BeardedPrincess
commented
2 months ago Thanks for putting this in @jphung1 . I'm assuming that the URL needing to be used does not have /vedsdk at all, and vCert is being too helpful by constantly trying to add it back in, is that correct?
I have done some work with vCert hitting API gateways previously, and was always able to modify the collection that was being used to include /vedsdk to deal with this. Is that not possible in this case?
Changing the code to accommodate this would be possible, but probably only by implementing a flag (something like --useLiteralURL so that we don't cause breakage with current users who are not providing that.
On a personal note, I think this was a bad design decision to assume that the API would always be on ..../vedsdk : it's possible and sometimes necessary to host the API endpoint on some other URL in TPP itself - even without an API gateway. But, now, protecting backwards compatibility is more important.
jphung1
BUSINESS PROBLEM
We are trying to use vcert to automate certificates for an Azure hosted application. The API endpoint calls are proxied through an API gateway that is based on Kong API gateway.
Vcert is normalizing the API endpoint URL causing some issues where the endpoints are in an expected format. (vcert expects a URL in the format of https://tpp.company.com/vedsdk but the actual URL is different due to the API gateway)
PROPOSED SOLUTION
Modify the function in vcert to allow for a wider range of valid API urls
CURRENT ALTERNATIVES
A thought was to fork and alter the code to allow for the actual URL, however this is not a solution that we would move forward with because of questions of vcert supportability.