Flow Callout - switch SharedFlow bundle using variable

Not applicable

Hi community,

I'm wondering if you have any ideas on whether this is expected behaviour.

I'm using Shared Flows as a way to create re-usable shared security profiles/policies. Their configuration is being driven by variables (custom.scopes, custom.ratelimit, etc.)

At the moment I have one policy, but would like to have a few which can be selected through variables to reduce APIProxy configuration to a few values in an AssignMessage.

eg. SecurityPolicy-1: OAuth + Spike Arrest SecurityPolicy-2: APIKey + Spike Arrest SecurityPolicy-n: +

Summary of API Proxy flow:

Proxy Preflow:

<PreFlow name="PreFlow">
        <Request>
            <Step>
                <Condition>(request.verb != "OPTIONS")</Condition>
                <Name>Set.SecurityProfile</Name>
            </Step>
            <Step>
                <Condition>(request.verb != "OPTIONS")</Condition>
                <Name>Sec-Profile</Name>
            </Step>
        </Request>
        <Response/>
    </PreFlow>

Policies:
1. AssignMessage:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="Set.SecurityProfile">
    <DisplayName>Set.SecurityProfile</DisplayName>
    <Properties/>
    <AssignVariable>
        <!-- Used to set the Security Profile Shared Flow -->
        <Name>custom.profile</Name>
        <Value>Sec-Profile-1</Value>
        <Ref/>
    </AssignVariable>
    <AssignVariable>
        <!-- Used to set the OAuth scopes to enforce -->
        <Name>custom.scopes</Name>
        <Value>resource:read resource:read</Value>
        <Ref/>
    </AssignVariable>
    <AssignVariable>
        <!-- Used to set the spike rate limit -->
        <Name>custom.ratelimit</Name>
        <Value>20ps</Value>
        <Ref/>
    </AssignVariable>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>

2. FlowCallout:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<FlowCallout async="false" continueOnError="false" enabled="true" name="Sec-Profile">
    <DisplayName>Sec-Profile</DisplayName>
    <FaultRules/>
    <Properties/>
    <SharedFlowBundle>{custom.profile}</SharedFlowBundle>
</FlowCallout>

From the trace, it seems like the SharedFlowBundle value is not accepting variables.

Is there another way to do this type of thing?

0 1 519
1 REPLY 1

HI @Andre Johansson-Walder

Unfortunately, dynamic values for the SharedFlowBundle is not supported. What you can do is lets say you have 2 different Security Shared flows - "SF-Security-1 and SF-Security-2", you can have them called within your proxy using Conditions

<PreFlow name="PreFlow">
    <Request>
        <Step>
            <Condition>(request.verb != "OPTIONS")</Condition>
            <Name>Set.SecurityProfile</Name>
        </Step>
        <Step>
            <Condition>(request.verb != "OPTIONS") and (request.header.apikey != null)</Condition>
            <Name>FC-Security-1</Name>
        </Step>
        <Step>
            <Condition>(request.verb != "OPTIONS") and (request.header.Authorization != null)</Condition>
            <Name>FC-Security-2</Name>
        </Step>
    </Request>
    <Response/>
</PreFlow>

and within these Flow Callouts, you can have the appropriate Shared flows

FC-Security-1:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<FlowCallout async="false" continueOnError="false" enabled="true" name="FC-Security-1">
    <DisplayName>FC-Security-1</DisplayName>
    <FaultRules/>
    <Properties/>
    <SharedFlowBundle>SF-Security-1</SharedFlowBundle>
</FlowCallout>

FC-Security-2:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<FlowCallout async="false" continueOnError="false" enabled="true" name="FC-Security-2">
    <DisplayName>FC-Security-2</DisplayName>
    <FaultRules/>
    <Properties/>
    <SharedFlowBundle>SF-Security-2</SharedFlowBundle>
</FlowCallout>

Hope this helps !