180608 - Apigee Edge for Public Cloud release notes

SSL/TLS support in JavaScript policy

The JavaScript policy lets you configure <SSLInfo> for secure SSL/TLS calls to external services. For more information, see the JavaScript policy documentation.

SSL/TLS variables available on Edge routers

When Edge Public Cloud switched from Netty routers to Nginx, some SSL/TLS flow variables were no longer available. This update makes some SSL/TLS variables available again. For more information, see Accessing TLS connection information in an API proxy.

JavaScript callback support in httpClient for improved callouts

The httpClient object in Apigee's JavaScript Object Model lets you call external services from an API proxy. httpClient now supports callbacks, letting you streamline your callout code and make more performant callouts by not requiring waitForComplete().

Example: Before

ex1 = httpClient.get("http://example.com");
ex1.waitForComplete();

if (ex1.isSuccess())  {
    response1 = ex1.getResponse();
    context.setVariable('example.status',response1.status);
} else {
   error = ex1.getError();
   context.setVariable('example.error','Woops: ' + error);
}

Example: Now

function onComplete(response, error) {
    if (response) {
        context.setVariable('example.status', response.status);
    } else {
       context.setVariable('example.error', 'Woops: ' + error);
    }
}
// Function callback allowed as an argument.
httpClient.get("http://example.com", onComplete);

New management API (Beta): Update API products assigned to a consumer key

Developer apps have consumer/API keys that are associated with specific API products. A new management API (Beta release) lets you change the API products that are associated with a single consumer key.

In the following cURL examples, assume that a consumer key is already associated with a product called product1. The API call changes the consumer key so that it's associated with product2 and product3 instead:

JSON payload

curl -i -X PUT -H "Content-Type: application/json" \
"https://api.enterprise.apigee.com/v1/organizations/org_name/\
developers/developer_email_or_id/apps/app_name/\
keys/consumer_key/apiproducts" \
-d '["product2","product3"]' \
-u account_email

XML payload

curl -i -X PUT -H "Content-Type: application/xml" \
"https://api.enterprise.apigee.com/v1/organizations/org_name/\
developers/developer_email_or_id/apps/app_name/\
keys/consumer_key/apiproducts" \
-d '<List><Item>product2</Item><Item>product3</Item></List>' \
-u account_email

Token refresh logic broken

Do not fail proxy undeploy due to Turbo error

Simplify deployment API implementation in Edge

Implement proper delete support of Turbo applications/revisions

Refactor TurboService in Edge to simplify HTTP requests/retries

New analytics dimension and change to the x_forwarded_for_ip dimension

With this release of Edge for the Cloud, the way Edge sets the x_forwarded_for_ip dimension in Edge Analytics has changed. Previously, if there were multiple IP addresses in the X-Forwarded-For header, the x_forwarded_for_ip dimension contained only the last IP address listed. Customers often used the x_forwarded_for_ip dimension to determine the IP address of the client making the API request to Edge.

With this release, the x_forwarded_for_ip dimension now contains the complete list of IP addresses in the X-Forwarded-For header.

Warning: The X-Forwarded-For header has the potential for being spoofed by an IP that has been denied access, except for the last address in the header, which is the IP address Edge received from the last external TCP handshake. To determine the original client IP address making the API request to Edge, this release adds a new dimension to Edge Analytics: ax_resolved_client_ip.

You can now use the ax_resolved_client_ip dimension in a custom report or in a filter condition in a custom report to determine the IP address of the client making the API request. See Analytics metrics, dimensions, and filters reference for more on the ax_resolved_client_ip dimension.

This change also affects the way the AccessControl policy handles the X-Forwarded-For header. You no longer have to set the feature.enableMultipleXForwardCheckForACL property in your organization to configure the X-Forwarded-For header to contain multiple IP addresses. However, that setting is still required for Edge for the Private Cloud. For more, see About the X-Forwarded-For HTTP header.

Update fh.properties for release branch Release_180608

Include region and server details of each server in the deployment and undeployment status responses

Add developer email in monetization dataset

Revert default flag for BigQuery

Add resource type for different resource files

Ensure parent entities exist when doing create/read operations

Microgateway support for mTLS when invoking management APIs

Sonar: view target http status and latency for each of the targets

Add developer email column to monetization Summary report

Migrate MP dependency on isSenseEnabled to sense.protection

New built-in Sense user roles: SenseOperator and SenseUser

Fix XFF when router is behind GCP http(s) GLB

MP should add compliance related headers

Add HTTP headers in router for PCI compliance

Monetization: Add "Organization Profile Not Found"

Create monetization environment for each organization

jstack clearance from jstack-local-copy is not fast enough.

Disks in MP fill up with huge system.log*.tmp files

Non-success response codes from HT trigger fault flow in proxy

One proxy in an organization did not get deployed on 180608_03 release

Polling logic can run forever if errors are constantly thrown

Trial pod routers are not loading upstreams for virtual hosts in R180608

nginx reload causes MP availability issues

The x_forwarded_for_ip analytics dimension reports only the first IP address in the list. It should report the complete list.

Internal fix to support future product update.

Fix a bug that in-use virtual host was allowed to be deleted

Client unable to deploy new proxy revision

CassandraRepositoryDelegate.exists() always returns true for /apiproxies/*/maskconfigs/* paths

Add logging to configstore services so it is easier to tell which configs you use when starting

Handle content types better in DeploymentStatusService http client

HEAD requests to Node.js targets hang

Hosted Targets bundles deployments fail with messaging.resource.UnknownResourceType

Make build.info file to work with kokoro for quality Db integration

OAuth token creation fails with NumberFormatException

JWT: TimeAllowance in VerifyJWT is not handled correctly

Clean up mint scope from mxgroup as part of org delete

Ignore loading of apps and companies while fetching developer-email for developer-id

Fix the day rollover calculation bug in non-CPS flow

API proxy deployment errors

Set bigQuery flag to true by default

Cassandra large KMS keyspace issue

Credit amount reset not working as expected for org

Add comma delimiter for asynchronous detailed reports

Exiting NIOThread

Some deployments fail if you disconnect MPs and Routers and then reconnect the Router

Ensure microkernel process restart doesn't result in duplicate Consul service tags

Excluding TLS cipher suites for Management Server doesn't work

Large *.tmp log files in MP fill up the disk

Post CPS migration -> suspended_developers GET call is not returning new IDs

SharedFlow - MessageLogging policy is not executed

Uploading individual ServiceCallout policy with LoadBalancer target or SSLInfo KeyStore config results in a NullPointerException

Can't delete monetization data

Deployment failure due to high latency in proxy bundle replication

/delete-org-data fails with developer-specific rate plans