I am trying to setup odata validation. I can see that the policy is able to validate $filter & $format. But if the odata query contains $expand, the validation fails. It is unable to identify the properties which are included in $expand.
Ex- $expand=<Some property Name>&$format=json
The back-end service is able to verify the query to be correct. I am also able to directly call the back-end with the same query & it works fine. The odata version is 2.0. The relevant document only quotes the limitations at a very high level. We would like to know what all odata features does the policy support?
Can anybody reply to this question?
We don't support odata directly. Rather, we have a flexible policy language that can be applied to odata (and many other standards) generally. Among other things, that means we don't maintain a list of odata features that we support.
What are you trying to do with the $expand parameter exactly? The value of the $expand parameter should still be available as a context variable in policy. In any case, you could use a regular expression to get its value. What would you like to do with it?
Thanks Ben for the quick response.Let me clarify my question -
We are interfacing an Odata Service. Since most of the threat protection policies cannot be applied since they would fail for Odata, we decided to use the Validate OData Request assertion available among the Threat protection assertions.
The Odata policy is failing if there is an $expand parameter. Ex - $expand=CustomerName&$format=json.
The error we are seeing is -
But the metadata is correct & has defined the CustomerName. The context variables are not getting populated when the assertion fails.
Thanks for the clarification, Abhishek. And my bad. I forgot our Validate OData Request assertion. I would compare the request and metadata against the notes and limitations of that assertion found here, Validate OData Request Assertion - CA API Gateway - 9.1 - CA Technologies Documentation. If that doesn't lead to an answer, it's possible that you've found a defect, and you should open a support case.
The documentation does not clarify our issue. Also we came across similar issues in Payload validation as well. We will go ahead & raise a support ticket.