axway-api-management-plus / apimanager-swagger-promote Goto Github PK

In case if user's portal runs on http protocol but not on https, we have to get portal available on https to proceed with the script.
If the port is parameterized, user can proceed with whatever protocol he is using.

Do you have in mind to distribute this tool in central maven repositories?

Question
From the documentation, it seems the tool does not handle the retirement of APIs yet. Is there a plan to include this feature in the future? Also, is there a way to handle this case now?

Hi,
We usually create API manually through UI using swagger file for dev environment. For QA and above, we use our homegrown scripts to create API. They basically export API from DEv and import to target environment. During the process, we change below through scripting
api name - it is different in different environments
path - it is different in different environments
oauthurls - it is different in different environments
In the backend blob there is a string parameter basePath, we just find that and replace with value corresponding to environment.
These scripts were based on json structure of Front end API export from API manager ui. Process is working great.
Now we are trying swagger promote scripts in Dev environment. API is created and basic testing went well with swagger-promote 1521.
We tried to create API (created in dev using swagger promote 1521) in QA using our homegrown scripts described above, they failed to change basePath in backend as there is not such element. Also I noticed json structure when creating API through UI is different than through creating with swagger import scripts. But our homegrown scripts are based on UI created json structure. How can we retain the same structure with swaggerpromote scripts. I am attaching same APIS created using swagger promote 1521 (cat 6 swgimp1521 apmgr77.dat.txt), 153(cat 6 swgimp1521 apmgr77.dat.txt), manually created through ui using swagger file(cat 6 swgimp1521 apmgr77.dat.txt), our home grown expimp script (cat 6 swgimp1521 apmgr77.dat.txt). All these files are from API manager 7.7.
Please suggest solution so that we can continue using our home grown scripts for QA,stage/prod and swaggerpromote for dev.
Our plan is to use swagger promote in all envs but as that is in testing phase in in dev envs we are not planning at this moment.
Also when tested swagger promote1521 in API manager7.5.3, it produced different json format where I found host and basePath element in backend blob but host took the value of basePath and basePath got different value. Attaching that also for your reference (cat 6 swgimp 1521 apmgr753.dat.txt)
DO I need to add any elements in input config file to get exactly how it is coming when manually created through UI. Please suggest.

cat 6 swgimp 1521 apmgr753.dat.txt

cat 6 expimpscrpfrmswgimp153 apmgr77.dat.txt
cat 6 swgimp153 apmgr77.dat.txt
cat 6 swgimp1521 apmgr77.dat.txt
cat 6 ui apmgr77.dat.txt

Adding the ability to control which organizations should have access to the API.

The API-Developer will control it like this with the API-Contract:

{
   "name":"My great API",
   "path":"/api/v1/path/to/something",
   "state":"published",
   "version":"1.0.1",
   "organization":"API Development",
   "clientOrganizations":[
      "Consuming Org 1",
      "Consuming Org 2",
      "Consuming Org 3"
   ]
}

To give permission to all existing organizations:

{
   "name":"My great API",
   "path":"/api/v1/path/to/something",
   "state":"published",
   "version":"1.0.1",
   "organization":"API Development",
   "clientOrganizations":[
      "ALL"
   ]
}

Defining organizations will follow the same principle as all other API-Properties The API-Developer defines the desired-state, which will be replicated into the API-Manager.
In order to identify the actual state, the tool needs to iterate over all defined Orgs and get a list of APIs per org using the API-Manager REST-API.
With that the tool will perform only the required changes and perhaps do nothing, if all defined orgs already have permission to the API.

If an organization defined in the API-Contract isn't configured in the API-Manager, the tool will return with a unique error-code and print out all available organizations.

If the API-State is "unpublished", all configured organizations will be skipped and information is logged.

The tool will provide an option to ignore all configured organizations. This might be useful for instance to avoid on the production environment, that developers can control API-Permissions themselves.

When an API is in state Unpublished and the Swagger-File is updated, the change is detected, but not finally replicated into the API-Manager.

I have api TEST Minimum Stay (Category 06) Rules already defined and published. It has orgs ATP_ATP_Org, X91_91_Org,ATP_CUS_Org and Apps ATP_ATP_Apps, X91_91_App,ATP_CUS_App. But i could not get the image due to bug in 1.5.1.
Now I tried the same API to upload image with 1.5.2 release. In the the cofig file , I have everything same except the orgs and apps. ATP_ATP_Org, X91_91_Org .ATP_ATP_Apps, X91_91_App . If you notice, I dont have ATP_CUS_Org, ATP_CUS_App. I expected the api that was existed before is updated with latest orgs (ATP_ATP_Org, X91_91_Org) and apps (ATP_ATP_Apps, X91_91_App) and with image uploaded.
It seems it created new api with same name and path but failed with attached error.
If you see the attached log
2938 INFO APIChangeState| Changed property: applications[Desired: '[[ATP_ATP_Apps], [X91_91_App]]' vs Actual: '[[X91_91_App], [ATP_CUS_App], [ATP_ATP_Apps]]']
Desired state is correct. But when applying
6101 INFO APIManagerAdapter| Creating API-Access for the following apps: '[[X91_91_App], [ATP_CUS_App], [ATP_ATP_Apps]]'

Seems there is inconsistency here. As it failed with exception, I assume it could not deleted the old api leaving two apis at the end. Correct me if I am wrong.
1.5.2 img test issue.txt
1.5.2 img test issue.txt
1.5.2 img test issue.txt

If I want to do some post processing after I run the script, what are the ways? It would be nice if script return the generated API-ID for post-processing.
The scenario:
I create config file on the fly based on input parameters. If I want to update description markdown file path, I can do in config file at API level. But at the method description markdown file can be given after the API is created. I can use rest call to do. But how do i know the apiId that swagger script created? I can query based on api name using rest call but I am not comfortable as there may be multiple apis with same names .

Hello,
it seems that specific quota by application is not supported. It should be ok if the script doesn't remove already set quota. This information is lost. Unlucky It is the same behavior that we encouter in the ui. The official API seems to have the rigth behavior (/api/portal/v1.3/applications/:id/quota)

thnak you

Hi,

In some cases (till now I only notices this happens when the version in swagger was changed) the tool has trouble deleting old APIs after new one was created. The tool stays in that state "forever". No exception was thrown.
Either-way I think we need to set timeout for every client requests.

[INFO] 'Old' BE-API deleted.
154874 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies  - CookieSpec selected: standard
154874 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies  - Cookie [version: 0][name: APIMANAGERSESSION][value: 5a320823-a6e1-4bb3-aec3-ab98bbdcd11c][domain: xxxxxxxxxxxxxxxxxxxxxx][path: /api/portal/v1.3/][expiry: null] match [(secure)xxxxxxxxxxxxxxxxxxxxxx:443/api/portal/v1.3/proxies/d8ad0d7a-500f-4792-addf-49432b721515]
154874 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies  - Cookie [version: 0][name: APIMANAGERSTATIC][value: a9e1ae6f-5825-49f5-ab1d-01d6bcb99ac1][domain: xxxxxxxxxxxxxxxxxxxxxx][path: /][expiry: null] match [(secure)xxxxxxxxxxxxxxxxxxxxxx:443/api/portal/v1.3/proxies/d8ad0d7a-500f-4792-addf-49432b721515]
154874 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies  - Cookie [version: 0][name: ROUTEID][value: .2][domain: xxxxxxxxxxxxxxxxxxxxxx][path: /][expiry: null] match [(secure)xxxxxxxxxxxxxxxxxxxxxx:443/api/portal/v1.3/proxies/d8ad0d7a-500f-4792-addf-49432b721515]
154874 [main] DEBUG org.apache.http.client.protocol.RequestAuthCache  - Auth cache not set in the context
154875 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager  - Connection request: [route: {s}->https://xxxxxxxxxxxxxxxxxxxxxx:443][total kept alive: 0; route allocated: 2 of 2; total allocated: 2 of 5]

Best regards,
Vu

This appears to be a bug. To reproduce:

1. Create an API Config file with state=published and a vhost and run the script
2. Go into API Manager and unpublish the API
3. Run the script again

The result is that the vhost in API Manager is set to the ip address of API Manager (as if the vhost field was left blank when publishing from API Manager)

Hi @cwiechmann,

I cannot build the project due to missing parent dependencies in the modules.

[ERROR] [ERROR] Some problems were encountered while processing the POMs: [FATAL] Non-resolvable parent POM for com.github.axway-api-management-plus.swagger-promote:distribution:[unknown-version]: Could not find artifact com.github.axway-api-management-plus.swagger-promote:axway-swagger-promote:pom:1.6-SNAPSHOT and 'parent.relativePath' points at wrong local POM @ line 5, column 11 @ [ERROR] The build could not read 1 project -> [Help 1] [ERROR]

Is there any reason you don't use relativePath for the parent? If I remember correctly it was that way in the past, but changed in release 1.5.3.

Thanks
Vu

Is there a way that I can put method level markdown url in config file so that when api got created, it will get the markdown location for methods. For API level, I am able to do it but don't know how to configure for method level. Please suggest

We have security requirement not to expose passwords in plain text. Currently env.properties , we need to mention it as plain text. Is there a way to put as encrypted and your script will decrypt and connect to respective apimanager/gateway.

Does the tool has support to manage Remote Hosts? If not, is it planned or in your roadmap?

First, Thanks for the amazing tool!
Environment: Axway-7.5.3
Issue:

1. Create an api using the tool with the following config

{
   "name": "Test API",
   "path": "/api/v1.0",
   "state": "published",
   "version": "1.0.0",
   "apiDefinition": "../api.json",
   "organization": "API Development",
   "image": "../images/logo.png",
   "backendBasepath": "https://localhost",
   "securityProfiles": [
      {
         "name": "_default",
         "isDefault": true,
         "devices": [
            {
               "name": "API Key",
               "type": "apiKey",
               "order": 0,
               "properties": {
                  "apiKeyFieldName": "apikey",
                  "takeFrom": "HEADER",
                  "removeCredentialsOnSuccess": "true"
               }
            }
         ]
      }
   ],
   "applicationQuota": {
      "restrictions": [
         {
            "method": "*",
            "type": "throttle",
            "config": {
               "period": "seconds",
               "messages": 25,
               "per": 60
            }
         }
      ]
   }
}

2. Login to API Manager and Create an application and add access to the above created api
3. Change the swagger definition (eg. change any description to test redeployment using tool)
4. Deploy again using the tool is giving below error:

"Running API-Manager Promote version 1.5.2-1 ..."
0      INFO                   App| ------------------------------------------------------------------------
0      INFO                   App| API-Manager Promote Version: 1.5.2-1
1      INFO                   App|
1      INFO                   App| To report issues or get help, please visit:
8      INFO                   App| https://github.com/Axway-API-Management-Plus/apimanager-swagger-promote
9      INFO                   App| ------------------------------------------------------------------------
26     INFO  nvironmentProperties| Loaded environment properties from file: env.properties.
27     INFO  nvironmentProperties| Loaded environment properties from file: env.test.properties.
1203   INFO  IImportConfigAdapter| Reading API-Definition (Swagger/WSDL) from file: 'C:\repo\api.json' (absolute path)
1247   INFO     APIManagerAdapter| API-Manager version is: 7.5.3
1323   INFO     APIManagerAdapter| Found existing API on path: '/api/v1.0' (published) (ID: '3f6a33e7-0ff3-4c3c-9511-1fda69c96b56')
1769   INFO        APIChangeState| Changed property: serviceProfiles[Desired: '{_default=ServiceProfile [apiId=null, basePath=https://localhost]}' vs Actual: '{_default=ServiceProfile [apiId=null, basePath=https://there.is.no.host]}']
1813   INFO     APIManagerAdapter| Strategy: Going to update existing API: Test API (Version: 1.0.0)
1813   INFO     APIManagerAdapter| Recognized the following changes. Potentially Breaking: [serviceProfiles] plus Non-Breaking: []
1814   INFO     APIManagerAdapter| Strategy: Apply breaking changes: [serviceProfiles] & and Non-Breaking: [], for PUBLISHED API. Recreating it!
1817   INFO     APIManagerAdapter| Importing backend API (Swagger/WSDL Import)
1919   INFO     APIManagerAdapter| Create API-Proxy (Front-End API)
3110   INFO     APIManagerAdapter| Updating proxy for the following properties: caCerts securityProfiles serviceProfiles path version name
3204   INFO     APIManagerAdapter| Updating API-Image from: ../images/logo.png
3278   INFO     APIManagerAdapter| Updating API-Status from: 'unpublished' to 'published'
3370   INFO     APIManagerAdapter| Actual API state set to: published
3371   INFO     APIManagerAdapter| Updating Application-Default-Quota for API: Test API
3531   INFO     APIManagerAdapter| Application-Default quota successfully updated: Test API
3533   INFO     APIManagerAdapter| Creating API-Access for the following apps: '[[Test1 App 1]]'
3645   INFO     APIManagerAdapter| Creating API-Access for the following apps: '[]'
3646   INFO     APIManagerAdapter| Granting access to newly created API
3737   INFO     APIManagerAdapter| Taking over existing quota config for application: 'Test1 App 1' to newly created API.
3756   ERROR          RestAPICall| Response: 'HTTP/1.1 400 Bad Request'
3756   ERROR                  App| Can't update application quota.
3757   ERROR                  App| Can't update application quota.
com.axway.apim.lib.AppException: Can't update application quota.
        at com.axway.apim.actions.tasks.UpgradeAccessToNewerAPI.execute(UpgradeAccessToNewerAPI.java:90)
        at com.axway.apim.actions.RecreateToUpdateAPI.execute(RecreateToUpdateAPI.java:44)
        at com.axway.apim.swagger.APIManagerAdapter.applyChanges(APIManagerAdapter.java:162)
        at com.axway.apim.App.run(App.java:166)
        at com.axway.apim.App.main(App.java:43)

Swagger-Promote Version
1.6.0

API-Manager and Service-Pack Version
7.5.3 SP7

Expected behavior
The tool should validate the quota settings before applying them. The systemQuota Wiki example example incorrectly shows minutes instead of minute.

Actual behavior
The tool reports that the quota was successfully applied with period=minutes but API Manager shows the incorrect configuration.

Invoking the API causes a 500 at runtime.

Caused by: java.lang.IllegalArgumentException: No enum constant com.vordel.apiportal.runtime.quota.constraint.TimeWindowUnit.minutes
at java.lang.Enum.valueOf(Enum.java:238)

Test case sample

Create an API config as shown in the Wiki with period set to minutes instead of minute and run the tool. Check the configuration in API Manager.

To avoid inconsistency issues, Swagger-Promote must support some kind of Roll-Back mechanism.
If something goes wrong, while Creating or Re-Creating an API, any intermediary created artifact (BE-API, FE-API), must be deleted to leave a clean state.

Assume the following process required to re-create the API:
Create new BE-API/FE-API --> Configured FE-API --> Delete old FE- and BE-API
In case of an error this happens:
Create new BE-API/FE-API --> Configured FE-API --> Failure --> Duplicate APIs New- & Old-API
The following must happen with a Roll-Back feature:
Create new BE-API/FE-API --> Configured FE-API --> Failure --> Delete new FE- and BE-API

Originally posted by @cwiechmann in #73 (comment)

If, e.g, scripts/run-swagger-import.sh -a CalculatorREST.json -c CalculatorRest-promote.json ... is executed, an image cannot be found as /samples/images/sample-api-icon.jpg is tried.

Workaround:
Use scripts/run-swagger-import.sh -a CalculatorREST.json -c ./CalculatorRest-promote.json ...

I put /opt/axway/gateway-7.7/apigateway/groups/group-2/instance-1/conf/envSettings.props
env.APIIMAGES=/opt/axway/apiimages

In the config file (input to swagger promote), I used
"image": "${env.APIIMAGES}/Ticket.png"
But swagger promote script is throwing error
Running API-Manager Promote version 1.5.2-1 ...
0 INFO App| ------------------------------------------------------------------------
0 INFO App| API-Manager Promote Version: 1.5.2-1
0 INFO App|
0 INFO App| To report issues or get help, please visit:
0 INFO App| https://github.com/Axway-API-Management-Plus/apimanager-swagger-promote
0 INFO App| ------------------------------------------------------------------------
9 INFO nvironmentProperties| Loaded environment properties from file: env.properties.
816 INFO APIManagerAdapter| API-Manager version is: 7.7.0
940 INFO IImportConfigAdapter| Reading API-Definition (Swagger/WSDL) from file: '/opt/axway/pythonscripts/conf/apicreatejson/TESTMinimumStayCategory06Rules_transformed.json' (relative path)
942 ERROR App| Image not found in filesystem ('/opt/axway/pythonscripts/conf/apiconfigjson/${env.APIIMAGES}/Ticket.png') or Classpath.
com.axway.apim.lib.AppException: Image not found in filesystem ('/opt/axway/pythonscripts/conf/apiconfigjson/${env.APIIMAGES}/Ticket.png') or Classpath.
at com.axway.apim.swagger.APIImportConfigAdapter.addImageContent(APIImportConfigAdapter.java:622)
at com.axway.apim.swagger.APIImportConfigAdapter.getDesiredAPI(APIImportConfigAdapter.java:148)
at com.axway.apim.App.run(App.java:157)
at com.axway.apim.App.main(App.java:42)
retCode from swagger script: 0

This is due to value mentioned in envSettings.props not available to swagger promote. Is there a wat swagger promote can use envSettings.props file key value?

When API Manager's "API Portal" listener SSL certificate is issued by a self-signed certificate, we get a com.axway.apim.lib.AppException: Can't login to API-Manager
caused by a
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
My guess is this has something to do with the Apache http client settings, more precisely the TrustSelfSignedStrategy.
Unless it is expected to be implemented like that, maybe a TrustAllStrategy would work better.

When the tool really becomes a API-Manager CLI, meaning support more than only importing Swagger-Based APIs, we can consider WSDL-Support as well.

When having defined the following custom properties the app.config file can't be parsed:

    customPropertiesConfig: {
        user: {
            // custom properties...
        },
        organization: {
            // custom properties...
        },
        application: {
            // custom properties...
        },
        api: {
            contentBasedRouting: {
                label: 'Content Based Routing',
                required: false,
                help: 'Example: xml|https://abc.company.com:8080/api',
                regex: '^[0-9]{4}$',
                error: 'Strange error'
            }, 
            securityClassification: {
                label: 'Security classification',
                required: true,
            	type: 'select',
            	options: [
                	{value: 'public', label: 'Public'},
                	{value: 'private', label: 'Private'},
                	{value: 'confidential', label: 'Confidential'}
            	],
                help: 'Controls the agreed security classification of this API',
            } 
        }
},

This leads to the following error:

com.axway.apim.lib.AppException: Can't parse API-Manager app.config.
        at com.axway.apim.swagger.APIManagerAdapter.parseAppConfig(APIManagerAdapter.java:841)
        at com.axway.apim.swagger.APIManagerAdapter.getCustomPropertiesConfig(APIManagerAdapter.java:817)
        at com.axway.apim.swagger.APIImportConfigAdapter.validateCustomProperties(APIImportConfigAdapter.java:411)
        at com.axway.apim.swagger.APIImportConfigAdapter.getDesiredAPI(APIImportConfigAdapter.java:149)
        at com.axway.apim.App.run(App.java:157)
        at com.axway.apim.App.main(App.java:42)
Caused by: com.fasterxml.jackson.core.JsonParseException: Unexpected character ('á' (code 160)): was expecting either valid name character (for unquoted name) or double-quote (for quoted) to start field name
 at [Source: (String)" {
        user: {
            // custom properties...
        },
        organization: {
            // custom properties...
        },
        application: {
            // custom properties...
        },
        api: {
contentBasedRouting: {
label: 'Content Based Routing',
required: false,
help: 'Test'
},
securityClassification: {
label: 'Security classification',
required: true,
type: 'select',
options: [
{value: 'public', label: 'Public'},
{value: 'private', label: 'Private'},
{value: 'con"[truncated 140 chars]; line: 27, column: 2]
        at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1804)
        at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:693)
        at com.fasterxml.jackson.core.base.ParserMinimalBase._reportUnexpectedChar(ParserMinimalBase.java:591)
        at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddName(ReaderBasedJsonParser.java:1781)
        at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextFieldName(ReaderBasedJsonParser.java:917)
        at com.fasterxml.jackson.databind.deser.std.BaseNodeDeserializer.deserializeObject(JsonNodeDeserializer.java:247)
        at com.fasterxml.jackson.databind.deser.std.BaseNodeDeserializer.deserializeObject(JsonNodeDeserializer.java:255)
        at com.fasterxml.jackson.databind.deser.std.BaseNodeDeserializer.deserializeObject(JsonNodeDeserializer.java:255)
        at com.fasterxml.jackson.databind.deser.std.JsonNodeDeserializer.deserialize(JsonNodeDeserializer.java:68)
        at com.fasterxml.jackson.databind.deser.std.JsonNodeDeserializer.deserialize(JsonNodeDeserializer.java:15)
        at com.fasterxml.jackson.databind.ObjectMapper._readTreeAndClose(ObjectMapper.java:4056)
        at com.fasterxml.jackson.databind.ObjectMapper.readTree(ObjectMapper.java:2551)
        at com.axway.apim.swagger.APIManagerAdapter.parseAppConfig(APIManagerAdapter.java:839)
        ... 5 more

I need to authenticate the gateway towards the backend service using client certificates.
I would like the config to be either with a file reference or directly embedded:

"authenticationProfiles": [{
    "name": "_default",
    "parameters": {
        "pfx": "data:application/x-pkcs12;base64,thecertstring",
        "password": "mypw",
        "trustAll": true
    },
    "type": "ssl"
}]

"authenticationProfiles": [{
    "name": "_default",
    "parameters": {
        "certFile": "certificates/clientcert.p12.",
        "password": "mypw",
        "trustAll": true
    },
    "type": "ssl"
}]

Swagger-Promote Version
1.6.0

API-Manager and Service-Pack Version

7.7
Expected behavior
I am running swagger promote script against 7.7 apimanager version,
Below is the output

------------------------------------------------------------------------
API-Manager Promote Version: 1.6.0

To report issues or get help, please visit:
https://github.com/Axway-API-Management-Plus/apimanager-swagger-promote
------------------------------------------------------------------------

0      INFO  nvironmentProperties| Loaded environment properties from file: env.properties.
803    INFO     APIManagerAdapter| API-Manager version is: 7.7.0
909    INFO  IImportConfigAdapter| Reading API-Definition (Swagger/WSDL) from file: '/opt/axway/pythonscripts/conf/apicreatejson/TESTSWGIMPSCRPT16SSMinimumStayCategory06Rules_transformed.json' (relative path)
911    INFO  IImportConfigAdapter| Handling configured client-applications.
989    INFO  IImportConfigAdapter| Found existing application: 'ATP_ATP_Apps' based on given name 'ATP_ATP_Apps'
1087   INFO     APIManagerAdapter| Found existing API on path: '/services/testswgimpscrpt16ss/v1/rules/record3/cat6' (published) (ID: '557a8079-040b-47d6-98c5-a13d182b21be')
2318   INFO        APIChangeState| Changed property: image[Desired: 'APIImage [bytes=9654]' vs Actual: 'APIImage [bytes=13883]']
2319   INFO     APIManagerAdapter| Strategy: Going to update existing API: TEST SWGIMPSCRPT16SS Minimum Stay (Category 06) Rules (Version: null)
2319   INFO     APIManagerAdapter| Recognized the following changes. Potentially Breaking: [] plus Non-Breaking: [image]
2319   INFO     APIManagerAdapter| Strategy: Update existing API, as all changes can be applied in current state.
2369   INFO     APIManagerAdapter| Updating API-Image from: /opt/axway/apiimages//Ticket.png
2452   INFO     APIManagerAdapter| Default-Application-Quota for API: 'TEST SWGIMPSCRPT16SS Minimum Stay (Category 06) Rules' is UN-CHANGED. Nothing to do.
2452   INFO     APIManagerAdapter| All desired organizations: [ATP_ATP_Org, API Development] have already access. Nothing to do.
2453   INFO     APIManagerAdapter| All desired applications: [[ATP_ATP_Apps]] have already a subscription. Nothing to do.
2456   INFO                   App| Created API-Properties file: '/opt/axway/pythonscripts/conf/apiconfigjson/TESTSWGIMPSCRPT16SSMinimumStayCategory06RulesDetails.prop'
2456   INFO                   App| Successfully replicated API-State into API-Manager
RC: 0

I made changes to swagger script to print RC, it is coming as 0, but expecting 10 so I can handle post porcessing only when there are chnages. Now I cannot differentiate between chnaged and unchanged.

Actual behavior
RC code coming as 0 when there are no chnages in API

Test case sample

Please describe the steps you have done to replicate the issue
Create API using swagger promote 1.6.0. Rerun the script without any chnages in input config and input json. Expects RC code as 10 but coming it as 0.

I see https://github.com/Axway-API-Management-Plus/apimanager-swagger-promote/wiki/2.3-Configure-API-Quotas
application quota are not supported. Is that still true? But application default and system quota is supported. But they are not working for me. I put below in config file
"applicationQuota":{
"id": "00000000-0000-0000-0000-000000000001",
"restrictions":[
{
"api":"12b13720-b0d7-4f22-aee2-ad2b7ffaa1a3",
"method":"",
"type":"throttlemb",
"config":{
"period":"hour",
"mb":50,
"per":1
}
}
]
}
But it did not get applied. In the link, it was not mentioned to give id and api in the json. But script log shows this
2686 INFO APIChangeState| Changed property: applicationQuota[Desired: 'APIQuota [id=null, type=APPLICATION, restrictions=[QuotaRestriction [api=null, method=, type=throttlemb, config={period=hour, mb=50, per=1}]]]' vs Actual: 'null']
After seeing that, I added id and api to config file, but still my application default not being applied
Below is the console output after i ran script,
2666 INFO APIChangeState| Changed property: applicationQuota[Desired: 'APIQuota [id=00000000-0000-0000-0000-000000000001, type=APPLICATION, restrictions=[QuotaRestriction [api=12b13720-b0d7-4f22-aee2-ad2b7ffaa1a3, method=*, type=throttlemb, config={period=hour, mb=50, per=1}]]]' vs Actual: 'null']

How I do know api id on the fly to configure in quota. Could you please explain how this quota works in script.

Hi,

I've defined the backendBasePath in the config/contract file and publish my API with the tool. After publishing a frontend API and a backend API were created in the axway API manager. So far so good.

Unfortunately the backendBasePath is only substituted for the frontend API (backend service url) but not for the backend (base path url). Resulting the certificated cannot be downloaded automatically.

It seems like this parameter backendBasePath does not have the same effect as having host parameter in the swagger file at all. If a host param is defined in the swagger file and I publish it with the tool. Everything works fine.

Is this work as designed? I don't want the host param to be defined in the swagger file, since I have multiple stages. Can you please check?

Thanks,
Vu

When the API-Configuration contains an image:
"image": "images/sample-api-icon.jpg"
the tool is always realizing this as a changed property, even if the image is the same.
Changed property: image[Desired: 'APIImage [hashCode=-1585824266]' vs Actual: 'APIImage [hashCode=2061591366]']

When an API-Config is defining an API as Unpublished, but still has some Applications configured, under some circumstances the following NPE may be thrown:

4909   ERROR                  App|
java.lang.NullPointerException
        at com.axway.apim.actions.tasks.ManageClientApps.hasClientAppPermission(ManageClientApps.java:96)
        at com.axway.apim.actions.tasks.ManageClientApps.execute(ManageClientApps.java:56)
        at com.axway.apim.actions.UpdateExistingAPI.execute(UpdateExistingAPI.java:55)
        at com.axway.apim.swagger.APIManagerAdapter.applyChanges(APIManagerAdapter.java:155)
        at com.axway.apim.App.run(App.java:160)
        at com.axway.apim.App.main(App.java:42)

This ccenario needs an integration tests + fix.

Hello,

I receive error Can't import definition / Create BE-API. if the organization anme is incorrect or when the organization is not set for development.
May be a organization block could be added in swagger to check or create the orga if needed.
regards

Today the tool needs for certain actions a user having Admin-Role.
The request is to make it possible, that an Org-Admin user can be used by the tool to avoid using an Admin user for Security & Audit reasons.

Hello,

I don't find a simple way to use an http proxy to connect to the manager.
Our apimanager is hosted on aws and we need setup a proxy to reach the server.
-->
I create the branch Feature-httpProxySuppor in order to support http proxy.
With this change we can pass proxy setup to the jvm -Dhttp[s].proxyPort=xx -Dhttp[s].proxyHost=yy

regards

Hello,
I'm very happy to work with your plugin, your documentation is clear and very complete.
I followed the instructions in the documentation, but I have the following error throwing the command
scripts/run-swagger-import.sh :

Error: Could not find or load main class com.axway.apim.App

Do you have an idea about the source of the problem?

Best,

I have a suggestion, what do you think about writing the swagger file/url or wsdl url (for importing the backend api) directly in the contract json file?

The same way is configured for certificates with the relative or absolute path of certificate to trust for a specific API.

Something like that:
{
"name": "CalculatorService_v1",
"path": "/CalculatorService/v1",
"url":"http://www.dneonline.com/calculator.asmx",
"state":"published",
"version": "1.0.0",
"organization": "XXX"
}

or

{
"name": "Petstore",
"path": "/petstore/v1",
"import":"./opt/temp/petstore.json",
"state":"published",
"version": "1.0.0",
"organization": "XXX"
}

In this way I can version my contract file (together with swagger file for example) which is the only relevant input for the tool swagger-promote.

We could keep both the solutions, if no '-a' parameter is passed, read from the contract json file, if present.

If you want, I can work on it by submitting a pull request.

I was testing swagger script with different scenarios

1. I have api say API1 that was existed. But that has null version. I used swagger promote script which created same api with version mentioned in config file. Both APIs have same name and same path. Later I could not reproduce this scenario. During which instances, script creates api of same name and path? I understand from console logs that it either updates existing api if math is found or if it is deep change, it deletes and creates api. Wondering is there any scenarios it creates new api leaving the old api sitting there.
   2)If I have two apis with same names and information and if we run swagger script, which api script will pick as we have two apis already? based on what it makes the decisions?
2. How versioning numbers are given? If I dont give version number, it always puts 1.0 . when will I see other version numbers.
3. If I want to do some post processing after I run the script, what are the ways. It would be nice if script return api id. Let me explain my scenario:
   I create config file on the fly based on input parameters. If I want to update description markdown file path, I can do in config file at api level. But at the method description markdown file can be given after the api is created. I can use rest call to do. But how do i know the apiId that swagger script created? I can query based on api name using rest call but I am not comfortable as there may be multiple apis with same names .

hello

I receive the following error:
12522 ERROR er.APIManagerAdapter| Error AppInfo from API-Manager. Can't parse response: {"registrationEnabled":true,"minimumPasswordLength":6,"baseOAuth":false,"resetPasswordEnabled":true,..."productVersion":"7.5.3"....}

it seems that the nullpointer exception comes from getApiManagerConfig(String configField) for configField = "apiRoutingKeyEnabled" when extracting this field from json config response.

what is the goal of this param? is it possible to bypass?

thnaks

Swagger-Promote Version
1.6.0

API-Manager and Service-Pack Version
7.5.3 SP7

Question
Can you clarify how the order property of a securityProfile should be used, specifically when using per method overrides?

Additional information
Looking at the oauth-default-apikey-on-one-method sample, it appears that the profile that is going to be applied on a specific method should have a lower order than the default security profile?

Could having the order specified incorrectly lead to any issues for the API at runtime?

In the current version the tool only supports locally stored Swagger-Files, but it makes sense to get the Swagger-Definition from a URI as it's support by the API-Manager anyway. Hence it should be a quick win.

Thanks @rathnapandi collecting this feedback.

Are there any plans for supporting configuration of inbound security profiles that can be used for per method overrides? I did not find anything in the Wiki about this. We would like to start using this at our organization but this would be a stopper.

Unless mistaken, "Query string version routing" is not currently supported, so it's not possible to create a new version of a frontend API.
The "version" tag is handled as information, which results in

Changed property: version[Desired: '3.0' vs Actual: '2.0']
[...]
Strategy: Going to update existing API: CalculatorREST (Version: 2.0)

rather than creating a new version.

In addition to OAuth, OAuth (External) and API-Key add support to "Invoke policy", which isn't yet support by the tool.

Since the stage parameter (-s) is also used to load Environment-Specific config files (See #11) it makes sense to provide a stage, just for the purpose to load an env..properties file, but not an api..json.
This is not possible today and should be improved to make loading of the api..json optional.

When the Desired API-State is "unpublished", but already have some active subscriptions by applications belonging to the same organization as the API, these subscription get lost on Re-Creating the APIs. This happens for instance when the Swagger-File is changed.

That means, the tool doesn't support the following process:

• I have a Swagger File, which is often changed.
• I have an app with an API key, which I use for testing.
• API Proxy is in unpublished state - as it is still under development.
• Everything takes place in the same org.
• Now I'm using Swagger Promote to update my API Proxy after changes to the Swagger file.
• Before I can test again, do I have to manually assign the API to the app!

Right now, the tool completely ignores Client-Applications when unpublished:
Ignoring Client-Applications, as desired API-State is Unpublished!

This was a miss-understanding about what needs to happen and must be improved.

By default current script runs against localhost:8075 but if we have two instances with its own portals with other running on 8076. This scenario can't be achieved with current options. Port can be made parameterized.

Hello,

In our dev/deploy cycle, the task to add an api on an application can be done after the first deployment. It can be done by a functional team. At this point, there is no need to recreate the api nor provide the contract.
In this case, only the api and the app names are needed to add subscription. This task is at the limit between CD and admin task but could be useful. Specially to store these subscriptions in our git repo.
Do we have an existing feature/possibility to reach this goal?
thanks
Regards Christophe

With version 1.5.3 a new feature was introduced.
This request is similar to adjust in addition to the host as well the basePath in the swagger file.
We are using a chain of gateways. Having the possibility to adjust the basePath in Swagger as well via the API contract file makes it possible for us just to provide only one swagger file, even if we expose the API within a chain of API gateways.

I am not sure why you chose the parameter name backendBasepath if you adjust the host in the swagger?

The following example is a suggestion, how it could look like with customized parameter names:
{.... "backendHost": "https://example.com", "backendBasePath": "/test-service/v1" ...}

backendHost will change the host in the swagger file.
backendBasePath will change the basePath in the swagger file.

What do you think?

Looks like application quota's are not applied.
I see Property: applicationQuota has no handler configured and is not a propertyHandler in the log.
This is with 1.5.1

Log

2103   INFO        APIChangeState| Changed property: image[Desired: 'APIImage [filename=./samples/images/sample-api-icon.jpg]' vs Actual: 'APIImage [filename=/api/portal/v1.3/discovery/swagger/apis/97e4b1ae-cc07-4961-a3f3-2db13bdbcd08/image]']
2104   INFO        APIChangeState| Changed property: applicationQuota[Desired: 'APIQuota [id=null, type=APPLICATION, restrictions=[QuotaRestriction [api=null, method=*, type=throttle, config={period=seconds, messages=1, per=10}]]]' vs Actual: 'null']
2104   INFO     APIManagerAdapter| Strategy: Going to update existing API: CalculatorRestTEST (Version: 3.0)
2105   INFO     APIManagerAdapter| Recognized the following changes. Potentially Breaking: [] plus Non-Breaking: [image, applicationQuota]
2105   INFO     APIManagerAdapter| Strategy: Update existing API, as all changes can be applied in current state.
2107   DEBUG    APIManagerAdapter| Updating API-Proxy
2127   DEBUG    APIManagerAdapter| Going to update property: image
2128   DEBUG    APIManagerAdapter| Property: image has no handler configured and is not a propertyHandler
2128   DEBUG    APIManagerAdapter| Going to update property: applicationQuota
2128   DEBUG    APIManagerAdapter| Property: applicationQuota has no handler configured and is not a propertyHandler
2215   INFO     APIManagerAdapter| Updating API-Image from: ./samples/images/sample-api-icon.jpg
2275   INFO     APIManagerAdapter| All desired applications: [[Testing]] have already a subscription. Nothing to do.
2275   INFO                   App| Successfully replicated API-State into API-Manager

Config:

{
   "name":"CalculatorRestTEST",
   "path":"/api/v1/calculator/rest",
   "state":"published",
   "summary":"My complete API-Summary",
   "version":"3.0",
   "organization":"Test",
   "applications":[
      { "name":"Testing" }
   ],
   "descriptionType":"manual",
   "descriptionManual":"This is my __markdown__ based API description.",
   "vhost":"server.semperpax.com:8067",
   "backendBasepath":"http://localhost:8081",
   "image": "./samples/images/sample-api-icon.jpg", 
   "securityProfiles":[
      {
         "name":"_default",
         "isDefault":true,
         "devices":[
            {
               "type":"authPolicy",
               "name":"Invoke Policy",
               "order":1,
               "properties":{
                  "authenticationPolicy":"Generic Inbound Policy",
                  "useClientRegistry":false,
                  "subjectSelector":"authentication.subject.id",
                  "descriptionType":"original",
                  "descriptionUrl":"",
                  "descriptionMarkdown":"",
                  "description":""
               }
            }
         ]
      }
   ],
   "outboundProfiles":{
      "_default":{
         "routePolicy":"CalculatorFromRest"
      }
   },
   "applicationQuota":{
      "restrictions":[
         {
            "method":"*",
            "type":"throttle",
            "config":{
               "period":"seconds",
               "messages":1,
               "per":10
            }
         }
      ]
   }
}

I want to have image for my api. I placed the image at this location

-rw-r--r-- 1 apigtwsrv apigtwsrv 9654 May 20 18:53 /opt/axway/apiimages/basefareicon.png

in the config file i placed this value for image element and ran the script. Got the below error:

0      INFO                   App| ------------------------------------------------------------------------
0      INFO                   App| API-Manager Promote Version: 1.5.1
0      INFO                   App|
0      INFO                   App| To report issues or get help, please visit:
0      INFO                   App| https://github.com/Axway-API-Management-Plus/apimanager-swagger-promote
0      INFO                   App| ------------------------------------------------------------------------
8      INFO  nvironmentProperties| Loaded environment properties from file: env.properties.
12     DEBUG    APIManagerAdapter| Logging in with User: 'apiadmin'
778    DEBUG    APIManagerAdapter| API-Manager version is: 7.7.0
881    DEBUG IImportConfigAdapter| Current path=/opt/axway/apimanager-swagger-promote-1.5.1
884    INFO  IImportConfigAdapter| Reading API-Definition (Swagger/WSDL) from file: '/opt/axway/pythonscripts/conf/apicreatejson/APITest.json' (relative path)
885    ERROR                  App| Cannot validate/fulfill configuration file.
com.axway.apim.lib.AppException: Cannot validate/fulfill configuration file.
        at com.axway.apim.swagger.APIImportConfigAdapter.getDesiredAPI(APIImportConfigAdapter.java:156)
        at com.axway.apim.App.run(App.java:157)
        at com.axway.apim.App.main(App.java:42)
Caused by: com.axway.apim.lib.AppException: Can't read image-file: '/opt/axway/apiimages/basefareicon.png' from filesystem or classpath.
        at com.axway.apim.swagger.APIImportConfigAdapter.addImageContent(APIImportConfigAdapter.java:599)
        at com.axway.apim.swagger.APIImportConfigAdapter.getDesiredAPI(APIImportConfigAdapter.java:142)
        ... 2 more
Caused by: java.lang.NullPointerException
        at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:2314)
        at org.apache.commons.io.IOUtils.copy(IOUtils.java:2270)
        at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:2291)
        at org.apache.commons.io.IOUtils.copy(IOUtils.java:2246)
        at org.apache.commons.io.IOUtils.toByteArray(IOUtils.java:765)
        at com.axway.apim.swagger.APIImportConfigAdapter.addImageContent(APIImportConfigAdapter.java:595)
        ... 3 more

Image file existed but still getting error. Could you please suggest where I am doing wrong.

I used the swagger script and created api with couple of orgs and apps using config file. After that I added api to one more org and app. I ran the script again with same config file and I got below error
2708 INFO APIManagerAdapter| All desired organizations: [ATP_ATP_Org, X91_91_Org, API Development] have already access. Nothing to do.
2708 INFO APIManagerAdapter| Removing access for orgs: [ATP_CUS_Org] from API: STST Minimum Stay (Category 06) Rules
2849 INFO APIManagerAdapter| Removed permission from organization: 'ATP_CUS_Org'
2850 INFO APIManagerAdapter| All desired applications: [[ATP_ATP_Apps], [X91_91_App]] have already a subscription. Nothing to do.
2850 INFO APIManagerAdapter| Removing access for appplications: [[ATP_CUS_App]] from API: STST Minimum Stay (Category 06) Rules
2850 DEBUG APIManagerAdapter| Removing API-Access for application 'ATP_CUS_App'
2897 ERROR APIManagerAdapter| Received status code: 404
2898 ERROR APIManagerAdapter| Received response: {"errors":[{"code":102,"message":"The entity could not be found. Please refresh your session."}]}
2898 ERROR RestAPICall| Response: 'HTTP/1.1 404 Not Found'
2898 ERROR APIManagerAdapter| Can't delete API access requests for application.
2899 ERROR App| Can't delete API access requests for application.
com.axway.apim.lib.AppException: Can't delete API access requests for application.
at com.axway.apim.actions.tasks.ManageClientApps.removeAppSubscrioption(ManageClientApps.java:114)
at com.axway.apim.actions.tasks.ManageClientApps.execute(ManageClientApps.java:65)
at com.axway.apim.actions.UpdateExistingAPI.execute(UpdateExistingAPI.java:55)
at com.axway.apim.swagger.APIManagerAdapter.applyChanges(APIManagerAdapter.java:153)
at com.axway.apim.App.run(App.java:160)
at com.axway.apim.App.main(App.java:42)
Caused by: com.axway.apim.lib.AppException: Unable to parse HTTP-Response
at com.axway.apim.actions.rest.RestAPICall.parseResponse(RestAPICall.java:73)
at com.axway.apim.actions.rest.DELRequest.execute(DELRequest.java:27)
at com.axway.apim.actions.tasks.ManageClientApps.removeAppSubscrioption(ManageClientApps.java:111)
... 5 more
Caused by: com.axway.apim.lib.AppException: Failure creating/deleting API-Access to/from application: '[ATP_CUS_App]'. Mode: 'MODE_REMOVE_API_ACCESS'
at com.axway.apim.actions.tasks.ManageClientApps.parseResponse(ManageClientApps.java:138)
at com.axway.apim.actions.rest.RestAPICall.parseResponse(RestAPICall.java:65)
... 7 more
In my config file, I have these orgs ATP_ATP_Org, X91_91_Org, API Development and [ATP_ATP_Apps], [X91_91_App] apps. From ui i added api to ATP_CUS_Org and ATP_CUS_App.
I ran the script again with same config file but got above error. But when I checked, it removed access to ATP_CUS_Org and ATP_CUS_App as they are not config file. Everything worked as expected but exception made me think something is not right.