For easy start-up and to demonstrate the power of the standalone configuration tool, a small example is required.

As Is

If certificates are configured to be added or to be replaced, there is no check of the expiration date of the certificates.

To Do

Enable the configuration tool to check configured certificates for expiration.

Additionally to the 'gateway.pol' and 'gateway.env' files the plugin shall generate a gateway.info.json file. The file will contain a JSON, describing the content of the archive.

Additionally the plugin will pass the content of the gateway.info.json file to the _system.artifact.info property of the buildfed tool.

The property can be used to build information endpoints which return a JSON document of the currently deployed version.

For each project separate working directories are used for PolicyStudio. This enables parallel instances and project specific configuration of PolicyStudio.

Currently two separate directories (".data" and ".policystudio") within the project folder are used.

The two directories should be consolidated under a single ".studio" directory within the project folder.

I could not find in the documentation any way to auto-generate the gateway.certs.json
Similar to what happen with the "gateway.config.json", I was expecting to have it auto generated either from a "/certs" dir containing e.g. .PEM or .CRT files or from the certs inside my server project.

Bug

Configuration files will not be updated even if the content is changed.

E.g. fields marked as unused are not refreshed even if the they are used in the newer version.

Also certificate configuration files are updated even if the content isn't changed.

As Is

Currently the deployment archives have to deployed to the gateway manually or via a custom script.

To Be

Project can be deployed to a gateway group via the plugin.

• Policy Project: Test server project will be deployed to gateway.
• Server Project: The server project will be deployed to the gateway.
• Deployment Project: The generated .fed will be deployed to the gateway.

Limitations

• Static files will not be deployed
• dependent JAR files will not be deployed

As Is

Currently print commands are used to print log information in the buildfed tool.

To Do

Use Python looging module for printing log information.

As Is

Currently the simulation mode also updates the in-memory representation of the entity store. This may cause issues if the variables contain values which aren't compatible with the type of the field (e.g. value are just placeholders for further CI/CD configuration).

To Be

The simulation mode shall not update the in-memory representation of the entity store.

In case of the apigw:deploy goal is executed for policy and server projects the base path for certificates is ignored.

With the of release v0.8.1 for gateway 7.5.3 (see #20) the passphrase features is broken for gateway 7.6.2.

The buildfed tool should be enhanced to support reading property content from files.

A new parameter -F or --fromFile will be introduced. This parameter defines a new property which content is read from a specified file.

Example:

$ buildfed .... -F description:description.txt

Defines a new property description for which the content is read from the description.txt file.

As Is

Currently only one property file is supported.

To Do

Support multiple property files.

The project requires more testing and feedback from other users.

As Is

Currently the configuration tool displays the system property and the according value in the log.

To Do

Display the name of the system property only.

As Is

Depend JARs have to be configured in PolicyStudio manually.

To Be

Depend JARs are automatically configured in PolicyStudio by the plugin.

Hi,
Currently I have to manage many .ENV files manually. It is really painful and error prone. So I really loved when I found out about this project.
I tried to use it and I get a lot of errors like:
[ERROR] ValueError(u'Reference types are not supported for environmentalization: name=serverCert; index=0; type=reference;

Then I found your FAQ:
https://github.com/Axway-API-Management-Plus/apigw-maven-plugin/blob/master/doc/manual/_faq.adoc#why-are-references-not-supported-for-environmentalization

We have lots of references (since we encrypt end-to-end, including two-way SSL), so I just want to say that this is a show stopper for us.

As Is
Currently the path to the certificate files are specified as an absolute path or as a relative path to the current directory.

To Do
Add parameter to specify a base directory for the relative path to certificate files.

I could not find it there: https://search.maven.org/search?q=apigw-maven-plugin

Hello,

We have four different environment starting from Dev to Prod. I would like to standardize the promotion of code and environment settings including certificates to the upper environments.

While promoting to Stage from Dev, I would like to replace the existing Dev listeners certs to reflect Stage certs. I am wondering if we can do something like below :

"Dev-1-p12": {
"origin": {
"info": {
"not_after": "2020-05-21T07:02:00+02:00",
"subject": "CN=Dev1, O=Axway, L=Berlin, ST=Berlin, C=DE"
}
},
"update": {
"file": "cert/Stage.p12",
"password": "server",
"source": "password",
"type": "p12"
}
},

Does the existing plugin already supports this or we can add it as an enhancement ?

When I deploy and the password has special signs e.g. mvn apigw:deploy -Daxway.anm.password='abc=xyz&' , the deployment fails.

The plugin supports to enable the verbose mode of the configuration tool via the property axway.tools.cfg.verbose.

The property is not supported by the goal apigw:deploy.

Use case: we have many CAs that are common to all environments and only the private certs are different for each environment.
So being able to provide multiple gateway.certs.json files would allow us to put all common CAs in 1 single common/shared file.
It would be equal to what we can do with the <configPropertyFiles>: https://github.com/Axway-API-Management-Plus/apigw-maven-plugin/blob/master/doc/manual/_usage.adoc#configure-properties

As Is

With issue #1 the configuration tool supports passphrases for input and output archives. But the Maven plugin doesn't support the new feature.

To Do

Add passphrase support for Maven plugin.

The configuration tool has a bug on replacing or adding certificates.

The configured certificates will not be updated.

As Is

For CI/CD pipelines it would be usefully to separate the package and deployment phase.

Currently the goals install and deploy automatically execute the package goal. Therefore, if the pipeline has separate stages for package and deploy the project will be build twice.

To Do

Provide a property axway.skipPackaging to skip the package goal in case of the target archive already exists.

Limitation

There is no check if source files are newer than the target archive. So ensure that the package goal was executed before.

As Is

For field values there are separate properties ("property" and "value") to configure the field value.

For certificates password there are separate properties ("password" and "password-property") to configure the password for a p12 certificate.

To Be

The source of the field values will be identified by a "source" property. This defines the kind of the "value" property. In case of "source" is equal to "value" the field value is directly configured by the value of the "value" property. In case of "source" is equal to "property" the field value is retrieved from the property named by the "value" property.

The source field for certificate passwords will be identified by a "source" property. This defines the kind of the "password" property. In case of "source" is equal to "password" the password is directly configured by the value of the "password" property. In case of "property" the password is retrieved from the property named by the "password" property.

The older formats of the configuration file will be converted automatically into the new format.

Background

This enables a better extensibility of further sources (e.g. environment variables, see issue #29).
Also is makes it easier to search for not configured values or passwords (just search for "value": null or "password": null).

In case of an wrong passphrase for a certificate file the buildfed stops with a traceback and a strange error message:

error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure, source location: .\crypto\pkcs12\p12_kiss.c:120

The error message has to be improved.

If a element is missing in the pom.xml file (e.g. because of it is defined in a parent POM) a NullPointerException occurs on flattening the resulting POM.

Server and deployment projects are affected by this bug.

When using the configuration tool with API Gateway 7.5.3 an TypeError occurred.

TypeError("com.vordel.archive.fed.DeploymentArchive(): 1st arg can't be coerced to java.io.File, String, com.vordel.archive.fed.PolicyArchive, com.vordel.es.fed.FederatedEntityStore",)

As Is

On applying the configured certificates, an "info" section is written to "update" certificate.

This will change a source file, which is not suitable for build environments.

To Do

In the certification configuration file, don't create an "info" section for "update" certificates.

Add properties or parameters to support previous behavior.

Add MinGW (Minimalistic GNU for Windows) support for buildfed.sh.

MinGW is provided as part of Git for Windows. This enhancement allows to execute the plugin within a Git Bash shell on Windows.

For the environmentalized fields a new property will be created in the configuration file. Default source for the property is "value".

The default source has to be changed to "property" to prevent missconfiguration.

Background:
For new attributes it is easy to forget to change the source attribute if the value attribute should contain a property name. If the default source is "property" the configuration process stops due to a missing property. This prevents from configuring a property source as value source by accident.

As Is

The current directory layout of the source files for the configuration tool doesn't allow to execute the shell commands directly from the cloned Git repository.

To Do

Change directory layout and shell commands to enable direct execution of the configuration tool from the cloned Git repository.

Provide a more complex example using certificates, system properties and properties file.

In case the entity field configuration file doesn't exist the following error occurs:

AttributeError: EnvConfig instance has no attribute '_EnvConfig__origin_json_str'

This is fixed. If the configuration file doesn't exists the file will be created automatically.

Hello,
nice plugin you have. Here is my setup:

• Axway API Management 7.7.0
• Linux CI Runner with package and deploy tools installed with the same version 7.7..0
• apigw-maven-plugin:0.11.1

I currently have the problem that Im not able to build deployment projects (.fed) file within the pipeline runners (see attached screenshot)

As stated within your Wiki, only the package and deploy tools are a prerequesite, but the missing "jython" files for building the .fed file only come with the API Gateway installation, not with the package and deploy tools.

Is there another way, or do I have to add the whole API Gateway installation to the CI Runner? I mean apart from the 800 MB on top its more about arguing with the team thats managing the CI why we need to install the whole Gateway solution for just building our configuration.

Greetings

Currently all configuration values are in plain text. Some values may contain credentials which shouldn't be visible.
Support for encrypted property values has to be added. On configuration the values will be decrypted via master password provided on configuration time.

As Is

Currently the plugin is tested manually.

To Do

Automate integration tests for plugin.

Enhance the plugin to build a configured docker image from a deployment project.

If a long running external command is executed, sometimes a "java.lang.IllegalThreadStateException: process hasn't exited" exception is thrown.

As Is

Currently the configuration tool fails if a certificate file is not found.

To Do

Provide a simulation mode for the configuration tool.
In simulation mode no output files (.fed or .env) are written. Also non existing certificate files are ignored.

Change

As 'buildtemplate' tool is no longer required, as the 'buildfed' in combination with the simulation mode can be used to write the configuration files.

As Is

Currently the configuration tool doesn't support archives having passphrases and also doesn't support to add a passphrase to the generated .fed or .env file.

To Do

Add options to specify passphrases for the source and target archives.

The plugin automatically configures the "Version" attribute of a policy property within .pol and .fed. packages. The version is displayed within the "Grid" tab of the Admin Node Manager.

Currently the version string is fixed to the ${project.version} of the Maven project.

A new property axway.project.version will be introduced to customize the version. As default the value will be set to ${project.version} . The version can be overwritten by a command line property or by a defined property within the pom.xml.

Example

$ mvn clean package -Daxway.project.version="${project.version}-BN20201031"

<properties>
  <axway.project.version>${project.version}-BN20201031</axway.project.version>
</properties>

Currently certificates can only be update during the .fed package configuration.

The configuration has to be enhanced to support removal of certificates.

It is documented here, but seems to not work: https://github.com/Axway-API-Management-Plus/apigw-maven-plugin/blob/master/doc/manual/_usage.adoc

Some files are generated by the plugin which must not be added to the SCM.

A .gitignore file will be created to ignore the generated files by Git.

For configuration files in the old format having fields with "property" attribute set to null, the field will not be upgraded to the newer version.

Example:

"fields": {
  "attributeValue#0": {
    "property": null, 
    "type": "string", 
    "used": true, 
    "value": "artifact"
  }
}

This results in the error message:
ERROR: ValueError(u"Missing 'source' property in field 'xxxxxx' of entity 'xxxxxx'",)

Currently only values and properties are supported to configure environmentalized fields. Additionally values from environment variables shall be supported.