Apigee known issues

You're viewing Apigee X documentation.
View Apigee Edge documentation.

This section lists known issues for Apigee components. For a list of bugs, new features, and other release information, see Release notes.

Issue ID	Affects	Status	Description
N/A	• Apigee hybrid 1.7.x • Apigee hybrid 1.6.x	OPEN	`apigee-logger` not working on Anthos BareMetal with CentOS or RHEL. After migration of `apigee-logger` from `fluend` to `fluent-bit` in Apigee hybrid version 1.6.6, the logger stopped working on Anthos BareMetal with CentOS or RHEL.
N/A	• Apigee hybrid 1.7.x • Apigee hybrid 1.6.x • Apigee hybrid 1.5.x	OPEN	Deleting an environment and recreating it with the same name may lead to proxies not being deployed. When creating new environments do not re-use deleted envrionment names. If you delete an environment and recreate it with the same environment name, proxies can fail to deploy to the new environment.
N/A	• Archive deployments	OPEN	Managing and debugging Apigee archive deployments in the UI is not supported In the Apigee UI, you cannot view, confirm deployment status, or manage your archive deployments, as described Deploying an API proxy, or use the Debug UI as described in Using Debug. As a workaround, you can use gcloud or the API to List all archive deployments in an environment and use the Debug API.
N/A	• Archive deployments	OPEN	Rolling back an archive deployment is not supported Rolling back an archive deployment is not currently supported. To remove a version of an archive deployment you need to either redeploy a previous version of an archive or delete the environment.
N/A	• Apigee in VS Code	OPEN	Google Authentication in policies is not supported in Apigee in Visual Studio Code (VS Code) Google authentication in ServiceCallout and ExternalCallout policies, as described in Using Google Authentication, is not supported in Apigee in VS Code.
N/A	• Integrated portal	OPEN	SmartDocs Apigee supports OpenAPI Specification 3.0 when you publish your APIs using SmartDocs on your portal, though a subset of features are not yet supported. For example, `allOf` properties for combining and extending schemas. If an unsupported feature is referenced in your OpenAPI Specification, in some cases the tools will ignore the feature but still render the API reference documentation. In other cases, an unsupported feature will cause errors that prevent the successful rendering of the API reference documentation. In either case, you will need to modify your OpenAPI Specification to avoid use of the unsupported feature until it is supported in a future release. When using Try this API in the portal, the `Accept` header is set to `application/json` regardless of the value set for `consumes` in the OpenAPI Specification.
N/A	• Integrated portal	OPEN	Portal admin Simultaneous portal updates (such as page, theme, CSS, or script edits) by multiple users is not supported at this time. If you delete an API reference documentation page from the portal, there is no way to recreate it; you'll need to delete and re-add the API product, and regenerate the API reference documentation. When customizing your portal theme, it may take up to 5 minutes for changes to fully apply.
N/A	• Integrated portal	OPEN	Portal features Search will be integrated into the integrated portal in a future release.
N/A	• Integrated portal	OPEN	SAML identity provider Single logout (SLO) with the SAML identity provider is not supported for custom domains. To enable a custom domain with a SAML identity provider, leave the Sign-out URL field blank when you configure SAML settings.
N/A	• Apigee X	OPEN	API Monitoring and Cloud Monitoring show abnormal spikes API Proxy request and response counts (for proxy and targets) show abnormal spikes Here is a sample showing such a spike: (view larger image) Due to a bug, the system registers the count incorrectly for a brief period and the count is corrected. This happens where there is a reduction in API traffic (which results in a scale down of API gateways). To distinguish actual spikes in requests vs. this issue, please consult the API Analytics page (specifically the Proxy Performance and Target Performance pages) Affected Metrics: `apigee.googleapis.com/proxyv2/request_count` `apigee.googleapis.com/proxyv2/response_count` `apigee.googleapis.com/targetv2/request_count` `apigee.googleapis.com/targetv2/response_count`
231758700 231976420	• Apigee hybrid 1.7.x • Apigee hybrid 1.6.x • Apigee hybrid 1.5.x	OPEN	Apigee Hybrid Dockerhub customers unable to pull images with Docker Content Trust enabled. Users are encountering the following error when pulling images for Apigee Hybrid from Docker Hub: `ERRO[0001] Metadata for targets expired`. This applies to the following hybrid components: `google/apigee-authn-authz` `google/apigee-mart-server` `google/apigee-runtime` `google/apigee-synchronizer` Workaround If you encounter this error, you can use one of the two following workarounds: Switch to using `gcr.io/apigee-release` to pull hybrid images. Disable docker content trust by setting the `DOCKER_CONTENT_TRUST` environment variable to `0`
229639530	• Apigee hybrid 1.7.x • Apigee hybrid 1.6.x • Apigee hybrid 1.5.x	OPEN	When installing Apigee hybrid on OpenShift, under certain circumstances the runtime pod can become stuck in initialization mode. On OpenShift, after running `apigeectl init`, the runtime pod can become stuck in initialization mode. To avoid this, try the following workaround: Edit the file `plugins/open-shift/scc.yaml` and insert the line - system:serviceaccount:{{ .Namespace }}:default under the line `system:serviceaccount:{{ .Namespace }}:{{ .Logger.PodServiceAccountName }}` in the specifications for apigee-logger scc. Run `apigeectl init` again. Verify that the users section has both `default` and `apigee-logger-apigee-telemetry` services accounts with the following `oc` command: oc get scc apigee-apigee-logger -o yaml The output should resemble: users: - system:serviceaccount:apigee:default - system:serviceaccount:apigee:apigee-logger-apigee-telemetry
225169066	• Apigee hybrid 1.5.9 • Apigee hybrid 1.5.8 • Apigee hybrid 1.5.7	FIXED IN Apigee hybrid 1.5.10	Cassandra backup and restore not working when `http_proxy` is enabled. Cassandra backup and restore will work when `http_proxy` is enabled. This has been fixed in Apigee hybrid v1.5.10
221305498	• Apigee X	OPEN	API Monitoring may display fault code of '(not set)'. API Monitoring of Configurable API Proxies may display a fault code of '(not set)' for responses with a non-2xx status from the target.
216018530	• Apigee hybrid 1.6.x • Apigee hybrid 1.5.x	OPEN	Disabling the Hybrid logger by setting `logger.enabled` to `false` may not result in the deletion of existing logging agents. The customer may need to also execute kubectl -n <namespace> delete ds apigee-logger-apigee-telemetry where `<namespace>` is the namespace where Hybrid was installed, by default apigee.
209097822	• Apigee hybrid 1.5.0 and later • Apigee X	OPEN	Dynamic updates to rate in spike arrest may not reflect immediately For a particular key, if there is continuous traffic, the key may not be rate limited at the updated rate. If there is five minutes of no traffic for a particular key, the rate will be reflected. Workaround: Redeploy the proxy with a new reference variable if the rate has to take effect immediately. Or use two conditional spike arrests with different flow variables to adjust the rate.
207762842	• Apigee hybrid 1.7.x • Apigee hybrid 1.6.x • Apigee hybrid 1.5.x	OPEN	Logs not shipped to Cloud Logging by apigee-logger. Current `apigee-logger` configurations, including liveness probes, are incompatible with the Kubernetes runtime, resulting in logs not being shipped to Cloud Logging as expected. This problem also causes the `apigee-logger` pods to crash regularly. This issue affects Apigee hybrid installations on AKS, Anthos Bare Metal, and other platforms. Note that in some cases this issue results in excessive log volume.
207719377	• Apigee X	OPEN	If there is more than one SpikeArrest policy in a bundle, `502` errors will occur. Workaround: Avoid using more than one SpikeArrest policy in the proxy to prevent the issue.
205629443	• Apigee X	OPEN	If ServiceCallout is fire and forget (no `<Response>` tag), a race condition can occur if there is another policy that occurs after it. Workaround: To maintain the fire and forget behavior: Add `<Response>calloutResponse</Response>` to the ServiceCallout. Set `continueOnError` to `true`.
204943880	• Apigee hybrid 1.5.0 and later • Apigee X	FIXED IN Apigee hybrid 1.5.6	SpikeArrest and Quota policies in a shared flow If you are using the SpikeArrest policy in a shared flow, then the Identifier has the shared flow name appended, and the throttling limit is enforced for all the APIs that use the shared flow. Similarly, if you are using the Quota policy in a shared flow, the policy counters are updated for all the APIs that use the shared flow.
203827738	• Archive deployments	OPEN	Configurable API proxy without operations fails. Proxies that do not contain operations, or contain operations without HTTP matches, will return a `404` error code if the request path does not contain exactly one segment in addition to the basepath. For example, requests to `/basepath` will fail, but requests to `/basepath/user` may succeed. To prevent failure, add an `Operations` section with at least one `http_match` to your configurable API proxy.
203778087	• Apigee hybrid 1.6.2 • Apigee hybrid 1.6.1 • Apigee hybrid 1.6.0 • Apigee hybrid 1.5.5 • Apigee hybrid 1.5.4 • Apigee hybrid 1.5.3	OPEN	`apigee-stackdriver-logging-agent` currently runs as root. Workaround: Disable the logging agent on hybrid.
201429104	• Apigee X	OPEN	Wildcard in proxy basepath results in incorrect request path. Usage of a wildcard (``) in the proxy basepath of a configurable API proxy results in forwarding incorrect request paths to the backend target. To prevent incorrect request path forwarding, avoid using `` in the configurable API proxy basepath until the issue is fixed.
200918549	• Apigee hybrid 1.6.0	FIXED IN Apigee hybrid 1.6.1	There is a known issue with using forward proxy with the ApigeeConnect agent. To work around this issue, use the 1.5.x version of the ApigeeConnect agent by setting the 1.5.x tag in the `overrides.yaml` file. For example: connectAgent: image: url: "gcr.io/apigee-release/hybrid/apigee-connect-agent" tag: "1.5.4" .
191815997	• Apigee hybrid 1.6.2 • Apigee hybrid 1.6.1 • Apigee hybrid 1.6.0	OPEN	*If a hybrid customer configures a forward proxy for the API proxy, Google token will not work unless it has direct access to `.googleapis.com`.**
191745621	• Apigee hybrid 1.5.1 • Apigee hybrid 1.5.0	FIXED IN Apigee hybrid 1.5.2	*MART is not able to communicate with .googleapis.com via a Forward Proxy.**
191339147	• Apigee hybrid 1.5.0	FIXED IN Apigee hybrid 1.5.1	Updated env-scoped JavaScript resource file fails to update in runtime instance.
191291501, 191000617	• Apigee X	OPEN	Changing the email address of a developer entity will fail in the UI.
191002224	• Apigee hybrid 1.6.2 • Apigee hybrid 1.6.1 • Apigee hybrid 1.6.0 • Apigee hybrid 1.5.5 • Apigee hybrid 1.5.4 • Apigee hybrid 1.5.3 • Apigee hybrid 1.5.2 • Apigee hybrid 1.5.1 • Apigee hybrid 1.5.0	OPEN	Changing an email address fails while using the `PUT /organizations/{org_name}/developers/{developer_email}` API.
184555974	• Apigee hybrid 1.6.2 • Apigee hybrid 1.6.1 • Apigee hybrid 1.6.0 • Apigee hybrid 1.5.5 • Apigee hybrid 1.5.4 • Apigee hybrid 1.5.3 • Apigee hybrid 1.5.2 • Apigee hybrid 1.5.1 • Apigee hybrid 1.5.0	OPEN	The apigee-logger Fluentd can't parse logs in the OpenShift cluster.
178079779	• Apigee hybrid 1.4.0	FIXED IN Apigee hybrid 1.4.1	UDCA prevents file uploads UDCA encounters token generator issues with HTTP / HTTPS forward proxy, which prevent UDCA from uploading files.
175881688	• Apigee hybrid 1.4.0	FIXED IN Apigee hybrid 1.4.1	Return codes The Quota policy and the SpikeArrest policy return `500` instead of `429`.
175771199	• Apigee hybrid 1.4.0 • Apigee hybrid 1.3.5	FIXED IN Apigee hybrid 1.4.1	Generic DNS service endpoint Prior to Apigee hybrid version 1.4.1 Cassandra used a node-specific DNS service instead of a generic DNS service endpoint.
174166751	• Apigee hybrid 1.3.3	FIXED IN Apigee hybrid 1.3.4	Cassandra vertical scale-up using nodepools Cassandra vertical scale-up using nodepools does not work with Apigee hybrid version 1.3.3.
172653617	• Apigee hybrid 1.3.6 • Apigee hybrid 1.3.5 • Apigee hybrid 1.3.4 • Apigee hybrid 1.3.3	FIXED IN Apigee hybrid 1.4.0	API traffic interruption When a new proxy revision is deployed there can be an interruption to the API traffic.
172332786	• Apigee hybrid 1.3.6 • Apigee hybrid 1.3.5 • Apigee hybrid 1.3.4 • Apigee hybrid 1.3.3 • Apigee hybrid 1.3.2 • Apigee hybrid 1.3.1 • Apigee hybrid 1.3.0	FIXED IN Apigee hybrid 1.4.0	Unresolved request Double slashes (`//`) in a request can cause the request not to resolve. You can solve this by applying a configuration to your Istio ingress that filters for double slashes. See Remove double slashes from requests for instructions.
162759110	• Apigee hybrid 1.3.0	FIXED IN Apigee hybrid 1.3.1	Base path failure Base paths consisting of only `/` will fail. You must include a path after the `/`. For example: `/123` `/v1/customers/123`
146222881	• Apigee hybrid 1.6.2 • Apigee hybrid 1.6.1 • Apigee hybrid 1.6.0 • Apigee hybrid 1.5.5 • Apigee hybrid 1.5.4 • Apigee hybrid 1.5.3 • Apigee hybrid 1.5.2 • Apigee hybrid 1.5.1 • Apigee hybrid 1.5.0 • Apigee hybrid 1.4.5 • Apigee hybrid 1.4.4 • Apigee hybrid 1.4.3 • Apigee hybrid 1.4.2 • Apigee hybrid 1.4.1 • Apigee hybrid 1.4.0 • Apigee hybrid 1.3.6 • Apigee hybrid 1.3.5 • Apigee hybrid 1.3.4 • Apigee hybrid 1.3.3 • Apigee hybrid 1.3.2 • Apigee hybrid 1.3.1 • Apigee hybrid 1.3.0	OPEN	Invalid HTTP Header error Invalid HTTP Header error: The Istio ingress switches all incoming target responses to the HTTP2 protocol. Because the hybrid message processor only supports HTTP1, you may see the following error when an API proxy is called: `http2 error: Invalid HTTP header field was received: frame type: 1, stream: 1,` `name: [:authority], value: [domain_name]` If you see this error, you can take either of the following actions to correct the problem: Modify the target service to omit the Host header in the response. Remove the Host header using the AssignMessage policy in your API proxy if necessary.
143659917	• Apigee hybrid 1.3.1 • Apigee hybrid 1.3.0	FIXED IN Apigee hybrid 1.3.2	PopulateCache policy's expiration setting The PopulateCache policy's expiration setting must be set to an explicit value between 1 and 30. For example: `<ExpirySettings>` `<TimeoutInSec>30</TimeoutInSec>` `</ExpirySettings>`