This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

KVM not working as expected

Posted on 05-16-2018 07:15 AM
anushaputta
New Member
Reply posted on --/--/---- --:-- AM

Hi,

I have created a KVM entry using the below API management.

https://apidocs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/environments/%7Benv_nam...

Below is the config in my KVM policy.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<KeyValueMapOperations async="false"
                       continueOnError="false"
                       enabled="true"
                       name="Key-Value-Map-Operations-1"
                       mapIdentifier="kvm-poc">
  <DisplayName>Key Value Map Operations-1</DisplayName>
  <Properties/>
  <ExclusiveCache>false</ExclusiveCache>
  <ExpiryTimeInSecs>300</ExpiryTimeInSecs>
  <Get assignTo="private.user" index="1">
    <Key>
      <Parameter>user1</Parameter>
    </Key>
  </Get>
  <Scope>environment</Scope>
</KeyValueMapOperations>

But I see KVM is not picking up the parameter,I dont see variable "user" in the trace. Could anyone pls help?

1 6 780
Topic Labels
6 REPLIES 6

Posted on --/--/---- --:-- AM
sidd-harth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi @Anusha Chowdary, did you create an Encrypted KVM?

In your KVM policy, you have mentioned <Get assignTo="private.user" index="1">

When you mention private.* KVM will fetch the details but it won't be displayed in the trace.

If you want the value to be displayed in trace use a normal KVM and for that there is no need to use private prefix in assignTo variable.

-edit-

Go through this doc for more info on KVM vs Encrypted KVM.

BTW why are you using this management API?

https://apidocs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/environments/%7Benv_nam...

This API can only be used in organizations with Core Persistence Services enabled.

You can create KVM per env or org level, use one of below APIs,

https://apidocs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/environments/%7Benv_nam...


https://apidocs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/keyvaluemaps
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I dont see variable "user" in the trace. Could anyone pls help?

Yes. You should not expect to see a variable "user". It looks to me that your configuration specifies a variable name of "private.user", not "user". So you won't see "user" in the Trace.

It may be somewhat mysterious, but you ALSO won't see "private.user" in the trace. This is because all private variables - those with private. as a prefix - are masked from Trace. You won't ever see a variable with a name like "private.user" in the Trace.

That doesn't mean the variable is not actually set.

The way to determine if a private variable is set, is to examine side-effects. For example, if you use private.user as an input to a BasicAuthentication policy, you can examine the output of that latter policy to infer whether the private.user variable was set correctly.

You may wonder, why don't I just configure the KVM Get to assign to a non-private variable?

You can do that if the KVM in question is not encrypted. For encrypted KVM, you must use the private. prefix.

Sometimes I want to see the private variable directly. For that purpose I'll add a new policy, an AssignMessage policy, directly following the KVM-Get, that does nothing more than assign the value of a private variable to a non-private variable. 

<AssignMessage name='AM-1'>
  <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
  <AssignVariable>
    <Name>public_user</Name>
    <Ref>private.user</Ref>
    <Value>BADDBEEF</Value>
  </AssignVariable>
</AssignMessage>

The side effect of that policy will be to cause a Trace statement to be emitted, and you'll see the public_user variable in the Trace UI.

But you'll want to make sure to remove that policy before you go into production, to protect the integrity of your private variables.

Posted on --/--/---- --:-- AM
sidd-harth
Bronze 1
Bronze 1
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

@Dino-at-Google, I really like your detailed answers which explain stuff outside documentation with practical examples.

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to sidd-harth
Reply posted on --/--/---- --:-- AM

I'm glad it's helpful .Thanks for your contributions, too!

0 Likes

Posted on --/--/---- --:-- AM
anushaputta
New Member
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Thanks for the detailed explanation Dino-at-Google and Siddharth Barahalikar

Just to clarify, I see this issue only with the new org which was provisioned few months back.

For the other orgs,we did not add any prefix for the encrypted kvms and they still work.

Is this a new enhancement that has been published?

Thanks,

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to anushaputta
Reply posted on --/--/---- --:-- AM

Yes, possibly.

You have control over the trace masks, which specify that variables like private.* won't be displayed. We added the tracemask for private.* a while back.

Here's the documentation.

0 Likes