Attribute locking in the Configuration Center

Change management involving different configuration stages (e.g., test, integration, production) can be tedious. Most configuration attributes are typically shared across all stages while some are stage-specific. The same applies to setups with multiple tenants. While there may be a common base configuration, each tenant deviates from the base in one or the other way.

Using "attribute locking", Airlock Gateway administrators can separate common attributes from attributes specific to a certain stage or tenant. When a configuration has changed and is pushed through stages (or rolled out to new tenants), all common attributes will be automatically updated while specific attributes will be left untouched.

Attribute locking is supported for all mapping attributes except the mapping name. In order to activate attribute locking on a mapping, select the mapping and enable locking using the "Locking" toggle button located above the tab headers. When locking is enabled, a locking symbol appears on the left side of each attribute:

Icon	Description
	The attribute is locked. When a source mapping is applied to this mapping, this attribute will keep its value.
	The attribute is not locked. When a source mapping is applied to this mapping, the value of this attribute will be updated as well.

The locking states are part of the configuration and saved along with all attribute values. Click on the locking icon to change the locking state of the corresponding attribute.

Various configuration attributes are organized in tables or lists (e.g., request/response actions, response rewrites, deny rules and their exceptions). For entries corresponding to an Airlock Gateway default element, such as the default request actions or default deny rules, the locking state can be chosen individually. That is, for each default request action, the activation state can be locked separately. For custom elements (e.g., custom actions, allow rules, or deny rules), locking is done on the surrounding table or list.

Attributes of default deny rules are covered by two locking symbols: the first symbol on the left side covers the activation state, the log-only flags and the security level of a deny rule group. The second locking symbol in the exceptions columns covers all the exceptions for a deny rule group and the contained rules.

Attribute locking involves a source and a target mapping configuration. Source mappings can be applied to target mappings. That is, all unlocked attributes on the target mapping are overwritten and copied from the source mapping. Locked attributes on the target mapping remain untouched. There are three ways of applying a source mapping to a target mapping (detailed below):

1. Importing a Source Mapping (GUI)
2. Importing a Source Mapping (REST API)
3. Application of a Source Mapping

In the reverse proxy view, mappings can be imported by clicking on the "+" icon and selecting "Import...".

For mappings that already exist on the current system, the administrator gets three options:

• Apply unlocked settings. If this option is selected, the imported mapping is treated as the source mapping and applied to the existing target mapping.
• Replace existing element. The existing mapping is replaced by the imported mapping. This also includes locking states of attributes.
• Import as a new copy. The mapping is imported with a "Copy-of-" prefix to prevent a naming conflict.

Right next to the "Locking" toggle button, a dropdown list presents all mappings configured on the current system. At the bottom of the list, all mappings available from installed mapping templates are listed as well. By selecting a source mapping and clicking on "Pull Settings", all attributes of the source mapping are applied to the currently selected mapping.

The selection of a source mapping is saved as part of the target mapping configuration and can thus be reused later on. For instance, a test mapping could be permanently selected as a source mapping on the corresponding production mapping. Whenever settings on the test mapping change, these settings can be applied to the production mapping simply by clicking the "Pull Settings" button on the production mapping again.