FAAST ZIP2P LIDET BL GET Output Expected

Migration Report – FAAST-ZIP2PLIDETBL_GET

Present

2-min readUpdated May 11, 2026

Copied Raw Markdown!

# Migration Report – FAAST-ZIP2P_LIDET_BL_GET

## Status: ✅ Implementation Complete

All 5 policies have been fully implemented and are ready for deployment
to Mule Flex Gateway. Stubs have been replaced with production-grade XML.

---

## Policy Inventory

| Policy File              | Apigee Origin           | Mule Target                          | Confidence | Status        |
|--------------------------|-------------------------|--------------------------------------|------------|---------------|
| AM-ASSIGNCSRFTOKEN.xml   | AssignMessage           | `ee:transform` + `os:retrieve`       | 0.82       | ✅ Implemented |
| BA-Authentication.xml    | BasicAuthentication     | DataWeave credential decoder         | 0.85       | ✅ Implemented |
| FC-Authentication.xml    | FlowCallout             | `flow-ref` orchestration flow        | 0.88       | ✅ Implemented |
| KVM-SAPBRIMCRED.xml      | KeyValueMapOperations   | `os:store` + `os:retrieve`           | 0.78       | ✅ Implemented |
| SC-GetCSRFToken.xml      | ServiceCallout          | `http:request` (CSRF handshake)      | 0.84       | ✅ Implemented |

---

## Flow Execution Sequence

```
Inbound Request (GET)
        │
        ▼
[FC-Authentication] ── HTTP Listener
        │
        ├─► [BA-Authentication]   Validate Basic Auth credentials
        │
        ├─► [KVM-SAPBRIMCRED]     Load SAP BRIM credentials from Object Store
        │
        ├─► [SC-GetCSRFToken]     Fetch / refresh X-CSRF-Token from SAP
        │
        ├─► [AM-ASSIGNCSRFTOKEN]  Attach CSRF token to outbound headers
        │
        └─► HTTP Proxy ──────────► SAP Backend (HTTPS)
```

---

## Pre-Deployment Checklist

- [ ] Update `application.properties` with real SAP host, paths, and credentials
- [ ] Encrypt sensitive properties using Anypoint Secure Properties Tool
- [ ] Configure ARM / Flex Gateway environment variables:
  - `sap.backend.host`
  - `sap.brim.username` / `sap.brim.password`
  - `sap.basic.username` / `sap.basic.password`
  - `sap.csrf.basePath`
  - `sap.csrf.path`
  - `objectStore.entryTtlUnit`
- [ ] Verify SAP CSRF handshake endpoint path in `application.properties`
- [ ] Run MUnit test suite: `mvn test`
- [ ] Package: `mvn clean package`
- [ ] Deploy to Flex Gateway: `mvn deploy` (with Anypoint credentials configured)

---

## Key Design Decisions

### KVM → Object Store
Apigee KVM has no direct Mule equivalent. The replacement uses:
- **Bootstrap scheduler** (runs at startup + every 55 min) to load credentials from secure
  properties into Object Store, mirroring KVM's role as a runtime credential store.
- **TTL of 3600 s** on store entries aligns with typical CSRF token lifetimes.

### CSRF Token Caching
- `SC-GetCSRFToken` fetches a fresh token and caches it in Object Store.
- `AM-ASSIGNCSRFTOKEN` reads the cache; triggers a refresh if the value is the
  `"fetch"` placeholder (set at bootstrap or after a 403 from SAP).

### Error Handling
- **401** – Missing or invalid Basic Auth → handled by `auth-error-handler`.
- **502** – SAP did not return a CSRF token → handled by `csrf-error-handler`.
- **503** – SAP backend unreachable → handled by `csrf-error-handler`.

Status: ✅ Implementation Complete URL copied

All 5 policies have been fully implemented and are ready for deployment to Mule Flex Gateway. Stubs have been replaced with production-grade XML.

Policy Inventory URL copied

Policy File	Apigee Origin	Mule Target	Confidence	Status
AM-ASSIGNCSRFTOKEN.xml	AssignMessage	`ee:transform` + `os:retrieve`	0.82	✅ Implemented
BA-Authentication.xml	BasicAuthentication	DataWeave credential decoder	0.85	✅ Implemented
FC-Authentication.xml	FlowCallout	`flow-ref` orchestration flow	0.88	✅ Implemented
KVM-SAPBRIMCRED.xml	KeyValueMapOperations	`os:store` + `os:retrieve`	0.78	✅ Implemented
SC-GetCSRFToken.xml	ServiceCallout	`http:request` (CSRF handshake)	0.84	✅ Implemented

Flow Execution Sequence URL copied

Inbound Request (GET)
        │
        ▼
[FC-Authentication] ── HTTP Listener
        │
        ├─► [BA-Authentication]   Validate Basic Auth credentials
        │
        ├─► [KVM-SAPBRIMCRED]     Load SAP BRIM credentials from Object Store
        │
        ├─► [SC-GetCSRFToken]     Fetch / refresh X-CSRF-Token from SAP
        │
        ├─► [AM-ASSIGNCSRFTOKEN]  Attach CSRF token to outbound headers
        │
        └─► HTTP Proxy ──────────► SAP Backend (HTTPS)

Pre-Deployment Checklist URL copied

Task
Update application.properties with real SAP host, paths, and credentials
Task
Encrypt sensitive properties using Anypoint Secure Properties Tool
Task
Configure ARM / Flex Gateway environment variables:
- sap.backend.host
- sap.brim.username / sap.brim.password
- sap.basic.username / sap.basic.password
- sap.csrf.basePath
- sap.csrf.path
- objectStore.entryTtlUnit
Task
Verify SAP CSRF handshake endpoint path in application.properties
Task
Run MUnit test suite: mvn test
Task
Package: mvn clean package
Task
Deploy to Flex Gateway: mvn deploy (with Anypoint credentials configured)

Key Design Decisions URL copied

KVM → Object Store URL copied

Apigee KVM has no direct Mule equivalent. The replacement uses:

Bootstrap scheduler (runs at startup + every 55 min) to load credentials from secure properties into Object Store, mirroring KVM's role as a runtime credential store.
TTL of 3600 s on store entries aligns with typical CSRF token lifetimes.

CSRF Token Caching URL copied

SC-GetCSRFToken fetches a fresh token and caches it in Object Store.
AM-ASSIGNCSRFTOKEN reads the cache; triggers a refresh if the value is the "fetch" placeholder (set at bootstrap or after a 403 from SAP).

Error Handling URL copied

401 – Missing or invalid Basic Auth → handled by auth-error-handler.
502 – SAP did not return a CSRF token → handled by csrf-error-handler.
503 – SAP backend unreachable → handled by csrf-error-handler.

Migration Report – FAAST-ZIP2PLIDETBL_GET

Status: ✅ Implementation CompleteURL copied

Policy InventoryURL copied

Flow Execution SequenceURL copied

Pre-Deployment ChecklistURL copied

Key Design DecisionsURL copied

KVM → Object StoreURL copied

CSRF Token CachingURL copied

Error HandlingURL copied