4.18.01 - Edge for Private Cloud release notes

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation. info

Since the previous Edge for Private Cloud Feature Release, the following releases have occurred and are included in this Feature Release:

Edge UI release	Edge management release	Portal release
17.10.11 (UI) 17.10.02 (UI) 17.09.20 (UI) 17.09.06 (UI)	17.10.09 (API management and runtime) 17.09.11 (API management)	17.10.25.00 17.08.21.00 17.07.31.00

See About release numbering to understand how you can figure out whether a specific cloud release is included in your version of Edge for Private Cloud.

Release overview

The most important new features in this release include:

Upgrade to PostgreSQL 9.6
Beta Release of the New Edge Experience for Private Cloud
Beta release of three new policies that let you generate, verify, and decode JSON Web Tokens (JWT).

This release also includes all of the bug fixes and new features included in the Edge Public Cloud releases listed below.

Deprecations and retirements

The following features were deprecated or retired in this release. See the Edge deprecation policy for more information.

Deprecations

Deprecation of new installs of API BaaS

New customers as of January 31, 2018 are not eligible for API BaaS unless your specifications sheet highlights API BaaS entitlement.

Deprecation of Apigee secure store (vaults)

The Apigee secure store, also known as "vaults," is being deprecated and will be retired in September of 2018. Vaults, which provide encrypted storage of key/value pairs, are created with the management API and accessed at runtime with functions in the apigee-access Node.js module.

Instead of using the secure store, use encrypted key value maps (KVMs), as described in Working with key value maps. Encrypted KVMs are just as secure as vaults and provide more options for creation and retrieval. (MGMT-3848)

Deprecation for adding paths on the API proxy Performance tab

Up to this release, you could navigate to an API proxy in the management UI, go to the Performance tab, and create different paths for a chart-based comparison on the proxy's Performance tab and in the Business Transactions dashboard. This feature is now retired and is no longer available in the UI. For an alternative to this functionality, see the following Apigee Community article: https://community.apigee.com/articles/23936/alternative-to-business-transactions-api.html. (EDGEUI-902)

Deprecation of the SMTPSSL property to set the SMTP protocol for the Developer Services portal

You now use the SMTP_PROTOCOL property, instead of the SMTPSSL property, to set the protocol used by the SMTP server connected to the portal. The valid values are: "standard", "ssl", or "tls".

See Developer Services portal installation for more.

New features and updates

Following are the new features and enhancements in this release. In addition to the following enhancements, this release also contains multiple usability, performance, security, and stability enhancements.

Private Cloud

PostgreSQL upgrade to version 9.6

This release includes an upgrade to PostgreSQL 9.6 to allow Edge to take advantage of the Parallel Query feature in PostgreSQL. For more, see:

Beta Release of the New Edge Experience for Private Cloud

This release of Edge for the Private Cloud contains a Beta release of a major update to to the API management user interface. This New Edge experience builds on top of the existing features of the Apigee Edge platform, and adds some enhancements, particularly in the areas of Design and Publishing.

The New Edge experience has previously been available only to Cloud users. With this release of Edge for the Private Cloud, you can now install the Beta version of the New Edge experience.

See Beta Release of the New Edge Experience for Private Cloud for more.

Beta release of the JWT policies

JSON Web Token (JWT) is a token standard described in IETF RFC 7519. JWT provides a way to sign a set of claims, in other words a set of name/value pairs, which can later be verified reliably by the recipient of the JWT.

This release contains three new policies that let you generate, verify, and decode JSON Web Tokens (JWT) on Apigee Edge:

Generate JWT policy - Generates a signed JWT, with a configurable set of claims. The JWT can then be returned to clients, transmitted to backend targets, or used in other ways. See Generate JWT policy (Beta version) for more.
Verify JWT policy - Verifies the signature on a JWT received from clients or other systems. This policy also extracts the claims into flow variables so that subsequent policies or conditions can examine those values to make authorization or routing decisions. See Verify JWT policy (Beta version) for more.
Decode JWT policy - Decodes a JWT without verifying the signature on the JWT. This policy is useful when used in concert with the JWT Verification Policy, when the value of a claim from within the JWT must be known before verifying the signature of the JWT. See Decode JWT policy (Beta version) for more.

See JWT policies overview for an overview.

OCSP stapling supported for virtual hosts (65587547)

Virtual hosts now support OCSP stapling for one-way and two-way TLS. When enabled, an OCSP (Online Certificate Status Protocol) client sends a status request to an OCSP responder to determine if the certificate is valid. The response indicates if the certificate is valid and not revoked.

By default OCSP stapling is off. TLS must be enabled on the virtual host to enable OCSP.

See Virtual host property reference for more.

Router retry options can now be set at the virtual host level

You can now set retry options for the Router's communications with the Message Processor on the virtual host. This gives you more fine-grained control than the previous options, which were only settable at the Router level.

For more information, see Virtual host configuration properties.

External Role Mapping support added (67145030)

If you are using External Authentication to integrate an external directory service into an Apigee Edge Private Cloud installation, you can now use External Role Mapping. External Role Mapping lets you map your own groups or roles to role-based access control (RBAC) roles and groups created on Apigee Edge.

The External Role Mapping service for Edge for Private Cloud releases prior to 4.18.01 has been deprecated. Release 4.18.01 of External Role Mapping is an updated version with bugs fixed and new features added:

Fixed the problem where you received authentication 403 forbidden responses when authenticating with users who should have access.
X-Apigee-Current-User header is supported now in External Role Mapping. Users with proper access (sysadmin) can login as another user with self credentials.

See External Role Mapping for more.

Can now test system requirements without running an install (67858161)

Edge for the Private Cloud 4.17.09 added support for the ENABLE_SYSTEM_CHECK=y property to check CPU and memory requirements on a machine as part of an install. However, that check required you to perform an actual install. You can now use the "-t" flag to make that check without having to do an install:

/opt/apigee/apigee-setup/bin/setup.sh -p aio -f configFile -t

This command displays any errors with the system requirements to the screen.

See Install Edge components on a node for more.

Updated PHP version for Developer Services portal (68733233)

The portal now uses PHP version 7.0.23.

No longer required to configure an SMTP server with the Developer Services portal (70164403)

You no longer are required to configure an SMTP server when installing the portal. You can now configure one post-installation.

API Services

Name validations on new entities (MGMT-4252 and MGMT-4098)

When you create new entities, Apigee validates the names to enforce naming rules. Entities being validated on creation or update are: API proxies, policies (and policy names in API proxy definitions), virtual hosts, roles, caches, target servers, data masks for debugging, keystores and truststores, and resource files in API proxies. See Naming and input error advisories for naming restrictions on these entities.

Bugs fixed

The following bugs are fixed in this release. This list is primarily for users checking to see if their support tickets have been fixed. It's not designed to provide detailed information for all users.

Private Cloud 4.18.01

Issue ID	Description
68001164	PHP LDAP extension is now installed by default with portal The PHP LDAP extension is now installed by default when installing the portal on RedHat and CentOS. This module makes enabling Drupal LDAP module easier.
68049481	The Drupal settings.php file is now writable The portal install script now makes sure that the Drupal `settings.php` file is writable by the "apigee" user so that it can be copied and updated correctly.
68139166	Installer output showed OpenLDAP being downgraded when it was not.
68329105	Portal setup fails to create a user when connecting to Edge when SAML is enabled and uses a self signed cert.
68427561	Portal configuration properties now set correctly after a restart.
69024465	Unable to undeploy SharedFlow in Edge UI
69711616	Updated Jackson Databind to version 2.7.9.1 in the third-party JARs.

17.11.06 (UI)

Issue ID	Description
68357182	CSV file does not include the correct data for time frame (includes full set of data) The CSV file did not include the correct data for the specified time frame. Instead, the full set of data was included in the file. This issue has been fixed.
67650494	Edge UI should track environment changes In some cases, environment changes were not persisted when moving between pages in the UI. This issue has been fixed.

17.10.25.00 (portal)

Issue ID	Component Name	Description
67646686	Developer Portal - Drupal	& displayed on Forum page Fixed bug where the default Apigee theme shows "&" for any ampersands in the menu tabs.
65456469	Developer Portal - Drupal	Update CAPTCHA module for security enhancements provided by the module contributors The CAPTCHA module has been updated to CAPTCHA 7.x-1.5 to fix a security vulnerability. For more information, see https://www.drupal.org/node/2907137.
65101827	Developer Portal - Drupal	Company app analytics not working Fixed bug where Monetization Company apps could not show any analytics data.
65003870	Developer Portal - Drupal	Not able to cancel future rate plans Fixed bug where future rate plans purchased by a company could not be cancelled.
65003539	Developer Portal - Drupal	Use default country from Drupal locale The Monetization Contact and Billing Details address now uses the default country from the Locale Default country setting. You can change this setting by selecting Configuration > Regional and language in the Drupal Administration menu. Changing the default locale changes the default country on the Monetization Contact and Billing Details section.

17.10.11 (UI)

Issue ID	Description
67005192	UI needs to handle decoded paths when checking for permissions The UI now handles decoded paths when checking user permissions.

17.09.20 (API management and runtime)

Issue ID	Component Name	Description
MGMT-4219	API Management	MGMT to send org and env header to blobstore
MGMT-4065	API Management	Support enabled for PKS format certs
MGMT-3782	API Management	Optimal default consistency level value for identity-zone
MGMT-3913	API Management	Resolve timeout issue for retrieving OAuth2 tokens by an appId
MGMT-4177	API Management	Ability to disable Basic Authentication Scheme in SecurityProfile
MGMT-3978	API Management	Need a CWC token to set JVM_OPTIONS on all Java components
MGMT-3918 MGMT-4294	API Management	Auto URL-encode special characters in permission paths for custom roles
APIRT-4767	API Runtime	JavaScript step should use always use UTF-8 for content
APIRT-4725	API Runtime	Fixed OAuth service NPE issue
APIRT-4691	API Runtime	Allow time to drain connections before killing unhealthy service
APIRT-4644	API Runtime	Basic authorization for BlobstoreService
APIRT-4636	API Runtime	Sense Action should continue to function if Zookeeper is down
APIRT-4635	API Runtime	Reuse refresh token attribute support enabled for OAuth policies
APIRT-4632	API Runtime	Rolling window quota counter not being calculated accurately
APIRT-4584	API Runtime	Flow hook not deploying consistently, ZooKeeper check not working
APIRT-4542	API Runtime	The MP Sense Task ended without notice
APIRT-4522	API Runtime	Analytics doesn't work for monetization-enabled message processors if the org region is different from the axgroup region
APIRT-4444	API Runtime	Compute error rates per target per error code
APIRT-4435	API Runtime	RepositoryServiceImpl.loadAsString() doesn't use charset
APIRT-4370	API Runtime	High memory usage on org MPs
APIRT-4354	API Runtime	Capture TLS version in Nginx access_log for every request
APIRT-4169	API Runtime	Current version of Nginx doesn't support variable combination required for `X-Forwarded-For` header
APIRT-3671	API Runtime	Tokens are not recorded as hashed after turning on hashing
APIRT-3593	API Runtime	OAuth token not holding the set attribute in a subsequent call
APIRT-3081	API Runtime	messaging.adaptors.http.flow.ServiceUnavailable error with Concurrent Rate Limit policy
APIRT-4660	API Runtime	Add MP pod name in the header to router X-Apigee-Pod
APIRT-4506	API Runtime	Cache changes are not getting replicated to a specific message processor
APIRT-4196	API Runtime	Message Logging policy syslog timestamp format is not correct
66933664	API Runtime	QuotaService for non-CPS flow should clean up buckets asynchronously and not in Apigee-Main thread
66495205	API Runtime	Better handling of JavaScript policy with async http calls to prevent NPE
65847462	API Runtime	print statement fails with NPE
65648578	API Runtime	Only MPs should register in consul KV path
65603360	API Runtime	JavaScript calls fail with null error
65416531	Feature Platform	Resurrect the message context when JavaScript objects are brought back into JavaScript step context
67405744	Apigee	High request processing latency on MPs
65849186	Trireme	Unhandled exceptions does not cause Node.js/Trireme process to exit
65713882	Trireme	mongodb-core in Trireme produces different crypto results than native Node.js
65374484	Trireme	Node security: http.get with numeric authorization options creates uninitialized buffers
64577449	Trireme	Trireme returns Invalid verify algorithm sha256 error
EDGESERV‑6	Edge Server	Node apps experiencing x_apigee_fault_code: "scripts.node.runtime.ScriptExecutionError"

17.09.20 (UI)

Issue ID	Description
65584963	Analytics: Custom reports filter needs to have case-insensitive check for data type The custom reports filter is now case-insensitive for data type comparisons.
65446846	Unable to assign administrator role for a company in Edge UI The full set of developers and companies are displayed and can be managed in the Edge UI.
65125644	Cannot remove an API product from a credential for Company App An issue has been fixed that was preventing an API product from being removed from a credential for a company app.

17.09.11 (API management)

Issue ID	Description
64541665	Change source logger configuration on MP to have different log names
APIRT‑3593	OAuth token not holding the set attribute in a subsequent call
APIRT-4336	Split the OAuthStepExecution into multiple step executions. Each of the operation should have a dedicated step execution
APIRT-4444	Compute error rates per target per error code
APIRT-4456	Refactor Verify API Key for EAP-gateway/apid
APIRT-4635	Reuse refresh token attribute support enabled for OAuth policies
APIRT-4683	Add GCP LB IPs as Trusted for XFF Headers
APIRT-4723	OAuth bundle load support for EdgeX/Hybrid mode
APIRT-4725	Fixed OAuth service NPE issue
APIRT-4726	ScriptableHttpClient should not assume a message context is still present at send time
MGMT‑3764	Invalid keystore no longer gets through management
MGMT-3782	Optimal default consistency level value for identity-zone
MGMT-3913	Resolve timeout issue for retrieving OAuth2 tokens by an appId
MGMT-3997	Deleting keystores should not be allowed if there's a reference pointing to it
MGMT-4013	Updating the keystore reference checks for existence of keystore and referenced alias
MGMT-4065	Support enabled for PKS format certs
MGMT-4113	Self service virtual host feature enhancement
MGMT-4229	After adding @JsonSerialize(include = JsonSerialize.Inclusion.NON_DEFAULT) apiconfiguration regression fails
MGMT-4232	[EDGEX/Hybrid] Import API uploads doesn’t corrupt bundle
MGMT-4242	[EDGEX/Hybrid] Support proxy deployment to more than one environments
MGMT-4245	[EDGEX/Hybrid] VirtualHost self service validation for hybrid-virtual-hosts
MGMT-4250	[EDGEX] Parallel execution for API proxy deployment status API

17.09.06 (UI)

Issue ID	Description
65015144	Analytics: Custom reports page filter has issue with integer value filter for Big Query customers The custom reports page filter now handles integer values as expected.
64806976	Developer field is not populated in the Apps list page The Developer field is now populated for all apps in the list.
64766918	API proxy editor's YAML support is broken Fixed issue that was causing issue with YAML files in the API proxy editor.
64160572	Analytics: Remove Business Transactions from Analytics Menu and from proxy editor performance tab The Business Transactions analytics dashboard is no longer supported. For alternatives, see the community article Alternative to Business Transactions API.

17.08.21.00 (portal)

Issue ID	Description
DEVSOL‑2625	Monetization roles getting dropped after switching company If you have monetization enabled, if you assign a role to a user and they switch from one company context to another, the role is no longer removed from the user.
DEVSOL-2621	Drupal modules updates The following Drupal modules were updated to the release indicated: File Entity (fieldable files) 7.x-2.4 Media 7.x-2.10 Media CKEditor 7.x-2.5 Media: YouTube 7.x-3.5 Metatag 7.x-1.22 Services Views 7.x-1.2
DEVSOL-2612	"Website encountered an error" message displayed while enabling Monetization Fixed issue that occurred when enabling monetization modules. The message `Website encountered an error` was displayed with the following message in the logs: `Error: Call to a member function clear() on string in devconnect_monetization_clear_api_cache() (line 1517 of /var/www/html/profiles/apigee/modules/custom/devconnect /devconnect_monetization/devconnect_monetization.module)` This error is no longer logged.
DEVSOL-2609	Drupal status page does not show proper Edge connection status for SAML (OAuth) Drupal Status page now shows proper Edge connection status for SAML (OAuth). Previously, the Reports > Status reports page would show the connection was not working even if you had SAML properly configured.
DEVSOL-2608	SAML/OAuth: Log prints Bearer token cache miss with every call Fixed issue with Bearer token cache logic that was causing system to get a new token each time it called Edge.
DEVSOL-2599	Multiple issues with devconnect_user_developer_is_active() Fixed issue where the wrong developer's status was checked to decide if the user is active or not. If a developer account is disabled in the Edge UI causing the app keys to stop working, the system will now display a message to inform the developer. Also added performance improvements to this functionality.
DEVSOL-2595	SAML configuration enhancements and updates The following enhancements and updates have been made to the SAML configuration: The SAML configuration page is now editable. For more information, see Using SAML authentication. The username field is now displayed in the UI. Fixed drush "dc-test" call to use standard connection test function so it no longer ignores SAML configuration settings.
DEVSOL-2569	App Analytics: Endpoint Response Time is no longer working, changed to Total Response Time Endpoint Response Time analytics graph has been removed from the Analytics tab on the Developer apps page since it did not reflect total response time and was causing confusion. The metric was reflecting only the time it took for the endpoint to respond, but not the time it took the API proxy to respond. The Throughput graph displays the total response time for end developers.

17.07.31.00 (portal)

Issue ID	Description
DEVSOL‑2258	Some text fields cannot be translated into Portuguese Added missing translation text in Drupal Dev Portal Apps module to Drupal Internationalization system. Previously, some text was not able to be translated on the "My Apps" pages.
DEVSOL-2536	Editing "app name" or "callback url" causes portal to remove API products from developer app Updating a developer app will no longer result in API products being removed from the app.
DEVSOL-2519	Smartdocs has undeclared dependency on devconnect_developer_apps Smartdocs module no longer has an unnecessary dependency on DevConnect developer apps module.
DEVSOL-2492	Incorrect HTML escaping in company page Fixed issue where the monetization menus were displaying ampersands, such as, "Catalog & Plans", with HTML-encoding.
DEVSOL-2490	Improve usage of Rate plan date setters in monetization modules Added better handling of Monetization rate plans across time zones.
DEVSOL-2440	Calling deprecated management "limits" API in dev portal results in 404s Updated system to handle new view/purchase plan API in Monetization.
DEVSOL-2436	Table drupal_cache_mint missing in the DevPortal DB while trying to enable the Apigee_company Drupal module to enable monetization Fixed issue where Monetization configuration will cause the following error: "ERROR: relation "drupal_cache_mint" does not exist".
DEVSOL-2419	Importing non-OpenAPI JSON as OpenAPI does not throw error messages Importing an OpenAPI document into SmartDocs is now validated to make sure the document is an OpenAPI spec.
DEVSOL-2406	SmartDocs links, 'Revision Details' or 'Edit Revision', do not work Fixed issue where 'Revision Details' or 'Edit Revision' in SmartDocs revisions action menu were displaying the wrong page.
DEVSOL-2382	"Lock SmartDocs method templates" functionality Created a new permission "Administer SmartDocs templates" so that the ability to edit SmartDocs templates can be removed or limited to a role.
DEVSOL-2380	Undefined index error in Drupal logs Removed the following misleading message in the Drupal log for Monetization-enabled sites: `Undefined index: role in Apigee\ManagementAPI\Company->listDevelopers()`
DEVSOL-2375	Invalid Address error in Drupal log Fixed bug that caused invalid errors to be added to the log if the system did not have SMTP configured.
DEVSOL-2355	cURL timeout results in PHP warnings and bad logs in edge-php-sdk Fixed bug where timeouts would result in poorly formatted log messages.
DEVSOL-2336	Monetization payment provider configuration update The Configuration > Monetization Settings > Recurring Payment via Worldpay developer portal configuration page can now be used to configure WorldPay payment details.
DEVSOL-2307	Add warning/docs that apigee_company module can only be used with monetization The apigee_company Drupal module requires Monetization to be enabled. If you enable the apigee_company module when Monetization is not enabled, a warning message is displayed in the Status report for the site.
DEVSOL-2270	After the latest release of monetization (2016-Oct-5th) cannot save Company info Fixed issue in Monetization where company information would not save properly.
DEVSOL-2175	Me Aliases and core Statistics modules do not play well together Drupal core and the "Me Aliases" contrib module were patched so that "Me Aliases" and the core Statistics module can be enabled at the same time. For more information, see https://www.drupal.org/node/1863260 and https://www.drupal.org/node/2076691.

Known Issues

This release has the following known issues:

Issue ID Description

72379834

Issue ID	Description
72379834	Permission error message appears when stopping apigee-postgresql When you use the `apigee-seriver apigee-postgresql stop` command to stop `apigee-postgresql`, you might see a message saying that `apigee-serive` cannot change to the user's home dir. You can ignore that message.
68722102	MessageLogging policy including extra information in the log message The `FormatMessage` element of the MessageLogging policy controls the format of the logged message. When `FormatMessage=false`, the logged message is not supposed to include any Apigee-generated information. However, even if you set `FormatMessage=false`, the log message still includes the following information: The priority score The timestamp

Permission error message appears when stopping apigee-postgresql

When you use the apigee-seriver apigee-postgresql stop command to stop apigee-postgresql, you might see a message saying that apigee-serive cannot change to the user's home dir. You can ignore that message.

68722102

MessageLogging policy including extra information in the log message

The FormatMessage element of the MessageLogging policy controls the format of the logged message. When FormatMessage=false, the logged message is not supposed to include any Apigee-generated information. However, even if you set FormatMessage=false, the log message still includes the following information:

The priority score
The timestamp

4.18.01.01

4.17.09.03