Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[THREESCALE-11620] Financial-grade API (FAPI) policy not showning up in admin portal #1528

Merged
merged 2 commits into from
Jan 29, 2025
Merged

[THREESCALE-11620] Financial-grade API (FAPI) policy not showning up in admin portal #1528

merged 2 commits into from
Jan 29, 2025

Conversation

tkan145
Copy link
Contributor

@tkan145 tkan145 commented Jan 24, 2025

@tkan145 tkan145 requested a review from a team as a code owner January 24, 2025 01:09
@tkan145 tkan145 force-pushed the fapi-wrong-config branch 2 times, most recently from 5aa3daf to 7b0be31 Compare January 24, 2025 01:13
@tkan145 tkan145 mentioned this pull request Jan 24, 2025
Open
@eguzki
Copy link
Member

eguzki commented Jan 28, 2025

Verification steps

  • Build image from this branch
make runtime-image
  • Run the image
cat <<EOF >config.json
{
   "services": [
      {
         "proxy": {
             "hosts": ["one"],
             "proxy_rules": [],
             "api_backend": "https://echo-api.3scale.net",
             "policy_chain": []
         }
      }
   ]
}
EOF

docker run -ti --name apicast --rm -v $PWD/config.json:/opt/app/config.json:ro --env THREESCALE_CONFIG_FILE=/opt/app/config.json --env APICAST_LOG_LEVEL=debug --env APICAST_CONFIGURATION_LOADER=lazy --env APICAST_CONFIGURATION_CACHE=0 --env THREESCALE_DEPLOYMENT_ENV=staging --env BACKEND_ENDPOINT_OVERRIDE=http://127.0.0.1:3000 --env APICAST_WORKERS=1 apicast-runtime-image:latest
  • In other terminal, fetch policies, ant then filter by name
APICAST_IP=$(docker inspect apicast | yq e -P '.[0].NetworkSettings.Networks.bridge.IPAddress' -)
curl -v -H "Host: one" http://${APICAST_IP}:8090/policies 2>/dev/null |  jq '.policies.fapi'

The policy fapi exists

[
  {
    "description": [
      "This policy adding support for Financial-grade API (API) profiles"
    ],
    "name": "The Financial-grade API (FAPI)",
    "$schema": "http://apicast.io/policy-v1/schema#manifest#",
    "version": "builtin",
    "configuration": {
      "type": "object",
      "properties": {
        "validate_x_fapi_customer_ip_address": {
          "type": "boolean",
          "description": "Validate x-fapi-customer-ip-address header. If the verification fails, the request will be rejected with 403",
          "title": "Validate x-fapi-customer-ip-address header",
          "default": "false"
        },
        "validate_oauth2_certificate_bound_access_token ": {
          "type": "boolean",
          "description": "Validate OAuth 2.0 Mutual TLS Certificate Bound access token. If enable, all tokens are verified and must contain the certificate hash claim (cnf). If the verification fails, the request will be rejected with 401.",
          "title": "Validate OAuth 2.0 Mutual TLS Certificate Bound access token",
          "default": "false"
        }
      }
    },
    "summary": "Support FAPI profiles"
  }
]

eguzki
eguzki approved these changes Jan 28, 2025
View reviewed changes
Copy link
Member

@eguzki eguzki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tkan145 tkan145 merged commit 806c396 into 3scale:master Jan 29, 2025
14 checks passed
@tkan145 tkan145 deleted the fapi-wrong-config branch January 29, 2025 02:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eguzki eguzki eguzki approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tkan145 @eguzki