Layer7 API Management

Expand all | Collapse all

Need to check if policies are in sync across environments

  • 1.  Need to check if policies are in sync across environments

    Posted 10-15-2015 07:53 AM


    Hello All,

     

    I have a requirment here wherein I need to check if the published services (policies) are in sync across all environments. We have 4 Non-Prod environments, a DR and a production environment. We migrate new policies and modifed policies from lower non-prod environment to higher non-prod environments and then to production and DR finally. At any given point of time we need a functionality to monitor if the 'Active' policy for a service is same across all the environments (Prod, DR and Non-Prod). Is it possible to do so through some scripting or through any functionality currently available? If yes, Can someone please guide me on how to do it?

     

    Thank You!



  • 2.  Re: Need to check if policies are in sync across environments

    Posted 10-16-2015 04:25 PM

    There is no OOTB feature that enables this, but if you're going to automate the check I would look at the REST Management API (RESTMAN) and the Gateway Management Utility (GMU) which leverages RESTMAN as a starting point.   Doc links are here:

     

    pseudo code for such a script might do something like this:

    • for each service ID
      • retrieve the current active policy from each environment (via RESTMAN)
      • compare this active policy against some authoritative version -- perhaps pulled from source control (eg. git, svn, etc.)

     

    Depending on network architecture, and where the script is run, it may not be possible to access all environments at the same time which is something to keep in mind.

     

    Cheers,

    Julian



  • 3.  Re: Need to check if policies are in sync across environments

    Posted 10-19-2015 10:53 AM

    Hey JulianPhillips,

     

    Thanks for the info. So, If I install my GMU and the script for the above mentioned function in a central utility server which has connectivity to all environments of my gateway, I would be able to acheive my desired functionality (Assuming that I have retrieved my policy XML through RESTMAN and have a shell script which can compare two XMLs)...Am I correct?



  • 4.  Re: Need to check if policies are in sync across environments

    Posted 10-19-2015 02:33 PM

    Yes,  I think using Restman you can download the policy xml and write scripts to compare the service XML or use tools like Beyond Compare.



  • 5.  Re: Need to check if policies are in sync across environments

    Posted 10-20-2015 07:26 AM

    Thanks. I would  try more on this option as well.



  • 6.  Re: Need to check if policies are in sync across environments

     
    Posted 10-19-2015 03:54 PM

    In reference to using RestMan:

     

    1. Make sure restman has been published, and go to: https://[gatewayurl]:8443/restman/1.0/services
    2. You will see a print out of the policy properties as well as the XML of the policy inside the <l7:Resources> element.
    3. Ex:

      pastedImage_2.png

    4. Find some way to compare "version" attribute value of the <l7:Resource>, as well as the XML inside of that tag. Like others have posted, using a script, program, etc... (you could even do this with a policy in the gateway)


  • 7.  Re: Need to check if policies are in sync across environments

    Posted 10-20-2015 07:24 AM

    Thanks. It looks more interseting to use a gateway policy. I would explore more on that.