Examples

Changing default Apigee capabilities

Consider this rule definition -- the default definition found in samples/apigee/rule.yaml:

apiVersion: config.istio.io/v1alpha2
kind: rule
metadata:
  name: apigee-rule
  namespace: istio-system
spec:
  match: context.reporter.kind == "inbound" && destination.namespace == "default"
  actions:
  - handler: apigee-handler.apigee.istio-system
    instances:
    - apigee.authorization
    - apigee.analytics

This definition applies analytics and authorization capabilities. If you want to remove authorization, and thereby disable the need for an API key or token while maintaining analytics, you could remove the authorization line and reapply the rule:

  1. Remove the apigee.authorization line from the rule.yaml file:

    apiVersion: config.istio.io/v1alpha2
    kind: rule
    metadata:
      name: apigee-rule
      namespace: istio-system
    spec:
      match: context.reporter.kind == "inbound" && destination.namespace == "default"
      actions:
      - handler: apigee-handler.apigee.istio-system
        instances:
        - apigee.analytics
    
  2. Reapply the rule:

    kubectl apply -f samples/apigee/rule.yaml
    
  3. Call the /hello API without an API key, and it works:

    curl http://$HELLOWORLD_URL/hello
    Hello version: v2, instance: helloworld-v2-56666fdd58-7t4s2
    

API key as query parameter

By default, API keys must be passed in a header called x-api-key. For example:

curl http://$HELLOWORLD_URL/hello -H "x-api-key: XsU1R4zGXz2ERxa0ilYQ5szwuljr5bB"

You can change this behavior by applying the samples/apigee/httpapispec.yaml configuration to the service mesh. You can see in that file that the apiKeys entry includes a query parameter called apikey, as well as the header x-api-key. After applying the config, you can use either.

kubectl apply -f samples/apigee/httpapispec.yaml

Now, you can call the API with the API key in a query parameter, and it will work:

curl http://$HELLOWORLD_URL/hello?apikey=XsU1R4zGXz2ERxa0ilYQ5szwuljr5bB

The HTTPAPISpec defines certain attributes for a service API. The default Apigee spec tells the Mixer where to look for the API key (query parameter or header), specifies the public name of the service (helloworld.default.svc.cluster.local), and specifies patterns to match against incoming HTTP requests. For example, the default Apigee spec generates the /hellooperation attribute when GET /hello is matched.

apiVersion: config.istio.io/v1alpha2
kind: HTTPAPISpec
metadata:
  creationTimestamp: null
  name: helloworldapi
  namespace: default
spec:
  apiKeys:
  - query: apikey
  - header: x-api-key
  attributes:
    attributes:
      api.service:
        stringValue: helloworld.default.svc.cluster.local
      api.version:
        stringValue: v1
  patterns:
  - attributes:
      attributes:
        api.operation:
            stringValue: /hello
    httpMethod: GET
    uriTemplate: /hello