Added Developer Portal support (#4)

* OpenAPI integration work in progress

* API Gateway updates

* API Gateway support - beta release

* README updated

* README updated

* README updated

* README updated

* README updated

* README updated

* Declaration schema updated, Developer portal alpha release

* Postman collection updated

* Devportal alpha release commit

* Devportal alpha release commit

* Added Developer Portal support

Author: fabriziofiorucci

.gitignore

@@ -1,3 +1,5 @@
 /.idea/
 /src/__pycache__/
+/src/Contrib/__pycache__/
+/contrib/devportal/src/__pycache__/
 /venv/

Dockerfile

@@ -0,0 +1,19 @@
+FROM alpine:latest
+
+RUN apk update && apk upgrade && \
+    apk add --update --no-cache python3 
+
+WORKDIR /deployment
+
+COPY etc/ etc/
+COPY src/ src/
+COPY templates/ templates/
+
+RUN python3 -m venv /deployment/env/ && \
+    source /deployment/env/bin/activate && \
+#    python3 -m pip install --upgrade pip && \
+    pip3 install --no-cache --upgrade pip setuptools virtualenv && \
+    pip3 install -r src/requirements.txt
+
+WORKDIR /deployment/src
+CMD ["/deployment/env/bin/python3", "./main.py"]

README.md

@@ -1,17 +1,18 @@
 # NGINX-Declarative-API
 
-This tool provides a set of declarative REST API for NGINX Instance Manager.
+This project provides a set of declarative REST API for [NGINX Instance Manager](https://docs.nginx.com/nginx-management-suite/nim/).
 
 It can be used to manage NGINX Plus configuration lifecycle and to create NGINX Plus configurations using JSON service definitions.
 
-GitOps integration is supported when used with NGINX Instance Manager: source of truth is checked for updates (NGINX App Protect policies, TLS certificates, keys and chains/bundles) and NGINX configurations are automatically kept in sync.
+GitOps integration is supported when used with NGINX Instance Manager: source of truth is checked for updates (NGINX App Protect policies, TLS certificates, keys and chains/bundles, Swagger/OpenAPI definitions) and NGINX configurations are automatically kept in sync.
 
 Use cases include:
 
 - Rapid configuration generation and templating
 - CI/CD integration with NGINX Instance Manager (instance groups and staged configs)
 - NGINX App Protect DevSecOps integration
 - API Gateway deployments with automated Swagger / OpenAPI schemas import
+- API Developer portals zero-touch deployment
 - GitOps integration with source of truth support for
   - NGINX App Protect WAF policies
   - TLS certificates, keys and chains/bundles
@@ -22,7 +23,7 @@ Use cases include:
 
 ## Requirements
 
-- NGINX Instance Manager 2.10+
+- NGINX Instance Manager 2.14+
 - NGINX Plus R30 or newer
 
 ## Architecture
@@ -88,8 +89,9 @@ NGINX Instance Manager ->> NGINX: Publish config to NGINX instances
 | Cookie-based stickiness    | X                                                                                       |                                                                                                  |
 | Maps                       | X                                                                                       |                                                                                                  |
 | NGINX Plus REST API access | X                                                                                       |                                                                                                  |
-| NGINX App Protect WAF      | Per-policy CRUD at `server` and `location` level with dataplane-based bundle compilation | Security policies can be dynamically fetched from source of truth                               | 
-| API Gateway                | Swagger and OpenAPI YAML and JSON schema support                                        | Automated configuration, HTTP methods and rate limiting enforcement                              | 
+| NGINX App Protect WAF      | Per-policy CRUD at `server` and `location` level with dataplane-based bundle compilation | Security policies can be dynamically fetched from source of truth                                | 
+| API Gateway                | Swagger and OpenAPI YAML and JSON schema support                                        | Automated configuration, HTTP methods and rate limiting enforcement                              |
+| API Developer Portal       | Swagger and OpenAPI YAML and JSON schema support                                        | Based on Redocly                                                                                 |
 
 ## How to use
 
@@ -99,42 +101,26 @@ Usage details and JSON schema are available here:
 
 A sample Postman collection and usage instructions can be found [here](/contrib/postman)
 
-### Using docker-compose
+## How to run
 
-This is the recommended method to run NGINX Declarative API on a Linux virtual machine. Refer to [installation instructions](https://github.com/fabriziofiorucci/NGINX-Declarative-API/tree/main/contrib/docker-compose)
+Docker-compose is the recommended method to run NGINX Declarative API on a Linux virtual machine. Full details are available [here](https://github.com/fabriziofiorucci/NGINX-Declarative-API/tree/main/contrib/docker-compose)
 
-### As a Python application
+## Building Docker images
 
-This repository has been tested with and requires Python 3.9 or newer.
-A running instance of [redis](https://redis.io/) is required: redis host and port can be configured in the `config.toml` file.
+Docker images can be built and run using:
 
-Run NGINX Declarative API using:
+    git clone https://github.com/fabriziofiorucci/NGINX-Declarative-API
 
-```
-$ git clone https://github.com/fabriziofiorucci/NGINX-Declarative-API
-$ cd NGINX-Declarative-API/src
-$ pip install -r requirements.txt
-$ python3 main.py
-```
-
-### As a Docker image
-
-The docker image can be built and run using:
-
-```
-$ git clone https://github.com/fabriziofiorucci/NGINX-Declarative-API
-$ cd NGINX-Declarative-API
-$ docker build -t nginx-declarative-api:latest -f contrib/docker/Dockerfile .
-$ docker run --name nginx-declarative-api -d -p 5000:5000 nginx-declarative-api:latest
-```
-
-Pre-built docker images are available on Docker Hub at https://hub.docker.com/repository/docker/fiorucci/nginx-declarative-api/general and can be run using:
+    cd NGINX-Declarative-API
+    docker build --no-cache -t fiorucci/nginx-declarative-api -f ./Dockerfile .
+    docker run --name nginx-declarative-api -d -p 5000:5000 fiorucci/nginx-declarative-api
 
-```
-$ docker run --rm --name nginx-declarative-api -d -p 5000:5000 <IMAGE_NAME>
-```
+    cd contrib/devportal
+    docker build --no-cache -t fiorucci/nginx-declarative-api-devportal .
+    docker run --name devportal -d -p 5001:5000 fiorucci/nginx-declarative-api-devportal
 
-Pre-built images are configured to access the redis instance on host:port `127.0.0.1:6379`. This can be changed by mounting a custom `config.toml` file on the `nginx-declarative-api` container.
+Pre-built docker images are available on Docker Hub at https://hub.docker.com/repository/docker/fiorucci/nginx-declarative-api/general
+Configuration can be customized mounting `config.toml` as a volume `nginx-declarative-api` docker image as a volume to customize 
 
 ## REST API documentation
 

USAGE-v3.md

@@ -53,13 +53,16 @@ Locations `.declaration.http.servers[].locations[].uri` match modifiers in `.dec
 
 ### API Gateway ###
 
-Swagger files and OpenAPI schemas can be used to automatically configure NGINX as an API Gateway.
+Swagger files and OpenAPI schemas can be used to automatically configure NGINX as an API Gateway. Developer portal creation is supported through [Redocly](https://redocly.com/)
 
 Declaration path `.declaration.http.servers[].locations[].apigateway` defines the API Gateway configuration:
 
 - `openapi_schema` - the base64-encoded schema, or the schema URL. YAML and JSON are supported
-- `strip_uri` - removes the `.declaration.http.servers[].locations[].uri` part of the URI before forwarding requests to the upstream
-- `server_url` - the base URL of the upstream server
+- `api_gateway.enabled` - enable/disable API Gateway provisioning
+- `api_gateway.strip_uri` - removes the `.declaration.http.servers[].locations[].uri` part of the URI before forwarding requests to the upstream
+- `api_gateway.server_url` - the base URL of the upstream server
+- `developer_portal.enabled` - enable/disable Developer portal provisioning
+- `developer_portal.uri` - the trailing part of the Developer portal URI, this is appended to `.declaration.http.servers[].locations[].uri`. If omitted it defaults to `devportal.html`
 - `rate_limit` - optional, used to enforce rate limiting at the API Gateway level
 
 A sample API Gateway declaration to publish the `https://petstore.swagger.io` REST API and enforce:
@@ -108,8 +111,15 @@ is:
                             "urimatch": "prefix",
                             "apigateway": {
                                 "openapi_schema": "https://petstore.swagger.io/v2/swagger.json",
-                                "strip_uri": true,
-                                "server_url": "https://petstore.swagger.io/v2",
+                                "api_gateway": {
+                                    "enabled": true,
+                                    "strip_uri": true,
+                                    "server_url": "https://petstore.swagger.io/v2"
+                                },
+                                "developer_portal": {
+                                    "enabled": true,
+                                    "uri": "/petstore-devportal.html"
+                                },
                                 "rate_limit": {
                                     "profile": "petstore_ratelimit",
                                     "httpcode": 429,
@@ -142,6 +152,10 @@ It can be tested using:
 
     curl -iH "Host: apigw.nginx.lab" http://<NGINX_INSTANCE_IP_ADDRESS>/petstore/store/inventory
 
+The API Developer portal can be accessed at:
+
+    http://<NGINX_INSTANCE_IP_ADDRESS>/petstore/petstore-devportal.html
+
 ### Maps ###
 
 Map entries `.declaration.maps[].entries.keymatch` can be:

contrib/devportal/Dockerfile

@@ -0,0 +1,15 @@
+FROM redocly/cli
+
+WORKDIR /deployment
+
+COPY src/ src/
+
+RUN apk update && \
+    apk add --update --no-cache bash python3 && \
+    python3 -m ensurepip && \
+    pip3 install --no-cache --upgrade pip setuptools virtualenv && \
+    virtualenv /deployment/env/ && source /deployment/env/bin/activate && \
+    python3 -m pip install --upgrade pip && \
+    pip3 install -r /deployment/src/requirements.txt
+
+ENTRYPOINT [ "/deployment/src/start.sh" ]

contrib/devportal/README.md

@@ -0,0 +1,15 @@
+# Developer portal add-on
+
+This is a wrapper for [Redocly CLI](https://redocly.com/docs/cli/) used by the NGINX declarative API to create and publish developer portals
+
+To build:
+
+	docker build --no-cache -t <YOUR_TARGET_IMAGE_NAME> .
+
+To run the pre-build image:
+
+	docker run --rm -d -p 5001:5000 --name devportal fiorucci/nginx-declarative-api-devportal
+
+To test:
+
+	curl -i -w '\n' 127.0.0.1:5001/v1/devportal -X POST -H "Content-Type: application/json" -d @<OPENAPI_JSON_SCHEMA_FILENAME>

contrib/devportal/src/requirements.txt

@@ -0,0 +1,4 @@
+typing
+uvicorn
+fastapi
+uuid

contrib/devportal/src/server.py

@@ -0,0 +1,55 @@
+import pathlib
+import uvicorn
+import subprocess
+import json
+import uuid
+
+from typing import Any, Dict, AnyStr, List, Union
+
+from fastapi import FastAPI, Request
+from fastapi.responses import PlainTextResponse, Response, JSONResponse
+
+app = FastAPI(
+    title="Redoc connector",
+    version="1.0.0",
+    contact={"name": "GitHub", "url": "https://github.com/fabriziofiorucci/NGINX-Declarative-API"}
+)
+
+JSONObject = Dict[AnyStr, Any]
+JSONArray = List[Any]
+JSONStructure = Union[JSONArray, JSONObject]
+
+@app.post("/v1/devportal", status_code=200, response_class=JSONResponse)
+def post_devportal(response: Response, request: JSONStructure = None):
+    if request:
+        try:
+            sessionUUID = uuid.uuid4()
+            apiSchema = json.dumps(request)
+            tmpFileBase = f"/tmp/{sessionUUID}"
+            tmpFileSchema = f"{tmpFileBase}.json"
+            tmpFileDocs = f"{tmpFileBase}.html"
+            tmpFile = open(tmpFileSchema,"w")
+            tmpFile.write(apiSchema)
+            tmpFile.close()
+
+            output = subprocess.check_output(f"redocly build-docs '{tmpFileSchema}' --output={tmpFileDocs}", shell=True)
+
+            with open(tmpFileDocs, 'r') as file:
+                devPortal = file.read().replace('\n','')
+
+            return JSONResponse (content={'status': 'success','apischema': f'{apiSchema}','devportal': f'{devPortal}'}, status_code=200)
+        except subprocess.CalledProcessError as e:
+            return JSONResponse (content={'status': str(e)}, status_code=400)
+        finally:
+            schemaFile = pathlib.Path(tmpFileSchema)
+            if schemaFile.is_file():
+                schemaFile.unlink()
+
+            docsFile = pathlib.Path(tmpFileDocs)
+            if docsFile.is_file():
+                docsFile.unlink()
+    else:
+        return JSONResponse (content={'status': 'invalid body'}, status_code=400)
+
+if __name__ == '__main__':
+    uvicorn.run("server:app", host='0.0.0.0', port=5000)

contrib/devportal/src/start.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# https://redocly.com/docs/cli/commands/build-docs/
+
+# Disable telemetry collection
+# https://github.com/Redocly/redocly-cli/#data-collection
+export REDOCLY_TELEMETRY=off
+
+/deployment/env/bin/python /deployment/src/server.py

contrib/docker-compose/README.md

@@ -1,6 +1,6 @@
 # Docker compose
 
-NGINX Declarative API can be deployed using docker compose on a Linux virtual machine running Docker.
+NGINX Declarative API can be deployed using docker compose on a Linux virtual machine running docker-compose v2.20+
 
 Usage:
 
@@ -18,13 +18,14 @@ NGINX Declarative API - https://github.com/fabriziofiorucci/NGINX-Declarative-AP
 
  === Options:
 
- -h                     - This help
- -c [start|stop]        - Deployment command
+ -h                             - This help
+ -c [start|stop|restart]        - Deployment command
 
  === Examples:
 
- Deploy NGINX DAPI:       ./nginx-dapi.sh -c start
- Remove NGINX DAPI:       ./nginx-dapi.sh -c stop
+ Deploy NGINX DAPI :    ./nginx-dapi.sh -c start
+ Remove NGINX DAPI :    ./nginx-dapi.sh -c stop
+ Restart NGINX DAPI:    ./nginx-dapi.sh -c restart
 ```
 
 ## How to deploy
@@ -34,26 +35,59 @@ NGINX Declarative API - https://github.com/fabriziofiorucci/NGINX-Declarative-AP
    - [API v1](/USAGE-v1.md) - deprecated
    - [API v2](/USAGE-v2.md)
 
-## Starting & stopping with docker-compose
+## How to run
 
 Starting NGINX Declarative API:
 
 ```
 $ ./nginx-dapi.sh -c start
+-> Updating docker images
+[+] Pulling 3/3
+ ✔ nginx-dapi Pulled 
+ ✔ redis Pulled 
+ ✔ devportal Pulled 
 -> Deploying NGINX Declarative API
-Creating network "nginx-dapi_default" with the default driver
-Creating redis ... done
-Creating nginx-dapi ... done
-$
+[+] Running 3/3
+ ✔ Container redis       Running 
+ ✔ Container devportal   Running 
+ ✔ Container nginx-dapi  Started
 ```
 
 Stopping NGINX Declarative API:
 
 ```
 $ ./nginx-dapi.sh -c stop
 -> Undeploying NGINX Declarative API
-Removing redis ... done
-Removing nginx-dapi ... done
-Removing network nginx-dapi_default
-$
+[+] Running 4/4
+ ✔ Container nginx-dapi        Removed 
+ ✔ Container devportal         Removed 
+ ✔ Container redis             Removed 
+ ✔ Network nginx-dapi_default  Removed 
 ```
+
+Restarting NGINX Declarative API:
+
+```
+$ ./nginx-dapi.sh -c restart
+[+] Running 4/4
+ ✔ Container devportal         Removed 
+ ✔ Container nginx-dapi        Removed 
+ ✔ Container redis             Removed 
+ ✔ Network nginx-dapi_default  Removed 
+-> Updating docker images
+[+] Pulling 3/3
+ ✔ nginx-dapi Pulled 
+ ✔ redis Pulled 
+ ✔ devportal Pulled 
+-> Deploying NGINX Declarative API
+[+] Running 4/4
+ ✔ Network nginx-dapi_default  Created-> Undeploying NGINX Declarative API
+[+] Running 4/4
+ ✔ Container nginx-dapi        Removed 
+ ✔ Container devportal         Removed 
+ ✔ Container redis             Removed 
+ ✔ Network nginx-dapi_default  Removed
+ ✔ Container devportal         Started 
+ ✔ Container redis             Started 
+ ✔ Container nginx-dapi        Started
+```