Merge pull request #201 from f5devcentral:lad-matt

update api

Author: MattDierick

docs/class4/module1/lab2/lab2.rst

@@ -1,5 +1,5 @@
-Protect the modern API application with F5XC - static protection
-================================================================
+Start Protecting the modern API application with F5XC
+=====================================================
 
 Assign OpenAPI spec file to the LB
 ----------------------------------
@@ -55,68 +55,3 @@ Assign the API definition to the LB
    .. image:: ../pictures/api-protection.png
       :align: center
       :scale: 70%
-
-|
-
-Apply API Protection rules
---------------------------
-
-Understand the difference between API Protection and API Validation
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Before enforcing any policy, it is important to understand the differences between ``API Protection`` and ``API Validation`` (+API Discovery)
-
-In the slide below, you can understand the difference:
-
-* API Protection only allow ``known API endpoints and methods`` and does not enforce responses.
-   * API Protection is ``Failed-Close`` by design
-
-* API Validation ``validates`` the OpenAPI Spec (OAS) file with methods, endpoints and parameters. It validates also the responses.
-   * API Validation is ``Failed-Open`` by design
-
-* API Discovery is on top of ``API Validation`` and provides discovery of unknown specifications (methods, endpoints and parameters)
-   * API Discovery can be used alone without API Validation if API Dev can't deliver the OAS file.
-
-.. image:: ../pictures/slide-api-protection.png
-   :align: center
-   :scale: 40%
-
-
-Create the default API Protection rule
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-In this lab, we will create an ``API Protection rule`` to enforce and allow only ``known specifications``. The endpoints defined in the OAS files are:
-
-* /adjectives
-* /animals
-* /locations
-
-.. note:: As a reminder, the endpoint ``/colors`` is not defined in the OAS file, and the base path is ``/api/``
-
-#. Edit your "sentence-re-lb" application LB
-#. Go to ``API Protection`` - ``API Protection Rules`` and click ``configure``
-
-   .. image:: ../pictures/api-protection-rules.png
-      :align: center
-      
-#. Click on ``Configure in Server URLs and API Groups`` and create the following two rules. Don't forget to click on ``Apply``
-  
-   #. Rule 1: allows the methods and endpoints defined in the OAS file.
-
-      .. image:: ../pictures/allow-all-rule.png
-         :align: left
-         
-   #. Rule 2: deny the rest
-
-      .. image:: ../pictures/deny-unknown.png
-         :align: left
-       
-#. You should now have 2 rules. Save all your configurations.
-
-   .. image:: ../pictures/all-rules.png
-      :align: center
-      :scale: 50%
-
-#. Save and Exit.
-
-.. note:: You are good to test your first API Protection Load Balancer in F5 Distributes Cloud

docs/class4/module1/lab3/lab3.rst

@@ -16,25 +16,3 @@ Test your modern API application protection
 
       curl -H "Content-Type: application/json;charset=UTF-8" http://sentence-re-$$makeId$$.workshop.emea.f5se.com/api/locations
 
-   .. note:: The 3 calls are successful because there are defined in the OAS file (method + endpoint)
-
-#. Now, run the below call
-
-   .. code-block:: none
-
-      curl -H "Content-Type: application/json;charset=UTF-8" http://sentence-re-$$makeId$$.workshop.emea.f5se.com/api/colors
-
-   .. note:: This call is denied because not part of the OAS file
-
-Check the logs
---------------
-
-* Go to the security dashboard (Overview > Security)
-* Scroll down and click on your ``sentence`` LB
-* Click on ``Security Analytics``
-
-.. note:: Scroll and search for API events
-
-.. image:: ../pictures/api-protect-event.png
-   :align: center
-

docs/class4/module2/lab1/lab1.rst

@@ -1,16 +1,8 @@
 Enable API validation
 =====================
 
-In the previous section, we enabled API Protection. API Protection is based on rules (allow, deny), but API Validation goes deeper into the validation.
-
 API Validation validates the requests and the responses, but also the content (JSON payload) based on the OpenAPI Specifications.
 
-As a reminder, this is the difference between Protection and API Validation. 
-
-.. image:: ../pictures/slide-api-protection.png
-   :align: center
-   :scale: 40%
-
 .. note:: As an example, API Validation validates if the value of a JSON key matches the specifications (integer, string, array ...)
 
 Example below
@@ -60,7 +52,7 @@ Example below
                 id: 4
                 name: worried
 
-Having said, let's enable API Validation, and disable API Protection. It does not make sense to use both at the same time except if you need a specific rule for a specific endpoint.
+Having said, let's enable API Validation.
 
 Update your API Load Balancer
 -----------------------------
@@ -69,13 +61,7 @@ Update your API Load Balancer
   You can bypass this section if you are not part of an official F5 training, and continue to the API Discovery lab.
 
 .. note:: Please don't open support ticket to increase this quota. This is done by F5ers in charge of the trainings (Matthieu Dierick, Sorin Boiangiu)
-
-* Edit your Load Balancer and remove all API Protection rules (click on Reset Configuration and confirm)
-
-   .. image:: ../pictures/api-protection-reset.png
-      :align: left
-      :scale: 50%
-
+  
 |
 
 * Enable API Validation for ``All Endpoints``