Manage Policy with Gateway Bundles

In this section:

About Gateway Bundles

A Gateway Bundle is a set of files that the Gateway Policy Plugin generates to simplify the management of policies and expose policy- or environment-specific entities.
Policy authors can create policy bundles in the Gateway Policy Plugin and incorporate them into the CI/CD pipeline for easier upgrades and migrations. As a Portal Admin, you can import Gateway bundles into
API Management SaaS
, centrally manage the assertions, policies, and/or services contained with them, and deploy them to the proxies managed in
API Management SaaS
.
Each Gateway bundle consists of three files:
  • <name>-<versionmajor>.<versionminor>.<versionbuild>.metadata.yml
    : Includes information about the generated bundle along with its dependencies.
  • <name>-<versionmajor>.<versionminor>.<versionbuild>.install.bundle
    : Packages policies, encapsulated assertions (encass), services, and other Gateway entities.
  • <name>-<versionmajor>.<versionminor>.<versionbuild>.delete.bundle
    : Enables undeployment of the bundle.
Examples:
  • sample-1.0.00.metadata.yml
  • sample-1.0.00.install.bundle
  • sample-1.0.00.delete.bundle
  • sample-1.0.00-full.install.bundl
There are four types of Gateway bundles:
  • Encapsulated Assertion:
    Contains an encapsulated assertion (encass) along with its policy dependencies. Can be reusable if the
    l7template
    attribute is true.
  • Policy:
    Contains a policy fragment along with its dependencies.
  • Service:
    Contains a service (Web API or SOAP) definition along with its service policy dependencies.
  • All:
    Contains all of the above components.
API Management SaaS
supports all Gateway bundle types except Service.
For more information about bundles built in the Gateway Policy Plugin, including the attributes within the metadata file, see the Gateway Policy Plugin documentation.

How Gateway Bundles Work

Gateway bundles enable you to export any code, configuration, or environment from the API Gateway through the Gateway Policy Plugin. After the Gateway bundle is uploaded into
API Management SaaS
, you can manage and deploy the bundles to enrolled proxies. This leverages
API Management SaaS
as the single source of management console for policy lifecycle management, in addition to lifecycle management of APIs, applications, proxies, and other entities.
For Gateway bundles that have encapsulated assertions (encass),
API Management SaaS
creates policy templates from the associated metadata. The policy templates are available as reusable policies to API publishers while publishing APIs. Portal Admins can also deploy or promote policy changes through dev, staging, and production environment proxies managed in
API Management SaaS
.
The
metadata.yml
file of a Gateway bundle contains basic details such as group name, name, version, tags, and defined entities, environment dependencies, and other dependencies.
API Management SaaS
uses the metadata to generate a policy template that can be managed and reused in APIs published through
API Management SaaS
.
After the Gateway bundle is uploaded into
API Management SaaS
,
API Management SaaS
acts as the single source of truth for policy management. Heterogenous policy deployment across environments are possible as
API Management SaaS
acts as the control plane for deployment of policies to all the proxies. This also helps with scalability by enabling API Management in multi-geographic, multi-cluster deployments.

Policy Lifecycle Management Overview

The following diagram describes an overview of policy lifecycle management and how Policy Developers, Portal Admins, and Publishers (API Owners, Org Publishers) collaborate across Layer7 products when using Gateway bundles.
Policy management with Gateway bundles includes the following workflows:
  • Policy authoring:
    Includes creation and management of policies in the API Gateway, and creation and export of Gateway bundles using the Gateway Policy Plugin. See the Gateway Policy Plugin documentation for more information on creating Gateway bundles.
  • Bundle management:
    Includes upload of Gateway bundles to
    API Management SaaS
    , and federated bundle deployment using
    API Management SaaS
    .
    You can deploy bundles only on demand.
  • Policy template management:
    Includes API publishing and association of policy templates through
    API Management SaaS
    .