templatize target url with KVM by environment

Not applicable

I would like to templatize the target url, so that the same proxy could be promoted from staging to production, and if the environment configuration KVM was set correctly, the proxy targets would be correct. I could not find the correct syntax for accessing the values of the KVMs.

Here's what I tried:

<TargetEndpoint>
   ...
  <HTTPTargetConnection>
    <Properties/>
    <URL>https://{environment}-info-data.google.com/resource</URL>
  </HTTPTargetConnection>
</TargetEndpoint>

My KVM was called 'target_env', with a key of 'environment' and a value of 'staging' or 'production'.

In staging environment, traffic would hit

https://staging-info-data.google.com/resource

In production environment, traffic would hit:

https://production-info-data.google.com/resource

Solved Solved
0 12 11.9K
1 ACCEPTED SOLUTION

Hi @jasonbrown

I think you should use TargetServer for this use case. You can configure TargetServer with the same name for each environment. Use this API to configure

For staging env, the payload for Target server will be:

<TargetServer name="target1">
	<Host>staging-info-data.google.com</Host>
    <Port>443</Port>
    <IsEnabled>true</IsEnabled>
    <SSLInfo> 
      <Enabled>true</Enabled> 
    </SSLInfo> 
</TargetServer> 

For prod env:

<TargetServer name="target1">
	<Host>production-info-data.google.com</Host>
    <Port>443</Port>
    <IsEnabled>true</IsEnabled>
    <SSLInfo> 
      <Enabled>true</Enabled> 
    </SSLInfo> 
</TargetServer> 

NOTE : Make sure in your Mgmt API URL, you provide the correct environment

https://api.enterprise.apigee.com/v1/organizations/{org}/environments/{env}/targetservers

You should be able to see them in the Environment Configuration tab on the UI as well once its done.

After the configuration is all set, you can just configure your TargetEndpoint in proxy as

<HTTPTargetConnection>
	<LoadBalancer>
            <Server name="target1"/>
        </LoadBalancer>
        <Path>/resource</Path>
</HTTPTargetConnection>

Depending on which environment you are calling from, it picks the corresponding Target server configuration. With this its more configuration driven as well.

View solution in original post

12 REPLIES 12

Can you please show your KVM Get policy?

You should use something like:

<KeyValueMapOperations name='KVM-Get-1' mapIdentifier='nameOfMap'>
  <Scope>apiproxy</Scope>
  <Get assignTo='variable_to_set' index='1'>
    <Key>
      <Parameter ref='variable_containing_key'/>
    </Key>
  </Get>
</KeyValueMapOperations>

...or...

<KeyValueMapOperations name='KVM-Get-1' mapIdentifier='nameOfMap'>
  <Scope>apiproxy</Scope>
  <Get assignTo='variable_to_set' index='1'>
    <Key>
      <Parameter>key_name</Parameter>
    </Key>
  </Get>
</KeyValueMapOperations>

Which I think, for your case will be:

<KeyValueMapOperations name='KVM-Get-1' mapIdentifier='target_env'>
  <Scope>apiproxy</Scope>
  <Get assignTo='env_host' index='1'>
    <Key>
      <Parameter ref='env.name'/>
    </Key>
  </Get>
</KeyValueMapOperations><br>

And then...

<TargetEndpoint>
  ...

  <HTTPTargetConnection> 
    <URL>https://{env_host}-info-data.google.com/resource</URL> 
  </HTTPTargetConnection> 
</TargetEndpoint>
<br>

I followed the same way for mine case like this <URL>https://{firstVar}/</URL>. But i am getting not able to deploy my proxy it is giving me this error when i am trying to hit my proxy.

{"fault":{"faultstring":"The Service is temporarily unavailable","detail":{"errorcode":"messaging.adaptors.http.flow.ServiceUnavailable"}}}

Is this a question ? If so, please ask a new question. (don't post new questions in comments to 2 year old questions)

Hi @jasonbrown

I think you should use TargetServer for this use case. You can configure TargetServer with the same name for each environment. Use this API to configure

For staging env, the payload for Target server will be:

<TargetServer name="target1">
	<Host>staging-info-data.google.com</Host>
    <Port>443</Port>
    <IsEnabled>true</IsEnabled>
    <SSLInfo> 
      <Enabled>true</Enabled> 
    </SSLInfo> 
</TargetServer> 

For prod env:

<TargetServer name="target1">
	<Host>production-info-data.google.com</Host>
    <Port>443</Port>
    <IsEnabled>true</IsEnabled>
    <SSLInfo> 
      <Enabled>true</Enabled> 
    </SSLInfo> 
</TargetServer> 

NOTE : Make sure in your Mgmt API URL, you provide the correct environment

https://api.enterprise.apigee.com/v1/organizations/{org}/environments/{env}/targetservers

You should be able to see them in the Environment Configuration tab on the UI as well once its done.

After the configuration is all set, you can just configure your TargetEndpoint in proxy as

<HTTPTargetConnection>
	<LoadBalancer>
            <Server name="target1"/>
        </LoadBalancer>
        <Path>/resource</Path>
</HTTPTargetConnection>

Depending on which environment you are calling from, it picks the corresponding Target server configuration. With this its more configuration driven as well.

hi Sai, this worked with one caveat: the request from proxy to target backend is not-secure: "GET http://..." whereas when I hardcode the url, it uses https://.. .

does the problem have to do with the sslInfo portion of the payload?

<SSLInfo> <Ciphers/> <ClientAuthEnabled>false</ClientAuthEnabled> <Enabled>true</Enabled> <IgnoreValidationErrors>false</IgnoreValidationErrors> <KeyAlias>keystore-alias</KeyAlias> <KeyStore>keystore-name</KeyStore> <Protocols/> <TrustStore>truststore-name</TrustStore> </SSLInfo>

If so, where do I find the values for keystore-alias, keystore-name, and truststore-name?

HI @jasonbrown - are you seeing http on the trace tool where you think it should be showing https ? If thats the case, thats a bug in the UI, we have an issue opened for that.

Are you getting the valid response from the target ? If you are, then I believe you are good.

thank you @Sai Saran Vaidyanathan. I am getting a valid response from the target. Do you have a link to the bug in a bug-tracker anywhere that I can show my manager?

HI @jasonbrown - unfortunately, its an internal defect tracking system. However the defect ID is APIRT-2947 and once its fixed and released, it will be available in our release notes. I will track it as well. Will update this post or drop a note once this is released.

If this fixed the issue, please accept the answer so that it is useful for others as well

hi @Sai Saran Vaidyanathan has a fix to this bug been released? I'm still seeing 'http' rather than 'https'


hi @jasonbrown - its not released yet. Trying to get an ETA

Not applicable

1st Create - Key Value Operation policy to set keys in API Proxy , as below sample -

Key Vlaue Map Operatoion Policy:

Set Key with Values:
-------------------
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<KeyValueMapOperations name="CreateFooKVM" enabled="true" continueOnError="false" async="false" mapIdentifier="FooKVM">
<DisplayName>SetKeyValue</DisplayName>
<ExpiryTimeInSecs>86400</ExpiryTimeInSecs>
<Scope>environment</Scope>
<Put>
<Key>
<Parameter>spike_key</Parameter>
</Key>
<Value>1pm</Value>
<Value>15pm</Value>
</Put>
</KeyValueMapOperations>

2nd - again create - Key Value Operation policy to Get keys in API Proxy , as below sample


Get Value from Key:
---------------------
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<KeyValueMapOperations name="GetKVM" enabled="true" continueOnError="false" async="false" mapIdentifier="FooKVM">
<DisplayName>GetKVM</DisplayName>
<ExpiryTimeInSecs>86400</ExpiryTimeInSecs>
<Scope>environment</Scope>
<Get index="2" assignTo="spikeKey_retrieve">
<Key>
<Parameter>spike_key</Parameter>
</Key>
</Get>
</KeyValueMapOperations>

3rd - create Spike Arrest Policy & set <RATE> tag as below -

Use Key value in SpikeArrest Policy:
------------------------------------
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<SpikeArrest name="Spike-Arrest-1" enabled="true" continueOnError="false" async="false">
<DisplayName>Spike Arrest-1</DisplayName>
<Properties/>
<Identifier ref="request.header.some-header-name"/>
<MessageWeight ref="request.header.weight"/>
<Rate ref="spikeKey_retrieve"/>
</SpikeArrest>

Hi @Dino / @Sai Saran Vaidyanathan

My OAuth VerifyAccessToken policy looks as shown below

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<OAuthV2 async="false"continueOnError="true"enabled="true"name="OAuthPolicy"><DisplayName>OAuthPolicy</DisplayName>

<Properties/>

<Attributes/>

<ExternalAuthorization>false</ExternalAuthorization>

<Operation>VerifyAccessToken</Operation>

<AccessToken>request.{asekvm.access_token_position}.{asekvm.access_token_variable}</AccessToken>

<SupportedGrantTypes/>

<GenerateResponse enabled="false"/>

<Tokens/>

</OAuthV2>

Policy tries to pick {asekvm.access_token_position}, {asekvm.access_token_variable} variables from context which are extracted from kvm just before the execution of this policy.

asekvm.access_token_position=header

asekvm.access_token_variable=access_token

This policy is resulting in an execution error. Does OAuthV2 policy support templatizing in this way? Or am I doing something wrong?