Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

THREESCALE-10973 - Support Financial-grade API (FAPI) - Baseline profile #1465

Merged
merged 2 commits into from
Jun 14, 2024
Merged

THREESCALE-10973 - Support Financial-grade API (FAPI) - Baseline profile #1465

merged 2 commits into from
Jun 14, 2024

Conversation

tkan145
Copy link
Contributor

@tkan145 tkan145 commented Jun 6, 2024
edited
Loading

What

This PR support https://issues.redhat.com/browse/THREESCALE-10973. Specially it satisfy the following requirements from the FAPI - baseline profile

  • shall set the response header x-fapi-interaction-id to the value received from the corresponding FAPI client request header or to a RFC4122 UUID value if the request header was not provided to track the interaction, e.g., x-fapi-interaction-id: c770aef3-6784-41f7-8e0e-ff5f97bddb3a;
  • shall log the value of x-fapi-interaction-id in the log entry; and
  • shall not reject requests with a x-fapi-customer-ip-address header containing a valid IPv4 or IPv6 address.

Verification steps:

  • Create an apicast-config.json file with the following content
cat <<EOF >apicast-config.json
{
  "services": [
    {
      "backend_version": "1",
      "id": "1",
      "proxy": {
        "hosts": [
          "one"
        ],
        "api_backend": "https://echo-api.3scale.net:443",
        "authentication_method": "2",
        "backend": {
          "endpoint": "http://127.0.0.1:8081",
          "host": "backend"
        },
        "policy_chain": [
          {
            "name": "apicast.policy.fapi",
            "configuration": {}
          },
          {
            "name": "apicast.policy.apicast"
          }
        ],
        "proxy_rules": [
          {
            "http_method": "GET",
            "pattern": "/",
            "metric_system_name": "hits",
            "delta": 1,
            "parameters": [],
            "querystring_parameters": {}
          }
        ]
      }
    }
  ]
}
EOF
  • Checkout this branch and start dev environment
make development
make dependencies
  • Run apicast locally
THREESCALE_DEPLOYMENT_ENV=staging APICAST_LOG_LEVEL=warn APICAST_WORKER=1 APICAST_CONFIGURATION_LOADER=lazy APICAST_CONFIGURATION_CACHE=0 THREESCALE_CONFIG_FILE=apicast-config.json ./bin/apicast
  • Capture apicast IP
APICAST_IP=$(docker inspect apicast_build_0-development-1 | yq e -P '.[0].NetworkSettings.Networks.apicast_build_0_default.IPAddress' -)
  • Send a request
curl -i -k -H "Host: one" "http://${APICAST_IP}:8080/test?user_key="
  • Response should be 200 and contains x-fapi-transaction-id header
~ curl -i -k -H "Host: one" "http://${APICAST_IP}:8080/test?user_key="
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Jun 2024 06:16:46 GMT
Content-Type: application/json
Content-Length: 573
Connection: keep-alive
x-3scale-echo-api: echo-api/1.0.3
vary: Origin
x-content-type-options: nosniff
x-envoy-upstream-service-time: 1
x-fapi-transaction-id: dff315e7-1e11-4150-b9dd-c18b05dc4fb4
  • Stop APIcast
CTLR-C
  • Update apicast-config.json with the following
19c19,21
<             "configuration": {}
---
>             "configuration": {
>                 "validate_x_fapi_customer_ip_address": true
>             }
  • Start APIcast again
THREESCALE_DEPLOYMENT_ENV=staging APICAST_LOG_LEVEL=warn APICAST_WORKER=1 APICAST_CONFIGURATION_LOADER=lazy APICAST_CONFIGURATION_CACHE=0 THREESCALE_CONFIG_FILE=apicast-config.json ./bin/apicast
  • Send a request with invalid IP for x-fapi-customer-ip-address
curl -i -k -H "Host: one" -H "x-fapi-customer-ip-address: invalid" "http://${APICAST_IP}:8080/test?user_key="

APIcast should return a 403 error

HTTP/1.1 403 Forbidden
Server: openresty
Date: Thu, 06 Jun 2024 06:23:32 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
x-fapi-transaction-id: a01625e4-3fcf-47c2-b591-7259020a2ab4

invalid request

@tkan145 tkan145 requested a review from a team as a code owner June 6, 2024 06:26
@tkan145 tkan145 changed the title Threescale 10973 fapi baseline THREESCALE-10973 - Support Financial-grade API (FAPI) - Baseline profile Jun 6, 2024
@tkan145 tkan145 force-pushed the THREESCALE-10973-fapi-baseline branch 2 times, most recently from c335621 to d55e8d2 Compare June 7, 2024 00:41
@tkan145 tkan145 force-pushed the THREESCALE-10973-fapi-baseline branch from d55e8d2 to b24c7c5 Compare June 7, 2024 01:34
eguzki
eguzki approved these changes Jun 13, 2024
View reviewed changes
Copy link
Member

@eguzki eguzki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

impressive job! 🏅

@tkan145 tkan145 mentioned this pull request Jun 14, 2024
Closed
@tkan145 tkan145 merged commit c75ff17 into 3scale:master Jun 14, 2024
14 checks passed
@tkan145 tkan145 deleted the THREESCALE-10973-fapi-baseline branch June 14, 2024 00:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eguzki eguzki eguzki approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tkan145 @eguzki