config/rules.yml - istio/apigeeDemo - Git at Google

 subject: namespace:ns
 revision: "2022"
 rules:
 - selector: # must be empty for preprocessing adapters
   aspects:
   # Fetch the API key and use it to set various request attributes.
   # This is where the adapter should cache, because this one gets called three times
   # (check, quota, and report)
   - kind: attributes
     adapter: apigeeAttributes
     params:
       input_expressions:
         apiKey: request.headers["apikey"] | "INVALID_KEY"
         requestPath: request.path | "/"
       attribute_bindings:
         authorization.success.string: successString
         authorization.success: success
         authorization.client.id: clientID
         authorization.application.name: applicationName
         authorization.apiproduct.name: apiProduct
   # In "check" reject the request if the key is invalid. It'd be nice if we could
   # customize the error here. We could build yet another adapter for that purpose!
   - kind: lists
     adapter: authorizationChecker
     params:
       checkExpression: authorization.success.string
   # This is a simpler way to achieve the above!
   #- kind: lists
   #  adapter: apigeeAPIKey
   #  params:
   #    checkExpression: request.headers["apikey"]
   - kind: quotas
     params:
       quotas:
       - descriptorName: RequestCount
         maxAmount: 5000
         expiration: 1s
   #- kind: access-logs
   #  params:
   #    logName: accesslog.default
   #    log:
   #      descriptorName: accesslog.common
   #      labels:
   #        originIp: source.ip
   #        sourceUser: source.uid
   #        timestamp: request.time
   #        method: request.method | "http"
   #        url: request.path
   #        protocol: request.scheme
   #        responseCode: response.code
   #        responseSize: response.size
   - kind: access-logs
     adapter: apigeeAnalytics
     params:
       logName: accesslog.apigee
       log:
         descriptorName: accesslog.apigee
         labels:
           sourceIP: source.ip
           urlPath: request.path
           hostHeader: request.host
           httpMethod: request.method
           userAgent: request.useragent
           requestTime: request.time
           responseTime: response.time
           responseCode: response.code | 200
           proxyName: target.service | "istio_service"
           proxyRevision: proxy.revision | 1
           clientID: authorization.client.id | ""
           applicationName: authorization.application.name | ""
           apiProduct: authorization.apiproduct.name | ""
	subject: namespace:ns
	revision: "2022"
	rules:
	- selector: # must be empty for preprocessing adapters
	aspects:
	# Fetch the API key and use it to set various request attributes.
	# This is where the adapter should cache, because this one gets called three times
	# (check, quota, and report)
	- kind: attributes
	adapter: apigeeAttributes
	params:
	input_expressions:
	apiKey: request.headers["apikey"] \| "INVALID_KEY"
	requestPath: request.path \| "/"
	attribute_bindings:
	authorization.success.string: successString
	authorization.success: success
	authorization.client.id: clientID
	authorization.application.name: applicationName
	authorization.apiproduct.name: apiProduct
	# In "check" reject the request if the key is invalid. It'd be nice if we could
	# customize the error here. We could build yet another adapter for that purpose!
	- kind: lists
	adapter: authorizationChecker
	params:
	checkExpression: authorization.success.string
	# This is a simpler way to achieve the above!
	#- kind: lists
	# adapter: apigeeAPIKey
	# params:
	# checkExpression: request.headers["apikey"]
	- kind: quotas
	params:
	quotas:
	- descriptorName: RequestCount
	maxAmount: 5000
	expiration: 1s
	#- kind: access-logs
	# params:
	# logName: accesslog.default
	# log:
	# descriptorName: accesslog.common
	# labels:
	# originIp: source.ip
	# sourceUser: source.uid
	# timestamp: request.time
	# method: request.method \| "http"
	# url: request.path
	# protocol: request.scheme
	# responseCode: response.code
	# responseSize: response.size
	- kind: access-logs
	adapter: apigeeAnalytics
	params:
	logName: accesslog.apigee
	log:
	descriptorName: accesslog.apigee
	labels:
	sourceIP: source.ip
	urlPath: request.path
	hostHeader: request.host
	httpMethod: request.method
	userAgent: request.useragent
	requestTime: request.time
	responseTime: response.time
	responseCode: response.code \| 200
	proxyName: target.service \| "istio_service"
	proxyRevision: proxy.revision \| 1
	clientID: authorization.client.id \| ""
	applicationName: authorization.application.name \| ""
	apiProduct: authorization.apiproduct.name \| ""