►
Description
For our July User Call, join Sven Walther, Principal Solutions Engineer EMEA, to talk about “Using OpenAPI to automatically configure the Kong Gateway”.
We are going to automate the creation of Kong services, routes and plugin configurations only based on an OpenAPI file. The tools we will use next to Kong itself are Insomnia/inso-cli, decK and the Kong Ingress Controller.
A
Well,
hello:
everyone
thanks
to
all
of
you
who
are
joining
us
today.
My
name
is
dalia
spaceva.
I'm
part
of
the
developer
marketing
team
here
at
kong
and
I'd
like
to
welcome
you
all
to
our
july
user
call.
So
today
we
have
a
very
special
presentation
for
you
coming
from
sven
walter,
who
is
a
principal
solutions
engineer
here
in
emea
he
will
talk
to
us
about
how
to
use
open
api
to
automatically
configure
the
com
gateway.
So
we
will
take
all
the
questions
in
the
end
of
the
presentation.
A
Please
feel
free
to
drop
them
in
the
q,
a
section
or
in
the
chat.
At
the
end
of
the
presentation,
I
will
also
fix
the
settings,
so
you
can
unmute
yourself
and
ask
the
questions
if
you'd
like
and
yeah
with
that,
I
will
hand
it
over
to
sven.
Take
it
away.
Please.
B
So
today's
session
will
be
about
how
can
we
automate
the
full
configuration
of
the
con
gateway
only
based
on
an
open
api
file
without
doing
anything
manual
in
between
in
general?
This
talk
will
be
less
than
an
hour,
so
we
have
on
our
blog,
so
we
will
take
way
less
than
an
hour.
We'll
have
plenty
of
time
for
questions
afterwards
and
there,
and
if
you
finish
early,
that
would
also
be
fine.
B
So,
let's
get
started,
and
I
also
see
questions
so
just
ask
them
and
you'll
answer
them
later
on.
So,
first
of
all,
let's
talk
about
one
more
thing.
Now,
the
one
more
thing
is
we
as
kong.
We
are
hosting
our
summit,
our
conference
in
san
francisco,
and
the
good
news
is
this
year,
it's
once
again
in
san
francisco,
so
it
has
been
virtual,
the
last
two
times
because
well
we
all
know
why
and
it's
coming
back
to
being
in
persons
one
in
san
francisco.
B
B
So,
let's
start
thinking
about
what
is
one
of
the
major
use
cases.
Why
kong
is
that
successful?
I'm
personally
in
the
ibm
space
since
many
years,
and
one
of
the
reasons
why
I
have
joined
kong
roughly
four
years
ago
in
the
early
days
is
exactly
about
this
one
statement
and
those
having
seen
me
in
the
past.
I
know
I'm
telling
this
every
time
I'm
showing
kong.
Everything
in
kong
is
an
api.
B
Really
everything
is
api,
so
we
have
been
built
from
the
ground
up
being
automated
in
every
kind
of
aspect
for
you
as
the
open
source
users.
That's
even
the
only
way
to
configure
it.
Everything
is
not
an
api,
so
you
would
have
no
user
interface,
nothing
to
click.
You
do
everything
in
an
automated
fashion
anyway.
B
So
let's
try
first
working
with
the
api
and
create
a
service
which
we
want
to
expose
using
our
existing
gateway.
So
we
will
use
this
command
line
here,
but
you
can
use
anything
to
automate
com.
You
can
use
curl
scripts.
You
can
use,
as
I
will
do,
hd
pi,
which
is
a
similar
tool,
but
it
is
more
fancy
than
that
and
you
can
use
your
ansible
script.
You
can
use
github
actions.
The
azure
pipeline.
You
can
use
insomnia.
B
So,
let's
do
that!
Here's
the
first
hands-on
thing,
so
we
have
here
a
running
installation
on
my
local
host.
So
I
can
just
say
I
want
to
create
a
new
service,
so
I'm
going
to
the
services
endpoint
on
my
sim.
I
want
to
call
it
my
service
and
there's
a
url,
so
we
want
to
take
something
like
an
open
endpoint
in
the
internet.
B
We
will
just
take
hdbin.org,
we
just
say
we
want
to
get
that
in
our
system,
so
we
have
already
created
a
service
in
our
gateway
and
then
we
go
ahead
and
we
want
to
also
get
a
route.
So
someone
can
access
it.
So
we
say
for
that
service
we
want
to
create
a
route
and
the
pass
would
be
something
like
my
service,
for
example.
B
So
this
automation
yeah
that
you
can
create
services
and
routes
which
are
then
already
active.
So
we
can
just
verify
that
by
just
looking
if
this
is
working
go
into
our
proxy
and
check.
If
we
do
have
the
my
service
endpoint
answering
in
our
proxy-
and
indeed
it
does
so
we're
getting
it
from
kong
in
there,
this
has
been
ground
breaking
when
we
released
com.
Initially,
this
is
the
first
major
thing
why
people
come
to
kong
when
they
think
about
automation.
Everything
is
api
and
we
really
mean
everything,
but
times
have
changed
yeah.
B
This
is
still
an
awesome
feature,
but
it's
the
so-called
imperative
way
of
configuring
things.
So,
where
you
specify
exactly,
I
want
to
have
this
service.
I
won't
have
this
route
exactly
now.
Please
do
it
right
now,
that's
called
imperative,
so
we
go
ahead,
and
nowadays
we
talk
now
more
about
the
idea
of
what
is
about
a
declarative
configuration
yeah
everything
nowadays.
What
you
do
everywhere
is
not
a
rest
api
anymore
with
conversion.
This
is
about
yaml
files.
Think
about
it
everything
everywhere.
B
Every
kind
of
automation
tool
nowadays
has
switched
to
a
yaml
file
configuration
which
is
called
declaration,
because
we
just
explain
what
we
want
to
make
as
a
result,
and
then
the
system
has
to
see
how
it
comes
to
that
to
do
so,
there's
a
tool
which
we
also
write
as
open
sourced
next
to
kong.
So
you
can
put
it
into
your
machine
where
you're
running
your
csd
pipelines,
this
tool
is
called
deck
deck
by
the
way
declarative
configuration
of
cong.
B
That's
what
it
stands
for
is
a
tool
where
you
can
configure
kong
completely
based
on
a
yaml
file.
I
have
a
very
short
version
of
a
yaml
file
here
you
can
see
here.
I
want
to
create
obviously
a
service
to
the
same
back-end
system,
and
I
want
to
create
a
new
route
in
here.
What
you
do
is
you
use
this
dac
file
and
then
configure
cong
using
it.
So
let's
do
that.
B
I
have
this
yaml
file
here
on
my
local
hard
disk
and
you
can
just
say
deck
sync
yeah
based
on
which
xml
file-
and
they
do
have
here
this
yellow
file,
which
you
are
just
seeing
here
and
then
you
can
specify
if
you
want
to
right
everything
or
if
you
want
to
say
only
a
specific
subpart
should
be
overwritten.
We
can
have
text
everywhere,
as
you
might
know,
in
kong,
so
we
say
I
only
want
to
create
a
new
definition
in
here.
B
What
we
have
gotten
now
is
another
service
in
kong
and
another
routing
con,
and
it's
the
same
instance.
So
we
can
still
use
the
rest
api
and
see
which
services
do
we
have
and
we
will
see
we
do
have
here
our
yaml
service
and
we
do
have
the
original
mysteries
which
created
using
the
rest
api.
So
the
same
system,
you
can
define
what
makes
the
most
sense
for
you,
configuring
it
maybe
even
doing
a
mixture,
maybe
one
department
that
does
one
way
the
other
one
is
the
other
way.
B
So
it's
the
same
system
just
a
different
way,
which
you
can
use
additionally
to
configure
kong.
So
how
do
we
get
such
files?
Yeah?
We
can
create
a
manual,
we
can
go
ahead
and
adjust
it
and
create
that
file
in
a
manual
way,
because
I
know
the
format.
It's
quite
easy,
quite
readable,
and
I
can
just
add
anything
I
wanted
there.
Plugins
consumers
whatever
is
in
there.
A
second
way
to
get
such
a
file
would
be.
B
We
can
also
use
the
deck
tool
and
say:
please
dump
me
the
current
configuration
of
that
cluster
to
my
local
hard
disk.
I
just
say
deck
dumb.
What
I'm
getting
now
is
a
combined
other
file
of
everything
available
in
my
cluster,
so
I
could,
for
example,
see
here
I
do
have
here
my
service.
I
credit
this
to
my
service
to
rest
api
yeah
with
this
corresponding
route,
and
then
we
see
here
I
do
have
here
the
yamaha
cells
that
just
created
using
the
yaml
file
and
they
can
change
things
here.
B
For
example,
I
can
go
ahead
and
say
my
service.
I
want
to
change
that
that
it's
also
available
using
my
rest
created
service,
for
example,
that
should
have
two
listeners.
The
dactyl
has
more
things
like
detective
yeah.
What
would
change
if
I
apply
that
one
it
will
say?
Okay,
I
will
update
that
exactly
one
thing:
yeah,
this
path
will
be
added
in
here
and
dex
will
send
that
back
into
my
running
cluster.
B
This
is
the
way
how
I
would
say
nowadays
in
a
fresh
installation
and
new
engagement
I
have
with
customers.
Everybody
wants
to
go
so
the
operator
fail
using
the
rest.
Api
is
something
which
you
can
do
things
very
quickly
and
try
it
out,
but
in
real
world
csd
pipeline
that
happens
normally
based
on
the
deck
level
format,
but
still
yeah.
If
you
look
at
our
topic
today,
I
have
not
spoken
about
open
api
so
far,
so
where
do
we
get
that
open
api
from
waiting
an
open
eye
into
such
an
installation?
B
So
let's
go
to
the
next
step.
Let's
say
we
want
now
to
use.
Oh
there's
one
more
thing
and
you
can
do
the
same
thing
with
kubernetes
ingress
resources.
Also
yaml
files,
yeah
same
idea
same
idea,
concept
services
described
in
there
and
then
you
would
use.
Instead,
you
see
an
apply
so
whatever
you
prefer,
you
can
do
it.
So
let's
talk
about
our
main
topic:
open
api.com,
so
this
is
a
typical
open
api.
I
just
have
used
it
very
typical
pet
store
one
to
give
you
an
example
which
everybody
knows
now.
B
B
B
Maybe
rightly
just
open
it,
let's
take
this
one,
no
documentation
dependencies
at
least
yet
here
is
so.
We
have
all
the
documentation
also
available
in
here,
where
you
can
automate
the
pros.
The
processing
of
an
open
api
into
number
file
understands,
and
you
can
do
that
for
both
the
yaml
format
from
deck,
but
also
for
the
english
controller.
So
that
would
be
a
way
yeah.
B
In
the
end,
let
me
show
you
what
insomnia
looks
like
to
give
you
a
first
feeling,
and
then
we
will
look
how
we
can
use
this
tool
to
get
from
an
open
api
where
we
have
described
the
servers,
the
paths
and
even
plugins
to
services
router
plugins
in
our
comm
world,
so
first
of
all
yeah
insomnia
available
at
insomnia.dressed
as
the
homepage.
If
you
want
to
download
it,
you
just
go
there
and
get
it
so
insomnia
gives
you
first
of
all
an
editor
for
an
open
api
file.
B
B
The
first
important
use
case
is
here
on
that
small
triangle
and
we
have
here
an
open
api
file
and
we
have
here
an
option
to
say:
please
export
that
open
api
to
declarative
configuration
so
we're
getting
here
a
file
understood
by
deck,
which
we
have
used
recently
or
we
can
see
here.
We
get
kubernetes
increased
resources,
which
can
also
be
done.
So
we
can
just
say
I'm
having
your
open
api.
B
I'm
copying
that's
to
my
clipboard
and
then
putting
it
on
my
local
artist
and
then
I
can
use
deck
to
sync
that
into
my
con
installation
that
we
will
see
in
a
second,
but
before
we
do
so
some
more
things.
We
are
talking
about
automation
and
we
do
have
an
open
api.
B
B
So
you
can
just
click.
I
want
to
see
them
by
text
and
get
get
find
by
text.
I
want
to
find
it
by
id
I'm
getting
here
by
id
and
I
can
just
make
calls-
and
I'm
getting
here,
for
example,
that
pet
id
number
nine
I've
set
it
here
up
in
my
test
environment,
I'm
getting
here
kind
of
start
assault,
for
example.
B
B
So
we
can
do
tests.
I
do
here
test
first
up,
I
pass.
Is
there
status
property
and
is
the
status
and
this
one
in
fact
sold,
and
they
say?
Yes,
it's
starter
sort,
as
we
have
just
seen
in
our
manual
tests
now
we
just
saw
it
start
or
sold
and
that's
exactly
what
our
tests
are
doing
here.
I
will
come
back
to
that.
Why
is
that
important
later,
but
now,
let's
think
about
again,
we
are
exporting
here
decorative
configuration
and
can
copy
it.
Nobody
wants
to
click
such
things
yeah
in
a
pipeline.
B
So
we
will
instead
of
using
this
copied
version.
Do
the
next
thing
yeah
we
do
have
not
only
insomnia,
which
can
do
that.
All
we
have
just
seen
his
creatures,
and
there
is
the
next
one,
which
is
called
enzo
cli
in
the
cli
same
homepage,
once
again,
insomnia
addressed
is
the
command
line
version
of
insomnia
having
basically
the
same
functionality,
so
I
just
put
in
here
the
enzo
help.
So,
for
example,
it
can
do
a
lint
checking
or
another
example.
B
It
can
generate
a
deck
file
or
a
congress
resource
a
file
in
here
by
just
using
those
parameters.
So
the
same
thing
which
we
just
did
with
clicking
it
in
an
automated
flow
would
be
lumps
like
that.
I
want
to
generate
a
configuration,
then
I
have
to
define
which
open
api
file
I
want
and
then
which
output
file
I
want
to
have.
So
I
go
ahead
and
go
into
my
open
api
folder.
B
I
do
have
here
this
pet
store
with
kios
the
one
we
have
just
seen
in
our
example
in
insomnia,
and
I
just
execute
that
command
and
I'm
getting
automatically
now
a
new
file,
as
defined
here
pet
store
tag
import.
If
you
look
at
this,
let's
look
at
pet
store
deck
import.
You
can
see.
We
are
getting
the
now
already
known
to
us
format
of
deck
where
we're
getting
services
and
we're
getting
all
the
different
routes
extracted
from
that
open
api
file.
B
B
We
instead
will
now
use
the
deck
tool
now
to
import
that
we
have
now
imported
that
into.
B
I
will
now
import
that
into
our
installation,
so
we
have
created
that
file
and
now
we
know
this
newly
created
file
and
import
it
into
our
running
com
cluster
again.
So
what
is
the
command
yeah?
It
is
tag
sync
yeah
string
it
into
my
running
installation,
but
that's
the
source
file,
and
here
I
will
also
set
some
text
so
that
I
can
later
on
auto
apply
configurations
to
them.
B
So
you
can
see,
we
have
created
one
service
called
swagger
pet
store.
We
have
here
multiple
routes,
yeah
for
all
the
difference,
find
pets
by
status
and
so
on,
based
on
the
open
api
file-
and
we
even
have
one
plug-in
in
here.
So
why
is
the
plug-in
in
there?
You
might
remember
that
we
have
the
ability
here
I
said
on
the
post.
Call
you
have
this
x,
hyphen
kong,
minus
plugin,
special
tag.
This
you
can
use
for
any
plugin.
I
see
questions
already.
B
I
will
answer
them
later
in
more
detail,
but
you
can
use
any
plugin
in
here.
Any
plugin
can
be
used
and
then
you
can
just
say,
for
example,
here
config
and
then
you
would
say
parameter
one
is
a
whatever.
So
anything
you
would
configure
on
a
plugin.
You
can
do
also
here
for
any
plugin
and
you
can
define
them
globally,
as
also
here
as
I
do
here
on
the
route
level.
B
So
that's
what
has
happened.
We
have
created
all
those
different
passes
as
routes
and
con
and
they
should
work
now.
So,
let's
test
them
yeah
for
testing
insomnia.
Once
again,
it's
a
nice
tool.
Now
we
can
just
say
we
do
have
different
environments
and
they
would
have
the
live
font
at
pet
store
which
we
have
used
before
now.
I
can
go
to
localhost
so
my
base
url
is
now
in
fact,
switching
to
my
localhost
installation,
and
I
can
say,
can
I
now
do
the
same
call
again
against
localhost
and
yes,
it's
localhost.
B
You
can
see
it's
coming
through
kong
yeah
via
kong
in
the
end
here,
and
also
you
can
run
once
again
the
same
tests
if
you
want
against
the
local
one
and
still
we
get
all
everything
is
passed.
So
that's
already
a
fully
imported
configuration
out
of
an
open
api
file.
We
cannot
use
it
manually.
You
can
just
say
give
me
on
my
proxy
pads,
the
id
let's
say:
eight.
B
B
So
we
have
seen
that
we
have
something
about
the
plugin
attached.
Let's
validate
that,
so
we
have
seen
it
was
defined
in
the
open
api
on
the
post
endpoint.
So
if
someone
wants
to
create
something
in
that,
he
needs
to
have
an
api
key.
So
if
I
try
to
post
something
in
here,
our
api
will
deny
it
because
we
say
there
is
not
the
I
key
in
place.
B
This
all
is
affect
everything
we
need
to
do.
Yeah.
We
have
the
full
flow
already
up
and
running
now.
So
if
we
look
at
the
full
flow,
how
it
could
look
like,
I
do
have
here
created
a
small
batch
script.
The
first
thing
is
something
I
have
not
even
shown
that
I
can
also
do.
For
example,
validations
yeah.
The
introsomia
tool
commander
can
just
do
the
same
things
as
the
big
window
desktop
application.
So
I
can,
for
example,
check.
Is
this
a
valid
open
api
file?
If
it
would
not
be
available?
B
Maybe
I
filed
the
whole
flow
would
make
no
sense.
We
could
just
stop
our
completion
here.
Then
we
can
run
the
same
tests
yeah.
We
have
just
seen
where
we
are
just
seeing
that
we
have
this
all
passing.
Then
we
are
generating
using
indegenerate,
config
or
deck
file,
and
then
we
are
striking
that
into
our
running
cluster,
and
this
is
a
typical
example
how
customers
are
using
the
whole
flow.
So
I
can
just
do
the
same
thing
from
opm
to
kong
that
everything
we
have
just
done
now
we
are
checking.
Is
it
available?
B
B
As
a
last
thing,
everything
I
have
shown
you,
I
have
created
a
small
github
repository.
I
will
chat
the
link
in
a
in
a
second
everything
on
my
github,
where
all
the
examples-
the
open
api
files,
the
script
we
have
just
been
running,
the
the
deck
commands
everything
machine,
including
the
slides
we
have
just
seen
here-
is
available.
So
if
you
just
look
at
this
one
in
here,
you
are
getting
on
github
and
all
the
yaml
files,
the
example
yaml
file.
We
have
used
for
the
first
explanation.
We
see
audio
api
file.
B
We
even
see
an
example
for
the
invis
controller,
which
we
have
not
really
touched
on
right
now,
but
if
you
want
to
go
to
english
way,
instead,
you
can
use
this
one,
and
then
we
have
all
the
open
api
files
yeah
one
with
out
and
plug-in
configured
one
with
the
plugin
configured
and
then
the
whole
flow.
We
have
just
run
automatically
as
a
batch
tip
plus
in
the
end,
the
same
slides
as
we
have
just
seen
here
on
our
call.
B
So
that's
what
I
wanted
to
show
you
today
for
my
customers,
I'm
talking
regular
on
this
is
the
end
goal
of
their
automation
pipeline,
because
that
means
that
in
the
end
they
can
fully
automate
everything
based
on
a
file.
Everybody
understands
without
them
needing
to
know
about
kong.
At
all.
B
You
can
just
say
we
are
creating
an
open
api
file
and
then
you
can
even
choose
if
it's
really
manually
like
written
by
someone
in
insomnia
or
if
it's
coming
something
from
an
automated
flow
like
springboot,
where
you
have
this
slash,
swagger.json
endpoint
automatically
so
generated
by
code,
where
it's
coming
from
your
beta.
I
we
don't
care
yeah,
we
just
need
to
have
it
as
a
source
and
you
can
just
have
a
script,
curl
download
it
and
then
use
insole
cli,
convert
it
and
make
a
deck
import
in
there.
B
A
Thank
you
so
much
sven.
That
was
awesome.
Let's
start
with
the
q,
a
section
I
think
most
of
the
questions
are
there
yeah
awesome.
B
So
we
do
have
the
question
here.
Looking
at
the
yaml
configuration
makes
me
wonder
if
there
are
sdks
for
kong,
are
there
any
such
sdks
for
kong?
There
is
not
a
direct
sdk
for
creating
the
yaml
files,
so
you
have
tools
like
that.
We
just
have
seen
the
open
api.com,
which
auto
generate
those
files,
but
you
can
also
use
kong,
as
you
have
just
seen
to
generate
examples.
Live
customers
putting
something
in
a
con
gateway,
a
short
living
instance
and
just
dumping
that
configuration
and
then
use
that
as
a
basement
for
undead.
B
The
second
question
is
about
insomnia:
can
manage
complex
comp
plugins
like
open
connect;
indeed
it
can
any
plug-in
can
be
configured
I'm
using
there.
So
if
you
want
to
see
some
more
complex
examples
which
I
have
in
mind
here,
like
the
open
connect,
one
which
I
have
not
shown
today
out
of
the
reason
we
are
focusing
today
on
open
source-
and
I
do
not
want
to
show
you
enterprise
plugins,
but
you
can
do
really
here.
Config
configurations
like
client
id
client
secret
claims,
three
direct
urls.
B
Anything
like
that
urls
everything
which
is
configurable
on
the
plugin
can
be
attached
here
to
this
configuration,
if
you
just
say,
config
and
then
all
the
parameters
all
plugins
can
be
configured
in
there.
B
Do
deck
work
with
congress
controller
or
only
with
services,
routes,
deck
and
conquer
controller
are
two
different
way
to
achieve,
basically
the
same,
so
they
do
not
work
with
each
other
yeah.
They
just
do
this
similar
things
on
different
locations.
Deck
is
the
tool
to
configure
kong.
Regardless,
where
kong
is
running,
you
can
use
use
kong
to
configure
a
used
deck
configure
kong
on
an
ec2
instance.
You
can
run
it
on
on
a
virtual
machine
locally.
You
can
do
it
on
a
kubernetes
cluster.
B
Wherever
you
have
access
to
the
administration
api
of
kong,
you
can
use
deck
to
configure
con.
The
ingus
controller
with
the
same
idea
is
for
the
kubernetes
english
resources
only
so
you
can
choose
which
one
you
prefer.
I
have
even
customers
doing
both
they
say
they
do
have
apis
running
in
kubernetes
for
those
apis.
B
They
are
using
the
ingress
controller
to
configure
everything
what
is
already
in
that
kubernetes
cluster,
but
they
also
do
have
then
apis
being
outside
of
the
kubernetes,
where
I
say
that
we
have
still
have
some
older
apis,
which
we
still
want
to
use
kong,
and
then
they
use
deck
to
configure
those.
Even
an
extra
okay,
next
questions.
B
Can
you
clarify
something
about
dick
if
you
save
your
confidence
as
individual
file,
a
service
with
its
routes
and
begins,
you
see,
do
you
have
to
pass
all
of
the
files
to
dachshund
or
do
you
have
to
have
everything
tagged?
First,
if
you
have
a
deck
dump
or
a
handwritten
deck
file,
and
you
make
a
deck
sync
with
any
without
any
text,
and
you
can
write
the
text
both
in
the
yaml
file
or,
as
I
just
did
in
my
example,
I
have
put
them
into
the
zip
command.
B
So
if
you
look
here
the
command
we
have
been
using
in
here,
I
put
it
here
in
the
select
tag
in
here,
but
it
can
also
be
in
the
yaml
file
itself.
B
If
you
don't
do
that,
you
have
to
if
neither
of
those
are
set
call
will
see
this
as
a
full
new
configuration
and
replace
everything
in
your
cluster,
so
never
make
a
deck
string
without
any
text.
If
you
don't
want
to
re-sync
everything
in
your
cluster,
having
text
is
something
crucial
for
you.
Otherwise,
if
you
say
you
want
to
change
one
thing,
you
have
to
just
put
one
deck
file
in
there
and
you
have
already
99
services
applied
in
there.
B
If
you
don't
have
any
text
in
place,
99
get
deleted
and
you
get
one
afterwards
in
the
cluster,
so
be
careful
always
have
text
when
working
with
that
and
you
can
also
generate
them
from
the
open
api.
For
example,
that's
something
many
customers
do
or
in
a
csd
pipeline.
You
can
also
auto
generate
them,
maybe
based
on
the
github
repo
name
or
something
like
that,
but
have
text
attached.
Otherwise,
you
get
everything,
gets
synced
and
may
be
wiped.
B
Next
one
does
comp
provide
any
tools
to
for
fuzzy
testing
apis
dennis
daniels.
Can
you
go
on
microphone
and
give
me
some
insight?
What
you
mean
by
fuzzy
testing
here.
A
Hello,
hello:
I
was
wondering
about
the
being
able
to
throw
fuzzy
tests
or
fuzz
testing
using
your
tool
to
verify
whether
or
not
the
api
is
going
to
respond
properly
or
respond
correctly.
If
somebody's
trying
to
if
somebody's
trying
to
attack
the
api
or
manipulate
the
api
in
an
undesired
manner
so
fast.
B
B
Yeah
the
two
answers
to
the
question,
the
first
one,
so
it
has
no
artificial
intelligence,
doing
fuzzy
things
on
our
side,
but,
as
you
have
seen
on
the
side,
while
deploying
it
yeah,
you
have
those
tests
here
which
can
be
as
complex
as
you
want.
Oh
that's,
the
other
one,
that's
the
one.
We
have
just
got
the
time
now,
so
we
have
here
all
those
tests
and
they
can
be
as
complex
as
you
want.
You
can
inject
here
anything
it's
in
india
and
javascript,
where
you
can
do
be
very
creative
on
your
tests.
B
B
The
second
thing
and
that's
another
thing
which
I
on
purpose,
have
not
shown
because
it's
an
enterprise
feature,
and
we
can
also
make
sure
that
everything
which
is
incoming
conforms
to
these
standards
having
been
defined
in
the
open
api
file.
So,
for
example,
in
this
here
I
do
have
said-
I
do
have
your
parameters
and
those
parameters
are
in.
Where
are
they?
They
are
type
integer
and
they
are
query
parameter
or
they
are
in
the
past,
and
all
things
have
integer
between
0
and
10..
B
This
information
you
can
provide
in
the
open
api
and
down
here
you
see,
I'm
enabling
here
another
plugin
called
the
request.
Validator
and
the
only
thing
I'm
doing
is
I'm
activating
it.
I'm
not
configuring,
I'm
just
saying:
please
do
it
and
insomnia
or
in
social
I
will
automatically
say
okay.
I
know
this
plug-in.
B
I
will
generate
the
corresponding
json
schema
definition
for
the
plugin
called
request
for
the
data
and
then
every
call
which
which
is
incoming
will
be
validated
against
this
schema
and
say
if
you
are
not
providing
an
integer
between
0
and
10,
the
gateway
itself
will
already
deny
that
call
before
it
even
hits
the
backend
system.
B
If
you
want,
I
can
show
that
at
the
end.
I
do
not
want
to
show
an
enterprise
feature
yet
because
this
recreational
data
plugin,
is
an
enterprise
only
plugin,
so
I
can
show
it
if
you
want
at
the
end.
B
B
Share
a
recent
business
case
of
how
congress
deck
was
used
business
cases.
Oh,
I
like
that
one
yeah
in
general,
we
have
many
customers
which
are
more
and
more
saying
open.
Api
is
the
central
point
of
truth
for
everything
it's
for
about
this
specification
before
they
even
code.
It's
like
a
contract
in
there,
so
that
gets
in
the
direction
of
quality
and
the
business
case
behind
the
set
that
nothing
goes
wrong
with
developing.
B
So
they
say
we
know
in
advance
what
we
want,
and
we
don't
have
this
typical
cycle
between
business
ones
develop
a
little
something
different
and
back
and
forth.
So
we
can
just
say:
okay,
we
have
agreed
on
that
one,
so
it's
taken
in
there.
So
the
business
case
here
is
a
shorter
cycle
on
the
creation,
the
deck
one
then
is
shrinking
down.
First
of
all,
the
csd
pipeline.
So
it's
way
more
easy
because
you
already
have
that
open
api
file.
So
you
don't
need
to
have
special
tools.
B
You
need
to
create
and
people
being
trained.
Yeah.
That's
also
cast
a
cost,
a
block
in
there
trained
to
use
kong,
even
though
kong
is
way
easier
than
any
other
gateway
in
the
market.
You
still
have
to
learn
something
through
this,
so
if
you
use
augur
vi,
no
training
of
admins
is
needed
at
all,
and
that
brings
me
to
the
last
and
biggest
cost
savings
thing.
That
means
you
can
roll
out
all
your
apis
to
the
con
gateway.
Basically,
without
doing
anything
you
just
need
to
have.
B
If
you
have
open
apis,
which
you
normally
should
have
already,
you
can
just
completely
roll
out
the
con
gateway
configuration
from
your
existing,
so
migration
use
cases
are
very
thankful
things
for
that.
We
just
say:
if
you
have
your
api,
just
make
a
pipeline
push
them
into
kong
and
you
have
all
of
them
running
in
congress.
So
it's
in
the
end.
It's
all
about
agility
and
time
to
market,
which
are
the
use
cases
behind
deck
in
here.
B
Is
there
a
way
to
use
the
kong
library
insomnia
without
adding
annotations
to
open
file,
otherwise
between
open
api
and
conc?
Yes,
there's
a
second
way
to
do
so,
so
you
can
say
I
want
only
have
to
have
a
vanilla,
open
api
file,
like
my
the
one,
without
a
plug-in.
So
I
have
it
even
here
as
an
example
in
that
folder.
So
if
you
look
here
that
the
vanilla
pet
store
yaml
file,
there
is
no
plug-in
configuration
there.
B
Wherever
it's
coming
from
and
the
the
important
part
would
be
here,
then
you
would
say
the
pet
store
deck
and
they
would
say
another
one
as
a
my
plugin
configs
dot
number,
where
that
is
coming
from
that's
up
to
you
yeah,
but
you
can
have
multiple
source
files
in
one
deck
soon
command,
and
this
then,
would
only
host
the
conspiracy
things
and
that
would
only
host
the
ones
coming
from
open
api,
but
they
would
be
seen
as
one
input
and
then
would
be
synced
in
one
go.
B
Hi
for
existing
ipis
configured
in
hong
kong
is
there
any
tooling
that
could
take
the
config
and
create
open
api
specs.
In
fact,
we
have
done
that
in
the
past,
so
there
was
a
tool
in
our
enterprise
offering
where
we
had
a
tooling,
where
we
did
it
the
other
way
round.
B
We
have
decided
to
discontinue
this
I
think
a
year
ago
than
I
did
because,
let's
all
be
honest,
all
the
generated
open
api
files
which
are
not
coming
from
the
code
yeah.
The
code
knows
a
lot,
the
gateway
knows
about
routes
and
then
parameters,
maybe
but
not
really,
details
about
it.
B
They
were
just
not
quality
enough,
so
we
have
said
it's
there's
no
real
values.
We
had
them
in
place.
We
have
customers
using
them.
They
got
their
open
api
files,
but
the
real
world
uses
was
saying:
okay,
yeah,
okay,
it's
maybe
even
easier
to
start
writing
it
from
scratch
than
starting
with
the
skeleton
where
we
have
to
anything
manual.
So
we
have
this
continued
features
because
it
was
not
the
real
world
feature
being
used.
B
Could
you
talk
about
the
benefits
of
using
deck
versus
terraform?
Well,
it's
not
an
either
or
so
many
people
you
are
using
at
the
deck
tool
in
the
terraform
script
somewhere.
If
you
have
an
automation,
flow,
very
auto,
generating
all
configurations
for
kong
in
a
terraform
yeah.
If
it's
already
in
place,
go
ahead
with
that,
if
you
say
it's,
it's
better!
Your
csc
pipeline
go
ahead
with
deck.
What
you
get
out
of
the
box
is
a
functional
tool
which
already
has
all
the
string
capabilities
in
kong
up
and
running.
B
B
Any
support
for
schema
validation-
I
just
talked
about
that
and
I
said
I
will
show
that.
Maybe
in
the
very
end
it's
an
enterprise
feature.
But
yes,
then
we
have
the
validation
in
place.
Also
based
on
the
open
api
file,
can
we
integrate
portal
department?
Yes,
another
enterprise
feature.
I
see
here
a
pattern.
Everything
in
kong
is
an
api,
so
the
portal
deployment
in
the
end.
B
So
if
we
look
at
our,
we
do
have
our
headstock
file,
for
example
the
open
api
file
and
there
you
can
use
this
one
and
just
say
in
our
comp
portal.
Let
me
just
validate.
I
have
one
enabled,
because
I
was
not
ready
to
look
if
I
should
get
an
enterprise
feature,
but
it
should
be
one
there
right,
you
see.
Is
there
an
enter
portal
up
and
running
on
my
machine?
B
Yes,
so
we
do
have
here
an
example.
One
was
in
there
and
then
I
can
just
go
ahead
and
say
I'm
accessing
in
an
automated
flow,
this
develop
portal
and
say:
please
update
the
specification
also
to
documentation
purposes.
I
will
just
say:
put
it
in
a
path
called
specs:
let's
stay
with
the
same
name
and
then
also
get
the
contents
from
that
file.
So
that's
something
outside
of
deck.
That's
something
that
we
have
everything
as
an
api.
B
So
we
can
update
the
documentation
in
our
developer
portal,
and
I
see
speaker
might
be
a
bad
example
because
I
already
have
speaker
examples
here
have
a
second
person,
but
you
see
there's
a
second
one.
Now
on
version
one
zero,
zero
one
version
o2,
which
one
have
we
just
uploaded
pet
store
deck
imports.
B
So
we
have
just
uploaded
the
version
with
one
or
two:
that's
only
just
uploaded
india,
so
yeah,
that's
something
we
typically
do
in
the
full
flow,
where
we
go
from
the
open
api
from
the
design
phase
up
to
the
documentation
phase
in
the
same
script,.
B
Next
one,
could
you
discuss
role
of
chrome,
developer
portal
in
conjunction
with
obvious
articles
of
config
language
such
as
dag
yeah
developer
portal
is
about
documentation,
as
we
can
see
here,
it's
about
documentation
and
getting
the
people
to
know
how
it
works
and
that
can
be
based
on
the
same
api
file
so
but
the
deck
is
configured
the
gateway,
so
it
does
the
enforcement
of
routes
and
services,
whereas
the
developer
is
about
documentating
due
to
the
outside
world.
B
So
that
is
why
how
they
work
together
and
there
is
no
hard
linkage,
so
we
can
have
files
using
deck
for
the
gateway,
but
there
is
no
must
have
in
the
dev
portal
and
also
not
the
other
way
around
yeah.
Next,
one
with
insomnia
is
it
possible
to
manage
multiple
spec
files
within
the
same
git
repository?
B
No,
no,
it's
one
workspace.
So
it's
one
gift
repository
per
web
project,
but
it's
one
insomnia.
Many
different
documents
can
be
deployed,
but
it's
different
repositories
so
typically
also
one
open
i5
belongs
to
one
back
end
and
that
has
the
same
repository.
Normally,
how
are
you
handling
the
publicity
exposed
swagger?
How
we
have
just
seen
that
a
little
bit
there's
something
you
need
to
do
in
between
yeah?
We
just
just
have
published
now
the
hope
api
file
just
for
the
developer
portal.
B
The
one
thing
you
need
to
do
is
somehow
exchange
the
host
name,
at
least
depending
on
which
you
prefer
I
use
for
that.
The
tool
called
yq
yq
is
like
jq
for
those
knowing
that
one
tool,
a
tool
which
you
can
use
to
on
the
fly
exchange
values
in
a
younger
file.
So
I
have
in
my
csd
background.
One
of
the
steps
is
that
I
take
the
op
api
file
and
exchange
the
internal
hostname
with
the
external
gateway
host
name,
and
then
I'm
exporting
it
to
the
dev
portal.
B
B
Yes,
kind
of
it
depends
on
how
they
look
like,
for
example,
let's
see
here
our
pet
store
again,
we
have
here
all
those
different
paths
in
there
and
there
should
be
hopefully
something
here.
We
have
here:
pet
id
yeah
pad
slash
pet
id.
If
you
look
at
to
that
route
and
I've
used
the
comm
manager
to
visualize
that
yeah,
if
you
look
at
that
created
route
on
our
server,
so
we
have
our
swagger
pet
store
and
look
at
the
route
which
one
did
we
have.
B
It
was
get
by
deep
find
pets
by
text
by
start
those
I'm
giving
all
of
them
get
by
id,
get
back
pi
id,
and
then
our
route
automatically
extracts
that
it
needs
to
be
here.
A
value
in
there
which
you
can
use,
then
for
extract
information.
So
we
are
using
here
a
regular
expression
automatically
and
extracted
the
data
and
can
do
them
later
on
something
like
that
closing
once
again,
enterprise
feature
only
manager
next
one.
Where
can
we
find
documentation
of
what
enzo
can
do
with
kong
plugins,
for
example,
the
validation?
B
Again
we
just
saw.
How
can
we
configure
how
to
insomnia
create
the
configuration
by
also
going
to
drive
the
plugins
things
yeah?
That
is
in
fact,
and
I'm
not
sure
why
npm
is
not
rendering
this
right
now.
That
is
all
documented
here
on
that
page,
but
somehow
the
npm.js.com
page
has
some
issues
and
we
should
solve.
We
just
have
to
wait
long
enough
and
here's
everything
explained
how
to
work
with
plugins
here
talks
about
the
request
for
data
plugins:
how
about
security?
How
can
I
make
all
tools
correct?
B
B
Sanitizing
you
mean
if
you
want
to
remove
the
x
minus
com
plug
in
things.
The
answer
is
yes,
so
we
are
not
touching
the
open
api
itself,
so
you
can
do
something
like
I
just
did
with
iq,
which
I
fse
would
start
with
x,
minus
kong
yeah
just
remove
that
in
one
go
and
the
last
one,
and
then
we
will
as
an
extra
bonus
to
the
orchestra
data
one
hi.
B
B
Customers
either
have
one
or
two
of
them
that
you
can
do
it
in
one
dev
portal,
based
on
the
permission
structure
that
you
say
everybody
gets
as
a
dev
portal,
but
not
everybody
sees
everything
so
intel
users
just
see
more
than
that
many
customers
make
want
to
have
it
hardly
cut
just
auto
regulations,
as
I
say
they
want
to
have
an
external
developer
portal.
At
the
next
delivery
portal,
the
deck
configuration
has
nothing
to
do
with
the
dev
portal.
That
configuration
is
about
the
gateway
configuration
of
the
developer
partner
configuration
okay.
B
That
was
the
last
one
and
now,
as
promised
one
more
thing
about
that.
You
see
a
live
example
how
we
can
use
the
validation
in
there,
and
I
do
have
this
other
uad
generator
service
in
here.
Maybe
I
see
we
have
this
plug-in
enabled
and
we
do
have
some,
for
example,
delay
parameter
between
0
and
10.,
so
this
is
example
I
have
laying
somewhere
else.
I
might
also
put
that
later
on
on
the
github
for
you,
that
you
can
also
see
that
minecd.
B
B
Getting
now
for
this
one
here,
a
new
service
called
uid
generator
service
yeah,
with
all
the
query,
delay
get
and
so
on,
and
then
delay
yeah,
the
one
we
just
looked
at.
We
could
automatically
attach
the
request
to
a
data
plugin
that
is
coming
from
this
small
tag.
Yeah
we
want
to
have
it
enabled
and
then
inso
has
to
generate
automatically
schema,
which
can
have
a
body
schema.
That
was
a
question
we
had
also
previously.
We
can
also
do
it
on
the
body.
B
We
can
see
a
parameter
schema,
we
say:
there's
a
delay
parameter,
it's
required.
Why
is
it
required?
It
says
here
it's
the
path,
it's
required
true,
so
we
extracted
it
from
the
open
api
it's
in
the
past
and
it
should
be
in
the
chart
between
zero
10
and
we
can
just
try
that
out
and
we
can
go
ahead
and
make
some
calls
and
say
we
say
http
on
our
proxy
slash
delay.
The
first
thing
say
without
the
delay.
We
don't
even
say
it's
a
valid
call
yeah.
B
Then
we
can
try
one
two:
three,
which
is
more
than
ten
yeah,
so
alternate
conform
to
the
schema
and
then,
if
you
go
with
one,
we
are
getting
a
response
x,
so
we
can
make
all
those
checks
based
on
your
maybe
high
five,
by
the
way,
the
last
one
more
thing
in
here.
If
you
say
I
want
to
be
more
helpful
than
that
to
my
users,
you
can
configure
how
the
plugin
should
behave.
B
So
I
can
just
go
ahead
and
change
the
behavior
of
that
plug-in
now
manually,
but
you
could
also
automate
it.
Obviously,
you
can
just
say
give
them
some
more
hints
yeah
and
then
it
will
tell
by
the
way
it
is.
It
needs
to
be
smaller
than
10..
So
it
can
it's
a
little
bit
security
discussion.
Do
you
want
to
give
those
hints
to
developers
or
not,
if
you
want
just
say
wrong
or
right,
yeah,
that's
the
one
setting
and
the
other
one.
B
Okay,
that
has
been
a
lot
of
questions
any
more
questions.
We
will
open
up
the
microphone
here
as
far
as
I
know,
so
any
direct
interaction
is
now
very
well
welcome.