Cloud-native API Administration with Red Hat 3scale API Management

Bookmark this page
P1234567
PreviousNext

Guided Exercise: Configuring Standard APIcast Policies

In this exercise, you will use APIcast policies to customize how requests to a product are handled.

Outcomes

You should be able to add, update, reorder, and delete policies within a product.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command creates a new product called gateways_policies to house the policies. This product uses a basic echo backend that responds with information about the request.

[student@workstation ~]$ lab start gateways-policies

Procedure 3.2. Instructions

  1. Explore the product and backend before applying changes via policies.

    1. In a web browser, navigate to the Admin Portal hosted at https://3scale-admin.apps.ocp4.example.com.

    2. Using the top pane navigation drop-down, click Products, and then click gateways_policies.

    3. Navigate to IntegrationConfiguration and click Promote v.1 to Staging APIcast to promote the configuration to the staging environment.

    4. In a command-line terminal, run the example curl command. Be sure to use the correct user_key value.

      [student@workstation ~]$ curl \
https://gateways-policies-3scale-apicast-staging.apps.ocp4.example.com\
:443/echo?user_key=some-user-key
{
  "method": "GET",
  "path": "/",
  ...output omitted...
}

      Notice that the response echoes information from the request.

    5. Copy just the generated user_key value from the example curl command. You will use this in one of the following steps to configure a policy.

      For example, if your curl command is similar to the one in the preceding step, then the user_key to copy would be some-user-key.

    6. Attempt to make a request to the endpoint without providing a user_key. This request fails due to missing authentication parameters.

      [student@workstation ~]$ curl \
https://gateways-policies-3scale-apicast-staging.apps.ocp4.example.com:443/echo
Authentication parameters missing

  2. Create a policy that allows unauthenticated access to the product.

    1. Within the Admin Portal, navigate to IntegrationPolicies.

      Notice the existing policy chain contains a single policy: 3scale APIcast.

    2. Add a policy to this chain by clicking Add policy. Select Anonymous Access from the list of available policies.

    3. Update the policy by clicking Anonymous Access within the policy chain. Ensure the policy is enabled and user_key is selected for the auth_type field.

      Paste your user key value into the user_key field and click Update Policy.

    4. Within the policy chain, use the arrow icon to drag the Anonymous Access policy so that it comes before the 3scale APIcast policy.

      Figure 3.6: Reorder the policies so that Anonymous Access comes first.

    5. Click Update Policy Chain to apply the new policy to the policy chain.

    6. Deploy the changes to the staging environment by navigating to IntegrationConfiguration and clicking Promote v.2 to Staging APIcast.

    7. From a command-line terminal, run the example curl command, but without providing the user_key.

      [student@workstation ~]$ curl \
https://gateways-policies-3scale-apicast-staging.apps.ocp4.example.com:443/echo
{
  "method": "GET",
  "path": "/",
  ...output omitted...
}

      Notice that the request is processed by the echo API without providing a user key. Instead, the policy provides the configured user key.

      Note

      Use caution when applying the Anonymous Access policy, as anybody with a valid URL can make requests to any API available to the product. In particular, these requests have the same permissions as the user whose key is configured within the policy.

  3. Create a policy that puts the product in maintenance mode and returns an appropriate response.

    1. Navigate back to IntegrationPolicies.

    2. Add a policy to this chain, selecting the Maintenance Mode policy.

    3. Click Update Policy Chain to apply the new policy.

    4. Deploy the changes to the staging environment by navigating to IntegrationConfiguration and clicking Promote v.3 to Staging APIcast.

    5. From a command-line terminal, run the example curl command. With the Anonymous Access policy still active, do not provide the user_key.

      [student@workstation ~]$ curl -i \
https://gateways-policies-3scale-apicast-staging.apps.ocp4.example.com:443/echo
HTTP/1.1 503 Service Temporarily Unavailable
...output omitted...
Service Unavailable - Maintenance

      Notice that the service responds with a maintenance message and a 503 status code.

  4. Remove the maintenance mode policy to restore the service.

    1. Navigate back to IntegrationPolicies.

    2. Click the Maintenance Mode policy to update it. At the bottom of the form, click Remove.

    3. Click Update Policy Chain to apply policy changes.

    4. Deploy the changes to the staging environment by navigating to IntegrationConfiguration and clicking Promote v.4 to Staging APIcast.

    5. From a command-line terminal, run the example curl command. With the Anonymous Access policy still active, do not provide the user_key.

      [student@workstation ~]$ curl \
https://gateways-policies-3scale-apicast-staging.apps.ocp4.example.com:443/echo
{
  "method": "GET",
  "path": "/",
  ...output omitted...
}

      Notice that the service no longer responds with the maintenance message.

Finish

On the workstation machine, use the lab command to complete this exercise. This is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish gateways-policies

This concludes the guided exercise.

PreviousNext
Revision: do240-2.11-40390f6