Bridge the apigee-access gap

[whitlockjc]

A lot of Node.js on Edge users use the https://github.com/apigee/apigee-access module. The problem with this is it only works in Trireme. While Shipyard is not interested in supporting unmodified Trireme-based applications, we still need to have an official story on bridging this gap.

apigee-access has the following sub-modules:

• anaytics
• cache
• oauth
• quota
• vault

Below are a few options off the top of my head about when it comes to bridging this gap:

• Update apigee-access to use an existing public, non-Trireme API (where possible)
• Creating the necessary public, non-Trireme API to allow updating apigee-access
• Create a special Edge proxy (or proxies) to implement special APIs that can bridge the gap for us (The microgateway does this already for a few things)
• Provide an alternative API/service (requires "porting" your application to the new service)
• Suggest using the non-Apigee implementations of volos modules
• No support

It seems that there are https://github.com/apigee/microgateway-plugins that implement some of the same features and we might be able to leverage some of this. (Just beware that some of those plugins use apigee-access and/or use a custom Edge proxy to support this which means it could get us no closer than we are now.)

[whitlockjc]

analytics options

Below are a few options that come to mind based on what we have now:

• Expose a new Apigee Analytics APIs
• Use the same approach the Microgateway analytics plugin does by using volos-analytics-apigee (Unfortunately, this requires a custom Edge proxy to be deployed)

[whitlockjc]

cache options

Below are a few options that come to mind based on what we have now:

• Expose a new Apigee Cache APIs that allows for cache interaction (CRUD)
• Deploy some multi-tenant KVM to Kubernetes and expose that as a service
• Use non-Apigee volos module
• Use the Key-Value Map APIs from Apigee (Note: These APIs are low-volume management APIs and are not expected to scale well but they are available right now and should at least be mentioned)

[whitlockjc]

oauth options

• Expose new Apigee OAuth APIs
• Use non-Apigee volos module (This likely is not ideal if you're using apigee-access' OAuth support since it provides direct access to the Apigee OAuth authorization server)

[whitlockjc]

quota options

• Expose new Apigee Quota APIs
• Use the same approach the Microgateway quota plugin does by using volos-quota-apigee (Unfortunately, this requires a custom Edge proxy to be deployed)

[whitlockjc]

vault options

Apigee already has APIs for vault so our options are as follows:

• Update apigee-access to use these APIs outside of Trireme
• Suggest the authors use the APIs directly

We could also expose Kubernetes Secret APIs either directly, via Shipyard or some specific API Management service.

[whitlockjc]

Also, any place where I suggest we expose new Apigee APIs, this also means we could expose these APIs/services as part of our Kubernetes-based API Management.