This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to use variables in AccessControl policy

Posted on 07-19-2019 04:18 AM
cladius_fernand
New Member
Reply posted on --/--/---- --:-- AM

I tried using flow variables in my AccessControl policy. 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessControl async="false" continueOnError="false" enabled="true" name="Access-Control">
    <DisplayName>Access Control</DisplayName>
    <Properties/>
    <IPRules noRuleMatchAction="DENY">
        <MatchRule action="ALLOW">
            <SourceAddress mask="{whitelist.ip.mask}">{whitelist.ip.address}</SourceAddress>
        </MatchRule>
    </IPRules>
</AccessControl>

And it failed in the validation phase:

[ERROR] {
[ERROR]   "code" : "rest.ValidationFailure",
[ERROR]   "message" : "Error occurred while validation of bean Access-Control.xml. Reason: - Not a number: {whitelist.ip.mask}.",
[ERROR]   "contexts" : [ ]
[ERROR] }

Seems like it's related to the issue mentioned by me here. I am currently trying this on 4.19.01 private cloud version.

Solved Solved
0 6 269
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
cladius_fernand
New Member
Reply posted on --/--/---- --:-- AM

I received a response from Apigee support. Posting it here for benefit of the overall community.

The flow-variables can be used in Apigee Cloud as of now. This feature is yet to be released for OnPrem customers. I'll post an update here once I find out more.

View solution in original post

Jump to Solution
6 REPLIES 6

Posted on --/--/---- --:-- AM
itravindrasingh
New Member
Reply posted on --/--/---- --:-- AM

There can be a hack on {whitelist.ip.mask} variable, remove double quote or add JS policy and use parseInt for such variables. you have already tried these you need to do further investigation.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
cladius_fernand
New Member
In response to itravindrasingh
Reply posted on --/--/---- --:-- AM

Thanks for the suggestion.

Currently, I am setting the whitelist.ip.mask flow variable via reading from the KVM. However, even if I was to set it via a JS Callout, it would still be a flow variable. I fail to see how that would solve my problem. Please note, this is a not a runtime issue. The proxy validation itself is failing as the xsd used by Apigee is not allowing anything but a number to be allowed for the mask attribute. Any other suggestions?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
itravindrasingh
New Member
In response to cladius_fernand
Reply posted on --/--/---- --:-- AM

I tried it on free trail account and I do not face this issue which mean it could be a issue of OPDK you have installed on private cloud. so please seek support from apigee support.

Jump to Solution

Posted on --/--/---- --:-- AM
cladius_fernand
New Member
In response to itravindrasingh
Reply posted on --/--/---- --:-- AM

Thanks for trying this out. Even for the other related issue that I mentioned in the OP, it was working fine on cloud but failing on OPDK.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
cladius_fernand
New Member
Reply posted on --/--/---- --:-- AM

I received a response from Apigee support. Posting it here for benefit of the overall community.

The flow-variables can be used in Apigee Cloud as of now. This feature is yet to be released for OnPrem customers. I'll post an update here once I find out more.

Jump to Solution

Posted on --/--/---- --:-- AM
itravindrasingh
New Member
In response to cladius_fernand
Reply posted on --/--/---- --:-- AM

Nice, such information should be available on the apigee docs so it can save time and we don't need to reachout the support.

Jump to Solution