Changing default Apigee capabilities
Consider this rule definition -- the default definition found in samples/apigee/rule.yaml
:
apiVersion: config.istio.io/v1alpha2
kind: rule
metadata:
name: apigee-rule
namespace: istio-system
spec:
match: context.reporter.kind == "inbound" && destination.namespace == "default"
actions:
- handler: apigee-handler.apigee.istio-system
instances:
- apigee.authorization
- apigee.analytics
This definition applies analytics and authorization capabilities. If you want to remove authorization, and thereby disable the need for an API key or token while maintaining analytics, you could remove the authorization line and reapply the rule:
Remove the
apigee.authorization
line from therule.yaml
file:apiVersion: config.istio.io/v1alpha2 kind: rule metadata: name: apigee-rule namespace: istio-system spec: match: context.reporter.kind == "inbound" && destination.namespace == "default" actions: - handler: apigee-handler.apigee.istio-system instances: - apigee.analytics
Reapply the rule:
kubectl apply -f samples/apigee/rule.yaml
Call the
/hello
API without an API key, and it works:curl http://$HELLOWORLD_URL/hello Hello version: v2, instance: helloworld-v2-56666fdd58-7t4s2
API key as query parameter
By default, API keys must be passed in a header called x-api-key
. For example:
curl http://$HELLOWORLD_URL/hello -H "x-api-key: XsU1R4zGXz2ERxa0ilYQ5szwuljr5bB"
You can change this behavior by applying the samples/apigee/httpapispec.yaml
configuration to the service mesh. You can see in that file that the apiKeys
entry includes a query parameter called apikey
, as well as the header x-api-key
. After applying the config, you can use either.
kubectl apply -f samples/apigee/httpapispec.yaml
Now, you can call the API with the API key in a query parameter, and it will work:
curl http://$HELLOWORLD_URL/hello?apikey=XsU1R4zGXz2ERxa0ilYQ5szwuljr5bB
The HTTPAPISpec
defines certain attributes for a service API. The default Apigee spec tells the Mixer where to look for the API key (query parameter or header), specifies the public name of the service (helloworld.default.svc.cluster.local
), and specifies patterns to match against incoming HTTP requests. For example, the default Apigee spec generates the /hello
operation attribute when GET /hello
is matched.
apiVersion: config.istio.io/v1alpha2
kind: HTTPAPISpec
metadata:
creationTimestamp: null
name: helloworldapi
namespace: default
spec:
apiKeys:
- query: apikey
- header: x-api-key
attributes:
attributes:
api.service:
stringValue: helloworld.default.svc.cluster.local
api.version:
stringValue: v1
patterns:
- attributes:
attributes:
api.operation:
stringValue: /hello
httpMethod: GET
uriTemplate: /hello