wso2 / api-manager Goto Github PK

Description:
An NPE is thrown When retrieving details of Internal/everyone role when we have not configured secondary userstore. The details will be retrieved successfully for every other roles. The stack trace is given below

{ ERROR {Utils} - Error initializing the user store. Please try again later org.wso2.micro.integrator.security.user.core.UserStoreException: Error occurred while accessing Java Security Manager Privilege Block when called by method getUserListOfRole with 1 length of Objects and argTypes [class java.lang.String] at org.wso2.micro.integrator.security.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:193) at org.wso2.micro.integrator.security.user.core.common.AbstractUserStoreManager.getUserListOfRole(AbstractUserStoreManager.java:4182) at org.wso2.micro.integrator.management.apis.RoleResource.handleGet(RoleResource.java:123) at org.wso2.micro.integrator.management.apis.RoleResource.invoke(RoleResource.java:84) at org.wso2.micro.integrator.management.apis.ApiResourceAdapter.invoke(ApiResourceAdapter.java:55) at org.wso2.carbon.inbound.endpoint.internal.http.api.InternalAPIDispatcher.dispatch(InternalAPIDispatcher.java:87) at org.wso2.carbon.inbound.endpoint.protocol.http.InboundHttpServerWorker.run(InboundHttpServerWorker.java:114) at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException at java.security.AccessController.doPrivileged(Native Method) at org.wso2.micro.integrator.security.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:172) ... 10 more Caused by: java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.wso2.micro.integrator.security.user.core.common.AbstractUserStoreManager$2.run(AbstractUserStoreManager.java:175) ... 12 more Caused by: java.lang.NullPointerException at org.wso2.micro.integrator.security.user.core.hybrid.JdbcHybridRoleManager.getUserListOfHybridRole(JdbcHybridRoleManager.java:293) at org.wso2.micro.integrator.security.user.core.common.AbstractUserStoreManager.getUserListOfRole(AbstractUserStoreManager.java:4213) ... 17 more }

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

1. Configure a JDBC user store or any other non-file based user store.
2. Invoke get role details for internal/everyone
   curl -X GET "https://localhost:9164/management/roles/everyone?domain=internal" -H "accept: application/json" -H "Authorization: Bearer {{token}}" -k -i
   Related Issues:

Description:
With [1], a set of apictl commands and flags have been deprecated in apictl 4.0.0. We need to remove these commands from apictl 4.1.0 onwards. Further, the integration tests related to the deprecated commands can be removed as well.

Affected Product Version:
APICTL 4.1.0

Related Issues:
[1] wso2/product-apim-tooling#293

Description:

If we want to upload a document as the API documentation that is large in size (>10MB), the name of the file is populated correctly, but the Add Document button is unresponsive. There aren't any errors in the UI, however there are errors in the backend as below. When we cancel it, the file can be viewed under the docs section.

[2022-04-20 17:38:12,419] ERROR - ApisApiServiceImpl Requested API with Id '1a8c9d47-223b-4ac8-973d-1e06b2a78834' not found
org.wso2.carbon.apimgt.api.APIMgtResourceNotFoundException: Failed to get the document content. Artifact corresponding to document id e560656b-5919-43d6-bad1-27d7866398a7 does not exist
	at org.wso2.carbon.apimgt.impl.AbstractAPIManager.getDocumentationContent_aroundBody102(AbstractAPIManager.java:1618) ~[org.wso2.carbon.apimgt.impl_9.0.174.153.jar:?]
	at org.wso2.carbon.apimgt.impl.AbstractAPIManager.getDocumentationContent(AbstractAPIManager.java:1606) ~[org.wso2.carbon.apimgt.impl_9.0.174.153.jar:?]
	at org.wso2.carbon.apimgt.rest.api.publisher.v1.impl.ApisApiServiceImpl.getAPIDocumentContentByDocumentId(ApisApiServiceImpl.java:1622) [classes/:?]
	at org.wso2.carbon.apimgt.rest.api.publisher.v1.ApisApi.getAPIDocumentContentByDocumentId(ApisApi.java:640) [classes/:?]
	at jdk.internal.reflect.GeneratedMethodAccessor592.invoke(Unknown Source) ~[?:?]
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
	at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
	at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179) [cxf-core-3.5.0.jar:3.5.0]
	at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96) [cxf-core-3.5.0.jar:3.5.0]
	at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:201) [cxf-rt-frontend-jaxrs-3.5.0.jar:3.5.0]
	at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:104) [cxf-rt-frontend-jaxrs-3.5.0.jar:3.5.0]
	at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59) [cxf-core-3.5.0.jar:3.5.0]
	at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96) [cxf-core-3.5.0.jar:3.5.0]
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307) [cxf-core-3.5.0.jar:3.5.0]
	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-core-3.5.0.jar:3.5.0]
	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:265) [cxf-rt-transports-http-3.5.0.jar:3.5.0]
	at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) [cxf-rt-transports-http-3.5.0.jar:3.5.0]
	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) [cxf-rt-transports-http-3.5.0.jar:3.5.0]
	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) [cxf-rt-transports-http-3.5.0.jar:3.5.0]
	at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:225) [cxf-rt-transports-http-3.5.0.jar:3.5.0]
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:304) [cxf-rt-transports-http-3.5.0.jar:3.5.0]
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:222) [cxf-rt-transports-http-3.5.0.jar:3.5.0]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:655) [tomcat-servlet-api_9.0.52.wso2v1.jar:?]
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:279) [cxf-rt-transports-http-3.5.0.jar:3.5.0]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) [tomcat_9.0.52.wso2v2.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) [tomcat_9.0.52.wso2v2.jar:?]
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) [tomcat_9.0.52.wso2v2.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) [tomcat_9.0.52.wso2v2.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) [tomcat_9.0.52.wso2v2.jar:?]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) [tomcat_9.0.52.wso2v2.jar:?]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) [tomcat_9.0.52.wso2v2.jar:?]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542) [tomcat_9.0.52.wso2v2.jar:?]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) [tomcat_9.0.52.wso2v2.jar:?]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat_9.0.52.wso2v2.jar:?]
	at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:107) [org.wso2.carbon.identity.context.rewrite.valve_1.4.25.jar:?]
	at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:110) [org.wso2.carbon.identity.authz.valve_1.4.25.jar:?]
	at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:104) [org.wso2.carbon.identity.auth.valve_1.4.25.11.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:101) [org.wso2.carbon.tomcat.ext_4.6.2.168.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49) [org.wso2.carbon.tomcat.ext_4.6.2.168.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) [org.wso2.carbon.tomcat.ext_4.6.2.168.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:145) [org.wso2.carbon.tomcat.ext_4.6.2.168.jar:?]
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) [tomcat_9.0.52.wso2v2.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:59) [org.wso2.carbon.tomcat.ext_4.6.2.168.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:126) [org.wso2.carbon.tomcat.ext_4.6.2.168.jar:?]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) [tomcat_9.0.52.wso2v2.jar:?]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357) [tomcat_9.0.52.wso2v2.jar:?]
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382) [tomcat_9.0.52.wso2v2.jar:?]
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat_9.0.52.wso2v2.jar:?]
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893) [tomcat_9.0.52.wso2v2.jar:?]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1726) [tomcat_9.0.52.wso2v2.jar:?]
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat_9.0.52.wso2v2.jar:?]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) [tomcat_9.0.52.wso2v2.jar:?]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) [tomcat_9.0.52.wso2v2.jar:?]
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat_9.0.52.wso2v2.jar:?]
	at java.lang.Thread.run(Thread.java:829) [?:?] ```

Steps to reproduce:

1. Create an API and add docs as files

Affected product version:

4.0.0.96

Environment details (with versions):

• OS: Chrome in Mac

Description:
Initializing with keys store is successful when incorrect key store location or incorrect key store is provided. It fails during encrypting secrets stage. It's better if the validation occurs during the initialization stage.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Describe your problem(s)

as of now, it is not possible to create an API name with empty space in the publisher.
Sometimes API names consist of two words and the only option is to use the Camile style with is not very esthetic.

Describe your solution

Can we have an API and addition parameters like 'display name' and use that in DevPortal?
The name will be still used for uniqueness but display name would be used in DevPortal

Description:
The following error occurs in the 2 node deployment of APIM.

GatewayTokenRevocationMessageListener Event dropped due to unsupported message type class org.wso2.andes.client.message.AMQPEncodedMapMessage

Affected Product Version:
4.0.0

Issue:

Import API - In this flow, APIM only check the name string without considering the case of the APIName and if the string without case sensitivity matches an existing API name it throws an error.This flow is the same as the flow in the UI. (In the UI also we do not allow to create APIs with the same name regardless of case)

Eg: If a user creates an API with TestAPI , then we cannot create a new API as testApi .

Export API - Since we don't support case sensitivity when creating API's, if the API is exported with a name without case sensitivity it should be successful. But in the current behavior, APIM throw an error when the user specifies the name with different case letters than the original API name. Ideally, the user should provide the API name as it is. But since we do not support case sensitivity in API names the users should be able to export API with just a string match without a case-sensitivity check.
Eg: Assume the user has an API with the name TestAPI in the APIM publisher portal. If the user tries to export that with
./apictl export-api -n TestAPI -v 1.0 -r admin -e prod -k - This will be successful. But if the user tries the following,
./apictl export-api -n testapi -v 1.0 -r admin -e prod -k - This will throw a 404 (Resource not found) error.

Since we don't support case sensitivity this command should be able to export the API successfully.

Version: APICTL version 3.2.3

APIM: 3.2.0

Description:

In super tenant mode when we trying to invoke a non default API without version it responses:

{"code":"404","type":"Status report","message":"Not Found","description":"The requested resource is not available."}

but in tenant mode, no such response:

HTTP/1.1 202 Accepted
Date: ********
Transfer-Encoding: chunked

Steps to reproduce:

• Create API in super tenant and tenant modes
• Make sure to not mark as default APIs
• Try to invoke both APIs without version(only with API context)

Affected product version:

APIM-4.0.0 with Oracle DB

Description:

When the configuration for the certificate-bound access token is enabled and the correct transport certificate is sent in the request, it is correctly validated with the CNF claim in the access token.

When the same request is sent for the 2nd time, with a different transport certificate, the validation does not fail since the validation for checking the CNF claim with the certificate hash is skipped because the token is cached as a valid one.

Steps to reproduce:

Create an access token with a transport certificate with certificate bound access token enabled
Invoke an API resource endpoint with the valid transport certificate through
Invoke an API resource endpoint again with an invalid transport endpoint

Affected Product Version:

Environment details (with versions):

• OS:
• Client:
• Env (Docker/K8s):

Optional Fields

Related Issues:

Suggested Labels:

Suggested Assignees:

Description:
apictl vcs status -e dev command provides the status if only vcs is used to do the deployment. need a mechanism to check whether the project source is modified without using a vcs deploy

Description:

When an APICTL project is initialized using -oas option, the api.yaml is not updated based on swagger properties. (In Swagger v2 - Host, port, In openapi v3 - servers object). It is required to honor the api.yaml over openapi when the endpoints are considered. Since the choreo-connect's quick start guide is based on this option, it will not work under these circumstances.

Suggested Labels:

Suggested Assignees:

Affected Product Version:
4.0.0-beta

OS, DB, other environment details and versions:

Steps to reproduce:
apictl init petstore --oas https://petstore.swagger.io/v2/swagger.json
apictl init petstore --oas https://gist.githubusercontent.com/danielflower/5c5ae8a46a0a49aee508690c19b33ada/raw/b06ff4d9764b5800424f6a21a40158c35277ee65/petstore.json

Related Issues:

Description:
Currently when we initialize a project using init command API Controller does not validate the provided definition since that validation is happening when importing Api to APIM environment. But if we do this validation at API Controller level as well it will able to reject the Swagger definition without initializing a project with a corrupted or invalid swagger/OpenAPI defintion.

Suggested Labels:
Type/improvement

Description:

• Open any page other than the home page
• refresh the page
• user gets redirected to home page
• AND also , It logged out the user from other portals (publisher & admin)

Description:

There is an error while trying to export a tenant API with mediation policy , where the super tenant domain is always passed to ExportUtils.addOperationPoliciesToArchive() instead of the real tenant domain of the API which is passed by the organization parameter.

Caused by: org.wso2.carbon.apimgt.api.APIManagementException: Error while loading medation policies
at org.wso2.carbon.apimgt.impl.APIProviderImpl.loadMediationPoliciesToAPI_aroundBody84(APIProviderImpl.java:2067) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
at org.wso2.carbon.apimgt.impl.APIProviderImpl.loadMediationPoliciesToAPI(APIProviderImpl.java:1955) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
at org.wso2.carbon.apimgt.impl.UserAwareAPIProvider.loadMediationPoliciesToAPI(UserAwareAPIProvider.java:1) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
at org.wso2.carbon.apimgt.rest.api.publisher.v1.common.mappings.ExportUtils.addOperationPoliciesToArchive(ExportUtils.java:664) ~[org.wso2.carbon.apimgt.rest.api.publisher.v1.common_9.20.74.jar:?]
at org.wso2.carbon.apimgt.rest.api.publisher.v1.common.mappings.ExportUtils.exportApi(ExportUtils.java:215) ~[org.wso2.carbon.apimgt.rest.api.publisher.v1.common_9.20.74.jar:?]
at org.wso2.carbon.apimgt.rest.api.publisher.v1.common.ImportExportAPIServiceImpl.exportAPI(ImportExportAPIServiceImpl.java:118) ~[?:?]
at org.wso2.carbon.apimgt.migration.client.MigrateFrom320.addAPIRevision(MigrateFrom320.java:491) ~[org.wso2.carbon.apimgt.migrate.client-4.1.0.8-SNAPSHOT.jar:?]
... 47 more
Caused by: org.wso2.carbon.apimgt.persistence.exceptions.MediationPolicyPersistenceException: API not foud
at org.wso2.carbon.apimgt.persistence.RegistryPersistenceImpl.getAllMediationPolicies(RegistryPersistenceImpl.java:2664) ~[org.wso2.carbon.apimgt.persistence_9.20.74.jar:?]
at org.wso2.carbon.apimgt.impl.APIProviderImpl.loadMediationPoliciesToAPI_aroundBody84(APIProviderImpl.java:1962) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
at org.wso2.carbon.apimgt.impl.APIProviderImpl.loadMediationPoliciesToAPI(APIProviderImpl.java:1955) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
at org.wso2.carbon.apimgt.impl.UserAwareAPIProvider.loadMediationPoliciesToAPI(UserAwareAPIProvider.java:1) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
at org.wso2.carbon.apimgt.rest.api.publisher.v1.common.mappings.ExportUtils.addOperationPoliciesToArchive(ExportUtils.java:664) ~[org.wso2.carbon.apimgt.rest.api.publisher.v1.common_9.20.74.jar:?]
at org.wso2.carbon.apimgt.rest.api.publisher.v1.common.mappings.ExportUtils.exportApi(ExportUtils.java:215) ~[org.wso2.carbon.apimgt.rest.api.publisher.v1.common_9.20.74.jar:?]
at org.wso2.carbon.apimgt.rest.api.publisher.v1.common.ImportExportAPIServiceImpl.exportAPI(ImportExportAPIServiceImpl.java:118) ~[?:?]
at org.wso2.carbon.apimgt.migration.client.MigrateFrom320.addAPIRevision(MigrateFrom320.java:491) ~[org.wso2.carbon.apimgt.migrate.client-4.1.0.8-SNAPSHOT.jar:?]

Description:

WSO2 detect JWT by checking if a bearer token has a '.' in the token if this is the case WSO2 expect this to only contain 2 '.' as defined by JWT standard rfc7519 if there is more or less then 2 '.' then WSO2 throws INVALID CREDENTIALS see source code wso2-OAuthAuthenticator

This implementation stops WSO2 custom keymanagers to support JWE that contains 4 '.' as documented here rfc7516

If the OAuthAuthenticator JWT validation would be changed to check for 2 '.' as mentioned in rfc7519 standard and the writen source code. All other token that do not match WSO2 JWT format would be sent along in the authentication process instead of faulty being rejected as invalid credentials.
In future WSO2 could add support for JWE extension but until this time users can at least support JWE with there custom keymanagers. At the moment a user that want to support JWE need to write a Custom authenticator and this is a big work to do for adding support for JWE

If the solution is not good enough add support to write our own Regex pattern to verify if the token is a JWT.
Now the implementation is wrong and broken where users with real bearer token that follows standard is invalid pleas fix this so WSO2 follows JWT standards set in rfc7519 .

Steps to reproduce:

1. start wso2am 4.0.0
2. publish pizza shack
3. do API call with bearer token "a.b.c.d.e"
4. response will always be INVALID CREDENTIALS

Affected Product Version:

wso2am-4.0.0
Probably
wso2am-3.2.0

Environment details (with versions):

• OS: all
• Client: all
• Env (Docker/K8s): all

Description:

Verifying the hostname when send the revoked tokens from the Identity Server to the Traffic Manager node even after disable the hostname verification in both nodes.

Steps to reproduce:

• Configure the WSO2 Identity server with API Manager
• Add a mapping in the /etc/hosts file as below. (to change the hostname from localhost)

127.0.0.1 apimanager

• Open the deployment.toml file inside the <IS_HOME>/repository/conf directory.
• Change the [event_listener.properties] by configuring the notification endpoint with the configured hostname.

[event_listener.properties]
notification_endpoint = "https://apimanager:9443/internal/data/v1/notify"
username = "${admin.username}"
password = "${admin.password}"
'header.X-WSO2-KEY-MANAGER' = "WSO2IS"

• Start the IS node and API Manager node. When starting nodes, parse below JVM arguments to disable hostname verification in both nodes.

-Dorg.opensaml.httpclient.https.disableHostnameVerification=true -Dhttpclient.hostnameVerifier="AllowAll"

• Create an application via the dev portal and generate an access token by referring to the configured IS key manager.
• Try to revoke the access token by calling the revoke endpoint of the key manager and able to see a similar stacktrace in the IS node.

[2021-05-05 18:41:41,178] [324f8412-f06e-4ff4-9aa4-173739248831] ERROR {org.wso2.is.notification.EventSender} - Error while sending Revocation Event to https://apimanager:9443/internal/data/v1/notify javax.net.ssl.SSLException: hostname in certificate didn't match: <apimanager> != <localhost> OR <localhost>
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:238)
at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:159)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:140)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:301)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:291)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259)
at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:319)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
at org.wso2.is.notification.EventSender$EventRunner.run(EventSender.java:116)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)

Affected Product Version:

3.2.0

Description:
When you have added custom attributes for applications in the deployment.toml which are required, the get-keys does not work because it cannot create the application when generating keys.

Suggested Labels:
Type/Bug
Priority/Normal

Affected Product Version:
3.2.0

OS, DB, other environment details and versions:
OS: Ubuntu 20.04 LTS

Steps to reproduce:

1. Add a required custom attribute for applications as explained in [1].
2. Start the server.
3. Add an environment using apictl add-env and create an API from the UI (or import an API using apictl import-api)
4. Generate keys for the API using apictl get-keys. You will receive an error as below.
   

Note:- This behaviour is common when generating keys for API Products as well

Solution:
This problem has arisen because currently when creating the default-ctl-app we pass a specific set of parameters. And those parameters do not contain the customized ones. Hence we need to create a new REST API to generate keys which contain a function that can check whether there are any customized attributes when creating a new application for the first time to generate keys.

[1] https://apim.docs.wso2.com/en/next/learn/consume-api/manage-application/advanced-topics/add-custom-attributes-to-applications/#add-custom-attributes-to-applications

Description:
In APIM side we do not maintain a proper structure for endpointConfig in the API DTO. It can have any object type according to [1]. Because of that endpointConfig will act dynamically when we are handling different endpoint types such as HTTP/REST, HTTP/SOAP (Load balanced/failover) etc. Several inconsistencies have been identified when exporting an API using apictl which was created using apictl import api with params, and when exporting an API which was created from the UI with different endpoint types.

Consider the example in the Steps to reproduce: section. But it will only show you some inconsistencies. Need to check all nine (8) the paths of different endpoint types as mentioned in [2] with different parameters combinations such as for sessionManagement etc.

These inconsistencies may happen time too time since we do not have a proper defined structure for endpointConfig in the APIM side.

Affected Product Version:
APICTL 4.0.0
APIM 4.0.0

Steps to reproduce:

1. Create an API using the apictl init command as shown below.

apictl init Petstore --oas https://petstore.swagger.io/v2/swagger.json

2. Create a params file named params.yaml with the below content that has Load Balanced HTTP/SOAP endpoints.

environments:
  - name: dev
    configs:
        endpointType: transport
        endpointRoutingPolicy: load_balanced
        loadBalanceEndpoints:
            production:
                - url: https://dev1.wso2.com
                - url: https://dev2.wso2.com
            sandbox:
                - url: https://dev1.sandbox.wso2.com
                - url: https://dev2.sandbox.wso2.com
            sessionManagement: soap
            sessionTimeOut: 5000

3. Import the above created API along with the above params file using the command below.

apictl import api -f Petstore --params params.yaml -e dev

4. Now export this API again with the below command and check the endpointConfig section in api.yaml file of the exported API.

apictl export api -n SwaggerPetstore -v 1.0.5 -e dev

endpointConfig:
    endpoint_type: load_balance
    sandbox_endpoints:
     -
      url: https://dev1.sandbox.wso2.com
     -
      url: https://dev2.sandbox.wso2.com
    sessionTimeOut: "5000"
    production_endpoints:
     -
      endpoint_type: address
      url: https://dev1.wso2.com
     -
      endpoint_type: address
      url: https://dev2.wso2.com
    algoClassName: org.apache.synapse.endpoints.algorithms.RoundRobin

5. Now create another API from the UI and add the load balanced endpoints to it with the same configurations that we used in the params file. Refer to the screenshots to get an idea.
   
   
6. Now export this API with the below command and check the endpointConfig section in api.yaml file of the exported API.

apictl export api -n SwaggerPetstore -v 1.0.5 -e dev

endpointConfig:
    endpoint_type: load_balance
    algoCombo: org.apache.synapse.endpoints.algorithms.RoundRobin
    sessionManagement: http
    sandbox_endpoints:
     -
      endpoint_type: address
      template_not_supported: false
      url: https://dev1.sandbox.wso2.com
     -
      endpoint_type: address
      template_not_supported: false
      url: https://dev2.sandbox.wso2.com
    failOver: false
    sessionTimeOut: 300
    production_endpoints:
     -
      endpoint_type: address
      template_not_supported: false
      url: https://dev1.wso2.com
     -
      endpoint_type: address
      template_not_supported: false
      url: https://dev2.wso2.com
    algoClassName: org.apache.synapse.endpoints.algorithms.RoundRobin

7. Compare the endpointConfigs in 4 and 7. There are some differences.

[1] https://github.com/wso2/carbon-apimgt/blob/master/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml#L9781
[2] https://apim.docs.wso2.com/en/4.0.0/install-and-setup/setup/api-controller/advanced-topics/configuring-different-endpoint-types/

Description:

Currently basic authentication or API key authentication does not work with WS resources. For GraphQL APIs supporting this is vital, as we support above for other query mutation operations in the same API.

• #465
• #466
• #467
• #468

Description:

When directly access the API from the web browser our backend response seems to load a favicon.ico from the wso2.com website. Customers requestes to remove or disable this favicon loading location header which is coming in the response of the API call through a web browser.

Steps to reproduce:

Affected Product Version:

APIM 2.2

Describe your problem(s)

APIM 3.2 behaving inconsistently and not giving the the expected response for GraphiQL WebSocket APIs.

Suggested labels:

APIM 3.2.0

Description:

Importing an updated version of an API does not subscribe automatically to already subscribed apps

Steps to reproduce:

1. Import an API with a version using apictl.
2. Subscribe to that API by creating a new application in the devportal.
3. Create another version of that API and upload it with the apictl tool.
4. Subscription for version 2 is not visible in the devportal.
5. Demote the second version to Created and republish it.
6. Now the subscription can be seen in the devportal after a refresh.

Affected Product Version:

APIM version: 3.2.0
WUM level: 1619878562980
apictl version: v3.2.1

Environment details (with versions):

• OS:
• Client:
• Env (Docker/K8s):

Optional Fields

Related Issues:

Suggested Labels:

Suggested Assignees:

Description:
The current version of the apictl don't allow to migrate custom SSL profiles between environment for the APIs which have mutual SSL-supported backends

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Requirement request to generate keys for an application while importing the application using the APICTL tool by including an option in the APICTL tool itself to generate keys for the application while importing the API. (ex with an option --generateKey=true)

Affected Product Version:
APIM 3.2.0

Description:
When building CI/CD pipeline, people usually commits to a SCM such as git. When exporting API it should provide capability to overwrite existing project files

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
When a newer version of apictl is used, it continues to refer to the existing .wso2apictl and .wso2apictl.local directories. These seems to affect apictl init as well. Maybe we can give a warning that the same file is being used, and therefore prompt the user asking whether it is alright to override the existing .wso2apictl and .wso2apictl.local files.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Currently, we have a very dull output. Which is not nice 😞

We need some colourful output similar to this 😀

Describe your problem(s)

APIM 4.1.0 GA should officially support JDK 17.

How will you implement it

Add JDK 17 as a new version in the JDK dimension in the TestGrid.

Update

JDK 17 support should be available in APIM 4.2.0 as APIM 4.1.0 does not support JDK 17.

Description:

apictl not allowing x-wso2 endpoints to be endpoint object reference.
https://mg.docs.wso2.com/en/latest/how-tos/endpoints/defining-endpoints-in-an-openapi-definition/#endpoint-object

Gives the below error while init the project.

apictl: Error initializing project Reason: '' expected a map, got 'string'

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:

After successfully migrating from APIM 3.1.0 to APIM 4.0.0, when we tried to invoke the APIs using the migrated tokens we got the 401 error message as the response

Steps to reproduce:

Invoke the APIs using migrated tokens

Affected product version:

APIM 4.0.0

Description:
When executing the apictl vcs deploy -e <env> command, the bellow error returns when the environment is not configured in api_params.yaml file. Please refer to the below error.

rnavagamuwa@randikan UserAPI % apictl vcs deploy -e prod
Deploying Projects (1)...

APIs (1) ...
1: UserAPI: (UserAPI)
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x88 pc=0x18c9e48]

goroutine 1 [running]:
github.com/wso2/product-apim-tooling/import-export-cli/impl.injectParamsToAPI(0xc0000365a0, 0x46, 0xc00014ff80, 0x5c, 0x7ffeefbffa0d, 0x4, 0x1, 0x0, 0x0)
	/home/naduni/Documents/Wso2/CLI/product-apim-tooling/import-export-cli/impl/importAPI.go:647 +0x198
github.com/wso2/product-apim-tooling/import-export-cli/impl.ImportAPI(0xc00003c480, 0x24, 0xc0000af2f0, 0x26, 0x7ffeefbffa0d, 0x4, 0xc0000361e0, 0x4c, 0x1ac8a29, 0xf, ...)
	/home/naduni/Documents/Wso2/CLI/product-apim-tooling/import-export-cli/impl/importAPI.go:978 +0x1121
github.com/wso2/product-apim-tooling/import-export-cli/impl.ImportAPIToEnv(0xc00003c480, 0x24, 0x7ffeefbffa0d, 0x4, 0xc0000361e0, 0x4c, 0x1ac8a29, 0xf, 0x101, 0xb, ...)
	/home/naduni/Documents/Wso2/CLI/product-apim-tooling/import-export-cli/impl/importAPI.go:927 +0xf8
github.com/wso2/product-apim-tooling/import-export-cli/git.deployUpdatedProjects(0xc00003c480, 0x24, 0xc0004af6b0, 0x24, 0x7ffeefbffa0d, 0x4, 0x1, 0xc0003a8060, 0x18bd867, 0x19c8b80, ...)
	/home/naduni/Documents/Wso2/CLI/product-apim-tooling/import-export-cli/git/gitUtils.go:363 +0x103e
github.com/wso2/product-apim-tooling/import-export-cli/git.DeployChangedFiles(0xc00003c480, 0x24, 0x7ffeefbffa0d, 0x4, 0xc0003a18a0)
	/home/naduni/Documents/Wso2/CLI/product-apim-tooling/import-export-cli/git/gitUtils.go:476 +0xbb
github.com/wso2/product-apim-tooling/import-export-cli/cmd.glob..func39(0x22e2d40, 0xc00040ffa0, 0x0, 0x2)
	/home/naduni/Documents/Wso2/CLI/product-apim-tooling/import-export-cli/cmd/vcsDeploy.go:65 +0x1ba
github.com/spf13/cobra.(*Command).execute(0x22e2d40, 0xc00040ff40, 0x2, 0x2, 0x22e2d40, 0xc00040ff40)
	/home/naduni/go/pkg/mod/github.com/spf13/[email protected]/command.go:830 +0x29d
github.com/spf13/cobra.(*Command).ExecuteC(0x22e1940, 0x104134a, 0x22822c0, 0xc00005a778)
	/home/naduni/go/pkg/mod/github.com/spf13/[email protected]/command.go:914 +0x2fb
github.com/spf13/cobra.(*Command).Execute(...)
	/home/naduni/go/pkg/mod/github.com/spf13/[email protected]/command.go:864
github.com/wso2/product-apim-tooling/import-export-cli/cmd.Execute()
	/home/naduni/Documents/Wso2/CLI/product-apim-tooling/import-export-cli/cmd/root.go:79 +0x31
main.main()
	/home/naduni/Documents/Wso2/CLI/product-apim-tooling/import-export-cli/apictl.go:24 +0x20

Instead of showing the local paths of the initial project build machine, better if a proper meaningful error is returned.

Affected Product Version:

rnavagamuwa@randikan UserAPI % apictl version
Version: 3.2.1
Build Date: 2020-09-29 12:54:56 UTC

OS, DB, other environment details and versions:

ProductName:	macOS
ProductVersion:	11.4
BuildVersion:	20F71

Steps to reproduce:
Try to deploy to an environment without defining that in the api_params.yaml file

Description:

After updating key manager with the relevant values, successful update gives null - Key manager edited successfully

Steps to reproduce:

1. Login to admin portal
2. Click update key manager button after providing relevant values.
3. Above message appears in right side bottom.

Affected product version:

API-M 4.1.0

Affected component:

Environment details (with versions):

• OS:
• Client:
• Env (Docker/K8s):

Optional fields

Related issues:

Suggested labels:

Suggested assignees:

Description:
When we click the expression icon in the connector connection configuration window, the input field will get removed and the expression selector is also missing.

Description:
Endpoint security base64 encoded password changed after importing the API.

Steps:

• Created and published an API with secured Backend.

• Then the synapse file can be seen as below with Endpoint security base64 encoded password.

      <inSequence>
          <property name="api.ut.backendRequestTime" expression="get-property('SYSTEM_TIME')"/>
          <filter source="$ctx:AM_KEY_TYPE" regex="PRODUCTION">
              <then>
                  <property name="Authorization" expression="fn:concat('Basic ', 'YWRtaW46YWRpbg==')" scope="transport"/>
                  <send>
                      <endpoint key="NEWNEWAPI--v1.0.0_APIproductionEndpoint"/>
                  </send>
              </then>
              <else>
                  <property name="Authorization" expression="fn:concat('Basic ', 'YWRtaW46JGFkbWlu')" scope="transport"/>
                  <send>
                      <endpoint key="NEWNEWAPI--v1.0.0_APIsandboxEndpoint"/>
                  </send>
              </else>
          </filter>
      </inSequence>
      <outSequence>
          <class name="org.wso2.carbon.apimgt.gateway.handlers.analytics.APIMgtResponseHandler"/>
          <send/>
      </outSequence>
  </resource>```
  
  

• Then exported this API and imported with "--preserve-provider=true --update=true" flags and this is working fine.

• Then deleted this particular API from the publisher and re-imported it (To replicate the new environment API migration scenario)

• Now the synapse file has been changed to the below one.

      <inSequence>
          <property name="api.ut.backendRequestTime" expression="get-property('SYSTEM_TIME')"/>
          <filter source="$ctx:AM_KEY_TYPE" regex="PRODUCTION">
              <then>
                  <property name="Authorization" expression="fn:concat('Basic ', '$endpointsecurity.base64EncodedPassword')" scope="transport"/>
                  <send>
                      <endpoint key="NEWNEWAPI--v1.0.0_APIproductionEndpoint"/>
                  </send>
              </then>
              <else>
                  <property name="Authorization" expression="fn:concat('Basic ', '$endpointsecurity.base64EncodedPassword')" scope="transport"/>
                  <send>
                      <endpoint key="NEWNEWAPI--v1.0.0_APIsandboxEndpoint"/>
                  </send>
              </else>
          </filter>
      </inSequence>
      <outSequence>
          <class name="org.wso2.carbon.apimgt.gateway.handlers.analytics.APIMgtResponseHandler"/>
          <send/>
      </outSequence>
  </resource>```
  
  
  

🚩 The expression in the property Authorization has been changed.

Since that when calling the API, it is passing the header as below which is not correct right?? .

[2021-11-03 16:55:18,034] DEBUG - wire HTTPS-Sender I/O dispatcher-1 << "Authorization: Basic $endpointsecurity.base64EncodedPassword[\r][\n]"

Suggested Labels:
APIM 3.2 (Update level 99)

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

At the moment, we use the same template file to generate params.yaml file inside the deployment directory for a project with gen-deployment command. This needs to be improved to generate endpoint type-specific param files on-demand with suitable default values by introducing an argument to specify endpoint type.

Need to add this new flag into the documentation as well.
Docs : https://apim.docs.wso2.com/en/4.0.0-dev/install-and-setup/setup/api-controller/advanced-topics/configuring-environment-specific-parameters/#generating-the-deployment-directory

Eg:
gen deployment-dir - s <source_path> --endpointType rest

Generated params.yaml file

environments:
    - name: <environment_name>
      configs: <multiple_configurations_relevant_to_the_specific_environment>
          endpoints:
              production:
                  url: 'https://prod.wso2.com'
                  config:
                      retryTimeOut: <no_of_retries_before_suspension>
                      retryDelay: <retry_delay_in_ms>
                      factor: <suspension_factor>
              sandbox:
                  url: 'https://dev.wso2.com'
                  config:
                      retryTimeOut: <no_of_retries_before_suspension>
                      retryDelay: <retry_delay_in_ms>
                      factor: <suspension_factor>
          security:
              production:
                  enabled: <whether_security_is_enabled_for_production_endpoint>
                  type: <endpoint_authentication_type_basic_or_digest_for_production_endpoint>
                  username: <endpoint_username_for_production_endpoint>
                  password: <endpoint_password_for_production_endpoint>
              sandbox:
                  enabled: <whether_security_is_enabled_for_sandbox_endpoint>
                  type: <endpoint_authentication_type_basic_or_digest_for_sandbox_endpoint>
                  username: <endpoint_username_for_sandbox_endpoint>
                  password: <endpoint_password_for_sandbox_endpoint>
          deploymentEnvironments:
              - displayOnDevportal: <boolean>
                deploymentEnvironment: <environment_name>        
          certs:
              - hostName: <endpoint_url>
                alias: <certificate_alias>
                path: <certificate_name>
          mutualSslCerts:
              - tierName: <subscription_tier_name>
                alias: <certificate_alias>
                path: <certificate_name>
          policies: 
              - <subscription_policy_1_name>
              - <subscription_policy_2_name>

Describe your problem(s)

Move opentracing to opentelemetry

Describe your problem(s)

APIM 4.1.0 does not have an updated integration test to test UI components.

Describe your solution

APIM 3.2.0 UI integration test should be ported to APIM 4.1.0 version and create a new Jenkins build to automate tests.

Description:

CPU usage increases and persist even for a small load of requests which has the following pattern.

DEBUG - wire HTTPS-Listener I/O dispatcher-6 >> "GET /services/Version HTTP/1.0[\r][\n]"
DEBUG - wire HTTPS-Listener I/O dispatcher-6 >> "[\r][\n]"
DEBUG - wire HTTPS-Listener I/O dispatcher-6 >> "[\r][\n]"

Steps to reproduce:

• Design a request which has the above mentioned pattern (With extra set of [\r][\n]).
• Send few requests while monitoring the CPU usage.

Affected Product Version:

APIM-4.0.0

Describe your problem(s)

Single usage token:
A token that belongs to a one-time token should be allowed to be used only once in APIM and the gateway should revoke the token after it's first use

CSRF protection for SPA
A stolen token from SPA should not be allowed to be used with Gateway once the Identity Server will include cookie hash in the JWT access token.

Describe your problem(s)

Our current API documentation options seem quite outdated now

Like public forum URLs, Support etc.

This issue is created for tracking the improvements of API documentation

Describe your solution

Markdown-based documentation methods are quite popular nowadays

example:

• MDX : Markdown + JSX(React)
• Remark
• Docz

A major problem with those methods is , they either need NodeJS backends or require a re-run of the build.

MDX-Bundler seems like a good solution to nodejs dependency.

The above solutions are good for integrating React components with Markdown content to provide rich documentation experience.

Otherwise, For pure markdown editing and rendering, We could try

• tui.editor

It has plugins to render most common requirements with API documentation

like

• Embedding code snippets
• UML diagrams
• +++ all the Markdown features

Describe your problem(s)

There can be cases where we want to validate certain fields such as email, descriptions, etc.
https://nordicapis.com/8-openapi-linters/

Describe your solution

How will you implement it

Optional Fields

Related Issues:

Suggested Labels:

Suggested Assignees:

Sub Tasks

• #437
• #354
• #641
• #657
• #355
• #639
• #640

Description:
Currently, when there is a failure during importing an API or updating while importing an API the changes will get reflected partially in the API inside APIM. For example, after adding an API to the registry if an error occurs while adding a certificate the API will remain in that partial state which is not completely imported. As a solution, we need to either remove the partially imported API if it is an import (not an update) or else restore it to the previous working state if it is an update while importing.

For simplicity, we can divide this into three (4) tasks.

1. Update the import API/API Product to distinguish whether a failure happens during an import or during an update import.
2. Use the capability of the provisioning feature to restore the last working copy, if an update import fails.
3. Delete/remove the API/API Product if a failure happens during an import.
4. Modify the methods such as addThumbnailImage, addDocumentation, addAPISequences, addAPIWsdl to throw errors/exceptions to the CTL users when an error happens during an import (or update import). (Currently, we are just logging the errors without throwing those)

Affected Product Version:
APICTL 4.0.0-alpha
APIM 4.0.0-alpha

Description:

Currently for GraphQL subscriptions invoked with a JWT token, authentication and authorization is applied per WS frame. However, per frame OAuth validation is not supported for OAuth tokens.

Description:

The default_API_template.xml file produces no XML in the latest U2 update(143). If we have customisations to the default_api_template.xml in previous U2 versions, then those are all not considered in the latest one now. The format used by all of the previously published APIs will be impacted now.
This is because of the newly introduced feature[1] to handle the default version API scenario. Because of that, it will not generate separate API synapse XML files in repository/tenants/3/synapse-configs/default/api/ location when making a specific API version as the default version.
It would be great if we can get a config to switch to the previous flow.

[1] wso2/product-apim#12161

Steps to reproduce:

1. Create an API with default API is enabled
2. Check the synapse-configs directory where only 1 XML file is there

Affected product version:

APIM 3.2.0

Describe your problem(s)

Currently custom policy throttling does not work with Websocket APIs or GraphQL API subscriptions. Need to implement this.

Description:

APIM 3.2.0 throws the below error intermittently with WebSocket APIs.

Error encountered while processing the response io.netty.handler.codec.http.websocketx.WebSocketClientHandshakeException: Invalid subprotocol. Actual: graphql-ws. Expected one of: null
	at io.netty.handler.codec.http.websocketx.WebSocketClientHandshaker.finishHandshake(WebSocketClientHandshaker.java:329)
	at org.wso2.carbon.websocket.transport.WebSocketClientHandler.handleHandshake(WebSocketClientHandler.java:126)
	at org.wso2.carbon.websocket.transport.WebSocketClientHandler.channelRead0(WebSocketClientHandler.java:248)
	at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
	at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
	at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
	at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelRead(CombinedChannelDuplexHandler.java:436)
	at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:327)
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:299)
	at io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:251)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
	at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1371)
	at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1234)
	at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1283)
	at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:510)
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:449)
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:279)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:722)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:658)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:584)
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:496)
	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
	at java.lang.Thread.run(Thread.java:750)

Affected product version:

APIM 3.2.0

Description:

In the left panel of a webscocket API under API configurations, when we select Runtime, this selection is not highlighted even though it works for the rest of the configuration segments in there.

Steps to reproduce:

Create a websocket API and select runtime configurations under API configurations in the Publisher portal

Affected product version:

4.0.0.96

Affected component:

Publisher UI

Environment details (with versions):

• OS: Chrome/Firefox in Mac

Description:
Currently apictl supports initializing a project(apictl init) by proving a swagger specification that is either Swagger 2.0 or OAS 3.0.

Originally a Swagger 2 specific parsing logic has been used for this purpose and since no OAS 3.0 specific fields have been required, this has been adaptable for passing OAS 3.0 files as well.

Additionally there is some v3 parsing logic that exists that is not in use(oai3.go)

It is best to rename the above Swagger 2 parsing logic(swagger2.go) and its related functions to be more generic, indicating that this supports both v2 and v3. If v3 specific logic is required this can be executed conditionally. We can also remove any unused v3 parsing logic.

Description:
The exported Application project contains a file named application_meta.yaml. It contains wrong information as follows.

deploy:
  import:
    preserveOwner: true
    rotateRevision: false
    skipKeys: true
    update: true
name: DefaultApplication
owner: [email protected]

rotateRevision is not related to Applications and skipSubscriptions is missing. The correct way should be as follows.

deploy:
  import:
    preserveOwner: true
    skipKeys: true
    skipSubscriptions: false
    update: true
name: DefaultApplication
owner: [email protected]

Need to check the apictl vcs deploy behaviour after this change.

Description:
If we have added an environment by specifying the devportal endpoint using the apictl tool, it will only allow us to list/delete applications owned by the logged-in user. It invokes the devportal RESTful APIs instead of admin RESTful APIs when performing the list/delete commands.

127.0.0.1 - - [01/Apr/2022:13:16:42 +0530] POST /oauth2/token HTTP/1.1 200 353 - go-resty/2.4.0 (https://github.com/go-resty/resty) 0.008
127.0.0.1 - - [01/Apr/2022:13:16:42 +0530] GET /api/am/store/v1/applications?limit=25 HTTP/1.1 200 551 - go-resty/2.4.0 (https://github.com/go-resty/resty) 0.009

Affected Product Version:
3.2.6

Steps to reproduce:

• Adding environment with specifying the devportal endpoint.
  apictl add-env -e production --apim https://localhost:9443/ --registration https://localhost:9443/ --admin https://localhost:9443/ --publisher https://localhost:9443/ --devportal https://localhost:9443/ --token https://localhost:8243/token
• Listing application - It only lists the applications owned by the logged-in user.
  apictl list apps -e production -k
• Deleting application - It only allows deletion of the applications owned by the logged-in user.
  apictl delete app -n sample_app -e production -k