search

openclarity / apiclarity

An API security tool to capture and analyze API traffic, test API endpoints, reconstruct Open API specification, and identify API security risks. 
https://apiclarity.io
Apache License 2.0
514 stars 63 forks source link

Support for Gravitee.io API Gateway #83

Open brasseld opened 2 years ago

brasseld commented 2 years ago

Hi there,

I'm looking for contributing to provide integration between Gravitee.io API Gateway and API Clarity as a POC.

Do you have any pointer for me to start with? I had a quick look to the plugins you are providing for Kong and Tyk, but I didn't find any relevant information (API ?) where to push instrumentation metrics.

Thanks in advance.

FrimIdan commented 2 years ago

Hi @brasseld thanks for reaching out and happy to hear that you want to add Gravitee.io as a new traffic source.

We definitely need to add a new doc describing how people can add more traffic sources, for now I can point you to the plugins API (go client code is already generated here). For an example how/what info is expected you can look at the current plugins implementations (tapper, kong).

There is also a section in the helm values to enable each traffic source with a specific values for each one.

brasseld commented 2 years ago

Thanks for your feedback @FrimIdan

It's probably me doing something wrong (or maybe I missed something) but when I try to Postman for creating (post) a new telemetry, I'm always getting a 400 response:

{
    "code": 400,
    "message": "parsing body body from \"\" failed, because illegal base64 data at input byte 3"
}

What I'm trying to POST to /api/telemetry:

{
    "requestID": "123456789",
    "scheme": "HTTP",
    "destinationAddress": "localhost:8082",
    "destinationNamespace": "default",
    "sourceAddress": "localhost:8082",
    "request": {
        "method": "GET",
        "path": "/api",
        "host": "localhost",
        "common": {
            "version": "1",
            "headers": [
                {
                    "key": "Content-Type",
                    "value": "application/json"
                }
            ],
            "body": "sit sint",
            "TruncatedBody": true,
            "time": "1988-12-08T22:59:33.988Z"
        }
    },
    "response": {
        "statusCode": "200",
        "common": {
            "version": "1",
            "headers": [
                {
                    "key": "cupidatat s",
                    "value": "irure sint in est"
                },
                {
                    "key": "aliqua in Lorem qui dolor",
                    "value": "aute labore"
                }
            ],
            "body": "aliquip irure enim",
            "TruncatedBody": true,
            "time": "1992-07-24T18:11:57.341Z"
        }
    }
}

(This has been mainly generated by Postman by importing the swagger you provided me).

Thanks for your feedback.

brasseld commented 2 years ago

Ok, seems that the error message is quite clear body.body has to be base64 encoded (would be great to update the swagger to add a description about it :) )

Now fighting with a 500 status code from clarity...

brasseld commented 2 years ago

Got it from logs, only base64 of json payload is supported :)

FrimIdan commented 2 years ago

Ok, seems that the error message is quite clear body.body has to be base64 encoded (would be great to update the swagger to add a description about it :) )

format: 'byte' is not clear enough I agree - we didn't though about it since the generated client is handling that. Fill free to open a PR to add descriptions where you think it will be helpful for others.