to define the security profiles in API Manager?

from apimanager-swagger-promote.

cwiechmann commented on September 27, 2024

Delivered with version 1.6.0

from apimanager-swagger-promote.

gfonteneau commented on September 27, 2024

Hello Chris,
Thanks for this release.
We have tested it and we are face to an issue while the code should is likely to remove the "faultHandlerPolicy"

4342 ERROR APIManagerAdapter| Unable to parse received response from API-Manager: 'Unrecognized field "faultHandlerPolicy"

We actually are in apigw 7.5.3 sp9.
here is the outboundprofile sent by swagger promote to the api manager :

"outboundProfiles": {
"_default": {
"routeType": "proxy",
"requestPolicy": null,
"responsePolicy": null,
"routePolicy": null,
"apiMethodId": null,
"apiId": null,
"authenticationProfile": "_default",
"parameters": []
},
"59c3c863-deb2-4d7e-a9f6-2b3fa221cf40": {
"routeType": "policy",
"requestPolicy": null,
"responsePolicy": null,
"routePolicy": "",
"faultHandlerPolicy": null,
"apiMethodId": "3668f5d7-2671-4d9a-a8cf-30b0b3a4ab5c",
"apiId": "cb94bdb5-0664-4d8c-8c04-7e5cbde76545",
"authenticationProfile": null,
"parameters": [
{
"name": "X-RoutingParams",
"paramType": "header",
"type": "string",
"value": "TokenNameDnsBackend=DNS_API_PUIC;TokenNamePortBackend=PORT_API_PUIC",
"required": false,
"exclude": false,
"additional": true
}
]
}
},
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

And here is the response in Error

0 INFO nvironmentProperties| Trying to load environment properties from file: env.properties ... not found.
1383 INFO APIManagerAdapter| API-Manager version is: 7.5.3 SP9
1491 INFO IImportConfigAdapter| Loading API-Definition from: http://marketing-api-z01.preprod.macif.fr:8080/referentiel-offre-nemo-rest/v2/api-docs
1737 INFO APIManagerAdapter| No existing API found exposed on: '/v2/referentieloffrenemo'
1738 INFO APIManagerAdapter| Strategy: No existing API found, creating new!
1742 INFO APIManagerAdapter| Importing backend API (Swagger/WSDL Import)
2104 INFO APIManagerAdapter| Create API-Proxy (Front-End API)
4264 INFO APIManagerAdapter| Updating proxy for the following properties: securityProfiles outboundProfiles corsProfiles path version name
4341 ERROR APIManagerAdapter| Last request: {"id":"fdf7cd77-e0f4-493d-adad-7259f61756cb","organizationId":"1dd22b79-5654-420f-9ebc-af2ae12e22a2","apiId":"cb94bdb5-0664-4d8c-8c04-7e5cbde76545","name":"API Referentiel Offre Nemo","version":"2.0.0","vhost":"apigw-vip.vt.macif.fr","path":"/v2/referentieloffrenemo","descriptionType":"original","descriptionManual":null,"descriptionMarkdown":null,"descriptionUrl":null,"summary":"","retired":false,"expired":false,"image":null,"retirementDate":0,"deprecated":false,"state":"unpublished","createdOn":1563280577981,"createdBy":"c7ca8f5a-323f-4e3a-bf2a-ae56994af483","corsProfiles":[{"name":"_default","isDefault":"true","origins":["*"],"allowedHeaders":[],"exposedHeaders":["X-CorrelationID"],"supportCredentials":"false","maxAgeSeconds":"0"}],"securityProfiles":[{"name":"_default","isDefault":true,"devices":[{"name":"API Key","type":"apiKey","order":"0","properties":{"apiKeyFieldName":"KeyId","takeFrom":"HEADER","removeCredentialsOnSuccess":"true"}}]}],"authenticationProfiles":[{"name":"_default","isDefault":true,"parameters":{},"type":"none"}],"inboundProfiles":{"_default":{"securityProfile":"_default","corsProfile":"_default","monitorAPI":true,"monitorSubject":"authentication.subject.id"}},"outboundProfiles":{"_default":{"routeType":"proxy","requestPolicy":null,"responsePolicy":null,"routePolicy":null,"apiMethodId":null,"apiId":null,"authenticationProfile":"_default","parameters":[]},"59c3c863-deb2-4d7e-a9f6-2b3fa221cf40":{"routeType":"policy","requestPolicy":null,"responsePolicy":null,"routePolicy":"","faultHandlerPolicy":null,"apiMethodId":"3668f5d7-2671-4d9a-a8cf-30b0b3a4ab5c","apiId":"cb94bdb5-0664-4d8c-8c04-7e5cbde76545","authenticationProfile":null,"parameters":[{"name":"X-RoutingParams","paramType":"header","type":"string","value":"TokenNameDnsBackend=DNS_API_PUIC;TokenNamePortBackend=PORT_API_PUIC","required":false,"exclude":false,"additional":true}]}},"serviceProfiles":{"_default":{"apiId":"cb94bdb5-0664-4d8c-8c04-7e5cbde76545","basePath":"http://marketing-api-z01.preprod.macif.fr:8080"}},"caCerts":[],"tags":{}}
4342 ERROR APIManagerAdapter| Unable to parse received response from API-Manager: 'Unrecognized field "faultHandlerPolicy" (class com.vordel.apiportal.api.portal.model.proxy.OutboundProfiles), not marked as ignorable (8 known properties: "authenticationProfile", "routeType", "apiId", "apiMethodId", "parameters", "routePolicy", "requestPolicy", "responsePolicy"])
at [Source: (org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$UnCloseableInputStream); line: 1, column: 1913] (through reference chain: com.vordel.apiportal.api.portal.model.proxy.VirtualizedAPI["outboundProfiles"]->java.util.LinkedHashMap["59c3c863-deb2-4d7e-a9f6-2b3fa221cf40"]->com.vordel.apiportal.api.portal.model.proxy.OutboundProfiles["faultHandlerPolicy"])'
4342 ERROR RestAPICall| Response: 'HTTP/1.1 400 Bad Request'
4670 INFO RollbackHandler| Rolled back: '[Frontend-API: true, Backend-API: true]'
4671 ERROR App| Cannot update API-Proxy.
com.axway.apim.lib.AppException: Cannot update API-Proxy.
at com.axway.apim.actions.tasks.UpdateAPIProxy.execute(UpdateAPIProxy.java:54)
at com.axway.apim.actions.CreateNewAPI.execute(CreateNewAPI.java:78)
at com.axway.apim.swagger.APIManagerAdapter.applyChanges(APIManagerAdapter.java:141)
at com.axway.apim.App.run(App.java:183)
at com.axway.apim.App.main(App.java:44)
Caused by: com.axway.apim.lib.AppException: Unable to parse HTTP-Response
at com.axway.apim.actions.rest.RestAPICall.parseResponse(RestAPICall.java:73)
at com.axway.apim.actions.rest.PUTRequest.execute(PUTRequest.java:28)
at com.axway.apim.actions.tasks.UpdateAPIProxy.execute(UpdateAPIProxy.java:52)
... 4 more
Caused by: com.axway.apim.lib.AppException: Unable to parse response
at com.axway.apim.actions.tasks.UpdateAPIProxy.parseResponse(UpdateAPIProxy.java:79)
at com.axway.apim.actions.rest.RestAPICall.parseResponse(RestAPICall.java:65)
... 6 more
Caused by: com.axway.apim.lib.AppException: Unable to parse received response from API-Manager
at com.axway.apim.actions.tasks.UpdateAPIProxy.parseResponse(UpdateAPIProxy.java:77)
... 7 more
Caused by: com.axway.apim.lib.AppException: Error updating API-Proxy. [Return-Code: 400, Response: 'Unrecognized field "faultHandlerPolicy" (class com.vordel.apiportal.api.portal.model.proxy.OutboundProfiles), not marked as ignorable (8 known properties: "authenticationProfile", "routeType", "apiId", "apiMethodId", "parameters", "routePolicy", "requestPolicy", "responsePolicy"])
at [Source: (org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$UnCloseableInputStream); line: 1, column: 1913] (through reference chain: com.vordel.apiportal.api.portal.model.proxy.VirtualizedAPI["outboundProfiles"]->java.util.LinkedHashMap["59c3c863-deb2-4d7e-a9f6-2b3fa221cf40"]->com.vordel.apiportal.api.portal.model.proxy.OutboundProfiles["faultHandlerPolicy"])'
at com.axway.apim.actions.tasks.UpdateAPIProxy.parseResponse(UpdateAPIProxy.java:66)
... 7 more
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

here is the java class used :

public class OutboundProfileHandler implements PropertyHandler {

@Override
public JsonNode handleProperty(IAPI desired, IAPI actual, JsonNode response) throws AppException {
    ObjectMapper objectMapper = new ObjectMapper();
    validateAuthenticationProfiles(desired);
    APIManagerAdapter.getInstance().translateMethodIds(desired.getOutboundProfiles(), actual);
    if(desired.getOutboundProfiles().size()!=0) {
        ((ObjectNode)response).replace("outboundProfiles", objectMapper.valueToTree(desired.getOutboundProfiles()));
    }
    if(APIManagerAdapter.getApiManagerVersion().startsWith("7.5")){
        JsonNode outboundProfiles = response.get("outboundProfiles").get("_default");
        
        if (outboundProfiles instanceof ObjectNode) {
            
            ObjectNode object = (ObjectNode) outboundProfiles;
            object.remove("faultHandlerPolicy");
        }
    }
    return response;
}

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

from apimanager-swagger-promote.

cwiechmann commented on September 27, 2024

Can you please remove the null entries from the config file.
I mean things like:
"faultHandlerPolicy": null

from apimanager-swagger-promote.

gfonteneau commented on September 27, 2024

Chris,
The transaction above is that was created by promote swagger .

here is the config file

"outboundProfiles":{
"_default":{
"authenticationProfile":"_default",
"routeType":"proxy"
},
"pingUsingGET":{
"routeType":"policy",
"routePolicy": "",
"parameters":[
{
"name": "X-RoutingParams",
"paramType": "header",
"type": "string",
"value": "TokenNameDnsBackend=DNS_API_PUIC;TokenNamePortBackend=PORT_API_PUIC",
"required": false,
"exclude": false,
"additional": true
}
]
}
}

from apimanager-swagger-promote.

cwiechmann commented on September 27, 2024

Yes, understood the issue. The code is actually removing the Fault-Handler for the Default-Profile only! That’s not correct.
Can you maybe create another issue for that dedicated problem?
However I’m afk and can’t fix it for the next 3 weeks. Maybe you can fix it yourself in the meantime. Should be relatively easy to do the same for all profiles instead of default only.

from apimanager-swagger-promote.

Support for per method overrides about apimanager-swagger-promote HOT 10 CLOSED

Comments (10)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs