Manage Policy with Gateway Bundles

In this section:

About Gateway Bundles

A Gateway Bundle is a set of files that the Gateway Policy Plugin generates to simplify the management of policies and expose policy- or environment-specific entities.
Policy authors can create policy bundles in the Gateway Policy Plugin and incorporate them into the CI/CD pipeline for easier upgrades and migrations. As a Portal Admin, you can import Gateway bundles into
Layer7 API Developer Portal
, centrally manage the assertions, policies, and/or services contained with them, and deploy them to the proxies managed in
Layer7 API Developer Portal
.
Each Gateway bundle consists of three files:
  • <name>-<versionmajor>.<versionminor>.<versionbuild>.metadata.yml
    : Includes information about the generated bundle along with its dependencies.
  • <name>-<versionmajor>.<versionminor>.<versionbuild>.install.bundle
    : Packages policies, encapsulated assertions (encass), services, and other Gateway entities.
  • <name>-<versionmajor>.<versionminor>.<versionbuild>.delete.bundle
    : Enables undeployment of the bundle.
Examples:
  • sample-1.0.00.metadata.yml
  • sample-1.0.00.install.bundle
  • sample-1.0.00.delete.bundle
  • sample-1.0.00-full.install.bundl
There are four types of Gateway bundles:
  • Encapsulated Assertion:
    Contains an encapsulated assertion (encass) along with its policy dependencies. Can be reusable if the
    l7template
    attribute is true.
  • Policy:
    Contains a policy fragment along with its dependencies.
  • Service:
    Contains a service (Web API or SOAP) definition along with its service policy dependencies.
  • All:
    Contains all of the above components.
Layer7 API Developer Portal
supports all Gateway bundle types except Service.
For more information about bundles built in the Gateway Policy Plugin, including the attributes within the metadata file, see the Gateway Policy Plugin documentation.

How Gateway Bundles Work

Gateway bundles enable you to export any code, configuration, or environment from the API Gateway through the Gateway Policy Plugin. After the Gateway bundle is uploaded into
Layer7 API Developer Portal
, you can manage and deploy the bundles to enrolled proxies. This leverages
Layer7 API Developer Portal
as the single source of management console for policy lifecycle management, in addition to lifecycle management of APIs, applications, proxies, and other entities.
For Gateway bundles that have encapsulated assertions (encass),
Layer7 API Developer Portal
creates policy templates from the associated metadata. The policy templates are available as reusable policies to API publishers while publishing APIs. Portal Admins can also deploy or promote policy changes through dev, staging, and production environment proxies managed in
Layer7 API Developer Portal
.
The
metadata.yml
file of a Gateway bundle contains basic details such as group name, name, version, tags, and defined entities, environment dependencies, and other dependencies.
Layer7 API Developer Portal
uses the metadata to generate a policy template that can be managed and reused in APIs published through
Layer7 API Developer Portal
.
After the Gateway bundle is uploaded into
Layer7 API Developer Portal
,
Layer7 API Developer Portal
acts as the single source of truth for policy management. Heterogenous policy deployment across environments are possible as
Layer7 API Developer Portal
acts as the control plane for deployment of policies to all the proxies. This also helps with scalability by enabling API Management in multi-geographic, multi-cluster deployments.

Policy Lifecycle Management Overview

The following diagram describes an overview of policy lifecycle management and how Policy Developers, Portal Admins, and Publishers (API Owners, Org Publishers) collaborate across Layer7 products when using Gateway bundles.
Policy management with Gateway bundles includes the following workflows:
  • Policy authoring:
    Includes creation and management of policies in the API Gateway, and creation and export of Gateway bundles using the Gateway Policy Plugin. See the Gateway Policy Plugin documentation for more information on creating Gateway bundles.
  • Bundle management:
    Includes upload of Gateway bundles to
    Layer7 API Developer Portal
    , and federated bundle deployment using
    Layer7 API Developer Portal
    .
    You can deploy bundles only on demand.
  • Policy template management:
    Includes API publishing and association of policy templates through
    Layer7 API Developer Portal
    .