On API-Builder start-up validate API-Manager configuration

Author: Chris Wiechmann

elk-traffic-monitor-api/conf/axway-api-utils.default.js

@@ -13,7 +13,9 @@ module.exports = {
 			}, 
 			// This is true, when running as part of the CI-Pipeline (GitHub Actions)
 			// If true, some test API-Requests are then mocked
-			MOCK_LOOKUP_API: process.env.MOCK_LOOKUP_API
+			MOCK_LOOKUP_API: process.env.MOCK_LOOKUP_API,
+			// This optionally disables the validation of the configuration on API-Builder startup
+			validateConfig: (process.env.VALIDATE_CONFIG) ? process.env.VALIDATE_CONFIG : true
 		}
 	}
 };

elk-traffic-monitor-api/custom_flow_nodes/api-builder-plugin-axway-api-management/config/axway-api-utils.default.js

@@ -9,8 +9,13 @@ module.exports = {
 			'apimanager': {
 				url: process.env.API_MANAGER, // If not set, the API-Gateway hostname is used
 				username: process.env.API_MANAGER_USERNAME, // User with Admin-Privileges required
-				password: process.env.API_MANAGER_PASSWORD
-			} 
+				password: process.env.API_MANAGER_PASSWORD 
+			}, 
+			// This is true, when running as part of the CI-Pipeline (GitHub Actions)
+			// If true, some test API-Requests are then mocked
+			MOCK_LOOKUP_API: process.env.MOCK_LOOKUP_API,
+			// This optionally disables the validation of the configuration on API-Builder startup
+			validateConfig: (process.env.VALIDATE_CONFIG) ? process.env.VALIDATE_CONFIG : true
 		}
 	}
 };

elk-traffic-monitor-api/custom_flow_nodes/api-builder-plugin-axway-api-management/src/actions.js

@@ -1,4 +1,5 @@
 const https = require('https');
+const { sendRequest, _getCookie } = require('./utils');
 
 var pluginConfig = {};
 var cache = {};
@@ -123,7 +124,7 @@ async function _getCurrentGWUser(VIDUSR) {
 	};
 	loginName = await sendRequest(pluginConfig.apigateway.url, options)
 		.then(response => {
-			return response.result;
+			return response.body.result;
 		})
 		.catch(err => {
 			throw new Error(`Error getting current user Request sent to: '${pluginConfig.apigateway.hostname}'. ${err}`);
@@ -142,7 +143,7 @@ async function _getCurrentGWPermissions(VIDUSR, csrfToken, loginName) {
 	};
 	result = await sendRequest(pluginConfig.apigateway.url, options)
 		.then(response => {
-			return response.result;
+			return response.body.result;
 		})
 		.catch(err => {
 			throw new Error(err);
@@ -163,7 +164,7 @@ async function _getManagerUser(user) {
 	};
 	managerUser = await sendRequest(pluginConfig.apimanager.url, options)
 		.then(response => {
-			return response;
+			return response.body;
 		})
 		.catch(err => {
 			throw new Error(err);
@@ -181,63 +182,14 @@ async function _getAPIProxy(apiName) {
 	};
 	apiProxy = await sendRequest(pluginConfig.apimanager.url, options)
 		.then(response => {
-			return response;
+			return response.body;
 		})
 		.catch(err => {
 			throw new Error(`Error getting APIs with API-Name: ${apiName}. Request sent to: '${pluginConfig.apimanager.url}'. ${err}`);
 		});
 	return apiProxy;
 }
 
-async function sendRequest(url, options) {
-	return new Promise((resolve, reject) => {
-		try {
-			options.path = encodeURI(options.path);
-			var req = https.request(url, options, function (response) {
-				var chunks = [];
-				var statusCode = response.statusCode;
-				response.on("data", function (chunk) {
-					chunks.push(chunk);
-				});
-
-				response.on("end", function () {
-					var body = Buffer.concat(chunks);
-					if (statusCode < 200 || statusCode > 299) {
-						reject(`Unexpected response for HTTP-Request. Response-Code: ${statusCode}`);
-						return;
-					}
-					const userResponse = body.toString();
-					if (!userResponse) {
-						resolve(userResponse);
-						return;
-					}
-					resolve(JSON.parse(userResponse));
-					return;
-				});
-			});
-			req.on("error", function (error) {
-				reject(error);
-				return;
-			});
-			req.end();
-		} catch (ex) {
-			reject(ex);
-		}
-	});
-}
-
-function _getCookie(cookies, cookieName) {
-	const fields = cookies.split(";");
-	for (var i = 0; i < fields.length; ++i) {
-		var cookie = fields[i].trim();
-		const foundCookie = cookie.substring(0, cookie.indexOf("="));
-		if(cookieName == foundCookie) {
-			return cookie.substring(cookie.indexOf("=")+1);
-		}
-	}
-	return;
-}
-
 async function _getOrganization(orgId) {
 	if(cache.has(`ORG-${orgId}`)) {
 		var org = cache.get(`ORG-${orgId}`);
@@ -253,10 +205,10 @@ async function _getOrganization(orgId) {
 	};
 	org = await sendRequest(pluginConfig.apimanager.url, options)
 		.then(response => {
-			if(!response) {
+			if(!response.body) {
 				throw new Error(`Organization with : '${orgId}' not found in API-Manager.`);
 			}
-			return response;
+			return response.body;
 		})
 		.catch(err => {
 			throw new Error(err);

elk-traffic-monitor-api/custom_flow_nodes/api-builder-plugin-axway-api-management/src/index.js

@@ -2,6 +2,8 @@ const path = require('path');
 const { SDK } = require('@axway/api-builder-sdk');
 const actions = require('./actions');
 const NodeCache = require( "node-cache" );
+const { sendRequest, _getSession } = require('./utils');
+const https = require('https');
 
 /**
  * Resolves the API Builder plugin.
@@ -40,11 +42,64 @@ async function getPlugin(pluginConfig, options) {
 		if(!pluginConfig.apimanager.password) {
 			throw new Error(`Required parameter: apimanager.password is not set.`)
 		}
+		if(pluginConfig.validateConfig==true) {
+			var isAdmin = await isAPIManagerUserAdmin(pluginConfig.apimanager, options.logger);
+			if(!isAdmin) {
+				throw new Error(`Configured API-Manager user: ${pluginConfig.apimanager.username} is either incorrect or has no Admin-Role.`);
+			} else {
+				options.logger.info("Connection to API-Manager successfully validated.");
+			}
+		}
 	}
 	sdk.load(path.resolve(__dirname, 'flow-nodes.yml'), actions, { pluginContext: { cache: cache }, pluginConfig});
 	return sdk.getPlugin();
 }
 
+async function isAPIManagerUserAdmin(apiManagerConfig, logger) {
+	try {
+		var data = `username=${apiManagerConfig.username}&password=${apiManagerConfig.password}`;
+		var options = {
+			path: `/api/portal/v1.3/login`,
+			method: 'POST',
+			headers: {
+				'Content-Type': 'application/x-www-form-urlencoded',
+				'Content-Length': data.length
+			},
+			agent: new https.Agent({ rejectUnauthorized: false })
+		};
+		result = await sendRequest(apiManagerConfig.url, options, data, 303)
+			.then(response => {
+				return response;
+			})
+			.catch(err => {
+				throw new Error(`Cant login to API-Manager: ${err}`);
+			});
+		const session = _getSession(result.headers);
+		var options = {
+			path: `/api/portal/v1.3/currentuser`,
+			headers: {
+				'Cookie': `APIMANAGERSESSION=${session}`
+			},
+			agent: new https.Agent({ rejectUnauthorized: false })
+		};
+		const currentUser = await sendRequest(apiManagerConfig.url, options)
+			.then(response => {
+				return response;
+			})
+			.catch(err => {
+				throw new Error(`Cant get current user: ${err}`);
+			});
+		if(currentUser.body.role!='admin') {
+			logger.error(`User: ${currentUser.body.loginName} has no admin role.`);
+			return false;
+		}
+		return true;
+	} catch (ex) {
+		logger.error(ex);
+		throw ex;
+	}
+}
+
 /**
  * This adds a number of Keys into the cache that are triggered 
  * by the Logstash-Pipeline tests. 

elk-traffic-monitor-api/custom_flow_nodes/api-builder-plugin-axway-api-management/src/utils.js

@@ -0,0 +1,94 @@
+const https = require('https');
+
+async function sendRequest(url, options, data, expectedRC) {
+	return new Promise((resolve, reject) => {
+		try {
+			options.path = encodeURI(options.path);
+			var req = https.request(url, options, function (response) {
+				var chunks = [];
+				var statusCode = response.statusCode;
+				response.on("data", function (chunk) {
+					chunks.push(chunk);
+				});
+
+				response.on("end", function () {
+					var body = Buffer.concat(chunks);
+					if (statusCode < 200 || statusCode > 299 && statusCode!=expectedRC) {
+						reject(`Unexpected response for HTTP-Request. Response-Code: ${statusCode}`);
+						return;
+                    }
+					const userResponse = body.toString();
+					if (!userResponse) {
+						resolve({body: userResponse, headers: response.headers });
+						return;
+					}
+					resolve({body: JSON.parse(userResponse), headers: response.headers });
+					return;
+				});
+			});
+			req.on("error", function (error) {
+				reject(error);
+				return;
+            });
+            if(data) {
+                req.write(data);
+            }
+			req.end();
+		} catch (ex) {
+			reject(ex);
+		}
+	});
+}
+
+function _getCookie(cookies, cookieName) {
+	const fields = cookies.split(";");
+	for (var i = 0; i < fields.length; ++i) {
+		var cookie = fields[i].trim();
+		const foundCookie = cookie.substring(0, cookie.indexOf("="));
+		if(cookieName == foundCookie) {
+			return cookie.substring(cookie.indexOf("=")+1);
+		}
+	}
+	return;
+}
+
+function _getSession(headers) {
+    const setCookieHeaders = headers['set-cookie'];
+	for (var i = 0; i < setCookieHeaders.length; ++i) {
+        var setCookie = setCookieHeaders[i].trim();
+        if(setCookie.startsWith('APIMANAGERSESSION=')) {
+            session = setCookie.substring(setCookie.indexOf("=")+1, setCookie.indexOf(";"));
+            return session;
+        }
+	}
+    throw new Error('No session found.');
+}
+
+  /**
+   * Tests whether or not the API Builder application is in developer mode.  The test
+   * is to check to see if @axway/api-builder-admin exists.
+   *
+   * @returns {boolean} True if in developer mode.
+   */
+function isDeveloperMode() {
+    try {
+      // If we are in "development mode" we are going to have @axway/api-builder-admin
+      // dependency installed. So we guarantee that only generate config files in
+      // "development mode" and ensure immutable production environments.
+      // eslint-disable-next-line import/no-unresolved
+      require('@axway/api-builder-admin');
+      return true;
+    } catch (ex) {
+      // when we run plugin test suite @axway/api-builder-admin is not there 
+      // so we are kind of simulating production mode
+      return false;
+    }
+  }
+
+
+module.exports = {
+    sendRequest, 
+    _getCookie, 
+    _getSession, 
+    isDeveloperMode
+}

elk-traffic-monitor-api/custom_flow_nodes/api-builder-plugin-axway-api-management/test/.env

@@ -5,4 +5,7 @@ API_MANAGER_PASSWORD=changeme
 
 ADMIN_NODE_MANAGER=https://mocked-api-gateway:8190
 API_GATEWAY_USERNAME=apiadmin
-API_GATEWAY_PASSWORD=changeme
+API_GATEWAY_PASSWORD=changeme
+
+# Dont validate API-Manager configuration when running tests, which are mocked anyway
+VALIDATE_CONFIG=false