►
From YouTube: Discover the New Plugins in Kong Gateway 3.1
Description
Kong Gateway 3.1 includes several new plugins, forming our most powerful plugin ecosystem yet and with an enhanced functionality for a few existing plugins.
For our last User Call for 2022, Gang Guo (Product Manager, Kong) will deep dive into the following new plugins:
- AppDynamics
- SAML2
- JWE Decryption
- OpenAPI Specification (OAS) validation
- XML Threat Protection
What's more, we introduced an enhancement into:
- Mock plugin
- Forward proxy plugin
A
Hello-
everyone
good
morning,
good
afternoon,
good
evening
from
wherever
you're
joining
us.
My
name
is
Dalia
and
I
work
as
a
community
manager
at
Kong,
I'm
very
happy
to
have
all
of
you
join
us
for
the
last
user.
Call
for
2022.
very
happy
to
have
all
of
you
here
today
today.
The
topic
will
be
discover
the
new
con
plugins
in
Kong
Gateway
3.1,
and
we
have
Gunk
who
will
be
presenting.
A
B
B
The
agenda
is
fairly
simple:
I
will
give
everybody
a
introduction
about
com,
Gateway
and
also
Kong
Gateway
plugins.
Then
we
get
into
the
details
of
new
plugins
being
released
in
version
3.1.
After
that
we
will
have
two
of
our
Engineers
joined
me
today.
To
do
some
live
demos
of
three
new
plugins
at
the
end
we
have
a
short
moment
for
Q
a.
B
B
So
very
recently,
Tong
is
being
being
named
as
a
leader
by
Gardner
the
third
time,
and
we
moved
even
further
on
the
right
hand
side.
So
that
literally
means
I'm.
A
product
offerings
is
much
more
advanced
than
any
other
vendors,
because
you
can
see
on
the
chart.
You
know
under
the
further
you're
on
right
hand,
side
basically
means
you're
more
advanced.
B
Obviously
we
are
newcomers,
so
we're
not
as
good
as
you
know.
The
old
mature
vendors
like
RPG
or
mulesoft,
because
they
have
been
there
for
probably
more
than
10
years
now,
but
we
are
the
fattest
ones
getting
the
leader
content
and
we
are
the
leaders.
So
yes,
in
a
row
already,
so
you
always
the
most
popular
API
Gateway
in
the
planet.
Already
the
next
thing
I'm
going
to
highlight
is
we
have
a
comb
plugin
Hub
I
put
the
links
on
the
top
here.
B
Next
one
is
I'm
going
to
mention
is
plugging
compatibilities.
That's
all
you
know.
Chrome
Gateway
can
be
deployed
in
different
mode,
and
normally
you
can
do
TV
lays
you
know
if
you
open
source.
Probably
this
is
a
easy
way
to
do
it.
You
don't
need
a
database,
you
just
have
a
configuration
files
and
load.
Your
call,
the
downside.
Obviously,
is
you
can't
really
change
your
configurations
on
the
Fly
and
it
will
be
fixed,
as
you
start
call.
B
B
The
good
thing
is,
everybody
can
change
the
configurations
and
read
the
latest
configurations
out.
The
bad
thing
is
the
database
has
been
connected
all
the
time
by
all
the
instance.
Then
the
third
mode
is
hybrid.
Constantly
you
have
a
safety
only
being
connected
to
the
database
and
DP
nodes
are
talking
to
the
CP.
B
So
with
this
three
deployment
mode,
Iman
avacon
Gateway
plugins,
obviously
has
a
compatibilities
to
each
of
these
deployment
mode.
So
if
you
apply
a
plugin
and
if
it
does
not
work
as
expected,
then
I
recommend
you
check
this
compatibility
list.
It
might
be
because
your
deploy
mode
is
not
supported
by
that
particular
plugin.
So
that
probably
will
reduce
50
of
the
chance
of
you
know.
You
spend
lots
of
time
figured
out
why
it
does
not
work.
Actually,
it's
fundamentally
not
supported
by
this
deployment
mod.
B
A
A
B
So
the
key
is
to
give
user
the
power
and
make
them
to
conquer
their
daily
problems
or
issues
with
the
least
of
effort.
All
the
plugins
we're
trying
to
you
know,
build
them
use.
Obviously,
so
all
the
plugins
we
currently
bundled
with
chrome,
you
can
actually
use
it
using
commanding
uis
or
you
use
API
calls
to
apply
them
or
change
them.
B
You
can
also
do
the
deck
dump
or
deck
thing
to
declaratively
apply
the
plugins
and
in
the
past,
connect
is
a
little
bit
lagged
behind
to
support
the
latest
release
plugins.
Nowadays,
we
more
or
less
get
to
a
similar
time
from
connect
to
support
the
newly
released
Enterprise
plugins.
Officially,
the
other
thing
is,
you
know
it
gives
user
the
flexibility
and
power
you
probably
already
realized.
You
have
with
limiting
Transformations
possibility
related
plugins
like
log
metrics
and
tracing.
We
also
can
Dynamics
change
the
plugin
execution
orders.
B
We
have
a
very
powerful
oidc
plugins,
which
can
support
probably
more
than
20
or
30
idps,
and
we
have
very
rich
planning
ecosystem.
If
you
go
to
the
plugin
Hub,
you
probably
can
fill
that
already.
I
have
listed
the
new
plugins.
We
have
added
inversion
3.1,
which
give
our
users
even
more
power.
All
these
green
ones
that
is
here
are
new
plugins
samo2
is
a
new
way
to
authenticate
income
Gateway.
Obviously,
some
or
two
probably
existed
for
quite
a
long
time
in
all
days.
If
anybody
here.
C
B
A
soft
based
web
services-
you
probably
know
some
or
two
for
quite
a
long
time
and
at
the
beginning,
because
Kong
Gateway
is
relatively
new,
so
we
go
with
the
OS
and
oidc
awesome
and
mainstream,
but
when
we
grow
our
custom
basis,
especially
the
big
Corporation
customers,
the
CEO
would
like
us
to
support
those
mature
standards,
the
next
time
or
two.
So
as
required,
we
provided
summer
to
support
in
this
release
and
also
the
XML
scrap
protection
is
similar.
B
B
We
also
have
added
a
OAS
validation,
plugin,
which
is
very
new
and
because
nowadays,
majority
of
the
apis
are
restful
based.
So
you
will
send
link
Json
and
Json
request
and
Json
response.
This
OS
validation,
plugin
can
do
is
to
based
on
your
open
API
specifications
to
do
the
request
and
response
validation
against
it.
B
B
Then
we
have
this
job
decryption
plugin,
you
probably
already
know
we
have
jobs,
validations,
jobstana
and
now
we're
at
this
job.
Decryption
is
because
we
have
lots
of
open
banking.
Financial
customers
they
are
they
are
asked
to
do-
is
to
validate
against
a
encrypted
your
token,
which
they
are
Partners
I
need.
C
B
Another
new
plugin
being
added
to
support
path
Dynamics,
if
you
are
a
bank
or
insure
or
the
government
or
big
corporations
and
academics,
probably
is
the
application
Performance
Management
systems
you're.
Using
with
this
plugin,
we
could
send
transactions
to
our
Dynamics
as
part
of
the
API
going
through.
You
will
be
able
to
see
entire
API
Journeys
and,
in
the
aftermath
controller
from
one
single
place.
B
We
also
enhanced
existing
mocking
plugin,
which
I'm
not
wrong
here.
Morgan
plugin
was
provided
probably
last
year,
but
it
was
fairly
basic
and
this
time
I
did
more
features
to
make
sure
we
can
support
much
more
status
code,
samples
being
returned
and
also
you
can
define
a
randomized
way
which
status
code
you
let's
get
written,
it
will
be
much
more
useful
than
you
can
see,
I'm
working,
so
that's
the
enhancement.
Obviously,
now
let
me
dive
into
install
games
provided
yeah.
B
They
will
do,
is
a
click
link
or
click
a
button.
You
know
in
your
mobile
apps
or
web
apps
and
then
API
call
being
made
through
API
gateway.com
and
then
homework
proxy.
The
API
request
to
a
back-end,
microservices
or
apis
implemented,
and
the
update
agent
being
normally
installed
on
the
web
front
end
and
also
on
the
back
and
macro
Services,
which
can
send
the
API
transactions
informations
to
the
academics
before
Chrome
API
before
come
of
the
plugins.
B
Con
Gateway
is
more
like
a
black
box
and
with
this
plugin
now
in
place,
customer
can
actually
see
it
from
intern,
from
the
clip
being
made
on
the
web
front,
end
to
clone
proxy
the
apis
through
and
then
the
backend
service.
You
get
the
request
and
send
the
response
back.
You
can
track
it
end
to
end
and
preferably
action
if
and
in
performance
bottleneck
or
if
any
errors
from
one
single
place
in
the
aftermax
controller
outbox.
B
B
If
they
logging
are
successful,
a
token
will
be
issued
and
the
comb
will
validate
that
token
to
make
sure
this
is
the
user,
and
this
is
this
authenticated
by
interpret
those
versions
in
the
token
itself,
and
then,
after
that,
one
passed.
Kong
will
pass
on
the
request
to
the
backend
services
and
also
convo
store
the
sessions
in
a
cookie.
So
when
you
make
the
next
call,
Como
use
the
ignition
session
cookies
to
make
the
API
boxing,
so
you
don't
really
need
to
do
is
to
authenticate
every
single
time.
B
B
B
This
plugin
can
do
both
request
and
response
against
your
open,
api's
decisions,
not
only
that
this
one
also
supports
you
to
configure
a
web
cook
endpoint.
So
if
anything
not
pass
your
validations
and
you
can
actually
send
that
request
and
response
body
to
that
web
hook
for
the
debugging
or
root
code
analysis
later.
So
our
engineer
will
demo
today.
C
B
Before
we
can
do
a
job
token
validation,
the
encryption
and
decryption
keys
can
be
exchanged
using
our
jks
and
font.
We
have
enhanced
and
standardized
jks
and
important
with
this
plugin
behancing.
So
actually
we
are
planning
to
standardize
all
this
jks
key
and
the
plant
across
the
Johnson
and
the
YDC
plugin
in
the
future
releases
from
functionality
perspective
forget
about
the
underlying
changes
we
are
doing
on
the
jks
or
JWT.
You
know,
libraries,
the
functionality
is
straightforward,
you
get
encrypted
token
coming
in
and
then
this
one
will
decrypt
it.
A
B
B
So
you
can
limit
the
feed,
apps
and
limited
structures
and
the
payload
size.
So
we
could
do
lots
of
preventions
for
you
against
the
bad
guys.
Obviously
so
have
a
look
to
the
documentation
and
play
with
it.
It
is
quite
powerful.
Obviously,
next
one
I
think
I
mentioned
earlier
as
well.
The
more
game
planning
this
plugin.
B
We
used
to
be
able
to
only
support
for
everyone
or
two
sets
codes,
samples
being
returned
like
to
200
or
201
no
match
useful,
but
with
this
enhancement
we
can
now
support
more
or
less
all.
This
stats
is
called
being
returned
with
examples,
and
you
can
even
Define
by
which
examples
of
Cisco
you
would
like
to
be
returned
by
this
plugin
and
as
well
as
we
can
simulate
some
latencies
on
your
mock,
Services,
say:
yeah
I
would
like
to
have
500
milliseconds
latences
being
simulated
by
Denmark.
B
B
B
That's
common
manager
version
simple
one:
I
think
that
is
very
high
level
of
new
features
and
new
plugins.
We
released
being
version
3.1
I.
Think
you
probably
seen
after
about
slides
and
heard
about
enough
series
now
I
think
it's
a
good
time
to
do
the
live
demos,
so
you
can
see
it
in
action
by
yourself.
C
C
Okay,
so
hello,
everyone,
my
name,
is
Samuel
I
am
a
software
engineer,
income
and
today
we're
going
to
see
some
of
the
features
of
this
new
plugin
OES
validation.
So
this
plugin,
as
gang
anticipated,
is
meant
to
validate
requests
and
responses
based
on
an
API
specification
that
you
can
provide
in
the
configuration
of
the
plugin.
C
C
So
let's
see
this
in
action
now,
as
I
said
a
while
ago,
this
is
a
very
basic
configuration
of
the
plugin
I'm
passing
the
name
in
this
example
I'm
using
the
pet
store
specification
which
I'm
passing
as
the
API
is
back
parameter
and
then
I'm
setting
this
verbose
response
to
true.
This
basically
allows
to
see
the
reason
for
the
failed
validations
right
in
the
response
body,
so
this
is
useful
for
debugging
purposes.
C
So,
if
I
configure
this
plugin,
you
can
see
that
basically,
all
of
the
validation
properties
are
set
to
True
by
default
and
yeah.
So
this
is
basically
the
the
plugin
being
set
up.
Let
me
just
patch
the
plugin
ID
to
use
later
and
we're
going
to
see
now
what
a
valid
request
looks
like
so,
of
course,
I'm
passing
now
a
valid
body
to
the
path
endpoint,
like
I,
said
we're
using
the
Swagger
Path
store,
so
I'm,
sending
a
post
request
to
the
bat,
endpoint
and
I'm
going
to
pass
a
valid
body.
C
Now,
just
to
see
that
it
returns
a
200,
okay
and
I'm
doing
the
same
with
a
get
request
by
just
fetching
the
pets
that
we
just
posted.
So
we
get
we
that
are,
we
get
our
gorilla
back
with
the
same
ID,
so
we
are
going
to
now
try
to
see
what
happens
when
the
validation
fails,
so
we're
going
to
use
the
same
endpoint
path123
that,
as
we
saw
a
while
ago,
it
expects
a
path
ID
to
be
passed
as
a
required
integer
parameter
here
in
the
path
so
If.
C
Instead
of
passing
a
valid
integer,
I
I,
it
was
any
string,
for
example.
This
should
fail
the
validation
and,
in
fact,
as
you
can
see,
I
hope
you
can
read
it
in
the
message
here.
We
see
a
description
of
this
failure,
so
this
validation
failed
because
the
type
is
wrong.
It
expected
an
integer
and
it
got
a
string,
but,
as
we
saw
a
while
ago,
what
we
can
do,
for
example,
with
this
plugin,
is
to
configure
all
of
these
different
properties
to
change
the
way
the
validation
works.
So,
for
example,
this
last
request
failed.
C
C
So,
let's
see
something
similar.
This
is
a
valid
request
where
we
are
passing,
as
we
saw
a
while
ago,
a
valid
body,
but
in
our
specification
here
the
pet
that
we're
passing
in
the
body
has
the
name
as
a
required
parameter.
So
now
we
have
the
body
validation
enabled.
So
if
we
remove
the
name
from
here,
we
would
expect
this
to
fail
and
in
fact
we
got
a
for
rendered
by
the
request,
which
explains
that
the
property
name
is
required.
C
We
can
do
something
similar
to
what
we
just
did
disable
the
request
body
validation
in
the
same
plugin,
and
the
same
request
is
going
to
pass
because
this
time
we
don't
basically
do
the
the
body
validation.
So
this
is
going
to
to
the
upstream
and
returning
a
200
okay
response
yeah.
This
is
basically
all
of
the
main
functionalities
I
wanted
to
show
in
this
demo.
C
B
B
D
D
So,
let's
start
with
the
cell
plugin.
So
thank
you
again.
My
name
is
Hans
I'm,
a
software
engineer
with
the
home
Gateway
team
and
I'm
going
to
talk
about
the
seml
plugin,
which
is
a
plugin
that
is
used
to
authenticate
web
applications
that
are
deployed
behind
com
web
applications
means
it
always
requires
a
browser
to
be
present
so
that
users
can
go
through
the
IDP
login
flow.
D
The
user
goes
through
the
IDP
login
flow,
and
once
that
is
completed,
they
are
sent
back
to
the
gateway
gateway,
evaluates
the
authentication
result
and
then
sends
the
request
to
the
web
application
server.
So
it's
important
to
understand
that
that
channel
is
really
only
useful
for
web
applications
that
have
a
browser
attached
to
the
user
or
by
the
user.
It
gives
us
a
browser.
D
The
configuration
is
like
standard
configuration
where
you
have
to
specify
the
individual
parameters
of
the
sample
provider
in
the
config
that
you
are
sending
to
Kong
the
required
parameters
for
sorry
for
the
quick
scrolling
for
Azure.
Active
directory
are
documented
on
our
page,
so
it
is
relatively
straightforward
following
this,
how
to
style
documentation
to
get
set
up
with
with
a
seml
and
Azure
active
directory.
D
D
D
So
now
what
we
have
here
is,
of
course,
a
session,
and
this
session
is
independent
of
the
sample
session
that
that
we
have,
with
the
provider
it's
possible
to
authenticate
every
request.
So,
if
I
remove
my
session
here
and
reload,
the
thing
then
I
don't
need
to
get
through
the
whole
login
dense,
because
sorry
error
already
has
a
session
for
me
and
they
just
re-establish
it
with
com
foreign.
D
For
those
of
you
who
don't
know
at
Dynamics
is
a
an
application,
Performance
Management
platform,
so
different
parts
of
the
of
an
application
that
is
using
different
servers,
front
and
back-end.
Send
information
to
app
Dynamics
and
app
dynamics.
Consolidates
that
into
a
common
picture
of
requests
that
are
flowing
so
the
com
plugin
for
app
Dynamics,
contributes
to
that
to
that
mechanism
and
sends
information
about
requests
that
are
going
through
Kong
in
the
context
of
a
a
business
transaction
that
is
modeled
in
app
Dynamics.
D
The
configuration
of
the
plur
of
the
app
Dynamics
plugin
is
global
because
we
are
using
the
the
CC
plus
SDK,
which
is
also
mentioned
here.
The
CC
plus
SDK,
delivered
by
Dynamics,
is
a
component
that
we
load
into
the
worker
process
and
that
manages
the
communication
between
the
power
application
and
the
the
app
Dynamics
controller.
D
This
makes
the
installation
of
the
plug-in
a
bit
more
involved
because
for
one
we
cannot
deliver
the
agent
SDK
with
com.
You
need
to
download
it
from
the
Dynamics
site
and
then
the
other,
like
circumstance,
is
that
configuration
of
the
plugin
is
going
through
environment
variables.
So
the
the
the
Kong
environment
needs
to
be
changed
in
order
to
hook
up
the
app
Dynamics
account
with
the
agent.
D
This
means
that
that,
in
effect,
when
configuring,
the
plugin,
it
just
needs
to
be
enabled
there
are
no
parameters
in
the
dynamic
configuration
that
we
have
in
Kong.
Everything
is
going
through
the
common
environment
variables
and
what
I'm
going
to
do
to
demo.
This
is
I'll
just
run
a
script
that
sends
a
couple
of
requests
to
this
configured
instance
of
Kong,
and
then
we
are
going
to
look
at
the
epidemics
UI
to
see
the
requests
that
have
been
flowing.
D
This
409
is
because
the
plugin
was
already
initialized,
so
one
important
aspect
is
to
know
is
that
the
SDK
is
buffering
the
messages
that
we
are
sending.
So
even
though
we
are
sending
requests
through
through
com
now,
and
they
are
also
already
scheduled
to
be
sent
to
app
Dynamics
in
the
app
Dynamics
UI.
If
I
look
here,
we
are
not
going
to
see
them.
D
We
go
to
15
minutes,
so
nothing
is
shown
on
the
scorecard
yet
because
the
messages
are
still
buffered
in
in
the
SDK,
but
I'm
going
to
go
a
bit
back
further
a
bit.
So
so
we
see
some
of
the
transactions
that
have
been
sending
earlier
on.
So
what
we
do
when
sending
business
transactions
to
app
Dynamics
is
we
we
normally
just
send
business
transactions
and
only
if
we
detect
an
error
state
from
the
Upstream
server
like
a
non-positive
non-2
x,
x,
response.
D
We
report
that
as
an
error,
so,
for
example,
I
have
one
error
here.
That
is
a
404
error.
Let
me
see
does
not
exist
sorry,
so
we,
the
the
app
stream
server,
has
returned
a
404
and
now
in
in
app
Dynamics,
we
can
see
this
404
error
and
then
we
also
monitor
execution
or
well
response
time
of
the
Upstream
server.
So
if
the
Upstream
server
is
responding
very
slowly
like
in
the
minutes,
then
we
report
that
also.
B
Yeah
sense
has
so
I
think
we
back
to
the
Q
a
session.
Let
me
read
out
to
the
questions.
Currently
we
got
in
the
Q.
A
the
first
question
is
from
Jim.
What
is
the
Gateway
overhead
scale
and
performance
with
the
OS
stack,
validation,
plugin
Jim?
To
be
honest,
I
don't
have
the
latest
figures
about
the
latency
I
did
or
memory
used
whatsoever,
but
based
on
man
standing.
B
B
You
enough
feedback.
The
second
one
is:
there's
a
mock
plugin,
it's
also
from
Jim.
Does
the
mob
plugin
return
Dynamic
response
based
on
the
requested
body,
this
one
I,
don't
think
so,
because
in
the
mock
plugin
we
do
not
implement
they
the
API
logically,
so
the
request
shouldn't
make
any
difference,
especially
request.
Payloads
didn't
make
any
difference
to
the
response
examples
to
returned.
B
B
B
Then
they
actually
return
the
examples
you
write
in
your
definitions,
the
whole
thing
you
have
specs
and
simile.
We
can
actually
give
you
an
example
ID,
for
example.
Here
you,
you
can
have
two
values
to
return
either
power
or
Sasha,
but
you
can
actually
Define
this
in
a
header,
so
the
particular
example
will
be
returned,
so
I
think
it's
based
on
two
things.
One
thing
is
the
header
value
you're
sending
the
other
thing
is
obviously
the
URL
use,
email
plugin.
So
the
request
body
is
not
the
determined
Factor.
B
B
Otherwise
con
will
not
understand
your
summer
token
and
the
Hans
demo
thing
is
the
SP
initiated
similar
to
authentication
flow
so
which
it
literally
means
cone
will
be
the
first
hit
point
and
that
time
customer
hasn't
got
a
Sumo
token.
In
the
request
header,
then
custom
will
be
directly
back
on
to
do
the
authentication.
What
you
mentioned
is
actually
the
IDP
initiated,
authentication
flow,
so
those
needs
some
of
the
tokens
be
in
place.
B
Falcon
to
be
able
to
interpret
and
validate
this
summer
to
token
is
indeed
a
valid
token
and
the
user
is
a
value
user
to
be
authenticated
so
for
both
I
think
can't
need
this
plugin
to
be
able
to
understand
someone
to
talk.
Hopefully
that
address
your
question
John
next
one
is
the
update.
What
kind
of
performance
impact
can
we
expect
that's
from
action?
B
B
B
A
A
A
No
worries
cool,
well,
I,
think
that
was
all
of
the
questions.
Thank
you
so
much
gank
Sam.
Hence
you
guys
were
awesome.
Thank
you
very
much.
That
was
our
last
user
call
for
2022
and
yeah
I
want
to
wish
all
of
you
the
great
great
rest
of
the
Year.
Merry
Christmas
happy
New
Year,
if
you're
celebrating-
and
we
hope
to
see
you
in
2023
for
all
of
our
next
events,
bye.