Release Notes
Red Hat 3scale API Management 2.3
For Use with Red Hat 3scale API Management 2.3
Abstract
Release Notes for Red Hat 3scale API Management 2.3.
Chapter 1. Red Hat 3scale API Management 2.3 On-Premises Release Notes
1.1. New Features
Note
This 2.3 release of Red Hat 3scale API Management only includes new features for APIcast. All the other features from the 2.2 release remain unchanged.
1.1.1. Major Changes
Extended the API policy coverage by adding new APIcast out-of-the-box policies:
- URL rewriting with captures: Ability to read the arguments in a URL and rewrite the URL using them (Content from issues.jboss.org is not included.JIRA #1139)
- RH-SSO/Keycloak role check: Verifies realm roles and client roles in the access token (Content from issues.jboss.org is not included.JIRA #1158)
- Logging: Allows to disable access logs for individual services (Content from issues.jboss.org is not included.JIRA #1148)
- Anonymous access: Provides default credentials for unauthenticated requests (Content from issues.jboss.org is not included.JIRA #586)
- 3scale Batcher: Caches authorizations from the 3scale backend and also sends reports in batches for better performance (Content from issues.jboss.org is not included.JIRA #1155)
- 3scale Referrer: Adds support for Referrer Filtering feature
Improved the features and capabilities of the existing policies:
- Added the ability to modify query parameters in the URL rewriting policy (Content from issues.jboss.org is not included.JIRA #1139)
- Edge limiting: A flexible and powerful policy that performs different kinds of rate limiting (Content from issues.jboss.org is not included.JIRA #411)
- Extended the header modification policy by allowing templating (Content from issues.jboss.org is not included.JIRA #1140)
- The OAuth 2.0 Token Introspection Policy has been improved by adding the following features: caching, support for logout/token revocation, get client credentials from the OpenID Connect (OIDC) Issuer Endpoint
Note
OAuth 2.0 Token Introspection Policy is now out of Technology Preview.
- Better OIDC capabilities for integration with 3rd party identity providers (Support JWK through OIDC Discovery)
- Prometheus metrics (Content from issues.jboss.org is not included.JIRA #1230)
- Added support for communication via forward HTTP proxy (Content from issues.jboss.org is not included.JIRA #221)
- OpenTracing integration in APIcast to improve observability by allowing the use of Tracers (Content from issues.jboss.org is not included.JIRA #1159)
1.1.2. Minor Changes
- Renaming of some policies (Content from issues.jboss.org is not included.JIRA #1232)
-
New
APICAST_ACCESS_LOG_FILEenvironment variable that allows configuring the location of the access log (Content from issues.jboss.org is not included.JIRA #1148) -
Added new environment variables that allow configuring APIcast to listen on an HTTPS port and configure necessary certificates. New environment variables:
APICAST_HTTPS_PORT,APICAST_HTTPS_CERTIFICATE,APICAST_HTTPS_CERTIFICATE, andAPICAST_HTTPS_CERTIFICATE_KEY.
1.2. Resolved Issues
- APIcast crashes when adding an invalid (non-existing) policy name via API.
- Do not crash when initializing unreachable/invalid DNS resolver.
- After migration to new OCP instance, APIcast images can not be build from the upstream repository.
- OIDC Signature verification function not compatible with generic OIDC provider (Content from issues.jboss.org is not included.JIRA #583).
- Wrong error message when OIDC issuer field is configured incorrectly.
- APIcast crashes when loading some configurations including services with OIDC authentication.
1.3. Documentation
This content is not included.Policies
This content is not included.APIcast Standard Policies
- This content is not included.3scale Batcher Policy
- This content is not included.Anonymous Access Policy
- This content is not included.Edge Limiting Policy
- This content is not included.Header Modification Policy
- This content is not included.Liquid Context Debug Policy
- This content is not included.Logging Policy
- This content is not included.OAuth 2.0 Token Introspection Policy
- This content is not included.Referrer Policy
- This content is not included.URL Rewriting Policy
1.4. Technology Preview Features
- Added a new “Conditional policy” that only executes a policy chain if a certain condition is met. There is no GUI available for this policy; it must be configured via JSON.
1.5. Known Issues
- Dashboard stream and email notifications are not filtered according to the admin member permissions (Content from issues.jboss.org is not included.JIRA #629)
- Servers on which 3Scale API Management is installed must use the UTC time zone for correct invoice generation in postpaid mode (Content from issues.jboss.org is not included.JIRA #534)
- Internal Server Error when accessing signup page with spam protection enabled (Content from issues.jboss.org is not included.JIRA #908)
- 500 internal error response when accessing Service settings view (Content from issues.jboss.org is not included.JIRA #878)
- Backend-listener fails to reconnect to backend-redis (Content from issues.jboss.org is not included.JIRA #608)
- Wildcard router overrides unsecured routes (Resolved in OpenShift Container Platform 3.9.33)
- Ogone and Authorize.net payment gateways are not supported. Nevertheless, these options are shown in the billing settings
1.6. Deprecation Notices
- End User Plans feature will be deprecated in March 2019. This feature is replaced by the ability to define rate limits for end users using the APIcast policy for edge limiting.
Native OAuth 2.0 implementation (Authorization Code flow) for API traffic authentication is deprecated in this release. In the next release, 3scale 2.4, you will find that:
- This feature cannot be selected in the User Interface (UI).
- This feature is replaced by the OIDC integration with Red Hat Single Sign-On, which includes support for multiple OAuth 2.0 flows (see documentation).
Legal Notice
Copyright © 2019 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at Content from creativecommons.org is not included.http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.