This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Can a Key Value Map be set up as read only?

Posted on 10-21-2019 02:04 PM
rich
New Member
Reply posted on --/--/---- --:-- AM

I want to use KVM so that I can set a value per environment. I would want to ensure that other proxies could not update the value, or, more specifically, that it remain read only.

Solved Solved
1 1 112
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Can a Key Value Map be set up as read only?

No it cannot.

I think to prevent an arbitrary proxy from executing a KVM Put (or KVM Delete) on entries you care about, you would need to use static analysis of your API proxies before deploying them.

An alternative is to include the data in a non-write-able resource in the API Proxy that is using the data. For example, you could include a settings.js file in your API Proxy, and as part of the PreFlow, use a JavaScript callout to populate context variables based on those settings. No other proxy would be able to overwrite what you've embedded into the settings file.

There's another approach: you could use a KVM scoped to the API Proxy itself. Then you won't need to worry about any other proxies overwriting your value. The value is visible (for read or write) only by a specific API proxy.

The downside of this: the Apigee UI does not allow visual editing or management of KVMs that are scoped to the apiproxy.

(ps: I think the "apiproxy" scope would be more accurately termed "revision". In other words the scope is specific to the API Proxy _Revision_, not to the apiproxy itself. If I am not mistaken. Check the docs and test for yourself to verify.)

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Can a Key Value Map be set up as read only?

No it cannot.

I think to prevent an arbitrary proxy from executing a KVM Put (or KVM Delete) on entries you care about, you would need to use static analysis of your API proxies before deploying them.

An alternative is to include the data in a non-write-able resource in the API Proxy that is using the data. For example, you could include a settings.js file in your API Proxy, and as part of the PreFlow, use a JavaScript callout to populate context variables based on those settings. No other proxy would be able to overwrite what you've embedded into the settings file.

There's another approach: you could use a KVM scoped to the API Proxy itself. Then you won't need to worry about any other proxies overwriting your value. The value is visible (for read or write) only by a specific API proxy.

The downside of this: the Apigee UI does not allow visual editing or management of KVMs that are scoped to the apiproxy.

(ps: I think the "apiproxy" scope would be more accurately termed "revision". In other words the scope is specific to the API Proxy _Revision_, not to the apiproxy itself. If I am not mistaken. Check the docs and test for yourself to verify.)

Jump to Solution