Closed avoketaitis closed 2 years ago
Is my understanding correct, that the site requires a Client-Certificate just to access the WSDL?
Yes. That is correct!
From: Chris Wiechmann @.> Sent: Thursday, December 23, 2021 2:04 AM To: Axway-API-Management-Plus/apim-cli @.> Cc: Arnie Voketaitis @.>; Author @.> Subject: Re: [Axway-API-Management-Plus/apim-cli] Need to Provide a Certificate to Import a SOAP API (Issue #249)
This email was sent from an external server
Is my understanding correct, that the site requires a Client-Certificate just to access the WSDL?
— Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Axway-2DAPI-2DManagement-2DPlus_apim-2Dcli_issues_249-23issuecomment-2D1000089865&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=p0_hj1z412k-GXFNEIvm3egfp4DqOm1yoGfjX-UnM3E&m=MUbYKE-DePta5cGhdLWW8lbjuMawPIR2SiTy9gBnpJY&s=GibTfzufYe8gU3gEA_MVKz8EkN2RJjj7aeBPoU7zVmk&e=, or unsubscribehttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AXATMOSOR53UDIB6Y64ZTLTUSLCXBANCNFSM5KTJY2CA&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=p0_hj1z412k-GXFNEIvm3egfp4DqOm1yoGfjX-UnM3E&m=MUbYKE-DePta5cGhdLWW8lbjuMawPIR2SiTy9gBnpJY&s=5lAS8l4EsDgRv6f9vgppIVE--QZgRtxrZyrv7mN7szo&e=. Triage notifications on the go with GitHub Mobile for iOShttps://urldefense.proofpoint.com/v2/url?u=https-3A__apps.apple.com_app_apple-2Dstore_id1477376905-3Fct-3Dnotification-2Demail-26mt-3D8-26pt-3D524675&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=p0_hj1z412k-GXFNEIvm3egfp4DqOm1yoGfjX-UnM3E&m=MUbYKE-DePta5cGhdLWW8lbjuMawPIR2SiTy9gBnpJY&s=mf7ZHlFyZQXasSe0KlMpJUUvqeLw0sa7r2FSTK_a2no&e= or Androidhttps://urldefense.proofpoint.com/v2/url?u=https-3A__play.google.com_store_apps_details-3Fid-3Dcom.github.android-26referrer-3Dutm-5Fcampaign-253Dnotification-2Demail-2526utm-5Fmedium-253Demail-2526utm-5Fsource-253Dgithub&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=p0_hj1z412k-GXFNEIvm3egfp4DqOm1yoGfjX-UnM3E&m=MUbYKE-DePta5cGhdLWW8lbjuMawPIR2SiTy9gBnpJY&s=_6DRBhMHFTml4OIQEWa_Xag2_znkF_DbsElVovCPIto&e=. You are receiving this because you authored the thread.Message ID: @.***>
This email has been scanned for spam and viruses by Proofpoint Essentials. Click herehttps://us3.proofpointessentials.com/index01.php?mod_id=11&mod_option=logitem&mail_id=1640243057-FybFDf72aOJg&r_address=avoketaitis%40bainova.com&report=1 to report this email as spam.
I'm afraid, but this is unfortunately not possible as the CLI is not downloading the WSDL itself.
As you know, the API-Manager only supports the import of the WSDL from a URL. Therefore, when importing a SOAP-Service, the CLI tells the API-Manager to import it from the configured location. This is btw different to the OpenAPI/Swagger import where the CLI imports it from the local file system.
Hence, for the WSDL-Import, the CLI has no control about the connection established by the API-Manager to the WSDL-Server and cannot configure any client certificates.
I'm really sorry, but I don't see any way to solve this.
I would like to suggest an alternative. I am able to manually import the WSDL into my Policy Studio API Repository and then create a backend API in API Manager using 'Import from Topology'. Could you enhance apim-cli to support this feature as a means of importing APIs?
From: Chris Wiechmann @.> Sent: Thursday, December 23, 2021 8:42 AM To: Axway-API-Management-Plus/apim-cli @.> Cc: Arnie Voketaitis @.>; Author @.> Subject: Re: [Axway-API-Management-Plus/apim-cli] Need to Provide a Certificate to Import a SOAP API (Issue #249)
This email was sent from an external server
I'm afraid, but this is unfortunately not possible as the CLI is not downloading the WSDL itself.
As you know, the API-Manager only supports the import of the WSDL from a URL. Therefore, when importing a SOAP-Service, the CLI tells the API-Manager to import it from the configured location. This is btw different to the OpenAPI/Swagger import where the CLI imports it from the local file system.
Hence, for the WSDL-Import the CLI has no control about the connection established by the API-Manager to the WSDL-Server.
I'm really sorry, but I don't see any way to solve this.
— Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Axway-2DAPI-2DManagement-2DPlus_apim-2Dcli_issues_249-23issuecomment-2D1000313544&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=p0_hj1z412k-GXFNEIvm3egfp4DqOm1yoGfjX-UnM3E&m=TI_LDAoVBIW6ixMT-jCvpeuOa5nQc6Skh8XwRcL4vTo&s=Ub3E_09ifnmUThLI782c9mmcSwppJvTNIR_nPXsgw8k&e=, or unsubscribehttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AXATMORHIJZE6HRXSPQS2LLUSMRKXANCNFSM5KTJY2CA&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=p0_hj1z412k-GXFNEIvm3egfp4DqOm1yoGfjX-UnM3E&m=TI_LDAoVBIW6ixMT-jCvpeuOa5nQc6Skh8XwRcL4vTo&s=peOXL_Jbak28LXhCojrgCuJLwLTfe1efVxWEbPLe1jM&e=. Triage notifications on the go with GitHub Mobile for iOShttps://urldefense.proofpoint.com/v2/url?u=https-3A__apps.apple.com_app_apple-2Dstore_id1477376905-3Fct-3Dnotification-2Demail-26mt-3D8-26pt-3D524675&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=p0_hj1z412k-GXFNEIvm3egfp4DqOm1yoGfjX-UnM3E&m=TI_LDAoVBIW6ixMT-jCvpeuOa5nQc6Skh8XwRcL4vTo&s=U6ERzIzLTe-FCvJkdt4h37yAKhVIzxgXMR3xKYCartg&e= or Androidhttps://urldefense.proofpoint.com/v2/url?u=https-3A__play.google.com_store_apps_details-3Fid-3Dcom.github.android-26referrer-3Dutm-5Fcampaign-253Dnotification-2Demail-2526utm-5Fmedium-253Demail-2526utm-5Fsource-253Dgithub&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=p0_hj1z412k-GXFNEIvm3egfp4DqOm1yoGfjX-UnM3E&m=TI_LDAoVBIW6ixMT-jCvpeuOa5nQc6Skh8XwRcL4vTo&s=iYeklSxc_jm0engE8_v7clt7oXWOSa92ImE76jTMF8Y&e=. You are receiving this because you authored the thread.Message ID: @.***>
This email has been scanned for spam and viruses by Proofpoint Essentials. Click herehttps://us3.proofpointessentials.com/index01.php?mod_id=11&mod_option=logitem&mail_id=1640266924-IA-H4YBrsphI&r_address=avoketaitis%40bainova.com&report=1 to report this email as spam.
Hi @avoketaitis, Yes, that might work. I checked the response from the ANM for the WSDL-Discovery and got the following example:
[
{
"id": "<key type='WebServiceRepository'><id field='name' value='Web Service Repository'/><key type='WebServiceGroup'><id field='name' value='Web Services'/><key type='WebService'><id field='name' value='BankingServices'/></key></key></key>",
"deprecated": false,
"apiVersion": "1.0",
"swaggerVersion": "1.1",
"basePath": "http://172.20.0.1:8080/BankingDemo.asmx?WSDL",
"resourcePath": "",
"models": {},
"consumes": [],
"produces": [],
"name": "BankingServices",
"basePaths": [
"http://172.20.0.1:8080/BankingDemo.asmx?WSDL"
],
"image": "",
"state": "published",
"cors": false,
"expired": false,
"retirementDate": 0,
"retired": false,
"tags": {},
"availableApiDefinitions": {
"Swagger 1.1": "/discovery/swagger/api/id/%3Ckey%20type='WebServiceRepository'%3E%3Cid%20field='name'%20value='Web%20Service%20Repository'/%3E%3Ckey%20type='WebServiceGroup'%3E%3Cid%20field='name'%20value='Web%20Services'/%3E%3Ckey%20type='WebService'%3E%3Cid%20field='name'%20value='BankingServices'/%3E%3C/key%3E%3C/key%3E%3C/key%3E?swaggerVersion=1.1&filename=BankingServices.json"
},
"availableSDK": {},
"apis": [],
"accessGrantedDate": 0,
"type": "wsdl"
}
]
In order to tell the APIM-CLI to load the API from the ANM the API-Definition/API-Specification must be configured differently. As a refactoring for the apiDefinition
is planned anyway to support filters (#223), it might look like this:
{
"name" : "My Banking Services",
"path" : "/banking/demo",
"state" : "published",
"version" : "2.0",
"organization" : "API Development",
"apiSpecification" : {
"type": "topologyWSDL",
"name": "BankingServices" <<< Must be the name as returned by the discovery response
},
....
..
Additionally, it would be required to authenticate with the ANM, which is not yet the case.
This is a considerable amount of work and it is not guaranteed, this gets finally implemented as the use-case pops up very rarely.
I'm afraid I see no bandwidth to implement this requirement and I don't want give wrong expectations here, therefore I'm closing this issue now.
API-Manager CLI Version 1.6.1
API-Manager and Service-Pack Version 7.7.20200730
Question I am attempting to import a SOAP API. The site that is serving the WSDL requires a certificate. I do not see a way to specify a certificate in the configuration settings file or any other means of specifying a certificate. Just to clarify, if I were to 'curl' the WSDL, I would need to provide my cacert, key, and cert using the --cacert, --key, and --cert options. I need to be able to provide these when running apim-cli so that it doesn't get a 403 access denied when importing the WSDL.
What I've tried so far
Additional information