API goes down on invalid YAML

[jmcarp]

I accidentally set Error Data / API Key Missing to a string that wasn't valid YAML. This seems to have thrown an caught error somewhere, because our entire API went down until I fixed the markup. I would expect the admin interface to refuse any invalid markup to protect careless people like me from themselves.

[GUI]

Thanks for reporting this and your help tracking it down. As we discussed, the issue was caused if you entered something like foo (without any key value pairs) into the error data YAML field. While we were already validating that the input was valid YAML, we had missed validating whether the parsed YAML was of the expected type (the top-level object must be hash in this case). When an unexpected type, like a top-level string, got entered what happened was that it override the default error variables, which meant when that specific error was being rendered, lot's of weird things may have happened, like the error response being without an HTTP status code (however, the bug should have only impacted the specific error responses and not the overall API).

I was pushing some other updates live, so I went ahead and added some fixes for this:

• https://github.com/NREL/api-umbrella-web/pull/18/files ensures that we get the expected object type from the parsed YAML.
• https://github.com/NREL/api-umbrella-gatekeeper/pull/18/files ensures that even if invalid, unexpected configuration gets into place our proxy will handle it a little more gracefully (a 500 internal server error will be returned and an error will be logged, rather than the odd http status codeless responses).

Thanks again!