Hello everyone!
I’m creating an script which retrieves the policies from an Api Proxy.
The Api I’m using to retrieve the Policies is the following: https://apidocs.apigee.com/docs/policies/1/routes/organizations/%7Borg_name%7D/apis/%7Bapi_name%7D/revisions/%7Brevision_number%7D/policies/%7Bpolicy_name%7D/get.
The policies are retrieved correctly but also I would like to know which of those policies are attached to which flows, targets and proxy endpoints.
At first I tought that the parameter Enabled, could do the trick, but it does not.
Do you know if any Api or parameter can show me which policies are attached to any flow, target or proxy endpoint?
Thank you very much!
You would have to do the scan yourself. In other words you would have to
- find all the proxy endpoints and target endpoints
- find all the Step elements in each one of those
- look for the Name element within those Step elements
- and compare the value of the text there against the policy name.
There is no Apigee API that does this for you.
But, there is a tool / library that does all of the above, apigeelint. Apigeelint effectively scans and parses an API proxy bundle, resolving which policies are attached in which places. It does this as a necessary pre-requisite to its higher purpose which is, static analysis of the API proxy bundle to look for anti-patterns and convention violations (for example violation of naming conventions). Apigeelint has 50+ plugins that perform all of these checks.
Apigeelint is implemented in Javascript as a command-line tool. It is also exposed as a library, that you could use from any nodejs script. If all you wanted to do was find policy attachments, then, you could write your own little Apigeelint-based script to do the scan and list out the attachments for each policy. Your script could skip the execution of the plugins, and just list out the attachments.
On the other hand if you are not really interested in cataloging the policies and their attachments, but instead you are looking for a SPECIFIC issue, like “policies that are not attached at all” then the apigeelint command line tool already flags this situation as an error. The plugin BN005 will flag that. In this case you wouldn’t have to write any new script, you’d just need to run apigeelint as it exists today.
apigeelint can analyze exploded API proxy bundles from a filesystem. It does not read bundles from the Apigee API, and it does not read ZIP files. So if you wanted to look at API Proxy bundles as they are deployed in your organization, then you’d need to first export the proxy, then unzip it, and THEN run apigeelint.
Hello dchiesa1:
Thank you for your response.
I was wondering if Google has planned to create or release an Api in the future which delivers this kind of information ( To know if a policy is attached to a flow, as we can see in the Apigee Edge portal, when we click over one policy inside a Api proxy, in the develop tab)?.
In that case when is expected to be delivered?
There are no plans to release such a feature, sadly.
Here’s a tool that can download and scan proxies, for various things, including (just added) scanning for unattached policies:
https://github.com/DinoChiesa/apigee-scanner
1 Like