Add support for response flow policy in standalone mode

Question

Add support for response flow policy in standalone mode

fredmaggiowski opened this issue 2 years ago · 0 comments

Right now, when rönd operates in standalone mode it is not capable of executing response-flow policies therefore I have to write any security-related filter on API responses in the API itself.

Describe the solution you'd like

I'd like to be able to invoke rönd standalone also to be able to know the payload I should return to the client.

So with a configuration such as

{
   "/someapi": {
     "x-rond": {
        "requestFlow": { "policyName": "allow_all" }, 
        "responseFlow": { "policyName": "my_policy" }, 
      }
   }
}

I'd like to do something like

curl -X POST http://rond-standalone/eval/someapi -d '{ my original payload }'

And receive back the payload modified by my_policy.

Describe alternatives you've considered

To let rönd discern whether the http://rond-standalone/eval/someapi should use the request or response flow I'd like to use something like:

a reserved query param: ?rondFlow=response
a reserved header: rond-flow=response
change the path to /eval/:flow/:apinametherefore the api would actually be different based on the flow, in this case:http://rond-standalone/eval/response/someapi` but this would be a breaking change!

Any other suggestion on a solution?