How to create dynamic cache using PopulateCache policy with KeyFragment

snowamigos
Participant II

Requirement: We have to dynamically cache credentials based on the developer app calling the proxy.

Below configuration works in a normal scenarios where credentials are same for all developer apps. but our scenario is credentials will change based for each developer app calling the proxy.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PopulateCache async="false" continueOnError="false" enabled="true" name="PopulateCachesecretKey">
    <DisplayName>PopulateCacheSecrets</DisplayName>
    <CacheKey>
        <KeyFragment>SnowProxy-Vault-Secrets</KeyFragment>
    </CacheKey>
    <Scope>Target</Scope>
    <ExpirySettings>
        <TimeoutInSec>86400</TimeoutInSec>
    </ExpirySettings>
    <Source>vaultData</Source>
</PopulateCache>

I have tried something like this below but the caching does not work, It's going to vault to get credentials for each call.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PopulateCache async="false" continueOnError="false" enabled="true" name="PopulateCachesecretKey">
    <DisplayName>PopulateCacheSecrets</DisplayName>
    <CacheKey>
        <KeyFragment>Proxy-Vault-Secrets</KeyFragment>
        <KeyFragment ref="jwt.Decode-JWT-1.claim.appid"/>
    </CacheKey>
    <Scope>Target</Scope>
    <ExpirySettings>
        <TimeoutInSec>86400</TimeoutInSec>
    </ExpirySettings>
    <Source>vaultData</Source>
</PopulateCache>

Anyone have any examples how to make the caching unique to the developer app dynamically?

0 2 291
2 REPLIES 2

sidd-harth
Participant V
It's going to vault to get credentials for each call.

What do you mean by VAULT?

What other policies are being used before Populate cache? Could you provide the ProxyEndpoint XML if possible?

After decoding JWT if jwt.Decode-JWT-1.claim.appid is giving you a unique value per dev app, then it should be enough to cache using Populate cache.

Sorry, Vault is our credential store where we store the secrets.

Yes, jwt.Decode-JWT-1.claim.appid is unique for developer app, I have used different unique values but it does not work. as soon as i comment out that line caching starts working again.

Below is my pre-flow with call policies.

<PreFlow name="PreFlow">
        <Request>
            <Step>
                <Name>VerifyOauth2Token</Name>
            </Step>
            <Step>
                <Name>Decode-JWT-1</Name>
            </Step>
            <Step>
                <Name>Spike Arrest</Name>
            </Step>
            <Step>
                <Name>LookupCacheSNSecrets</Name>
            </Step>
            <Step>
                <Name>Vault KVM Extraction</Name>
            </Step>
            <Step>
                <Condition>vaultData == null</Condition>
                <Name>VaultRead</Name>
            </Step>
            <Step>
                <Condition>vaultData == null</Condition>
                <Name>PopulateCachesecretKey</Name>
            </Step>
            <Step>
                <Name>SetVariablesFromVaultCache</Name>
            </Step>
            <Step>
                <Name>Service-Callout</Name>
            </Step>
            <Step>
                <Name>ExtractVariableSNOWToken</Name>
            </Step>
            <Step>
                <Name>AssignMessageToken</Name>
            </Step>
        </Request>
        <Response/>
    </PreFlow>
<br>