Merge pull request #565 from 3scale/json-schemas-descriptions

Add policy manifest and make existing schemas conform with it

CHANGELOG.md

@@ -15,6 +15,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 - Caching policy [PR #546](https://github.com/3scale/apicast/pull/546), [PR #558](https://github.com/3scale/apicast/pull/558)
 - New phase: `content` for generating content or getting the upstream response [PR #535](https://github.com/3scale/apicast/pull/535)
 - Upstream policy [PR #562](https://github.com/3scale/apicast/pull/562)
+- Policy JSON manifest [PR #565](https://github.com/3scale/apicast/pull/565)
 
 ## Fixed
 

Makefile

@@ -155,9 +155,9 @@ doc: doc/lua/index.html ## Generate documentation
 
 lint-schema: apicast-source
 	@ docker run --volumes-from ${COMPOSE_PROJECT_NAME}-source --workdir /opt/app-root/src \
-	    3scale/ajv validate \
-		-s /usr/local/lib/node_modules/ajv-cli/node_modules/ajv/lib/refs/json-schema-draft-07.json \
-		$(addprefix -d ,$(shell find gateway/src/apicast/policy -name 'schema.json'))
+		3scale/ajv validate \
+		-s gateway/src/apicast/policy/manifest-schema.json \
+		$(addprefix -d ,$(shell find gateway/src/apicast/policy -name 'apicast-policy.json'))
 
 node_modules/.bin/markdown-link-check:
 	yarn install

gateway/src/apicast/policy/caching/apicast-policy.json

@@ -0,0 +1,48 @@
+{
+  "$schema": "http://apicast.io/policy-v1/schema#manifest#",
+  "name": "Caching policy",
+  "description":
+    ["Configures a cache for the authentication calls against the 3scale ",
+     "backend. This policy support three kinds of caching: \n",
+     " - Strict: it only caches authorized calls. Denied and failed calls ",
+     "invalidate the cache entry.\n",
+     " - Resilient: caches authorized and denied calls. Failed calls do not ",
+     "invalidate the cache. This allows us to authorize and deny calls ",
+     "according to the result of the last request made even when backend is ",
+     "down.\n",
+     "- Allow: caches authorized and denied calls. When backend is ",
+     "unavailable, it will cache an authorization. In practice, this means ",
+     "that when backend is down _any_ request will be authorized unless last ",
+     "call to backend for that request returned 'deny' (status code = 4xx). ",
+     "Make sure to understand the implications of that before using this ",
+     "mode. It makes sense only in very specific use cases.\n",
+     "- None: disables caching."],
+  "version": "0.1",
+  "configuration": {
+    "type": "object",
+    "properties": {
+      "caching_type": {
+        "description": "Caching mode",
+        "type": "string",
+        "oneOf": [
+          {
+            "const": "resilient",
+            "description": "Authorize according to last request when backend is down."
+          },
+          {
+            "const": "strict",
+            "description": "It only caches authorized calls."
+          },
+          {
+            "const": "allow",
+            "description": "When backend is down, allow everything unless seen before and denied."
+          },
+          {
+            "const": "none",
+            "description": "Disables caching."
+          }
+        ]
+      }
+    }
+  }
+}

gateway/src/apicast/policy/cors/apicast-policy.json

@@ -0,0 +1,44 @@
+{
+  "$schema": "http://apicast.io/policy-v1/schema#manifest#",
+  "name": "CORS policy",
+  "description": "This policy enables CORS (Cross Origin Resource Sharing) request handling.",
+  "version": "0.1",
+  "configuration": {
+    "type": "object",
+    "properties": {
+      "allow_headers": {
+        "description": "Allowed headers",
+        "type": "array",
+        "items": {
+          "type": "string"
+        }
+      },
+      "allow_methods": {
+        "description": "Allowed methods",
+        "type": "array",
+        "items": {
+          "type": "string",
+          "enum": [
+            "GET",
+            "HEAD",
+            "POST",
+            "PUT",
+            "DELETE",
+            "PATCH",
+            "OPTIONS",
+            "TRACE",
+            "CONNECT"
+          ]
+        }
+      },
+      "allow_origin": {
+        "description": "Origins for which the response can be shared with",
+        "type": "string"
+      },
+      "allow_credentials": {
+        "description": "Whether the request can be made using credentials",
+        "type": "boolean"
+      }
+    }
+  }
+}

gateway/src/apicast/policy/echo/apicast-policy.json

@@ -0,0 +1,31 @@
+{
+  "$schema": "http://apicast.io/policy-v1/schema#manifest#",
+  "name": "Echo policy",
+  "description":
+    ["This policy prints the request back to the client and optionally sets ",
+     "a status code."],
+  "version": "0.1",
+  "configuration": {
+    "type": "object",
+    "properties": {
+      "status": {
+        "description": "HTTP status code to be returned",
+        "type": "integer"
+      },
+      "exit": {
+        "description": "Exit mode",
+        "type": "string",
+        "oneOf": [
+          {
+            "const": "request",
+            "description": "Interrupts the processing of the request."
+          },
+          {
+            "const": "set",
+            "description": "Only skips the rewrite phase."
+          }
+        ]
+      }
+    }
+  }
+}

gateway/src/apicast/policy/headers/apicast-policy.json

@@ -0,0 +1,55 @@
+{
+  "$schema": "http://apicast.io/policy-v1/schema#manifest#",
+  "name": "Headers policy",
+  "description":
+    ["This policy allows to include custom headers that will be sent to the ",
+     "upstream as well as modify or delete the ones included in the original ",
+     "request. Similarly, this policy also allows to add, modify, and delete ",
+     "the headers included in the response."],
+  "version": "0.1",
+  "configuration": {
+    "type": "object",
+    "definitions": {
+      "commands": {
+        "description": "List of operations to apply to the headers",
+        "type": "array",
+        "items": {
+          "type": "object",
+          "properties": {
+            "op": {
+              "description": "Operation to be applied",
+              "type": "string",
+              "oneOf": [
+                {
+                  "const": "add",
+                  "description": "Adds a value to an existing header."
+                },
+                {
+                  "const": "set",
+                  "description": "Creates the header when not set, replaces its value when set."
+                },
+                {
+                  "const": "push",
+                  "description": "Creates the header when not set, adds the value when set."
+                }
+              ]
+            },
+            "header": {
+              "description": "Header to be modified",
+              "type": "string"
+            },
+            "value": {
+              "description": "Value that will be added, set or pushed in the header",
+              "type": "string"
+            }
+          },
+          "required": ["op", "header", "value"]
+        }
+      }
+    },
+    "properties": {
+      "request": { "$ref": "#/definitions/commands" },
+      "response": { "$ref": "#/definitions/commands" }
+    }
+  }
+}

gateway/src/apicast/policy/manifest-schema.json

@@ -0,0 +1,58 @@
+{
+  "$id": "http://apicast.io/policy-v1/schema#manifest",
+  "type": "object",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "definitions": {
+    "schema": {
+      "$id": "#/definitions/schema",
+      "$ref": "http://json-schema.org/draft-07/schema#",
+      "default": {}
+    },
+    "version": {
+      "$id": "#/definitions/version",
+      "type": "string",
+      "title": "The Policy Version",
+      "description": "A semantic version of a policy.",
+      "examples": [
+        "1.3.4",
+        "0.1"
+      ],
+      "pattern": "^(\\d+\\.)?(\\d+\\.)?(\\*|\\d+)$"
+    }
+  },
+  "properties": {
+    "name": {
+      "$id": "/properties/name",
+      "type": "string",
+      "title": "The Policy Name",
+      "description": "Name of the policy.",
+      "examples": [
+        "Basic Authentication"
+      ],
+      "minLength": 1
+    },
+    "description": {
+      "$id": "/properties/description",
+      "oneOf": [
+        { "type": "string",
+          "minLength": 1 },
+        { "type": "array", "items": { "type": "string" },
+          "minItems": 1
+        }
+      ],
+      "title": "The Policy Description",
+      "description": "Longer description of what the policy does.",
+      "examples": [
+        "Extract authentication credentials from the HTTP Authorization header and pass them to 3scale backend.",
+        [ "Redirect request to different upstream: ", " - based on path", "- set different Host header"]
+      ]
+    },
+    "version": {
+      "$ref": "#/definitions/version"
+    },
+    "configuration": {
+      "$ref": "#/definitions/schema"
+    }
+  },
+  "required": ["name", "version", "configuration"]
+}

gateway/src/apicast/policy/upstream/apicast-policy.json

@@ -0,0 +1,29 @@
+{
+  "$schema": "http://apicast.io/policy-v1/schema#manifest#",
+  "name": "Upstream policy",
+  "description": "This policy allows to modify the host of a request based on its path.",
+  "version": "0.1",
+  "configuration": {
+    "type": "object",
+    "properties": {
+      "rules": {
+        "description": "list of rules to be applied",
+        "type": "array",
+        "items": {
+          "type": "object",
+          "properties": {
+            "regex": {
+              "description": "regular expression to be matched",
+              "type": "string"
+            },
+            "url": {
+              "description": "new URL in case of match",
+              "type": "string"
+            }
+          },
+          "required": ["regex", "url"]
+        }
+      }
+    }
+  }
+}