Migrate examples to yaml #2539
Migrate examples to yaml #2539
Conversation
…ple configurations.
…s in related files.
📝 WalkthroughWalkthroughMigrates many examples and READMEs from XML ( Changes
Sequence Diagram(s)Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested labels
Suggested reviewers
Poem
Pre-merge checks❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
📜 Recent review detailsConfiguration used: defaults Review profile: CHILL Plan: Pro 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
This pull request needs "/ok-to-test" from an authorized committer. |
…ith new configuration details.
…and README with new configuration details.
…ed README with usage instructions.
…ey scopes and enhance documentation.
…d `apis.yaml` for JSON protection example; updated README with revised configurations and usage details.
…DME with new configuration details.
…EADME to reflect new configuration format, adjusted script paths, and downgraded Membrane dependency version.
|
/ok-to-test |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Fix all issues with AI Agents
In @distribution/examples/security/api-key/jdbc-api-key-store/apis.yaml:
- Around line 28-31: The YAML indentation for scopeTable is inconsistent: align
the `name:` under `scopeTable:` to match `keyTable:` by removing the extra
leading space so `scopeTable:` and its `name:` key use the same indentation
level as `keyTable` and its `name` (adjust the `scopeTable` block to mirror the
`keyTable` block: `scopeTable:` then `name:` at the same column).
In @distribution/examples/security/api-key/rbac/proxies.xml:
- Line 19: Requests.http still uses port 3000 in three places and must be
updated to 2000 to match the other RBAC example files; open requests.http and
replace the three occurrences of ":3000" (the request URLs at the top of the
file referenced in the review) with ":2000" so all requests use port 2000
consistently.
In @distribution/examples/security/api-key/rbac/README.md:
- Line 10: The heading "3**Test Optional API Key with RBAC**:" is missing a
period and space after the list number; update the README entry by changing the
token "3**Test Optional API Key with RBAC**:" to "3. **Test Optional API Key
with RBAC**:" so the ordered list formatting and spacing are correct.
🧹 Nitpick comments (2)
distribution/examples/security/api-key/simple/README.md (1)
12-26: Add language specifiers to shell code blocks.The fenced code blocks containing shell commands should specify the language for proper syntax highlighting and improved readability.
🔎 Proposed fix
- Send a request without an API key to see access denial: - ``` + ```shell curl http://localhost:2000 -v ``` - Try an invalid API key: - ``` + ```shell curl http://localhost:2000 -H "X-Api-Key: 98765" -v ``` - Use a valid API key to gain access: - ``` + ```shell curl http://localhost:2000 -H "X-Api-Key: abc123" -v ``` - Alternatively, provide the API key as a query parameter: - ``` + ```shell curl http://localhost:2000?api-key=abc123 -v ```distribution/examples/websockets/custom-websocket-interceptor/standalone/README.md (1)
32-41: Consider clarifying the Spring reference in YAML context.The YAML example correctly demonstrates the component definition. However, Line 40-41 mentions "The class attribute tells spring which class it should instantiate" while discussing YAML configuration. Consider updating this explanation to clarify:
- Whether Spring is still the underlying mechanism for YAML-based configuration
- If not, update the explanation to reflect the YAML-based component instantiation mechanism
This would help readers better understand the relationship between YAML configuration and the underlying framework.
📜 Review details
Configuration used: defaults
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (21)
distribution/examples/scripting/groovy/README.mddistribution/examples/scripting/groovy/apis-preview.yamldistribution/examples/scripting/javascript/apis-preview.yamldistribution/examples/scripting/javascript/proxies.xmldistribution/examples/security/api-key/jdbc-api-key-store/README.mddistribution/examples/security/api-key/jdbc-api-key-store/apis.yamldistribution/examples/security/api-key/rbac/README.mddistribution/examples/security/api-key/rbac/apis.yamldistribution/examples/security/api-key/rbac/proxies.xmldistribution/examples/security/api-key/simple/README.mddistribution/examples/security/api-key/simple/apis.yamldistribution/examples/security/basic-auth/database/apis-preview.yamldistribution/examples/security/json-protection/README.mddistribution/examples/security/json-protection/apis.yamldistribution/examples/web-services-soap/add-soap-header/README.mddistribution/examples/web-services-soap/add-soap-header/apis.yamldistribution/examples/websockets/custom-websocket-interceptor/standalone/README.mddistribution/examples/websockets/custom-websocket-interceptor/standalone/apis.yamldistribution/examples/websockets/custom-websocket-interceptor/standalone/compile-and-copy.batdistribution/examples/websockets/custom-websocket-interceptor/standalone/compile-and-copy.shdistribution/examples/websockets/custom-websocket-interceptor/standalone/pom.xml
🧰 Additional context used
🧠 Learnings (2)
📚 Learning: 2025-09-22T19:49:29.473Z
Learnt from: predic8
Repo: membrane/api-gateway PR: 2156
File: pom.xml:0-0
Timestamp: 2025-09-22T19:49:29.473Z
Learning: In the Membrane API Gateway project, jackson-annotations is pinned to version "2.20" instead of using ${jackson.version} (2.20.0) because version 2.20.0 is not available in Maven repository yet for jackson-annotations, while it is available for jackson-core and jackson-databind. This version inconsistency is intentional and necessary due to different release schedules between Jackson modules.
Applied to files:
distribution/examples/websockets/custom-websocket-interceptor/standalone/pom.xml
📚 Learning: 2025-11-23T15:59:51.742Z
Learnt from: rrayst
Repo: membrane/api-gateway PR: 2339
File: distribution/examples/web-services-soap/rest2soap-template/apis.yaml:17-32
Timestamp: 2025-11-23T15:59:51.742Z
Learning: In Membrane API Gateway YAML configuration files, response flows execute in reverse order. Steps that appear later in the response flow list actually execute first. For example, if a template references properties and setProperty steps appear after the template in the YAML, those setProperty steps will execute before the template renders.
Applied to files:
distribution/examples/scripting/groovy/apis-preview.yaml
🪛 Gitleaks (8.30.0)
distribution/examples/security/api-key/rbac/README.md
[high] 13-13: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.
(curl-auth-header)
[high] 17-17: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.
(curl-auth-header)
🪛 LanguageTool
distribution/examples/security/json-protection/README.md
[locale-violation] ~31-~31: In American English, “take a look” is more commonly used.
Context: ...ld answer with a 400 Bad Request. 3. Have a look at the configuration in the apis.yaml...
(HAVE_A_LOOK)
🪛 markdownlint-cli2 (0.18.1)
distribution/examples/security/api-key/simple/README.md
12-12: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
16-16: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
20-20: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
24-24: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Analyze (java)
🔇 Additional comments (37)
distribution/examples/security/json-protection/apis.yaml (2)
1-9: LGTM! Configuration aligns with security demonstration objectives.The restrictive jsonProtection constraints are appropriate for demonstrating how Membrane identifies and blocks malicious JSON patterns. The values match the README example and are designed to trigger validation failures for testing.
13-17: LGTM! Simple API configuration appropriate for the example.The minimal API flow correctly focuses attention on the jsonProtection policy rather than complex routing logic.
distribution/examples/security/json-protection/README.md (2)
31-42: LGTM! Documentation accurately reflects the YAML migration.The updated reference to
apis.yamland the YAML code example are consistent with the actual configuration file, ensuring users can follow the example correctly.
62-62: LGTM! Final reference correctly updated.The documentation consistently references
apis.yamlthroughout, completing the migration from XML to YAML format.distribution/examples/security/basic-auth/database/apis-preview.yaml (2)
21-31: Configuration is correct and follows established patterns.The datasource reference
'#/components/dataSource'properly points to the component defined at the top of the file. Apache Commons DBCP2 (2.14.0) and H2 database (2.4.240) are declared as dependencies in the project's pom.xml files. The external target URLhttps://api.predic8.deis consistent with other security examples in the repository.
1-17: The JDBC URL format in this configuration is correct. According to H2 official documentation,jdbc:h2:tcp://localhost/mem:userdatais the proper format for accessing an in-memory database over TCP. No changes needed.Likely an incorrect or invalid review comment.
distribution/examples/scripting/groovy/README.md (1)
9-9: LGTM! Documentation correctly updated.The reference has been properly updated to point to the new YAML configuration file, aligning with the migration from XML to YAML.
distribution/examples/scripting/javascript/proxies.xml (1)
61-61: LGTM! Comment correctly updated.The comment now accurately identifies the interceptor type as JavaScript, fixing the previous mislabeling as Groovy.
distribution/examples/web-services-soap/add-soap-header/apis.yaml (1)
1-14: LGTM! Clean YAML configuration.The YAML structure correctly defines the interceptor component and wires it into the API flow. The configuration follows proper YAML syntax and uses the component reference pattern appropriately.
distribution/examples/web-services-soap/add-soap-header/README.md (1)
107-125: LGTM! Documentation properly updated for YAML configuration.The documentation accurately reflects the migration to YAML-based configuration and correctly demonstrates both component definition and API flow wiring. The examples match the actual apis.yaml file structure.
distribution/examples/scripting/groovy/apis-preview.yaml (5)
1-8: LGTM! Bean component properly defined.The Spring bean component is correctly configured with the appropriate class and constructor argument.
11-25: LGTM! Simple JSON response API correctly configured.The Groovy script returns a map that will be serialized as JSON, and the return step correctly specifies the content type.
29-55: LGTM! JSON transformation logic is correct.The Groovy script performs date parsing/formatting and field mapping appropriately. The SimpleDateFormat instances are created per request, avoiding thread-safety concerns.
59-77: LGTM! Request/response flow properly structured.The header logging in the request flow and header addition in the response flow demonstrate the interceptor pattern correctly. The target configuration appropriately chains to the next API on port 2030.
81-89: No changes needed—the bean access API is correct.The codebase shows two distinct patterns depending on configuration format: XML-based scripts use
spring.getBean(), while YAML-based scripts userouter.getRegistry().getBean(). Both the JavaScript and Groovy YAML examples inapis-preview.yamlconsistently userouter.getRegistry().getBean('myBean'), which is the correct pattern for YAML-based Groovy scripts. The JavaScript XML examples you noted usespring.getBean()because they are XML-based, not YAML-based.Likely an incorrect or invalid review comment.
distribution/examples/scripting/javascript/apis-preview.yaml (5)
1-8: LGTM!The bean component definition is clear and correctly structured. The comment appropriately explains its purpose.
12-27: LGTM!The API correctly demonstrates JavaScript-based query parameter handling and JSON response generation. The commented target configuration provides a helpful reference for users who want to forward requests instead.
31-54: LGTM!The JSON-to-JSON transformation example demonstrates useful JavaScript capabilities including date formatting, field remapping, and array operations with
map/reduce. The logic is well-structured for an example.
58-77: LGTM!Good demonstration of both request and response interceptors. The request flow logs headers while the response flow adds a custom header before continuing. The target correctly points to the API on port 2030 defined below.
81-89: LGTM!The API correctly demonstrates retrieving a registered bean from the component registry and using the Response builder pattern to construct the response body. This nicely ties together the component defined at the top of the file.
distribution/examples/security/api-key/jdbc-api-key-store/apis.yaml (2)
1-17: LGTM! Clear component configuration.The JDBC datasource configuration is well-structured and appropriate for this PostgreSQL example.
21-35: LGTM! API configuration looks good.The API key store configuration with database backend is properly defined with appropriate extractors and target URL (aside from the minor indentation issue flagged separately).
distribution/examples/security/api-key/jdbc-api-key-store/README.md (1)
28-30: LGTM! Documentation correctly updated.The README now properly references the external YAML configuration file, consistent with the migration pattern across the PR.
distribution/examples/security/api-key/simple/apis.yaml (1)
1-31: LGTM! Well-structured YAML configuration.The API key configuration is clear and demonstrates multiple extraction methods (header and query parameter) with helpful inline comments. The structure is clean and appropriate for an example.
distribution/examples/security/api-key/simple/README.md (1)
33-62: LGTM! YAML examples are clear and accurate.The configuration documentation correctly reflects the migration to YAML format and matches the actual apis.yaml configuration file.
distribution/examples/security/api-key/rbac/apis.yaml (3)
1-8: LGTM! Clear component setup.The global API key store configuration is well-structured and the comments provide helpful context about store usage patterns.
15-22: LGTM! API key and scope extraction looks correct.The optional API key authentication with custom header extraction and scope property setup follows the expected pattern.
23-31: The template and return pattern is correct and requires no changes.The template interceptor sets the response body to the rendered template content and returns
CONTINUE. The return interceptor then terminates the flow while preserving the existing response. Whenreturn: {}is used without parameters, it does not create an empty JSON response—it simply returns the current response body as-is. Test evidence fromReturnInterceptorTest.getRequestResponse()confirms that body content is preserved when return is called on an exchange that already has a response set.Likely an incorrect or invalid review comment.
distribution/examples/security/api-key/rbac/README.md (2)
13-13: Static analysis false positive - example API keys are fine.The Gitleaks warnings about authorization tokens in curl commands are false positives. These are example API keys (
123456789andkey_321_abc) used for demonstration purposes in documentation, not real secrets.Also applies to: 17-17
27-82: LGTM! Documentation accurately reflects the YAML configuration.The key store examples and API configuration documentation are clear, accurate, and consistent with the actual
apis.yamlfile. The port migration from 3000 to 2000 is properly reflected throughout.distribution/examples/websockets/custom-websocket-interceptor/standalone/apis.yaml (2)
1-4: Component definition structure looks good.The YAML component definition correctly specifies the custom WebSocket interceptor class. The structure follows a clear pattern with the
bean.classproperty pointing to the custom interceptor implementation.
8-16: API and WebSocket flow configuration is well-structured.The YAML configuration correctly:
- Defines the API endpoint on port 9999
- Uses the
$refsyntax to reference the custom interceptor component- Configures the WebSocket flow with proper nesting
- Sets up the target proxy to localhost:8080
This aligns well with the migration from XML to YAML and matches the documentation in the README.
distribution/examples/websockets/custom-websocket-interceptor/standalone/README.md (2)
4-4: Documentation correctly updated to reference apis.yaml.The introduction now properly references the YAML configuration file instead of the XML-based proxies.xml, aligning with the PR's migration objective.
43-49: WebSocket flow example accurately reflects YAML configuration.The documentation correctly demonstrates how to reference the custom interceptor component within the WebSocket flow using YAML's
$refsyntax. The example matches the implementation in the apis.yaml file.distribution/examples/websockets/custom-websocket-interceptor/standalone/compile-and-copy.sh (1)
2-2: Verify destination directory../../../../libis the correct location for jar files.Both the
.batand.shscripts already use the same depth (4 levels up todistribution/), so they are consistent. However, confirm thatdistribution/libis the intended destination for compiled artifacts, as this directory doesn't appear to exist in the current repository structure. If the jar is meant to be deployed elsewhere, the path may need adjustment.distribution/examples/websockets/custom-websocket-interceptor/standalone/compile-and-copy.bat (1)
1-1: The relative paths in the compile-and-copy scripts are correct for their intended context. The destination/libis created by the Maven Assembly Plugin when building the distribution ZIP (seedistribution/src/assembly/distribution.xml), which places all dependencies in/libat the root level. From the extracted distribution, the relative path../../../../libcorrectly resolves to the root-level lib directory.The scripts are designed to run in the assembled and extracted distribution, not the source tree. No changes are needed; the paths and destination are properly configured.
Likely an incorrect or invalid review comment.
distribution/examples/websockets/custom-websocket-interceptor/standalone/pom.xml (1)
16-16: No version downgrade occurred — the review comment is based on incorrect information.Version 5.3.6 does not exist in the official releases or Maven Central repository (GitHub releases show v5.3.5 → v5.4.0). The pom.xml currently uses 5.0.1, and git history shows no recent changes to this file, indicating this version has been stable. YAML configuration support (including webSocket flows and custom interceptors) is available in version 5.0.1, so the custom-websocket-interceptor example is compatible with the current dependency version.
Likely an incorrect or invalid review comment.
distribution/examples/security/api-key/jdbc-api-key-store/apis.yaml
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Fix all issues with AI Agents
In @distribution/examples/security/api-key/rbac/README.md:
- Line 36: Replace the emphasized "**OR**" with plain text "Or:" (or "Or") to
avoid using strong emphasis for a simple conjunction, and fix the heading that
currently reads "### Optional" by removing the extra space after the hashes and
using the full heading text "### Optional API Key with RBAC" (single space after
###) so the markdown follows MD036 and MD019.
- Around line 12-14: Fenced code blocks in README.md lack language specifiers
causing missing syntax highlighting (MD040); update the curl/example shells (the
three short curl fences around lines 12–22 and also at 16–18, 20–22) to use a
shell/bash info string (e.g., ```bash) and update all YAML fences (the blocks
around lines 30–35, 37–44 and the larger config 49–82) to use ```yaml so each
fenced block has the appropriate language identifier; apply these changes to
every occurrence listed in the comment to satisfy markdownlint MD040.
🧹 Nitpick comments (1)
distribution/examples/security/api-key/rbac/README.md (1)
13-13: Document that example credentials are for demonstration purposes only.Gitleaks flagged the curl examples on lines 13 and 17 as containing potential authorization tokens (
123456789andkey_321_abc). While these appear to be intentional demo credentials for the README, consider adding a brief note (e.g., "Example credentials shown below") to clarify they are non-sensitive example values, improving documentation clarity and security posture.Also applies to: 17-17
📜 Review details
Configuration used: defaults
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
distribution/examples/security/api-key/jdbc-api-key-store/apis.yamldistribution/examples/security/api-key/rbac/README.md
🚧 Files skipped from review as they are similar to previous changes (1)
- distribution/examples/security/api-key/jdbc-api-key-store/apis.yaml
🧰 Additional context used
🧠 Learnings (1)
📚 Learning: 2025-11-23T15:59:51.742Z
Learnt from: rrayst
Repo: membrane/api-gateway PR: 2339
File: distribution/examples/web-services-soap/rest2soap-template/apis.yaml:17-32
Timestamp: 2025-11-23T15:59:51.742Z
Learning: In Membrane API Gateway YAML configuration files, response flows execute in reverse order. Steps that appear later in the response flow list actually execute first. For example, if a template references properties and setProperty steps appear after the template in the YAML, those setProperty steps will execute before the template renders.
Applied to files:
distribution/examples/security/api-key/rbac/README.md
🪛 Gitleaks (8.30.0)
distribution/examples/security/api-key/rbac/README.md
[high] 13-13: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.
(curl-auth-header)
[high] 17-17: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.
(curl-auth-header)
🪛 markdownlint-cli2 (0.18.1)
distribution/examples/security/api-key/rbac/README.md
12-12: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
16-16: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
20-20: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
36-36: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
45-45: Multiple spaces after hash on atx style heading
(MD019, no-multiple-space-atx)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Automated tests
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (2)
distribution/examples/scripting/groovy/apis-preview.yaml (1)
25-51: Consider documenting expected input format or adding null-safety checks.The JSON transformation at line 42 assumes
json.itemsexists and is non-empty. If the input is missing expected fields, this will fail at runtime.For production code, you'd want null-checks, but since this is an example, consider adding a comment documenting the expected input structure.
💡 Optional: Add a comment documenting expected input
src: | // JSON to JSON transformation // The json-Variable contains the request or response body as JSON object. + // Expected input: {"id": 1, "date": "1 Jan 2024", "customer": "...", "items": [{"price": 10, "quantity": 2, "description": "..."}]} import java.text.*distribution/examples/security/api-key/simple/README.md (1)
12-26: Add language specifiers to code blocks.The curl command code blocks are missing language specifiers, which affects syntax highlighting and violates markdown best practices.
🔎 Proposed fix
- - Send a request without an API key to see access denial: - ``` - curl http://localhost:2000 -v - ``` + - Send a request without an API key to see access denial: + ```bash + curl http://localhost:2000 -v + ``` - - Try an invalid API key: - ``` - curl http://localhost:2000 -H "X-Api-Key: 98765" -v - ``` + - Try an invalid API key: + ```bash + curl http://localhost:2000 -H "X-Api-Key: 98765" -v + ``` - - Use a valid API key to gain access: - ``` - curl http://localhost:2000 -H "X-Api-Key: abc123" -v - ``` + - Use a valid API key to gain access: + ```bash + curl http://localhost:2000 -H "X-Api-Key: abc123" -v + ``` - - Alternatively, provide the API key as a query parameter: - ``` - curl http://localhost:2000?api-key=abc123 -v - ``` + - Alternatively, provide the API key as a query parameter: + ```bash + curl http://localhost:2000?api-key=abc123 -v + ```
📜 Review details
Configuration used: defaults
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (8)
README.mdcore/src/main/java/com/predic8/membrane/core/interceptor/apikey/stores/inConfig/SimpleKeyStore.javadistribution/examples/openapi/validation-security/proxies.xmldistribution/examples/scripting/groovy/apis-preview.yamldistribution/examples/scripting/javascript/apis-preview.yamldistribution/examples/security/api-key/simple/README.mddistribution/examples/security/api-key/simple/apis.yamldistribution/examples/security/api-key/simple/proxies.xml
✅ Files skipped from review due to trivial changes (1)
- README.md
🚧 Files skipped from review as they are similar to previous changes (1)
- distribution/examples/scripting/javascript/apis-preview.yaml
🧰 Additional context used
🧠 Learnings (1)
📚 Learning: 2025-11-23T15:59:51.742Z
Learnt from: rrayst
Repo: membrane/api-gateway PR: 2339
File: distribution/examples/web-services-soap/rest2soap-template/apis.yaml:17-32
Timestamp: 2025-11-23T15:59:51.742Z
Learning: In Membrane API Gateway YAML configuration files, response flows execute in reverse order. Steps that appear later in the response flow list actually execute first. For example, if a template references properties and setProperty steps appear after the template in the YAML, those setProperty steps will execute before the template renders.
Applied to files:
distribution/examples/scripting/groovy/apis-preview.yaml
🪛 Gitleaks (8.30.0)
distribution/examples/security/api-key/simple/proxies.xml
[high] 15-15: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
🪛 markdownlint-cli2 (0.18.1)
distribution/examples/security/api-key/simple/README.md
12-12: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
16-16: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
20-20: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
24-24: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: Automated tests
- GitHub Check: Analyze (java)
🔇 Additional comments (9)
distribution/examples/scripting/groovy/apis-preview.yaml (4)
1-8: LGTM! Bean is used in the port 2030 example.The bean component is correctly defined and is referenced at line 84.
11-22: LGTM! Clear demonstration of returning JSON from a Groovy Map.The example correctly shows how to return a simple JSON response.
55-73: LGTM! Correctly demonstrates request/response flow with header manipulation.The use of
CONTINUEat line 70 is appropriate for continuing the response flow after adding the header.
77-85: LGTM! Bean retrieval and response construction look correct.The code retrieves the
myBeancomponent (defined at lines 1-8) and uses it as the response body. SincemyBeanis a String with value "Greetings from Spring", the response should contain that text.Note: The AI summary mentions "empty response," but this appears incorrect based on the code.
distribution/examples/openapi/validation-security/proxies.xml (1)
14-20: LGTM! Consistent with the annotation change.The rename from
<keys>to<simple>aligns correctly with the updated@MCElementannotation inSimpleKeyStore.java. The API key configuration remains functionally unchanged.distribution/examples/security/api-key/simple/proxies.xml (1)
11-30: LGTM! Consistent tag rename with clear example keys.The update from
<keys>to<simple>aligns with the Java annotation change. The API keys are clearly demo values for example purposes (as indicated by the comments), so the static analysis warning about exposed API keys is a false positive.distribution/examples/security/api-key/simple/apis.yaml (1)
1-28: LGTM! Well-structured YAML migration.The YAML configuration correctly mirrors the functionality of the XML version with proper structure:
- Global
apiKeystore usingsimple(matching the updated annotation)- Both
headerExtractorandqueryParamExtractorfor key extraction- API on port 2000 with static response
The migration maintains feature parity with the XML configuration.
distribution/examples/security/api-key/simple/README.md (1)
28-62: LGTM! Comprehensive documentation update for YAML migration.The documentation clearly explains the migration from XML to YAML configuration, with accurate examples that match the new
apis.yamlfile. The examples properly reflect thesimplestore naming (consistent with the annotation change) and demonstrate both header and query parameter extraction methods.core/src/main/java/com/predic8/membrane/core/interceptor/apikey/stores/inConfig/SimpleKeyStore.java (1)
27-27: Breaking change has been properly handled: no remaining<keys>elements found in XML configurations.The annotation change from
"keys"to"simple"in SimpleKeyStore.java is confirmed at line 27. A comprehensive search of the codebase found no remaining XML elements using the old<keys>tag, confirming that all configurations have been successfully updated (including the referenced examples in distribution/examples). The migration is complete.
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Fix all issues with AI Agents
In @distribution/examples/scripting/javascript/apis-preview.yaml:
- Around line 14-26: The JavaScript example's javascript src block currently
reads params via params.get('id') and params.get('city'), which differs from the
Groovy example that returns hardcoded values; either change this javascript src
to mirror the Groovy behavior (return hardcoded id and city) or explicitly
document the difference with a comment; also add a short inline comment above
the params.get(...) calls showing the expected query string (for example how to
call the endpoint like ?id=7&city=Berlin) and note that
params.get('id')/params.get('city') can be null if missing and suggest using a
default/fallback when demonstrating (e.g., mention fallback behavior in the
comment).
In @distribution/examples/security/api-key/jdbc-api-key-store/apis.yaml:
- Around line 3-19: The YAML example hardcodes DB credentials in the
components.dataSource bean (org.apache.commons.dbcp2.BasicDataSource) properties
(driverClassName, url, username, password); add a clear inline comment/warning
above or next to the password entry stating that credentials must be
externalized in production and recommend using environment variables or a secure
secrets manager, and update the username/password entries to reference env vars
or placeholders (e.g., ENV or secret references) instead of literal values;
optionally add recommended connection pool properties (maxTotal, maxIdle,
minIdle) as examples for production.
📜 Review details
Configuration used: defaults
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (9)
distribution/examples/scripting/groovy/apis-preview.yamldistribution/examples/scripting/javascript/apis-preview.yamldistribution/examples/security/api-key/jdbc-api-key-store/apis.yamldistribution/examples/security/api-key/rbac/apis.yamldistribution/examples/security/api-key/simple/apis.yamldistribution/examples/security/basic-auth/database/apis-preview.yamldistribution/examples/security/json-protection/apis.yamldistribution/examples/web-services-soap/add-soap-header/apis.yamldistribution/examples/websockets/custom-websocket-interceptor/standalone/apis.yaml
🚧 Files skipped from review as they are similar to previous changes (5)
- distribution/examples/websockets/custom-websocket-interceptor/standalone/apis.yaml
- distribution/examples/security/api-key/simple/apis.yaml
- distribution/examples/security/api-key/rbac/apis.yaml
- distribution/examples/security/json-protection/apis.yaml
- distribution/examples/security/basic-auth/database/apis-preview.yaml
🧰 Additional context used
🧠 Learnings (1)
📚 Learning: 2025-11-23T15:59:51.742Z
Learnt from: rrayst
Repo: membrane/api-gateway PR: 2339
File: distribution/examples/web-services-soap/rest2soap-template/apis.yaml:17-32
Timestamp: 2025-11-23T15:59:51.742Z
Learning: In Membrane API Gateway YAML configuration files, response flows execute in reverse order. Steps that appear later in the response flow list actually execute first. For example, if a template references properties and setProperty steps appear after the template in the YAML, those setProperty steps will execute before the template renders.
Applied to files:
distribution/examples/scripting/groovy/apis-preview.yamldistribution/examples/scripting/javascript/apis-preview.yaml
🔇 Additional comments (8)
distribution/examples/web-services-soap/add-soap-header/apis.yaml (3)
3-6: No issues found. The Java classcom.predic8.AddSoapHeaderInterceptoris defined in the project atdistribution/examples/web-services-soap/add-soap-header/src/main/java/com/predic8/AddSoapHeaderInterceptor.javaand the bean configuration is correct.
10-16: No changes needed—port 2000 is the standard convention across all example configurations.All examples in the distribution/examples directory use port 2000 by design, making this the established convention. Since examples are isolated and meant to run independently, using the same port across all of them is intentional, not a conflict.
Likely an incorrect or invalid review comment.
1-1: No changes needed. The schema reference is correct and consistent with the rest of the codebase.distribution/examples/security/api-key/jdbc-api-key-store/apis.yaml (2)
26-35: LGTM - API key configuration structure is correct.The indentation is consistent, and the configuration properly defines the JDBC-backed API key store with appropriate table mappings and header extraction.
1-1: No action needed. The schema version 7.0.5 is current and consistent with the vast majority of configuration files in the codebase. This version is used across all tutorials and examples with no newer versions in use.Likely an incorrect or invalid review comment.
distribution/examples/scripting/javascript/apis-preview.yaml (1)
3-11: LGTM!The inline comment clearly explains the component's purpose, which is helpful for users learning from this example.
distribution/examples/scripting/groovy/apis-preview.yaml (2)
1-1: No action needed. The schema version v7.0.5.json is the current standard used consistently across the distribution/examples directory (88 of 90 YAML files).
79-87: No issues found. The Response.ok().body() pattern with return: {} is the standard approach used consistently across official examples (Groovy and JavaScript variants in both YAML and XML formats), and the README documentation confirms this endpoint returns the bean value correctly.
- Aligned test method declarations with updated conventions. - Modified test servers' port and improved assertion with additional `not` condition checks. - Simplified API flow in YAML by refining scope checks and adding return statuses for clarity.
Summary by CodeRabbit
Documentation
New Examples
Tests
Chores
✏️ Tip: You can customize this high-level summary in your review settings.