Skip to main content
Quick navigation

ClientId Required Policy

Introduction

If client id does not match the specified name convention, it will respond PolicyViolationException when action is BLOCK. Otherwise, fill the client-id with a templating mechanism

We support templating such as clientId-{{userIp}}-testing"

Here are the values we can expand:

  • uuid
  • userIp
  • vcluster
  • user
  • clientId
  • gatewayIp
  • gatewayHost
  • gatewayVersion
  • apiKey
  • apiKeyVersion
  • timestampMillis

Configuration

keytypedefaultdescription
clientIdTemplateStringClient-id with a templating mechanism to override
namingConventionString.*Configuration for validating client id name convention
actionActionAction to take if the client id is invalid

Action

  • BLOCK → when fail, save in audit and return error.
  • INFO → execute API with wrong client id, save in audit.
  • OVERRIDE → execute API with override value with a templating mechanism, save in audit the fact that we updated on the fly.

Example

{
"name": "client-id-required-policy",
"pluginClass": "io.conduktor.gateway.interceptor.safeguard.ClientIdRequiredPolicyPlugin",
"priority": 100,
"config": {
"namingConvention": "clientId-.*",
"action": "BLOCK"
}
}
{
"name": "client-id-required-policy",
"pluginClass": "io.conduktor.gateway.interceptor.safeguard.ClientIdRequiredPolicyPlugin",
"priority": 100,
"config": {
"namingConvention": "clientId-.*",
"action": "INFO"
}
}
{
"name": "client-id-required-policy",
"pluginClass": "io.conduktor.gateway.interceptor.safeguard.ClientIdRequiredPolicyPlugin",
"priority": 100,
"config": {
"clientIdTemplate": "clientId-{{userIp}}-testing",
"namingConvention": "clientId-.*",
"action": "OVERRIDE"
}
}