This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

With a KeyValueMapOperations policy, variables set via GET are not visible in Trace?

Posted on 05-05-2017 10:57 AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

When I use a KVM GET (KeyValueMapOperations, Get) , I am no longer seeing the data i retrieve, in the trace panel at runtime.

Why not?

My policy configuration looks like this: 

<KeyValueMapOperations name='KVM-Get-JiraCreds' mapIdentifier='secrets1'>
  <Scope>environment</Scope>
  <Get assignTo='private.jira_username'>
    <Key>
      <Parameter>jiraUser</Parameter>
    </Key>
  </Get>
  <Get assignTo='private.jira_password'>
    <Key>
      <Parameter>jiraPwd</Parameter>
    </Key>
  </Get>
</KeyValueMapOperations>

It seems though, that the data is actually there, in the context variables. It's just that Trace is obscuring or ignoring them. Why? Is this a bug? If not, Can I change this behavior? How?

0 1 1,222
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

This behavior is expected!

As you can see from the KVM policy, the variables are prefixed with "private."

This variable name prefix is required when retrieving content from an encrypted Key Value Map in Apigee Edge. The goal is to disallow the display of such variables in trace.

The trace UI will not display any variables with that prefix.

If, during development, you wish to see the variables that have been extracted, then you need to add a second policy, an AssignMessage, which assigns the value of the "private.something" variable to a variable that lacks the "private." prefix. This assignment will then be reflected in the Trace UI.

Like this: 

<AssignMessage name="AM-TraceAuthn">
    <AssignVariable>
        <Name>jira_authz_header_val</Name>
        <Value>oof</Value>
        <Ref>private.jira_authorization_header</Ref>
    </AssignVariable>
    <AssignVariable>
        <Name>jira_authz_username</Name>
        <Value>oof</Value>
        <Ref>private.jira_username</Ref>
    </AssignVariable>
    <AssignVariable>
        <Name>jira_authz_password</Name>
        <Value>oof</Value>
        <Ref>private.jira_password</Ref>
    </AssignVariable>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</AssignMessage>

If that policy runs right after the KVM-Get, then the trace UI will show variables like "jira_authz_password" and so on.

If you use this technique, be sure to remove such policies before you deploy into production!