API Whitelisting

# API Whitelisting As a part of security, SRE team is now introducing API whitelisting at haproxy. ## What apps are needed to be updated? Apps that follow either of the following ways of deployment/hosting. 1. Apps that have data_servers. A list of servers added in ```/nferx_Devops/ansible/nferx/data_servers.json``` 2. Dev apps that have haproxy routing. Apps that are hosted in personal dev setups and use preview haproxy routing. ## What updates are required to be made? 1. Apps with dataservers - Add the **appname[if not present]** and API **regex** in the `ansible/nferx/dev/apps_regex.json` as following. ```json { "appname": "QuantHealth", "fe_regrep": [ { "regex": "{{=[[ ]]=}}acl is_[[ data_version ]]_[[ cleaned_appname ]]_QuantHealth path_beg [[ gw_prefix ]]/quanthealth/v1/get_summary" }, { "regex": "{{=[[ ]]=}}acl is_[[ data_version ]]_[[ cleaned_appname ]]_QuantHealth path_beg [[ gw_prefix ]]/quanthealth/v1/get_graph_cohort" }, { "regex": "{{=[[ ]]=}}use_backend {{ sub_domain_name }}_[[ data_version ]]_[[ cleaned_appname ]]_backend if is_[[ data_version ]] is_[[ data_version ]]_[[ cleaned_appname ]]_QuantHealth" } ] }, ``` - Update `QuantHealth` to **your appname**. - Update `/quanthealth/v1/get_graph_cohort` to **your API pattern** 2. Dev apps with preview haproxy routing - Add the **API regex** in `haproxy/configs/nferx/dev/haproxy_extras_fe_v2.cfg` under the API routing - Before ``` acl url_cis_staging path_beg /cis/staging/ use_backend {{ sub_domain_name}}_cis_staging if url_cis_staging ``` - After ``` acl url_cis_staging path_beg /cis/staging/ acl url_cis_staging path_beg /cis/staging/listsources/ acl url_cis_staging path_beg /cis/staging/list_paused_sources/ use_backend {{ sub_domain_name}}_cis_staging if url_cis_staging ``` ### How to deploy the changes? - Make the above mentioned changes and raise a PR in `nferx_Devops` repository to SRE team and get it merged. - Deploy the haproxy in preview. [haproxy deployment documentation](https://nferx.atlassian.net/wiki/spaces/DevOps/pages/121307191/Deploying+a+New+Application#Deploy-HAProxy) ### When is does the API whitelisting comes into action? - All restrictions will be applied on to preview 19th Sept 2022 morning. So, get your PRs merged at the earliest possibility. ### Whom to contact for any help, when needed? - GopalGupta(SRE) on slack.