I'm trying to trigger a fault rule if the value of one variable is
Like
the string value of another variable.
Use case: In the new SOAP passthrough proxy functionality (as of cloud release 160727), all operations are sent to the proxy base path "/" rather than to individual resources, such as /GetCityWeatherByZIP. That creates a challenge for protecting calls using an API product, because there are no specific resources to configure in the product. So I'm trying a technique of using product custom attributes. For example, I've configured my product like this:
attribute:
allowedOperations
values:
GetCityForecastByZIP,GetCityWeatherByZIP
If I send a GetWeatherInformation call (not one of my attribute values), I want to throw an error.
I'm getting operation from an Extract Variables policy (with XPath), and I'm getting the product custom attribute values from a Verify API Key policy variable (the multiple values are not an array).
Here's my Raise Fault configuration:
<Step> <Name>Raise-Fault-Product</Name> <Condition>(operation !~ "{verifyapikey.Verify-API-Key-1.apiproduct.allowedOperations}")</Condition> </Step>
I also tried:
!(operation ~ "{verifyapikey.Verify-API-Key-1.apiproduct.allowedOperations}")
But it's not quite working as expected. For example, the fault gets triggered when I simply use
~
without any !
.
!~ seems to not be supported, since it's not listed in our Conditions reference.
Any ideas? Use JavaScript instead?
I'm attaching my proxy (weather-api-key.zip).
Solved! Go to Solution.
I would recommend using the regex match instead of the like match for negative conditions i have had better results that way
I would recommend using the regex match instead of the like match for negative conditions i have had better results that way
Thanks, @srichardson. Now I'm trying to figure out how to include the expression variable value as a string. When I do this:
<Condition>!(verifyapikey.Verify-API-Key-1.apiproduct.allowedOperations ~~ "{operation}")</Condition>
I get this error in the UI:
Invalid condition: !(verifyapikey.Verify-API-Key-1.apiproduct.allowedOperations ~~ "{operation}") in policy Raise-Fault-Product. Reason: Invalid pattern specified : Illegal repetition {operation}.
Any ideas on how to do this?
verifyapikey.Verify-API-Key-1.apiproduct.allowedOperations ~~ ^((?!{operation}).)*$
You rock! Since this still doesn't work in the condition (UI still complains), I like your follow-up suggestion of handling the comparison in JavaScript and triggering Raise Fault on the return value of the JS (such as true or false). Thanks again, Steve!
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |