| subject: namespace:ns |
| revision: "2022" |
| rules: |
| - selector: # must be empty for preprocessing adapters |
| aspects: |
| # Fetch the API key and use it to set various request attributes. |
| # This is where the adapter should cache, because this one gets called three times |
| # (check, quota, and report) |
| - kind: attributes |
| adapter: apigeeAttributes |
| params: |
| input_expressions: |
| apiKey: request.headers["apikey"] | "INVALID_KEY" |
| requestPath: request.path | "/" |
| attribute_bindings: |
| authorization.success.string: successString |
| authorization.success: success |
| authorization.client.id: clientID |
| authorization.application.name: applicationName |
| authorization.apiproduct.name: apiProduct |
| # In "check" reject the request if the key is invalid. It'd be nice if we could |
| # customize the error here. We could build yet another adapter for that purpose! |
| - kind: lists |
| adapter: authorizationChecker |
| params: |
| checkExpression: authorization.success.string |
| - kind: attributes |
| adapter: apigeeAnalytics |
| params: |
| logName: accesslog.apigee |
| log: |
| descriptorName: accesslog.apigee |
| labels: |
| sourceIP: source.ip |
| urlPath: request.path |
| hostHeader: request.host |
| httpMethod: request.method |
| userAgent: request.useragent |
| requestTime: request.time |
| responseTime: response.time |
| responseCode: response.code | 200 |
| proxyName: proxy.name | "istio" |
| proxyRevision: proxy.revision | 1 |
| clientID: authorization.client.id | "" |
| applicationName: authorization.application.name | "" |
| apiProduct: authorization.apiproduct.name | "" |
