Skip to content

[THREESCALE-11620] Financial-grade API (FAPI) policy not showning up in admin portal #1528

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tkan145 merged 2 commits into from
Jan 29, 2025
Merged

[THREESCALE-11620] Financial-grade API (FAPI) policy not showning up in admin portal #1528

tkan145 merged 2 commits into from
Jan 29, 2025

Conversation

@tkan145
Copy link
Contributor

@tkan145 tkan145 commented Jan 24, 2025

@tkan145 tkan145 requested a review from a team as a code owner January 24, 2025 01:09
@tkan145 tkan145 force-pushed the fapi-wrong-config branch 2 times, most recently from 5aa3daf to 7b0be31 Compare January 24, 2025 01:13
@tkan145 tkan145 mentioned this pull request Jan 24, 2025
Merged
@eguzki
Copy link
Member

eguzki commented Jan 28, 2025

Verification steps

  • Build image from this branch
make runtime-image
  • Run the image
cat <<EOF >config.json
{
   "services": [
      {
         "proxy": {
             "hosts": ["one"],
             "proxy_rules": [],
             "api_backend": "https://echo-api.3scale.net",
             "policy_chain": []
         }
      }
   ]
}
EOF

docker run -ti --name apicast --rm -v $PWD/config.json:/opt/app/config.json:ro --env THREESCALE_CONFIG_FILE=/opt/app/config.json --env APICAST_LOG_LEVEL=debug --env APICAST_CONFIGURATION_LOADER=lazy --env APICAST_CONFIGURATION_CACHE=0 --env THREESCALE_DEPLOYMENT_ENV=staging --env BACKEND_ENDPOINT_OVERRIDE=http://127.0.0.1:3000 --env APICAST_WORKERS=1 apicast-runtime-image:latest
  • In other terminal, fetch policies, ant then filter by name
APICAST_IP=$(docker inspect apicast | yq e -P '.[0].NetworkSettings.Networks.bridge.IPAddress' -)
curl -v -H "Host: one" http://${APICAST_IP}:8090/policies 2>/dev/null |  jq '.policies.fapi'

The policy fapi exists

[
  {
    "description": [
      "This policy adding support for Financial-grade API (API) profiles"
    ],
    "name": "The Financial-grade API (FAPI)",
    "$schema": "http://apicast.io/policy-v1/schema#manifest#",
    "version": "builtin",
    "configuration": {
      "type": "object",
      "properties": {
        "validate_x_fapi_customer_ip_address": {
          "type": "boolean",
          "description": "Validate x-fapi-customer-ip-address header. If the verification fails, the request will be rejected with 403",
          "title": "Validate x-fapi-customer-ip-address header",
          "default": "false"
        },
        "validate_oauth2_certificate_bound_access_token ": {
          "type": "boolean",
          "description": "Validate OAuth 2.0 Mutual TLS Certificate Bound access token. If enable, all tokens are verified and must contain the certificate hash claim (cnf). If the verification fails, the request will be rejected with 401.",
          "title": "Validate OAuth 2.0 Mutual TLS Certificate Bound access token",
          "default": "false"
        }
      }
    },
    "summary": "Support FAPI profiles"
  }
]

eguzki
eguzki approved these changes Jan 28, 2025
View reviewed changes
Copy link
Member

@eguzki eguzki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tkan145 tkan145 merged commit 806c396 into 3scale:master Jan 29, 2025
14 checks passed
@tkan145 tkan145 deleted the fapi-wrong-config branch January 29, 2025 02:47
@tkan145 tkan145 restored the fapi-wrong-config branch June 10, 2025 02:32
@tkan145 tkan145 deleted the fapi-wrong-config branch June 10, 2025 02:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eguzki eguzki eguzki approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tkan145 @eguzki