Change CEL Path Strings to Support Only Major Policy Versions

[O-sura]

Purpose

This PR adds the modified CEL path strings required for parsing the default values inside the following policies

• advanced-ratelimit
• basic-ratelimit
• jwt-auth
• mcp-auth
• token-based-ratelimit

• Related Issue: Rename Gateway config fields with meaning full names api-platform#956

Summary by CodeRabbit

• Chores
  • Updated Advanced Rate Limit policy to v0.1.4, Basic Rate Limit to v0.1.3, JWT Authentication to v0.1.3, MCP Authentication to v0.1.2, and Token-Based Rate Limit to v0.1.1.
  • Standardized configuration reference paths across all rate limit and authentication policies.
  • Refined policy descriptions for improved clarity.

[coderabbitai]

Walkthrough

Multiple policy definition YAML files are updated with version increments (patch-level bumps) and all defaultValue references migrated from _v010 to _v0 configuration paths across rate-limiting, JWT authentication, and MCP authentication policies.

Changes

Cohort / File(s)	Summary
Policy Definition Configuration Updates policies/advanced-ratelimit/policy-definition.yaml, policies/basic-ratelimit/policy-definition.yaml, policies/jwt-auth/policy-definition.yaml, policies/mcp-auth/policy-definition.yaml, policies/token-based-ratelimit/policy-definition.yaml	Version increments applied across all policies. All wso2/defaultValue references updated from config.policy_configurations.*_v010.* to config.policy_configurations.*_v0.* for algorithm, backend, Redis, memory, JWT key management, and gateway host settings. Minor description text refinements in rate-limit and MCP policies.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 Hop hop, the configs now align,
From v010 to v0 they shine,
Five policies dance in harmony,
Versions bumped with certainty,
A cleaner path for all to find! 🎯

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description includes Purpose and a link to related issue, but lacks most required template sections (Goals, Approach, User stories, Release note, Documentation, Training, Certification, Marketing, Tests, Security, Samples, Migrations, Test environment, Learning).	Complete the PR description template by adding Goals, Approach, and other critical sections like Release note, Documentation, and test coverage information.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: updating CEL path strings to support only major policy versions across five policy files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

policies/token-based-ratelimit/policy-definition.yaml (1)

106-137: ⚠️ Potential issue | 🟠 Major

Fix config path naming convention mismatch in redis and memory sections.

The sub-key naming in this file uses concatenated lowercase (e.g., keyprefix, failuremode, maxentries), while both advanced-ratelimit and basic-ratelimit use snake_case for the same ratelimit_v0 config namespace (e.g., key_prefix, failure_mode, max_entries). Since all three policies resolve against the same configuration, only one convention can be correct — the other will fail at runtime.

Affected keys:

This file	advanced/basic-ratelimit
redis.keyprefix	redis.key_prefix
redis.failuremode	redis.failure_mode
redis.connectiontimeout	redis.connection_timeout
redis.readtimeout	redis.read_timeout
redis.writetimeout	redis.write_timeout
memory.maxentries	memory.max_entries
memory.cleanupinterval	memory.cleanup_interval

Update all wso2/defaultValue paths to use snake_case to match the other policies:

Proposed fix

-      "wso2/defaultValue": "${config.policy_configurations.ratelimit_v0.redis.keyprefix}"
+      "wso2/defaultValue": "${config.policy_configurations.ratelimit_v0.redis.key_prefix}"

-      "wso2/defaultValue": "${config.policy_configurations.ratelimit_v0.redis.failuremode}"
+      "wso2/defaultValue": "${config.policy_configurations.ratelimit_v0.redis.failure_mode}"

-      "wso2/defaultValue": "${config.policy_configurations.ratelimit_v0.redis.connectiontimeout}"
+      "wso2/defaultValue": "${config.policy_configurations.ratelimit_v0.redis.connection_timeout}"

-      "wso2/defaultValue": "${config.policy_configurations.ratelimit_v0.redis.readtimeout}"
+      "wso2/defaultValue": "${config.policy_configurations.ratelimit_v0.redis.read_timeout}"

-      "wso2/defaultValue": "${config.policy_configurations.ratelimit_v0.redis.writetimeout}"
+      "wso2/defaultValue": "${config.policy_configurations.ratelimit_v0.redis.write_timeout}"

-      "wso2/defaultValue": "${config.policy_configurations.ratelimit_v0.memory.maxentries}"
+      "wso2/defaultValue": "${config.policy_configurations.ratelimit_v0.memory.max_entries}"

-      "wso2/defaultValue": "${config.policy_configurations.ratelimit_v0.memory.cleanupinterval}"
+      "wso2/defaultValue": "${config.policy_configurations.ratelimit_v0.memory.cleanup_interval}"

[renuka-fernando]

Only failing tests that break the CEL config, hence +1

--- Failed steps:

  Scenario: Enforce rate limit on API resource # features/ratelimit.feature:28
    Then the response status code should be 429 # features/ratelimit.feature:65
      Error: expected status code 429, got 200

  Scenario: Multi-quota rate limit headers in IETF format # features/ratelimit.feature:68
    And the response header "X-RateLimit-Limit" should exist # features/ratelimit.feature:108
      Error: expected header "X-RateLimit-Limit" to exist

  Scenario: 429 response includes IETF RateLimit headers for violated quota # features/ratelimit.feature:120
    Then the response status code should be 429 # features/ratelimit.feature:163
      Error: expected status code 429, got 200

  Scenario: Rate limit headers are returned # features/ratelimit.feature:172
    And the response header "X-RateLimit-Limit" should be "100" # features/ratelimit.feature:205
      Error: expected header "X-RateLimit-Limit" to be "100", got ""

  Scenario: Custom rate limit error response # features/ratelimit.feature:209
    Then the response status code should be 429 # features/ratelimit.feature:246
      Error: expected status code 429, got 200

  Scenario: Basic rate limiting without cost extraction # features/ratelimit.feature:251
    Then the response status code should be 429 # features/ratelimit.feature:288
      Error: expected status code 429, got 200

  Scenario: Cost extraction from response body using echo backend # features/ratelimit.feature:290
    And the response header "X-RateLimit-Remaining" should be "50" # features/ratelimit.feature:337
      Error: expected header "X-RateLimit-Remaining" to be "50", got ""

  Scenario: API-level rate limiting with apiname key extraction # features/ratelimit.feature:356
    Then the response status code should be 429 # features/ratelimit.feature:419
      Error: expected status code 429, got 200

  Scenario: Updating API does not reset rate limit state # features/ratelimit.feature:426
    Then the response status code should be 429 # features/ratelimit.feature:466
      Error: expected status code 429, got 200

  Scenario: Multi-dimensional rate limiting with quotas # features/ratelimit.feature:507
    Then the response status code should be 429 # features/ratelimit.feature:574
      Error: expected status code 429, got 200

  Scenario: Per-quota cost extraction with multiplier # features/ratelimit.feature:589
    And the response header "X-RateLimit-Remaining" should be "50" # features/ratelimit.feature:636
      Error: expected header "X-RateLimit-Remaining" to be "50", got ""

  Scenario: Header-based key extraction for per-user rate limiting # features/ratelimit.feature:654
    Then the response status code should be 429 # features/ratelimit.feature:694
      Error: expected status code 429, got 200

  Scenario: Multiple limits per quota - enforces most restrictive limit # features/ratelimit.feature:704
    Then the response status code should be 429 # features/ratelimit.feature:751
      Error: expected status code 429, got 200

  Scenario: Cost extraction from request body # features/ratelimit.feature:801

  Scenario: Request with malformed *** is rejected # features/jwt-auth.feature:133
    Then the response status code should be 401 # features/jwt-auth.feature:166
      Error: expected status code 401, got 200

  Scenario: Request with wrong issuer is rejected # features/jwt-auth.feature:168
    Then the response status code should be 401 # features/jwt-auth.feature:201
      Error: expected status code 401, got 200

  Scenario: JWT authentication rejects wrong audience # features/jwt-auth.feature:240
    Then the response status code should be 401 # features/jwt-auth.feature:275
      Error: expected status code 401, got 200

  Scenario: JWT auth does not affect unprotected endpoints # features/jwt-auth.feature:314
    Then the response status code should be 401 # features/jwt-auth.feature:351
      Error: expected status code 401, got 200

  Scenario: Empty *** is rejected # features/jwt-auth.feature:353
    Then the response status code should be 401 # features/jwt-auth.feature:386
      Error: expected status code 401, got 200

  Scenario: Bearer-only without token is rejected # features/jwt-auth.feature:388
    Then the response status code should be 401 # features/jwt-auth.feature:421
      Error: expected status code 401, got 200