Abstract image of a woman sitting on books and studying on a laptop

Spring IO 2023 - Dynamic OpenAPIs with Spring Cloud Gateway

Download as PDF, PPTX
Iván López Martín, profile picture
Iván López Martín

The document discusses the implementation of dynamic OpenAPIs using Spring Cloud Gateway, which serves as an API gateway for the Spring ecosystem. It outlines the process of exposing and aggregating OpenAPI specifications from multiple services, including dynamic routing and path rewriting. The author shares personal experiences and examples from a week-long implementation spike that led to a successful production deployment with a platform-agnostic approach.

1 of 34
Download as PDF, PPTX
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Most read
21
22
Most read
23
24
25
26
27
28
29
30
31
32
33
34
Most read
Dynamic OpenAPIs with Spring Cloud Gateway Iván López @ilopmar
@ilopmar Iván López Who am I? ● Iván López (@ilopmar) ● JVM Developer ● Staff Software Engineer at VMware ● @MadridGUG Coordinator ● Speaker: GeeCon, Codemotion, Devoxx, SpringOne, RigaDevDays, CommitConf, Spring IO,... 🇪🇸🇮🇹🇬🇧🇦🇹🇨🇦🇧🇪🇨🇿🇺🇦🇩🇰🇸🇪🇺🇸🇷🇺🇪🇪🇱🇻🇭🇷🇵🇱🇹🇷🇷🇴🇧🇬
OpenAPI
@ilopmar Iván López OpenAPI Specification ● Old Swagger Specification ● API description format for REST APIs ● Endpoints, operations, parameters, authentication,... ● Programming language agnostic ● YAML or JSON
@ilopmar Iván López Swagger ● Set of opensource tools build around OpenApi Spec ● Swagger Editor ● Swagger UI ● Swagger Codegen ● Swagger Core, Parser,...
@ilopmar Iván López Why use OpenAPI? ● Standard widely used ● Huge userbase ● Stable implementation ● Swagger Codegen to generate server stub and client libraries! ● Integrations with many languages, libraries and frameworks
Spring Cloud Gateway
@ilopmar Iván López What is an API Gateway? ● API proxy between an API Client and API Server ● Single entry point for the backend API and services ● Cross-cuttings concerns: security, rate-limiting, monitoring, logging, metrics,...
@ilopmar Iván López Spring Cloud Gateway ● API Gateway for the Spring Ecosystem ● Built on top Spring Boot, WebFlux and Reactor ● Dynamic routing ● Route matching: Path, Method, Header, Host,... ● Filters ● Rate Limiting, Circuit Breaker ● Path Rewriting
@ilopmar Iván López Spring Cloud Gateway Basics ● Route, Predicate and Filter ● Route Predicates: Cookie, Header, Host, Method, Path,... ● Gateway Factories: Add/Remove Request/Response Header/Parameter, Rewrite path ● Global and custom filters ● YAML configuration & Programmatic API
@ilopmar Iván López Spring Cloud Gateway examples spring: cloud: gateway: routes: - id: method_route uri: https://example.org predicates: - Method=GET,POST spring: cloud: gateway: routes: - id: add_request_header_route uri: https://example.org filters: - AddRequestHeader=X-Foo, some-value spring: cloud: gateway: routes: - id: rewritepath_route uri: https://example.org predicates: - Path=/foo/** filters: - RewritePath=/foo/?(?<segment>.*), /${segment}
The problem
“I just want to expose the OpenAPI of my application”
@ilopmar Iván López Current status ● Spring Cloud Gateway in front of all different services ● All services expose OpenAPI ● API First? – Code -> OpenAPI – OpenAPI -> Code ● Internal endpoints vs Public endpoints ● Manual configuration in SCG
@ilopmar Iván López Requirements ● Expose product Public OpenAPI in Gateway ● Aggregate endpoints from different services ● Public endpoints defined on every service ● Optionally rewrite some endpoints ● Expose only public schemas and not all of them ● Rewrite and group tags ● Update Public OpenAPI and routing must be dynamic
@ilopmar Iván López My approach ● I did a 1 week spike ● We use SCG OSS ● The feature is available in SCG Commercial: Only Tanzu Application Service and Kubernetes ● We deploy on K8S but wanted to keep everything agnostic: local development, on-premise,... ● Libraries to read/write OpenAPI specifications ● SCG Programmatic API
Solution
@ilopmar Iván López Every service defines... ● Which endpoint is made public paths: /pipelines: post: x-vmw-public: true summary: Create a new pipeline definition description: Given a pipeline, it creates an execution graph and prepares it to be run
@ilopmar Iván López Every service defines... ● How an endpoint is rewritten paths: /reports: get: x-vmw-public: true x-vmw-rewrite: /vulnerabilities/reports summary: Get all reports, optionally filtered by artifact version description: It returns a collection of report metadata...
@ilopmar Iván López Every service defines... ● How tags are rewritten tags: - name: products description: Using these endpoints you can manage the products... x-vmw-rewrite: inventory - name: artifacts description: Using these endpoints you can manage the artifacts... x-vmw-rewrite: inventory - name: artifact-versions description: Using these endpoints you can manage the artifact versions... x-vmw-rewrite: inventory - name: inventory description: Using these endpoints you can see the products, artifacts and artifact versions and their relationships in your organization inventory
@ilopmar Iván López Every service defines... ● How tags are rewritten tags: - name: products description: Using these endpoints you can manage the products... x-vmw-rewrite: inventory - name: artifacts description: Using these endpoints you can manage the artifacts... x-vmw-rewrite: inventory - name: artifact-versions description: Using these endpoints you can manage the artifact versions... x-vmw-rewrite: inventory - name: inventory description: Using these endpoints you can see the products, artifacts and artifact versions and their relationships in your organization inventory
@ilopmar Iván López OpenAPI creation ● Gateway polls services every 5 minutes ● Filter, transform and combine all the OpenAPI specs ● Creates Public OpenAPI specification on the fly
@ilopmar Iván López Expose OpenAPI @GetMapping(value = "/v1/api.yml", produces = APPLICATION_X_YAML) public ResponseEntity<String> v1() { return openApiService.generateOpenApi() .map(ResponseEntity::ok) .orElseGet(() -> ResponseEntity.notFound().build()); }
@ilopmar Iván López Spring Cloud Gateway routes @Bean @RefreshScope public RouteLocator routeLocator(RouteLocatorBuilder routeLocatorBuilder, RouteService routeService) { RouteLocatorBuilder.Builder routeLocator = routeLocatorBuilder.routes(); List<GatewayRoute> gatewayRoutes = routeService.findGatewayRoutes(); for (GatewayRoute gatewayRoute : gatewayRoutes) { routeLocator.route(gatewayRoute.routeId(), r -> r .order(gatewayRoute.order()) .path(gatewayRoute.gatewayPath()) .and().method(gatewayRoute.openApiRoute().method()) .filters(gatewayFilterSpec -> gatewayFilterSpec.rewritePath(gatewayRoute.regexp(), gatewayRoute.rewritePath()) ) .uri(gatewayRoute.openApiRoute().uri())); } return routeLocator.build(); } ● Routes refreshed dynamically
@ilopmar Iván López ● Routes refreshed dynamically Spring Cloud Gateway routes @Bean @RefreshScope public RouteLocator routeLocator(RouteLocatorBuilder routeLocatorBuilder, RouteService routeService) { RouteLocatorBuilder.Builder routeLocator = routeLocatorBuilder.routes(); List<GatewayRoute> gatewayRoutes = routeService.findGatewayRoutes(); for (GatewayRoute gatewayRoute : gatewayRoutes) { routeLocator.route(gatewayRoute.routeId(), r -> r .order(gatewayRoute.order()) .path(gatewayRoute.gatewayPath()) .and().method(gatewayRoute.openApiRoute().method()) .filters(gatewayFilterSpec -> gatewayFilterSpec.rewritePath(gatewayRoute.regexp(), gatewayRoute.rewritePath()) ) .uri(gatewayRoute.openApiRoute().uri())); } return routeLocator.build(); }
@ilopmar Iván López Gateway Routes public List<GatewayRoute> findGatewayRoutes() { return openApiService.findOpenApiRoutes() .stream() .map(RouteConverter::convertOpenApiRouteToGatewayRoute) .filter(Optional::isPresent) .map(Optional::get) .toList(); }
@ilopmar Iván López Example: Route conversion (I) OpenApiRoute[ originalPath=/v1/reports newPath=/v1/vulnerabilities/reports method=GET uri=https://vulnerability-service.xxxxxxxxxxxxx ] GatewayRoute[ routeId=GET__/v1/vulnerabilities/reports gatewayPath=/v1/vulnerabilities/reports regexp=/v1/vulnerabilities/reports rewritePath=/v1/reports order=0 ]
@ilopmar Iván López Example: Route conversion (II) OpenApiRoute[ originalPath=/v1/target-platforms/{target_platform_id} newPath=/v1/tp/{target_platform_id} method=GET uri=https://provisioning-service.xxxxxxxxxxxxx ] GatewayRoute[ routeId=GET__/v1/tp/{target_platform_id} gatewateyPath=/v1/tp/?* regexp=/v1/tp/(?<id1>.*) rewritePath=/v1/target-platforms/${id1} order=10 ]
@ilopmar Iván López Spring Cloud Gateway routes @Bean @RefreshScope public RouteLocator routeLocator(RouteLocatorBuilder routeLocatorBuilder, RouteService routeService) { RouteLocatorBuilder.Builder routeLocator = routeLocatorBuilder.routes(); List<GatewayRoute> openApiRoutes = routeService.findOpenApiRoutes(); for (GatewayRoute gatewayRoute : openApiRoutes) { routeLocator.route(gatewayRoute.routeId(), r -> r .order(gatewayRoute.order()) .path(gatewayRoute.gatewayPath()) .and().method(gatewayRoute.openApiRoute().method()) .filters(gatewayFilterSpec -> gatewayFilterSpec.rewritePath(gatewayRoute.regexp(), gatewayRoute.rewritePath()) ) .uri(gatewayRoute.openApiRoute().uri())); } return routeLocator.build(); } ● Routes refreshed dynamically
@ilopmar Iván López Example: Gateway Routes (I) OpenApiRoute[ originalPath=/v1/reports newPath=/v1/vulnerabilities/reports method=GET uri=https://vulnerability-service... ] GatewayRoute[ routeId=GET__/v1/vulnerabilities/reports gatewateyPath=/v1/vulnerabilities/reports regexp=/v1/vulnerabilities/reports rewritePath=/v1/reports order=0 ] routeLocator.route("GET__/v1/vulnerabilities/reports", r -> r .order(0) .path("/v1/vulnerabilities/reports") .and().method("GET") .filters(s -> s.rewritePath("/v1/vulnerabilities/reports", "/v1/reports")) .uri("https://vulnerability-service.xxxxxxxxxxxxxxxxxx"));
@ilopmar Iván López Example: Gateway Routes (II) OpenApiRoute[ originalPath=/v1/target-platforms/{target_platform_id} newPath=/v1/tp/{target_platform_id} method=GET uri=https://provisioning-service... ] GatewayRoute[ routeId=GET__/v1/tp/{target_platform_id} gatewateyPath=/v1/tp/?* regexp=/v1/tp/(?<id1>.*) rewritePath=/v1/target-platforms/${id1} order=10 ] routeLocator.route("GET__/v1/tp/{target_platform_id}", r -> r .order(10) .path("/v1/tp/?*") .and().method("GET") .filters(s -> s.rewritePath("/v1/tp/(?<id1>.*)", "/v1/target-platforms/${id1}")) .uri("https://provisioning-service.xxxxxxxxxxxxxxx"));
Demo
@ilopmar Iván López Summary Solved the problem in one week +1 year in Production without problems Reuse existing OSS libraries Platform agnostic Spring Cloud Gateway is awesome Public and Dynamic OpenAPI
Thank you! Questions? Iván López @ilopmar lopez.ivan@gmail.com https:/ /github.com/ilopmar https:/ /bit.ly/springio-dynamic-apis

More Related Content

PDF
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023
Steve Pember
 
ODP
Introduction to Swagger
Knoldus Inc.
 
PDF
Action Jackson! Effective JSON processing in Spring Boot Applications
Joris Kuipers
 
PPTX
Introduction to Spring Boot
Purbarun Chakrabarti
 
PDF
MongoDB and Node.js
Norberto Leite
 
PPTX
Spring boot
Pradeep Shanmugam
 
PPT
Spring Core
Pushan Bhattacharya
 
PDF
REST APIs with Spring
Joshua Long
 
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023
Steve Pember
 
Introduction to Swagger
Knoldus Inc.
 
Action Jackson! Effective JSON processing in Spring Boot Applications
Joris Kuipers
 
Introduction to Spring Boot
Purbarun Chakrabarti
 
MongoDB and Node.js
Norberto Leite
 
Spring boot
Pradeep Shanmugam
 
Spring Core
Pushan Bhattacharya
 
REST APIs with Spring
Joshua Long
 

What's hot(20)

PPTX
Introduction to Spring Framework
Serhat Can
 
PDF
Spring Data JPA
Knoldus Inc.
 
PDF
Spring annotation
Rajiv Srivastava
 
PDF
NestJS
Wilson Su
 
PDF
이벤트 기반 분산 시스템을 향한 여정
Arawn Park
 
PDF
Spring Framework - Core
Dzmitry Naskou
 
PDF
Nest.js Introduction
Takuya Tejima
 
PDF
Gradle Introduction
Dmitry Buzdin
 
PDF
Spring Boot
HongSeong Jeon
 
PDF
Spring Framework - AOP
Dzmitry Naskou
 
PDF
Swagger
NexThoughts Technologies
 
PDF
Domain Driven Design
Young-Ho Cho
 
PDF
Spring boot jpa
Hamid Ghorbani
 
PPTX
Spring Boot and REST API
07.pallav
 
PDF
Real Life Clean Architecture
Mattia Battiston
 
PPT
jpa-hibernate-presentation
John Slick
 
PPTX
Hibernate ppt
Aneega
 
PPTX
Spring & hibernate
Santosh Kumar Kar
 
PPTX
Spring Security 5
Jesus Perez Franco
 
PPTX
Spring boot Introduction
Jeevesh Pandey
 
Introduction to Spring Framework
Serhat Can
 
Spring Data JPA
Knoldus Inc.
 
Spring annotation
Rajiv Srivastava
 
NestJS
Wilson Su
 
이벤트 기반 분산 시스템을 향한 여정
Arawn Park
 
Spring Framework - Core
Dzmitry Naskou
 
Nest.js Introduction
Takuya Tejima
 
Gradle Introduction
Dmitry Buzdin
 
Spring Boot
HongSeong Jeon
 
Spring Framework - AOP
Dzmitry Naskou
 
Swagger
NexThoughts Technologies
 
Domain Driven Design
Young-Ho Cho
 
Spring boot jpa
Hamid Ghorbani
 
Spring Boot and REST API
07.pallav
 
Real Life Clean Architecture
Mattia Battiston
 
jpa-hibernate-presentation
John Slick
 
Hibernate ppt
Aneega
 
Spring & hibernate
Santosh Kumar Kar
 
Spring Security 5
Jesus Perez Franco
 
Spring boot Introduction
Jeevesh Pandey
 

Similar to Spring IO 2023 - Dynamic OpenAPIs with Spring Cloud Gateway(20)

PDF
LF_APIStrat17_OpenAPI and gRPC Side-by-Side
LF_APIStrat
 
PDF
OpenAPI and gRPC Side by-Side
Tim Burks
 
PDF
LCU14 310- Cisco ODP v2
Linaro
 
PPTX
OpenAPI Extensions for OSLC
LuisArmandoRamrezAgu
 
PDF
How to build a tool for operating Flink on Kubernetes
AndreaMedeghini
 
PDF
Using JHipster 4 for generating Angular/Spring Boot apps
Yakov Fain
 
PPTX
apidays LIVE Australia 2020 - Have your cake and eat it too: GraphQL? REST? W...
apidays
 
PDF
Build Great Networked APIs with Swift, OpenAPI, and gRPC
Tim Burks
 
PDF
Introduction to Jhipster
Knoldus Inc.
 
PDF
Enforcing API Design Rules for High Quality Code Generation
Tim Burks
 
PDF
apidays LIVE Helsinki - Implementing OpenAPI and GraphQL Services with gRPC b...
apidays
 
PDF
BKK16-106 ODP Project Update
Linaro
 
PDF
SFO15-102:ODP Project Update
Linaro
 
PPTX
apidays Paris 2024 - Generate OpenAPI Schema from Golang Code with the Fuego ...
apidays
 
PDF
Odo improving the developer experience on OpenShift - hack &amp; sangria
Jorge Morales
 
PDF
Java2 days 5_agile_steps_to_cloud-ready_apps
Payara
 
PDF
How we scale up our architecture and organization at Dailymotion
Stanislas Chollet
 
PPTX
Hyperion EPM APIs - Added value from HFM, Workspace, FDM, Smartview, and Shar...
Charles Beyer
 
PDF
Flink Forward Berlin 2018: Thomas Weise & Aljoscha Krettek - "Python Streamin...
Flink Forward
 
PPTX
Nodejs
Vinod Kumar Marupu
 
LF_APIStrat17_OpenAPI and gRPC Side-by-Side
LF_APIStrat
 
OpenAPI and gRPC Side by-Side
Tim Burks
 
LCU14 310- Cisco ODP v2
Linaro
 
OpenAPI Extensions for OSLC
LuisArmandoRamrezAgu
 
How to build a tool for operating Flink on Kubernetes
AndreaMedeghini
 
Using JHipster 4 for generating Angular/Spring Boot apps
Yakov Fain
 
apidays LIVE Australia 2020 - Have your cake and eat it too: GraphQL? REST? W...
apidays
 
Build Great Networked APIs with Swift, OpenAPI, and gRPC
Tim Burks
 
Introduction to Jhipster
Knoldus Inc.
 
Enforcing API Design Rules for High Quality Code Generation
Tim Burks
 
apidays LIVE Helsinki - Implementing OpenAPI and GraphQL Services with gRPC b...
apidays
 
BKK16-106 ODP Project Update
Linaro
 
SFO15-102:ODP Project Update
Linaro
 
apidays Paris 2024 - Generate OpenAPI Schema from Golang Code with the Fuego ...
apidays
 
Odo improving the developer experience on OpenShift - hack &amp; sangria
Jorge Morales
 
Java2 days 5_agile_steps_to_cloud-ready_apps
Payara
 
How we scale up our architecture and organization at Dailymotion
Stanislas Chollet
 
Hyperion EPM APIs - Added value from HFM, Workspace, FDM, Smartview, and Shar...
Charles Beyer
 
Flink Forward Berlin 2018: Thomas Weise & Aljoscha Krettek - "Python Streamin...
Flink Forward
 
Nodejs
Vinod Kumar Marupu
 

More from Iván López Martín(20)

PDF
CommitConf 2025 - Spring AI: IA Avanzada para desarrolladores Spring
Iván López Martín
 
PDF
SalmorejoTech 2024 - Spring Boot <3 Testcontainers
Iván López Martín
 
PDF
CommitConf 2024 - Spring Boot <3 Testcontainers
Iván López Martín
 
PDF
Voxxed Days CERN 2024 - Spring Boot <3 Testcontainers.pdf
Iván López Martín
 
PDF
VMware - Testcontainers y Spring Boot
Iván López Martín
 
PDF
Codemotion Madrid 2023 - Testcontainers y Spring Boot
Iván López Martín
 
PDF
CommitConf 2023 - Spring Framework 6 y Spring Boot 3
Iván López Martín
 
PDF
Construyendo un API REST con Spring Boot y GraalVM
Iván López Martín
 
PDF
jLove 2020 - Micronaut and graalvm: The power of AoT
Iván López Martín
 
PDF
Codemotion Madrid 2020 - Serverless con Micronaut
Iván López Martín
 
PDF
JConf Perú 2020 - ¡Micronaut en acción!
Iván López Martín
 
PDF
JConf Perú 2020 - Micronaut + GraalVM = <3
Iván López Martín
 
PDF
JConf México 2020 - Micronaut + GraalVM = <3
Iván López Martín
 
PDF
Developing Micronaut Applications With IntelliJ IDEA
Iván López Martín
 
PDF
CommitConf 2019 - Micronaut y GraalVm: La combinación perfecta
Iván López Martín
 
PDF
Codemotion Madrid 2019 - ¡GraalVM y Micronaut: compañeros perfectos!
Iván López Martín
 
PDF
Greach 2019 - Creating Micronaut Configurations
Iván López Martín
 
PDF
VoxxedDays Bucharest 2019 - Alexa, nice to meet you
Iván López Martín
 
PDF
JavaDay Lviv 2019 - Micronaut in action!
Iván López Martín
 
PDF
CrossDvlup Madrid 2019 - Alexa, encantado de conocerte
Iván López Martín
 
CommitConf 2025 - Spring AI: IA Avanzada para desarrolladores Spring
Iván López Martín
 
SalmorejoTech 2024 - Spring Boot <3 Testcontainers
Iván López Martín
 
CommitConf 2024 - Spring Boot <3 Testcontainers
Iván López Martín
 
Voxxed Days CERN 2024 - Spring Boot <3 Testcontainers.pdf
Iván López Martín
 
VMware - Testcontainers y Spring Boot
Iván López Martín
 
Codemotion Madrid 2023 - Testcontainers y Spring Boot
Iván López Martín
 
CommitConf 2023 - Spring Framework 6 y Spring Boot 3
Iván López Martín
 
Construyendo un API REST con Spring Boot y GraalVM
Iván López Martín
 
jLove 2020 - Micronaut and graalvm: The power of AoT
Iván López Martín
 
Codemotion Madrid 2020 - Serverless con Micronaut
Iván López Martín
 
JConf Perú 2020 - ¡Micronaut en acción!
Iván López Martín
 
JConf Perú 2020 - Micronaut + GraalVM = <3
Iván López Martín
 
JConf México 2020 - Micronaut + GraalVM = <3
Iván López Martín
 
Developing Micronaut Applications With IntelliJ IDEA
Iván López Martín
 
CommitConf 2019 - Micronaut y GraalVm: La combinación perfecta
Iván López Martín
 
Codemotion Madrid 2019 - ¡GraalVM y Micronaut: compañeros perfectos!
Iván López Martín
 
Greach 2019 - Creating Micronaut Configurations
Iván López Martín
 
VoxxedDays Bucharest 2019 - Alexa, nice to meet you
Iván López Martín
 
JavaDay Lviv 2019 - Micronaut in action!
Iván López Martín
 
CrossDvlup Madrid 2019 - Alexa, encantado de conocerte
Iván López Martín
 

Recently uploaded(20)

PDF
Intravenous drug administration application for pediatric patients via augmen...
IAESIJAI
 
PDF
NewMind AI Journal Monthly Chronicles - August 2025
NewMind AI
 
PDF
GPCL_PPT of investment casting presentation
MayurUrkude4
 
PPTX
Generative AI at Oracle- The next frontier of enterprise innovation.pptx
Geovanni Vega Velásquez
 
PDF
Revolutionizing recommendations a survey: a comprehensive exploration of mode...
IAESIJAI
 
PDF
eBook Outline_ AI in Cybersecurity – The Future of Digital Defense.pdf
samalmaheswar155
 
PDF
Secure Java Applications against Quantum Threats
Ana-Maria Mihalceanu
 
PDF
Domain-specific knowledge and context in large language models: challenges, c...
IAESIJAI
 
DOCX
Management Information Systems. and emmerging technologiesdocx
Rossy719186
 
PPTX
Introduction-to-Artificial-Intelligence (1).pptx
MohammadkhalidshFaq
 
PDF
Uncertainty-aware contextual multi-armed bandits for recommendations in e-com...
IAESIJAI
 
PDF
SAP Yard Logistics Day-to-Day Guide, TZYL20 Col02
Libreria ERP
 
DOCX
Test Engineering documents for designing
QuocAnhPhung1
 
PDF
IT+&+Cyber+Security+Risk+Management-3-Risk+assessment+&+measurement.pdf
Mohammed_Nagieb
 
PDF
Module 1 - COMMUNICATION SATELLITEScrev (5).pdf
NacerBaouche
 
PDF
BRKDCN-2629 Design and Automate Micro-Segmentation in NX-OS VXLAN EVPN Fabric...
dmscott4563
 
PDF
Addressing the challenges of harmonizing law and artificial intelligence tech...
IAESIJAI
 
PDF
The Ultimate Guide to Make AI Agents_ From Creation to Advanced Automation.pdf
SOFTTECHHUB
 
PPTX
From Curiosity to ROI — Cost-Benefit Analysis of Agentic Automation [3/6]
suhanisingh58689
 
PPTX
Presentation.pptx agriculture technology
manishsinghup9305
 
Intravenous drug administration application for pediatric patients via augmen...
IAESIJAI
 
NewMind AI Journal Monthly Chronicles - August 2025
NewMind AI
 
GPCL_PPT of investment casting presentation
MayurUrkude4
 
Generative AI at Oracle- The next frontier of enterprise innovation.pptx
Geovanni Vega Velásquez
 
Revolutionizing recommendations a survey: a comprehensive exploration of mode...
IAESIJAI
 
eBook Outline_ AI in Cybersecurity – The Future of Digital Defense.pdf
samalmaheswar155
 
Secure Java Applications against Quantum Threats
Ana-Maria Mihalceanu
 
Domain-specific knowledge and context in large language models: challenges, c...
IAESIJAI
 
Management Information Systems. and emmerging technologiesdocx
Rossy719186
 
Introduction-to-Artificial-Intelligence (1).pptx
MohammadkhalidshFaq
 
Uncertainty-aware contextual multi-armed bandits for recommendations in e-com...
IAESIJAI
 
SAP Yard Logistics Day-to-Day Guide, TZYL20 Col02
Libreria ERP
 
Test Engineering documents for designing
QuocAnhPhung1
 
IT+&+Cyber+Security+Risk+Management-3-Risk+assessment+&+measurement.pdf
Mohammed_Nagieb
 
Module 1 - COMMUNICATION SATELLITEScrev (5).pdf
NacerBaouche
 
BRKDCN-2629 Design and Automate Micro-Segmentation in NX-OS VXLAN EVPN Fabric...
dmscott4563
 
Addressing the challenges of harmonizing law and artificial intelligence tech...
IAESIJAI
 
The Ultimate Guide to Make AI Agents_ From Creation to Advanced Automation.pdf
SOFTTECHHUB
 
From Curiosity to ROI — Cost-Benefit Analysis of Agentic Automation [3/6]
suhanisingh58689
 
Presentation.pptx agriculture technology
manishsinghup9305
 

Spring IO 2023 - Dynamic OpenAPIs with Spring Cloud Gateway

  • 1.
    Dynamic OpenAPIs with SpringCloud Gateway Iván López @ilopmar
  • 2.
    @ilopmar Iván López Who amI? ● Iván López (@ilopmar) ● JVM Developer ● Staff Software Engineer at VMware ● @MadridGUG Coordinator ● Speaker: GeeCon, Codemotion, Devoxx, SpringOne, RigaDevDays, CommitConf, Spring IO,... 🇪🇸🇮🇹🇬🇧🇦🇹🇨🇦🇧🇪🇨🇿🇺🇦🇩🇰🇸🇪🇺🇸🇷🇺🇪🇪🇱🇻🇭🇷🇵🇱🇹🇷🇷🇴🇧🇬
  • 3.
  • 4.
    @ilopmar Iván López OpenAPI Specification ●Old Swagger Specification ● API description format for REST APIs ● Endpoints, operations, parameters, authentication,... ● Programming language agnostic ● YAML or JSON
  • 5.
    @ilopmar Iván López Swagger ● Setof opensource tools build around OpenApi Spec ● Swagger Editor ● Swagger UI ● Swagger Codegen ● Swagger Core, Parser,...
  • 6.
    @ilopmar Iván López Why useOpenAPI? ● Standard widely used ● Huge userbase ● Stable implementation ● Swagger Codegen to generate server stub and client libraries! ● Integrations with many languages, libraries and frameworks
  • 7.
  • 8.
    @ilopmar Iván López What isan API Gateway? ● API proxy between an API Client and API Server ● Single entry point for the backend API and services ● Cross-cuttings concerns: security, rate-limiting, monitoring, logging, metrics,...
  • 9.
    @ilopmar Iván López Spring CloudGateway ● API Gateway for the Spring Ecosystem ● Built on top Spring Boot, WebFlux and Reactor ● Dynamic routing ● Route matching: Path, Method, Header, Host,... ● Filters ● Rate Limiting, Circuit Breaker ● Path Rewriting
  • 10.
    @ilopmar Iván López Spring CloudGateway Basics ● Route, Predicate and Filter ● Route Predicates: Cookie, Header, Host, Method, Path,... ● Gateway Factories: Add/Remove Request/Response Header/Parameter, Rewrite path ● Global and custom filters ● YAML configuration & Programmatic API
  • 11.
    @ilopmar Iván López Spring CloudGateway examples spring: cloud: gateway: routes: - id: method_route uri: https://example.org predicates: - Method=GET,POST spring: cloud: gateway: routes: - id: add_request_header_route uri: https://example.org filters: - AddRequestHeader=X-Foo, some-value spring: cloud: gateway: routes: - id: rewritepath_route uri: https://example.org predicates: - Path=/foo/** filters: - RewritePath=/foo/?(?<segment>.*), /${segment}
  • 12.
  • 13.
    “I just wantto expose the OpenAPI of my application”
  • 14.
    @ilopmar Iván López Current status ●Spring Cloud Gateway in front of all different services ● All services expose OpenAPI ● API First? – Code -> OpenAPI – OpenAPI -> Code ● Internal endpoints vs Public endpoints ● Manual configuration in SCG
  • 15.
    @ilopmar Iván López Requirements ● Exposeproduct Public OpenAPI in Gateway ● Aggregate endpoints from different services ● Public endpoints defined on every service ● Optionally rewrite some endpoints ● Expose only public schemas and not all of them ● Rewrite and group tags ● Update Public OpenAPI and routing must be dynamic
  • 16.
    @ilopmar Iván López My approach ●I did a 1 week spike ● We use SCG OSS ● The feature is available in SCG Commercial: Only Tanzu Application Service and Kubernetes ● We deploy on K8S but wanted to keep everything agnostic: local development, on-premise,... ● Libraries to read/write OpenAPI specifications ● SCG Programmatic API
  • 17.
  • 18.
    @ilopmar Iván López Every servicedefines... ● Which endpoint is made public paths: /pipelines: post: x-vmw-public: true summary: Create a new pipeline definition description: Given a pipeline, it creates an execution graph and prepares it to be run
  • 19.
    @ilopmar Iván López Every servicedefines... ● How an endpoint is rewritten paths: /reports: get: x-vmw-public: true x-vmw-rewrite: /vulnerabilities/reports summary: Get all reports, optionally filtered by artifact version description: It returns a collection of report metadata...
  • 20.
    @ilopmar Iván López Every servicedefines... ● How tags are rewritten tags: - name: products description: Using these endpoints you can manage the products... x-vmw-rewrite: inventory - name: artifacts description: Using these endpoints you can manage the artifacts... x-vmw-rewrite: inventory - name: artifact-versions description: Using these endpoints you can manage the artifact versions... x-vmw-rewrite: inventory - name: inventory description: Using these endpoints you can see the products, artifacts and artifact versions and their relationships in your organization inventory
  • 21.
    @ilopmar Iván López Every servicedefines... ● How tags are rewritten tags: - name: products description: Using these endpoints you can manage the products... x-vmw-rewrite: inventory - name: artifacts description: Using these endpoints you can manage the artifacts... x-vmw-rewrite: inventory - name: artifact-versions description: Using these endpoints you can manage the artifact versions... x-vmw-rewrite: inventory - name: inventory description: Using these endpoints you can see the products, artifacts and artifact versions and their relationships in your organization inventory
  • 22.
    @ilopmar Iván López OpenAPI creation ●Gateway polls services every 5 minutes ● Filter, transform and combine all the OpenAPI specs ● Creates Public OpenAPI specification on the fly
  • 23.
    @ilopmar Iván López Expose OpenAPI @GetMapping(value= "/v1/api.yml", produces = APPLICATION_X_YAML) public ResponseEntity<String> v1() { return openApiService.generateOpenApi() .map(ResponseEntity::ok) .orElseGet(() -> ResponseEntity.notFound().build()); }
  • 24.
    @ilopmar Iván López Spring CloudGateway routes @Bean @RefreshScope public RouteLocator routeLocator(RouteLocatorBuilder routeLocatorBuilder, RouteService routeService) { RouteLocatorBuilder.Builder routeLocator = routeLocatorBuilder.routes(); List<GatewayRoute> gatewayRoutes = routeService.findGatewayRoutes(); for (GatewayRoute gatewayRoute : gatewayRoutes) { routeLocator.route(gatewayRoute.routeId(), r -> r .order(gatewayRoute.order()) .path(gatewayRoute.gatewayPath()) .and().method(gatewayRoute.openApiRoute().method()) .filters(gatewayFilterSpec -> gatewayFilterSpec.rewritePath(gatewayRoute.regexp(), gatewayRoute.rewritePath()) ) .uri(gatewayRoute.openApiRoute().uri())); } return routeLocator.build(); } ● Routes refreshed dynamically
  • 25.
    @ilopmar Iván López ● Routesrefreshed dynamically Spring Cloud Gateway routes @Bean @RefreshScope public RouteLocator routeLocator(RouteLocatorBuilder routeLocatorBuilder, RouteService routeService) { RouteLocatorBuilder.Builder routeLocator = routeLocatorBuilder.routes(); List<GatewayRoute> gatewayRoutes = routeService.findGatewayRoutes(); for (GatewayRoute gatewayRoute : gatewayRoutes) { routeLocator.route(gatewayRoute.routeId(), r -> r .order(gatewayRoute.order()) .path(gatewayRoute.gatewayPath()) .and().method(gatewayRoute.openApiRoute().method()) .filters(gatewayFilterSpec -> gatewayFilterSpec.rewritePath(gatewayRoute.regexp(), gatewayRoute.rewritePath()) ) .uri(gatewayRoute.openApiRoute().uri())); } return routeLocator.build(); }
  • 26.
    @ilopmar Iván López Gateway Routes publicList<GatewayRoute> findGatewayRoutes() { return openApiService.findOpenApiRoutes() .stream() .map(RouteConverter::convertOpenApiRouteToGatewayRoute) .filter(Optional::isPresent) .map(Optional::get) .toList(); }
  • 27.
    @ilopmar Iván López Example: Routeconversion (I) OpenApiRoute[ originalPath=/v1/reports newPath=/v1/vulnerabilities/reports method=GET uri=https://vulnerability-service.xxxxxxxxxxxxx ] GatewayRoute[ routeId=GET__/v1/vulnerabilities/reports gatewayPath=/v1/vulnerabilities/reports regexp=/v1/vulnerabilities/reports rewritePath=/v1/reports order=0 ]
  • 28.
    @ilopmar Iván López Example: Routeconversion (II) OpenApiRoute[ originalPath=/v1/target-platforms/{target_platform_id} newPath=/v1/tp/{target_platform_id} method=GET uri=https://provisioning-service.xxxxxxxxxxxxx ] GatewayRoute[ routeId=GET__/v1/tp/{target_platform_id} gatewateyPath=/v1/tp/?* regexp=/v1/tp/(?<id1>.*) rewritePath=/v1/target-platforms/${id1} order=10 ]
  • 29.
    @ilopmar Iván López Spring CloudGateway routes @Bean @RefreshScope public RouteLocator routeLocator(RouteLocatorBuilder routeLocatorBuilder, RouteService routeService) { RouteLocatorBuilder.Builder routeLocator = routeLocatorBuilder.routes(); List<GatewayRoute> openApiRoutes = routeService.findOpenApiRoutes(); for (GatewayRoute gatewayRoute : openApiRoutes) { routeLocator.route(gatewayRoute.routeId(), r -> r .order(gatewayRoute.order()) .path(gatewayRoute.gatewayPath()) .and().method(gatewayRoute.openApiRoute().method()) .filters(gatewayFilterSpec -> gatewayFilterSpec.rewritePath(gatewayRoute.regexp(), gatewayRoute.rewritePath()) ) .uri(gatewayRoute.openApiRoute().uri())); } return routeLocator.build(); } ● Routes refreshed dynamically
  • 30.
    @ilopmar Iván López Example: GatewayRoutes (I) OpenApiRoute[ originalPath=/v1/reports newPath=/v1/vulnerabilities/reports method=GET uri=https://vulnerability-service... ] GatewayRoute[ routeId=GET__/v1/vulnerabilities/reports gatewateyPath=/v1/vulnerabilities/reports regexp=/v1/vulnerabilities/reports rewritePath=/v1/reports order=0 ] routeLocator.route("GET__/v1/vulnerabilities/reports", r -> r .order(0) .path("/v1/vulnerabilities/reports") .and().method("GET") .filters(s -> s.rewritePath("/v1/vulnerabilities/reports", "/v1/reports")) .uri("https://vulnerability-service.xxxxxxxxxxxxxxxxxx"));
  • 31.
    @ilopmar Iván López Example: GatewayRoutes (II) OpenApiRoute[ originalPath=/v1/target-platforms/{target_platform_id} newPath=/v1/tp/{target_platform_id} method=GET uri=https://provisioning-service... ] GatewayRoute[ routeId=GET__/v1/tp/{target_platform_id} gatewateyPath=/v1/tp/?* regexp=/v1/tp/(?<id1>.*) rewritePath=/v1/target-platforms/${id1} order=10 ] routeLocator.route("GET__/v1/tp/{target_platform_id}", r -> r .order(10) .path("/v1/tp/?*") .and().method("GET") .filters(s -> s.rewritePath("/v1/tp/(?<id1>.*)", "/v1/target-platforms/${id1}")) .uri("https://provisioning-service.xxxxxxxxxxxxxxx"));
  • 32.
  • 33.
    @ilopmar Iván López Summary Solved theproblem in one week +1 year in Production without problems Reuse existing OSS libraries Platform agnostic Spring Cloud Gateway is awesome Public and Dynamic OpenAPI
  • 34.