search

apigee / apigeecli

This is a tool to interact with Apigee APIs. The tool lets you manage (create, del, get, list) environments, proxies, etc.
Apache License 2.0
51 stars 28 forks source link

organization export and import should include keyaliases #469

Closed kurtkanaskie closed 2 months ago

kurtkanaskie commented 3 months ago

apigeecli organization export exports keystores with name only, It should also export the keyaliases. This causes any TargetServers that use a truststore to fail to import. Workaround is to manually export from EXPORT_ORG to IMPORT_ORG

To export a trust store

apigeeclix keystores list --org=$EXPORT_ORG --env=dev
[
    "apigeex-payg-kurt"
]
apigeeclix keystores get --org=$EXPORT_ORG --env=dev --name=apigeex-payg-kurt
{
    "name": "apigeex-payg-kurt",
    "aliases": [
        "xapi-dev.apigeex-payg-kurt.apigee.internal"
    ]
}
apigeeclix keyaliases get --org=$EXPORT_ORG --env=dev --alias=xapi-dev.apigeex-payg-kurt.apigee.internal --key=apigeex-payg-kurt
{
    "alias": "xapi-dev.apigeex-payg-kurt.apigee.internal",
    "certsInfo": {
        "certInfo": [
            {
                "version": 3,
                "subject": "CN=4347656c-a6b5-489c-91a2-ad9caae23d92",
                "issuer": "CN=4347656c-a6b5-489c-91a2-ad9caae23d92",
                "expiryDate": "1828728311000",
                "validFrom": "1671048311000",
                "isValid": "Yes",
                "sigAlgName": "SHA256-RSA",
                "publicKey": "RSA Public Key, 2048 bits",
                "basicConstraints": "CA:TRUE",
                "serialNumber": "9a:c1:b3:96:92:ad:22:20:f3:ed:1f:72:19:5b:67:8c"
            }
        ]
    },
    "type": "CERT"
}
apigeeclix keyaliases getcert --org=$EXPORT_ORG --env=dev --alias=xapi-dev.apigeex-payg-kurt.apigee.internal --key=apigeex-payg-kurt
Resource xapi-dev.apigeex-payg-kurt.apigee.internal.crt completed

To import into new org

apigeeclix keystores list --org=$IMPORT_ORG --env=dev
[
    "apigeex-payg-kurt"
]
apigeeclix keyaliases create --org=$IMPORT_ORG --env=dev --alias=xapi-dev.apigeex-payg-kurt.apigee.internal --key=apigeex-payg-kurt --format=pem --cert-filepath=xapi-dev.apigeex-payg-kurt.apigee.internal.crt
{
    "alias": "xapi-dev.apigeex-payg-kurt.apigee.internal",
    "certsInfo": {
        "certInfo": [
            {
                "version": 3,
                "subject": "CN=4347656c-a6b5-489c-91a2-ad9caae23d92",
                "issuer": "CN=4347656c-a6b5-489c-91a2-ad9caae23d92",
                "expiryDate": "1828728311000",
                "validFrom": "1671048311000",
                "isValid": "Yes",
                "sigAlgName": "SHA256-RSA",
                "publicKey": "RSA Public Key, 2048 bits",
                "basicConstraints": "CA:TRUE",
                "serialNumber": "9a:c1:b3:96:92:ad:22:20:f3:ed:1f:72:19:5b:67:8c"
            }
        ]
    },
    "type": "CERT"
}

apigeecli targetservers create --org=$ORG --env=dev \
    --name=apigeex-payg-kurt-us-east1-dns \
    --host=xapi-dev-us-east1.apigeex-payg-kurt.apigee.internal \
    --port=443 --tls=true \
    --truststore=apigeex-payg-kurt