axway-api-management-plus / apigw-maven-plugin Goto Github PK
View Code? Open in Web Editor NEWMaven plugin for Axway API Gateway/Manager development and deployment.
License: Apache License 2.0
Maven plugin for Axway API Gateway/Manager development and deployment.
License: Apache License 2.0
For easy start-up and to demonstrate the power of the standalone configuration tool, a small example is required.
If certificates are configured to be added or to be replaced, there is no check of the expiration date of the certificates.
Enable the configuration tool to check configured certificates for expiration.
Additionally to the 'gateway.pol' and 'gateway.env' files the plugin shall generate a gateway.info.json
file. The file will contain a JSON, describing the content of the archive.
Additionally the plugin will pass the content of the gateway.info.json
file to the _system.artifact.info
property of the buildfed
tool.
The property can be used to build information endpoints which return a JSON document of the currently deployed version.
For each project separate working directories are used for PolicyStudio. This enables parallel instances and project specific configuration of PolicyStudio.
Currently two separate directories (".data" and ".policystudio") within the project folder are used.
The two directories should be consolidated under a single ".studio" directory within the project folder.
I could not find in the documentation any way to auto-generate the gateway.certs.json
Similar to what happen with the "gateway.config.json", I was expecting to have it auto generated either from a "/certs" dir containing e.g. .PEM or .CRT files or from the certs inside my server project.
Configuration files will not be updated even if the content is changed.
E.g. fields marked as unused are not refreshed even if the they are used in the newer version.
Also certificate configuration files are updated even if the content isn't changed.
Currently the deployment archives have to deployed to the gateway manually or via a custom script.
Project can be deployed to a gateway group via the plugin.
Currently print
commands are used to print log information in the buildfed
tool.
Use Python looging module for printing log information.
Currently the simulation mode also updates the in-memory representation of the entity store. This may cause issues if the variables contain values which aren't compatible with the type of the field (e.g. value are just placeholders for further CI/CD configuration).
The simulation mode shall not update the in-memory representation of the entity store.
In case of the apigw:deploy goal is executed for policy and server projects the base path for certificates is ignored.
With the of release v0.8.1 for gateway 7.5.3 (see #20) the passphrase features is broken for gateway 7.6.2.
The buildfed
tool should be enhanced to support reading property content from files.
A new parameter -F
or --fromFile
will be introduced. This parameter defines a new property which content is read from a specified file.
Example:
$ buildfed .... -F description:description.txt
Defines a new property description
for which the content is read from the description.txt
file.
Currently only one property file is supported.
Support multiple property files.
The project requires more testing and feedback from other users.
Currently the configuration tool displays the system property and the according value in the log.
Display the name of the system property only.
Depend JARs have to be configured in PolicyStudio manually.
Depend JARs are automatically configured in PolicyStudio by the plugin.
Hi,
Currently I have to manage many .ENV files manually. It is really painful and error prone. So I really loved when I found out about this project.
I tried to use it and I get a lot of errors like:
[ERROR] ValueError(u'Reference types are not supported for environmentalization: name=serverCert; index=0; type=reference;
Then I found your FAQ:
https://github.com/Axway-API-Management-Plus/apigw-maven-plugin/blob/master/doc/manual/_faq.adoc#why-are-references-not-supported-for-environmentalization
We have lots of references (since we encrypt end-to-end, including two-way SSL), so I just want to say that this is a show stopper for us.
As Is
Currently the path to the certificate files are specified as an absolute path or as a relative path to the current directory.
To Do
Add parameter to specify a base directory for the relative path to certificate files.
I could not find it there: https://search.maven.org/search?q=apigw-maven-plugin
Hello,
We have four different environment starting from Dev to Prod. I would like to standardize the promotion of code and environment settings including certificates to the upper environments.
While promoting to Stage from Dev, I would like to replace the existing Dev listeners certs to reflect Stage certs. I am wondering if we can do something like below :
"Dev-1-p12": {
"origin": {
"info": {
"not_after": "2020-05-21T07:02:00+02:00",
"subject": "CN=Dev1, O=Axway, L=Berlin, ST=Berlin, C=DE"
}
},
"update": {
"file": "cert/Stage.p12",
"password": "server",
"source": "password",
"type": "p12"
}
},
Does the existing plugin already supports this or we can add it as an enhancement ?
When I deploy and the password has special signs e.g. mvn apigw:deploy -Daxway.anm.password='abc=xyz&'
, the deployment fails.
The plugin supports to enable the verbose mode of the configuration tool via the property axway.tools.cfg.verbose.
The property is not supported by the goal apigw:deploy.
Use case: we have many CAs that are common to all environments and only the private certs are different for each environment.
So being able to provide multiple gateway.certs.json files would allow us to put all common CAs in 1 single common/shared file.
It would be equal to what we can do with the <configPropertyFiles>
: https://github.com/Axway-API-Management-Plus/apigw-maven-plugin/blob/master/doc/manual/_usage.adoc#configure-properties
With issue #1 the configuration tool supports passphrases for input and output archives. But the Maven plugin doesn't support the new feature.
Add passphrase support for Maven plugin.
The configuration tool has a bug on replacing or adding certificates.
The configured certificates will not be updated.
For CI/CD pipelines it would be usefully to separate the package and deployment phase.
Currently the goals install and deploy automatically execute the package goal. Therefore, if the pipeline has separate stages for package and deploy the project will be build twice.
Provide a property axway.skipPackaging
to skip the package goal in case of the target archive already exists.
There is no check if source files are newer than the target archive. So ensure that the package goal was executed before.
For field values there are separate properties ("property" and "value") to configure the field value.
For certificates password there are separate properties ("password" and "password-property") to configure the password for a p12 certificate.
The source of the field values will be identified by a "source" property. This defines the kind of the "value" property. In case of "source" is equal to "value" the field value is directly configured by the value of the "value" property. In case of "source" is equal to "property" the field value is retrieved from the property named by the "value" property.
The source field for certificate passwords will be identified by a "source" property. This defines the kind of the "password" property. In case of "source" is equal to "password" the password is directly configured by the value of the "password" property. In case of "property" the password is retrieved from the property named by the "password" property.
The older formats of the configuration file will be converted automatically into the new format.
This enables a better extensibility of further sources (e.g. environment variables, see issue #29).
Also is makes it easier to search for not configured values or passwords (just search for "value": null
or "password": null
).
In case of an wrong passphrase for a certificate file the buildfed
stops with a traceback and a strange error message:
error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure, source location: .\crypto\pkcs12\p12_kiss.c:120
The error message has to be improved.
If a element is missing in the pom.xml file (e.g. because of it is defined in a parent POM) a NullPointerException occurs on flattening the resulting POM.
Server and deployment projects are affected by this bug.
When using the configuration tool with API Gateway 7.5.3 an TypeError occurred.
TypeError("com.vordel.archive.fed.DeploymentArchive(): 1st arg can't be coerced to java.io.File, String, com.vordel.archive.fed.PolicyArchive, com.vordel.es.fed.FederatedEntityStore",)
On applying the configured certificates, an "info" section is written to "update" certificate.
This will change a source file, which is not suitable for build environments.
In the certification configuration file, don't create an "info" section for "update" certificates.
Add properties or parameters to support previous behavior.
Add MinGW (Minimalistic GNU for Windows) support for buildfed.sh
.
MinGW is provided as part of Git for Windows. This enhancement allows to execute the plugin within a Git Bash shell on Windows.
For the environmentalized fields a new property will be created in the configuration file. Default source for the property is "value".
The default source has to be changed to "property" to prevent missconfiguration.
Background:
For new attributes it is easy to forget to change the source attribute if the value attribute should contain a property name. If the default source is "property" the configuration process stops due to a missing property. This prevents from configuring a property source as value source by accident.
The current directory layout of the source files for the configuration tool doesn't allow to execute the shell commands directly from the cloned Git repository.
Change directory layout and shell commands to enable direct execution of the configuration tool from the cloned Git repository.
Provide a more complex example using certificates, system properties and properties file.
In case the entity field configuration file doesn't exist the following error occurs:
AttributeError: EnvConfig instance has no attribute '_EnvConfig__origin_json_str'
This is fixed. If the configuration file doesn't exists the file will be created automatically.
Hello,
nice plugin you have. Here is my setup:
I currently have the problem that Im not able to build deployment projects (.fed) file within the pipeline runners (see attached screenshot)
As stated within your Wiki, only the package and deploy tools are a prerequesite, but the missing "jython" files for building the .fed file only come with the API Gateway installation, not with the package and deploy tools.
Is there another way, or do I have to add the whole API Gateway installation to the CI Runner? I mean apart from the 800 MB on top its more about arguing with the team thats managing the CI why we need to install the whole Gateway solution for just building our configuration.
Greetings
Currently all configuration values are in plain text. Some values may contain credentials which shouldn't be visible.
Support for encrypted property values has to be added. On configuration the values will be decrypted via master password provided on configuration time.
Currently the plugin is tested manually.
Automate integration tests for plugin.
Enhance the plugin to build a configured docker image from a deployment project.
If a long running external command is executed, sometimes a "java.lang.IllegalThreadStateException: process hasn't exited" exception is thrown.
Currently the configuration tool fails if a certificate file is not found.
Provide a simulation mode for the configuration tool.
In simulation mode no output files (.fed or .env) are written. Also non existing certificate files are ignored.
As 'buildtemplate' tool is no longer required, as the 'buildfed' in combination with the simulation mode can be used to write the configuration files.
Currently the configuration tool doesn't support archives having passphrases and also doesn't support to add a passphrase to the generated .fed or .env file.
Add options to specify passphrases for the source and target archives.
The plugin automatically configures the "Version" attribute of a policy property within .pol
and .fed.
packages. The version is displayed within the "Grid" tab of the Admin Node Manager.
Currently the version string is fixed to the ${project.version}
of the Maven project.
A new property axway.project.version
will be introduced to customize the version. As default the value will be set to ${project.version}
. The version can be overwritten by a command line property or by a defined property within the pom.xml
.
Example
$ mvn clean package -Daxway.project.version="${project.version}-BN20201031"
<properties>
<axway.project.version>${project.version}-BN20201031</axway.project.version>
</properties>
Currently certificates can only be update during the .fed package configuration.
The configuration has to be enhanced to support removal of certificates.
It is documented here, but seems to not work: https://github.com/Axway-API-Management-Plus/apigw-maven-plugin/blob/master/doc/manual/_usage.adoc
Some files are generated by the plugin which must not be added to the SCM.
A .gitignore file will be created to ignore the generated files by Git.
For configuration files in the old format having fields with "property" attribute set to null, the field will not be upgraded to the newer version.
Example:
"fields": {
"attributeValue#0": {
"property": null,
"type": "string",
"used": true,
"value": "artifact"
}
}
This results in the error message:
ERROR: ValueError(u"Missing 'source' property in field 'xxxxxx' of entity 'xxxxxx'",)
Currently only values and properties are supported to configure environmentalized fields. Additionally values from environment variables shall be supported.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.