This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

optimal (possibly automatic) way of adding any given same policy to the multiple flows?

Posted on 01-11-2022 08:49 PM
optimism
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

Hi! Anyone already discovered ways of the optimal (possibly automatic)

ways of adding any given same policy to the multiple flows?

e.g. need to add (example) "SC-auth" ServiceCallout policy to more than 40 proxy flows.

thanks, best regards, Optimism

0 1 54
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

ways of adding any given same policy to the multiple flows?

I am not sure I understand specifically what you want.

You probably know about flow hooks. That allows you to attach a specific SharedFlow to specific points for ALL proxies in the environment. Not all flows. All proxies. But not all flows. Check it out: Each proxy has a number of distinct flows: request preflow and postflow, conditional flows for request and response, response preflow and postflow... And then the same for targets. The flowhook artifact applies (at the moment) to exactly 4 points in the lifecycle of an API request: pre-proxy, pre-target, post-target, and post-proxy. That does not encompass all of the possible flows in various proxies. So the concept of a Flowhook may or may not satisfy, depending on what you mean by "same policy to multiple flows".

need to add (example) "SC-auth" ServiceCallout policy to more than 40 proxy flows.

Here again, i do not understand precisely what you want. More than 40 proxy flows, does that mean ALL of your proxies? The FlowHook works for ALL proxies. Suppose you have 50 proxies, your flowhook will execute for all of them. If you want the flowhook to execute for only 42 of those proxies, then you need to be clever about conditionally executing some of the steps in the sharedflow. And to do THAT, I guess you can use an environment-scoped KVM (or similar) that lists the proxies that should execute the SC-auth step, or conversely the proxies that should not execute the SC-auth step. Then a step within the Sharedflow that checks the currently running proxy against that list, and returns a boolean - true or false - that tells the sharedflow whether to execute the step. You can see that you could easily expand this idea to include multiple distinct conditional steps. Or, for example you could apply the same pattern - a lookup table - to allow some proxies to use authentication mechanism #1 (eg OpenID Connect with a JWT access token), and another set of proxies that use a different authentication mechanism (perhaps opaque Oauth tokens + message level signatures).

0 Likes
Top Solution Authors
View all