├── .gitignore ├── README.md ├── bash ├── brancha_prod.yaml ├── doapic-consumer.bash ├── doapic-manprod.bash ├── doapic-org.bash ├── doapic-prod.bash ├── findbrancha.yaml ├── readme.md ├── undoapic-consumer.bash ├── undoapic-org.bash └── user-shells.txt ├── batch ├── brancha_prod.yaml ├── doapic-consumer.bat ├── doapic-manprod.bat ├── doapic-org.bat ├── doapic-prod.bat ├── findbrancha.yaml ├── undoapic-consumer.bat ├── undoapic-org.bat └── user-steve.txt ├── change-owner ├── transfercatalogowner.md ├── transferproviderorgowner.md └── transferspacesowner.md └── docs ├── CommandLine-Intro.md └── REST-API-FirstSteps.md /.gitignore: -------------------------------------------------------------------------------- 1 | *~ 2 | **/confidential/** 3 | *zip 4 | *7z 5 | *tar 6 | *tar.gz 7 | **/POC/** 8 | **/temp/** 9 | *html 10 | *pdf 11 | *# 12 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Example Toolkit Scripts 2 | 3 | ### [*change-owner*](./change-owner) folder: 4 | - Change the owner of an Organization, Catalog or Space. IBM API Connect v10 web UI contains these functions. 5 | 6 | ### *Docs* 7 | - [v10 Command Line Intro](./docs/CommandLine-Intro.md) 8 | - [v10 REST API: First Steps](./docs/REST-API-FirstSteps.md) 9 | 10 | ### *hybrid-gwy* 11 | - [Hybrid Gateways](https://github.com/ibm-apiconnect/apic-hybrid-cloud-enablement/blob/master/docs-and-tools/hybrid-gwy/README.md) contains the document and supporting scripts to set up a hybrid API Gateway. The scripts will be useful for DevOps oriented IBM clients. The scripts were verified on IBM API Connect (k8s) v10.0.3. 12 | 13 | ### *Governance & DevOps* 14 | - [Governance Models & Version Control for API Products](https://github.com/ibm-apiconnect/apic-hybrid-cloud-enablement/blob/master/docs-and-tools/governance/README.md) discusses versions for API Definitions & Products, version number in the API URI and the effect of Subscription Client ID in routing API calls. 15 | - [DevOps for API Products & Consumer Subscriptions](https://github.com/ibm-apiconnect/apic-hybrid-cloud-enablement/blob/master/docs-and-tools/dev-ops/README.md) posits a use case for migrating subscriptions which belong to a Consumer Organization. The sample scripts to perform the operation were developed on IBM API Connect v10.0.1.x 16 | 17 | ### [*bash*](./bash) and [*batch*](./batch) folders: 18 | The scripts demonstrate the use of the toolkit commands to build and remove API Connect artifacts. These files **must** be executed in the order listed below. 19 | 20 | - **bash** scripts run in a Unix/Linux/Cygwyn bash shell 21 | - **batch** scripts run in a Windows command shell. 22 | 23 | In each directory, there are two **yaml** files which define an API and Product, and a **txt** file with configuration information to create a Provider Organization admin user. Each script takes the host address of the APIC CMC instance as the first command line argument. The **doapic-org** script takes a second argument, the CMC admin user password. 24 | 25 | **doapic-org**: 26 | - Create a Provider Organization admin user 27 | - Create a Provider Organization 28 | - Configure the default sandbox catalog to use one or more gateways 29 | 30 | **doapic-prod**: 31 | - Create draft APIs and Products 32 | - Publish Products 33 | - Replace an existing published product with a new version 34 | - Delete a product 35 | 36 | **doapic-consumer**: 37 | - Create a Consumer Organization admin user 38 | - Create a Consumer Organization 39 | - Create a new consumer app 40 | - Subscribe the new app to an existing published product 41 | 42 | **doapic-manprod**: 43 | - Stages a new product version 44 | - Supercedes the existing published product with the new one 45 | - Configures subscription migration 46 | - Migrates existing subscriptions from the old product to the new product 47 | 48 | For convenience, two files undo the work performed by the others. 49 | 50 | **undoapic-consumer**: 51 | - Deletes the consumer app, thus breaking subscriptions 52 | - Deletes the Consumer Organization 53 | - Deletes the Consumer Organization admin user from the user registry 54 | 55 | **undoapic-org**: 56 | - Deletes all published products 57 | - Deletes the Provider Organization, thus deleting the associated catalog 58 | - Deletes the Provider Organization admin user from the user registry 59 | 60 | ### Obtaining the v2018 toolkit 61 | 62 | The scripts in *bash* and *batch* folders were developed on API Connect v2018. Please see [Working with the toolkit](https://www.ibm.com/support/knowledgecenter/en/SSMNED_2018/com.ibm.apic.toolkit.doc/capim_cli_working_with.html) for information about downloading and using the toolkit. 63 | -------------------------------------------------------------------------------- /bash/brancha_prod.yaml: -------------------------------------------------------------------------------- 1 | product: 1.0.0 2 | info: 3 | name: findbrancha 4 | title: Find Branches 5 | version: 1.0.0 6 | gateways: 7 | - datapower-api-gateway 8 | apis: 9 | FindBranch: 10 | $ref: findbrancha.yaml 11 | visibility: 12 | view: 13 | enabled: true 14 | type: public 15 | tags: [] 16 | orgs: [] 17 | subscribe: 18 | enabled: true 19 | type: authenticated 20 | tags: [] 21 | orgs: [] 22 | plans: 23 | default: 24 | title: Default Plan 25 | description: Default Plan 26 | approval: false 27 | rate-limits: 28 | default: 29 | value: 100/hour 30 | hard-limit: false 31 | -------------------------------------------------------------------------------- /bash/doapic-consumer.bash: -------------------------------------------------------------------------------- 1 | server=$1 2 | user=shells 3 | password=Passw0rd 4 | porg_name=shellorg 5 | api_file=findbrancha.yaml 6 | prod_file=brancha_prod.yaml 7 | 8 | # build consumer user file 9 | echo "username: tenth">user-tenth.txt 10 | echo "email: tenth@example.com">>user-tenth.txt 11 | echo "first_name: Tenth">>user-tenth.txt 12 | echo "last_name: Man">>user-tenth.txt 13 | echo "password: Passw0rd">>user-tenth.txt 14 | 15 | echo Here is the consumer org owner 16 | echo : 17 | cat user-tenth.txt 18 | echo : 19 | echo "name: tenths">tenths-org.txt 20 | echo "title: Tenth Man">>tenths-org.txt 21 | 22 | 23 | apic login --username ${user} --password ${password} --realm provider/default-idp-2 24 | 25 | sleep 1 26 | 27 | echo : 28 | echo create new catalog user 29 | 30 | res=$(apic users:create --server ${server} --org ${porg_name} --user-registry sandbox-catalog user-tenth.txt) 31 | sid=$(echo ${res} | cut -d' ' -f 4) 32 | owner_url="owner_url: ${sid}" 33 | echo ${owner_url}>>tenths-org.txt 34 | cat tenths-org.txt 35 | echo : 36 | 37 | echo create new consumer org 38 | 39 | apic consumer-orgs:create --server ${server} --org ${porg_name} --catalog sandbox tenths-org.txt 40 | sleep 2 41 | echo : 42 | 43 | echo "title: blackball">black-app.txt 44 | echo Create new app in new consumer org 45 | apic apps:create --consumer-org tenths --catalog sandbox --server ${server} --org ${porg_name} black-app.txt 46 | echo : 47 | 48 | echo Product for subscription 49 | res=$(apic products:list-all --server ${server} --org ${porg_name} --catalog sandbox --scope catalog) 50 | gURL=$(echo ${res} | cut -d' ' -f 4) 51 | product_url="product_url: ${gURL}" 52 | echo ${product_url}>subscriber.txt 53 | echo "plan: default">>subscriber.txt 54 | cat subscriber.txt 55 | 56 | echo : 57 | echo Subscribe new app to product 58 | apic subscriptions:create --server ${server} --org ${porg_name} --consumer-org tenths --catalog sandbox --app blackball subscriber.txt 59 | echo : 60 | 61 | echo work done 62 | apic logout --server ${server} 63 | -------------------------------------------------------------------------------- /bash/doapic-manprod.bash: -------------------------------------------------------------------------------- 1 | server=$1 2 | user=shells 3 | password=Passw0rd 4 | user_file=user-shells.txt 5 | porg_name=shellorg 6 | api_file=findbrancha.yaml 7 | prod_file=brancha_prod.yaml 8 | 9 | apic login --server ${server} --username ${user} --password ${password} --realm provider/default-idp-2 10 | sleep 1 11 | echo : 12 | 13 | echo Published product list 14 | res=$(apic products:list-all --server ${server} --org ${porg_name} --catalog sandbox --scope catalog) 15 | gURL=$(echo ${res} | cut -d' ' -f 4) 16 | product_url="product_url: ${gURL}" 17 | echo ${product_url}>supersede.txt 18 | echo : 19 | 20 | echo build supercede map 21 | echo "plans:">>supersede.txt 22 | echo "- source: default">>supersede.txt 23 | echo " target: default">>supersede.txt 24 | cat supersede.txt 25 | echo : 26 | 27 | echo check subscriptions to existing prod 28 | apic subscriptions:list --server ${server} --app blackball --catalog sandbox --org ${porg_name} --consumer-org tenths 29 | echo : 30 | 31 | echo stage a superceding product 32 | res=$(apic products:publish --server ${server} --org ${porg_name} --catalog sandbox --stage brancha_prod.yaml ) 33 | gURL=$(echo ${res} | cut -d' ' -f 4) 34 | product_url="product_url: ${gURL}" 35 | echo ${product_url}>migrate.txt 36 | 37 | echo supercede existing product 38 | apic products:supersede --server ${server} --org ${porg_name} --catalog sandbox --scope catalog findbrancha:1.0.0 supersede.txt 39 | echo : 40 | 41 | echo product states 42 | apic products:list-all --server ${server} --org ${porg_name} --catalog sandbox --scope catalog 43 | echo : 44 | 45 | echo subscription states 46 | res=$(apic subscriptions:list --server ${server} --app blackball --catalog sandbox --org ${porg_name} --consumer-org tenths) 47 | sid=$(echo ${res} | cut -d' ' -f 1) 48 | echo "subscription id ${sid}" 49 | echo : 50 | 51 | apic subscriptions:get --server ${server} --app blackball --catalog sandbox --org ${porg_name} --consumer-org tenths ${sid} 52 | 53 | echo show subscription details examine product url 54 | grep "product" ${sid}.yaml 55 | echo : 56 | 57 | echo build migration target file 58 | echo "plans:">>migrate.txt 59 | echo "- source: default">>migrate.txt 60 | echo " target: default">>migrate.txt 61 | cat migrate.txt 62 | echo : 63 | 64 | echo set migration target 65 | apic products:set-migration-target --server ${server} --org ${porg_name} --catalog sandbox --scope catalog findbrancha:2.0.0 migrate.txt 66 | echo : 67 | 68 | echo migrate subscriptions 69 | apic products:execute-migration-target --server ${server} --org ${porg_name} --catalog sandbox --scope catalog findbrancha:2.0.0 70 | echo : 71 | 72 | echo subscription states 73 | res=$(apic subscriptions:list --server ${server} --app blackball --catalog sandbox --org ${porg_name} --consumer-org tenths) 74 | sid=$(echo ${res} | cut -d' ' -f 1) 75 | echo "subscription id is now ${sid}" 76 | echo : 77 | 78 | echo show subscription details examine product url 79 | apic subscriptions:get --server ${server} --app blackball --catalog sandbox --org ${porg_name} --consumer-org tenths --output - ${sid} 80 | 81 | echo work done 82 | apic logout --server ${server} 83 | 84 | -------------------------------------------------------------------------------- /bash/doapic-org.bash: -------------------------------------------------------------------------------- 1 | server=$1 2 | user=admin 3 | password=$2 4 | user_file=user-shells.txt 5 | porg_name=shellorg 6 | api_file=findbrancha.yaml 7 | prod_file=brancha_prod.yaml 8 | 9 | echo name: ${porg_name}>${porg_name}.txt 10 | echo title: ${porg_name}>>${porg_name}.txt 11 | 12 | 13 | echo log in as CMC admin 14 | apic login --server ${server} --username ${user} --password ${password} --realm admin/default-idp-1 15 | echo : 16 | 17 | echo create new provider org admin user and build org file 18 | sleep 2 19 | ret=$(apic users:create --server ${server} --org admin --user-registry api-manager-lur ${user_file}) 20 | URL=$(echo ${ret} | cut -d' ' -f 4) 21 | owner_url="owner_url: ${URL}" 22 | echo ${owner_url}>>${porg_name}.txt 23 | cat ${porg_name}.txt 24 | echo : 25 | 26 | echo create new provider org 27 | apic orgs:create --server ${server} ${porg_name}.txt 28 | sleep 2 29 | 30 | echo log out as cmc admin 31 | apic logout --server ${server} 32 | 33 | sleep 1 34 | 35 | echo : 36 | 37 | newuser=$(grep "username" ${user_file} | cut -d' ' -f 2) 38 | newuserpassword=$(grep "password" ${user_file} | cut -d' ' -f 2) 39 | 40 | echo logging in Provider ${porg_name} with ${newuser} ${newuserpassword} 41 | apic login --server ${server} --username ${newuser} --password ${newuserpassword} --realm provider/default-idp-2 42 | echo : 43 | sleep 1 44 | 45 | echo list available gateways 46 | n=0 47 | ans=$(apic gateway-services:list --server ${server} --scope org --org ${porg_name}) 48 | while IFS= read -r line 49 | do 50 | n=$(($n + 1)) 51 | gURL=$(echo ${line} | cut -d' ' -f 2) 52 | gateway_url="gateway_service_url: ${gURL}" 53 | echo ${gateway_url} 54 | echo ${gateway_url}>gwsvc${n}.txt 55 | done <<< ${ans} 56 | 57 | 58 | echo there are ${n} gateways available 59 | echo : 60 | echo configure gateways for sandbox catalog 61 | 62 | for (( c=1; c<=${n}; c++ )) 63 | do 64 | apic configured-gateway-services:create --server ${server} --org ${porg_name} --scope catalog --catalog sandbox gwsvc${c}.txt 65 | done 66 | 67 | echo work complete log out 68 | apic logout --server ${server} 69 | 70 | 71 | 72 | 73 | -------------------------------------------------------------------------------- /bash/doapic-prod.bash: -------------------------------------------------------------------------------- 1 | server=$1 2 | user=shells 3 | password=Passw0rd 4 | user_file=user-shells.txt 5 | porg_name=shellorg 6 | api_file=findbrancha.yaml 7 | prod_file=brancha_prod.yaml 8 | 9 | apic login --server ${server} --username ${user} --password ${password} --realm provider/default-idp-2 10 | 11 | sleep 1 12 | 13 | echo Current draft apis: 14 | apic draft-apis:list-all --server ${server} --org ${porg_name} 15 | echo Current draft products: 16 | apic draft-products:list-all --server ${server} --org ${porg_name} 17 | echo : 18 | 19 | echo create new draft prod 20 | apic draft-products:create --server ${server} --org ${porg_name} brancha_prod.yaml 21 | echo : 22 | 23 | echo publish same draft prod 24 | res=$(apic products:publish --server ${server} --org ${porg_name} --catalog sandbox brancha_prod.yaml) 25 | gURL=$(echo ${res} | cut -d' ' -f 4) 26 | product_url="product_url: ${gURL}" 27 | echo : 28 | 29 | # build replace product file 30 | echo ${product_url}>prodmap.txt 31 | echo "plans:">>prodmap.txt 32 | echo "- source: default">>prodmap.txt 33 | echo " target: default">>prodmap.txt 34 | 35 | echo Published product list 36 | apic products:list-all --server ${server} --org ${porg_name} --catalog sandbox --scope catalog 37 | echo : 38 | 39 | echo create new api and prod yaml locally and stage 40 | 41 | sed 's/version: 1.0.0/version: 2.0.0/g' findbrancha.yaml > findbrancha2.yaml 42 | sed 's/version: 1.0.0/version: 2.0.0/g' brancha_prod.yaml > brancha_prod2.yaml 43 | sed 's/findbrancha.yaml/findbrancha2.yaml/g' brancha_prod2.yaml 44 | 45 | apic products:publish --server ${server} --org ${porg_name} --catalog sandbox --stage brancha_prod2.yaml 46 | sleep 1 47 | echo : 48 | 49 | echo list all products in catalog - note staged 50 | apic products:list-all --server ${server} --org ${porg_name} --catalog sandbox --scope catalog 51 | echo : 52 | 53 | echo replace published with staged product 54 | apic products:replace --server ${server} --org ${porg_name} --scope catalog --catalog sandbox findbrancha:2.0.0 prodmap.txt 55 | echo : 56 | 57 | echo list all products in catalog - note state 58 | apic products:list-all --server ${server} --org ${porg_name} --catalog sandbox --scope catalog 59 | echo : 60 | 61 | echo delete retired product 62 | apic products:delete --server ${server} --org ${porg_name} --scope catalog --catalog sandbox findbrancha:1.0.0 63 | echo : 64 | 65 | echo list products 66 | apic products:list-all --server ${server} --org ${porg_name} --catalog sandbox --scope catalog 67 | echo : 68 | 69 | echo work done 70 | apic logout --server ${server} -------------------------------------------------------------------------------- /bash/findbrancha.yaml: -------------------------------------------------------------------------------- 1 | swagger: "2.0" 2 | info: 3 | title: FindBranch 4 | x-ibm-name: findbranch 5 | version: 1.0.0 6 | schemes: 7 | - https 8 | basePath: /findbranch 9 | security: 10 | - clientID: [] 11 | securityDefinitions: 12 | clientID: 13 | type: apiKey 14 | in: header 15 | name: X-IBM-Client-Id 16 | x-ibm-configuration: 17 | phase: realized 18 | testable: true 19 | enforced: true 20 | properties: 21 | target-url: 22 | value: https://apim-services.mybluemix.net/banka/v1/branches 23 | description: The URL of the target service 24 | encoded: false 25 | cors: 26 | enabled: true 27 | assembly: 28 | execute: 29 | - invoke: 30 | title: invoke 31 | version: 2.0.0 32 | verb: keep 33 | target-url: $(target-url) 34 | gateway: datapower-api-gateway 35 | type: rest 36 | application-authentication: 37 | certificate: false 38 | definitions: 39 | branch: 40 | type: object 41 | description: The format of the branch field. 42 | properties: 43 | address: 44 | $ref: '#/definitions/address' 45 | properties: {} 46 | description: The address of the branch 47 | type: 48 | type: string 49 | description: The type of branch 50 | example: atm 51 | id: 52 | type: string 53 | description: The ID of the branch 54 | example: "\t9d72ece0-7e7b-11e5-9038-55f9f9c08c06" 55 | address: 56 | type: object 57 | properties: 58 | street1: 59 | type: string 60 | description: The first line of the address 61 | example: 4660 La Jolla Village Drive 62 | street2: 63 | type: string 64 | description: The second line of the address 65 | example: Suite 300 66 | city: 67 | type: string 68 | description: The city of the address 69 | example: San Diego 70 | state: 71 | type: string 72 | description: The state of the address 73 | example: CA 74 | zip_code: 75 | type: string 76 | description: The zip code of the address 77 | example: "92122" 78 | paths: 79 | /details: 80 | get: 81 | responses: 82 | "200": 83 | description: 200 OK 84 | schema: 85 | $ref: '#/definitions/branch' 86 | parameters: [] 87 | -------------------------------------------------------------------------------- /bash/readme.md: -------------------------------------------------------------------------------- 1 | These scripts run on a bash shell. 2 | -------------------------------------------------------------------------------- /bash/undoapic-consumer.bash: -------------------------------------------------------------------------------- 1 | server=$1 2 | user=shells 3 | password=Passw0rd 4 | porg_name=shellorg 5 | 6 | 7 | echo log in as provider org owner 8 | apic login --username ${user} --password ${password} --realm provider/default-idp-2 9 | sleep 1 10 | echo : 11 | 12 | echo delete apps in consumer org 13 | apic apps:delete --server ${server} --org ${porg_name} --catalog sandbox --consumer-org tenths blackball 14 | echo : 15 | 16 | echo List apps in consumer org 17 | apic apps:list --server ${server} --org ${porg_name} --catalog sandbox --consumer-org tenths 18 | echo : 19 | 20 | echo delete consumer org 21 | apic consumer-orgs:delete --server ${server} --org ${porg_name} --catalog sandbox tenths 22 | sleep 2 23 | echo : 24 | 25 | echo list consumer org 26 | apic consumer-orgs:list --server ${server} --org ${porg_name} --catalog sandbox 27 | echo : 28 | 29 | echo delete consumer org user 30 | apic users:delete --server ${server} --org ${porg_name} --user-registry sandbox-catalog tenth 31 | sleep 2 32 | echo : 33 | 34 | echo list catalog users 35 | apic users:list --server ${server} --org ${porg_name} --user-registry sandbox-catalog 36 | echo : 37 | 38 | echo work done 39 | apic logout --server ${server} 40 | -------------------------------------------------------------------------------- /bash/undoapic-org.bash: -------------------------------------------------------------------------------- 1 | server=$1 2 | user=admin 3 | password=$2 4 | user_file=user-shells.txt 5 | porg_name=shellorg 6 | 7 | 8 | newuser=$(grep "username" ${user_file} | cut -d' ' -f 2) 9 | newuserpassword=$(grep "password" ${user_file} | cut -d' ' -f 2) 10 | 11 | echo logging in Provider ${porg_name} with ${newuser} ${newuserpassword} 12 | apic login --server ${server} --username ${newuser} --password ${newuserpassword} --realm provider/default-idp-2 13 | echo : 14 | sleep 1 15 | 16 | echo remove all products 17 | apic products:clear-all --server ${server} --org ${porg_name} --catalog sandbox --scope catalog --confirm sandbox 18 | apic products:list-all --server ${server} --org ${porg_name} --catalog sandbox --scope catalog 19 | 20 | echo log out as provider admin 21 | apic logout--server ${server} 22 | 23 | echo Log in as CMC admin 24 | apic login --server ${server} --username ${user} --password ${password} --realm admin/default-idp-1 25 | sleep 2 26 | echo : 27 | 28 | echo : 29 | echo delete Provider org - long delay 30 | apic orgs:delete --server ${server} ${porg_name} 31 | sleep 3 32 | 33 | echo : 34 | echo delete org admin user 35 | apic users:delete --server ${server} --org admin --user-registry api-manager-lur ${newuser} 36 | 37 | echo : 38 | echo list users 39 | apic users:list --server ${server} --org admin --user-registry api-manager-lur 40 | 41 | echo work complete log out 42 | apic logout--server ${server} 43 | 44 | 45 | 46 | 47 | -------------------------------------------------------------------------------- /bash/user-shells.txt: -------------------------------------------------------------------------------- 1 | username: shells 2 | email: shells@us.ibm.com 3 | first_name: She 4 | last_name: Sells 5 | password: Passw0rd -------------------------------------------------------------------------------- /batch/brancha_prod.yaml: -------------------------------------------------------------------------------- 1 | product: 1.0.0 2 | info: 3 | name: findbrancha 4 | title: Find Branches 5 | version: 1.0.0 6 | gateways: 7 | - datapower-api-gateway 8 | apis: 9 | FindBranch: 10 | $ref: findbrancha.yaml 11 | visibility: 12 | view: 13 | enabled: true 14 | type: public 15 | tags: [] 16 | orgs: [] 17 | subscribe: 18 | enabled: true 19 | type: authenticated 20 | tags: [] 21 | orgs: [] 22 | plans: 23 | default: 24 | title: Default Plan 25 | description: Default Plan 26 | approval: false 27 | rate-limits: 28 | default: 29 | value: 100/hour 30 | hard-limit: false 31 | -------------------------------------------------------------------------------- /batch/doapic-consumer.bat: -------------------------------------------------------------------------------- 1 | echo off 2 | setlocal 3 | set server=qa1042.argo2-sl.dev.ciondemand.com 4 | set user=steve 5 | set password=Passw0rd 6 | set porg_name=steveorg 7 | 8 | 9 | rem build consumer user file 10 | echo username: eighter>user-eighter.txt 11 | echo email: eighter@example.com>>user-eighter.txt 12 | echo first_name: Eighter>>user-eighter.txt 13 | echo last_name: Decatur>>user-eighter.txt 14 | echo password: Passw0rd>>user-eighter.txt 15 | 16 | echo here is the consumer org owner 17 | echo : 18 | cat user-eighter.txt 19 | echo : 20 | echo name: eights>eights-org.txt 21 | echo title: Eight Balls>>eights-org.txt 22 | 23 | 24 | echo log into provider org 25 | apic login --server %server% --username %user% --password %password% --realm provider/default-idp-2 26 | timeout /t 1 /nobreak > NUL 27 | 28 | echo : 29 | echo create new catalog user 30 | 31 | set ACMD=apic users:create --server %server% --org %porg_name% --user-registry sandbox-catalog user-eighter.txt 32 | for /f "tokens=4 delims= " %%a in ('%ACMD%') do set URL=%%a 33 | set owner_url=owner_url: %URL% 34 | echo %owner_url% >>eights-org.txt 35 | echo : 36 | echo new consumer org file 37 | type eights-org.txt 38 | echo : 39 | 40 | echo create new consumer org 41 | 42 | apic consumer-orgs:create --server %server% --org %porg_name% --catalog sandbox eights-org.txt 43 | timeout /t 1 /nobreak > NUL 44 | echo : 45 | 46 | rem create app file 47 | echo title: blackball>black-app.txt 48 | echo Create new app in new consumer org 49 | apic apps:create --server %server% --org %porg_name% --consumer-org eights --catalog sandbox black-app.txt 50 | echo : 51 | 52 | echo create subscription file 53 | set ACMD=apic products:list-all --server %server% --org %porg_name% --catalog sandbox --scope catalog 54 | for /f "tokens=4 delims= " %%a in ('%ACMD%') do set URL=%%a 55 | set product-url=product_url: %URL% 56 | echo %product-url%>subscriber.txt 57 | echo plan: default>>subscriber.txt 58 | type subscriber.txt 59 | echo : 60 | 61 | echo subscribe new app to product 62 | apic subscriptions:create --server %server% --org %porg_name% --consumer-org eights --catalog sandbox --app blackball subscriber.txt 63 | echo : 64 | 65 | 66 | echo work done 67 | apic logout --server %server% 68 | -------------------------------------------------------------------------------- /batch/doapic-manprod.bat: -------------------------------------------------------------------------------- 1 | echo off 2 | setlocal 3 | set server=%1 4 | set user=steve 5 | set password=Passw0rd 6 | set porg_name=steveorg 7 | set api_file=findbrancha.yaml 8 | set prod_file=brancha_prod.yaml 9 | 10 | echo log in as Provider Org owner 11 | apic login --server %server% --username %user% --password %password% --realm provider/default-idp-2 12 | 13 | timeout /t 3 /nobreak > NUL 14 | echo : 15 | 16 | echo identify the product to supercede 17 | set ACMD=apic products:list-all --server %server% --org %porg_name% --catalog sandbox --scope catalog 18 | for /f "tokens=1,2,3,4 delims= " %%a in ('%ACMD%') do ( 19 | set gURL=%%d 20 | echo %%a %gURL%) 21 | echo : 22 | set product_url=product_url: %gURL% 23 | echo %product_url% > supersede.txt 24 | 25 | echo build supercede map 26 | echo plans: >> supersede.txt 27 | echo - source: default >> supersede.txt 28 | echo target: default >> supersede.txt 29 | type supersede.txt 30 | echo : 31 | 32 | echo check subscriptions to existing prod 33 | apic subscriptions:list --server %server% --org %porg_name% --catalog sandbox --consumer-org eights --app blackball 34 | echo : 35 | 36 | echo create and stage a superceding product 37 | rem capture product url for later use 38 | set ACMD=apic products:publish --server %server% --org %porg_name% --catalog sandbox --stage brancha_prod.yaml 39 | for /f "tokens=1,2,3,4 delims= " %%a in ('%ACMD%') do set gURL=%%d 40 | set product_url=product_url: %gURL% 41 | echo %product_url% > migrate.txt 42 | 43 | echo product list note staged 44 | apic products:list-all --server %server% --org %porg_name% --catalog sandbox --scope catalog 45 | echo : 46 | 47 | echo supercede existing product 48 | apic products:supersede --server %server% --org %porg_name% --catalog sandbox --scope catalog findbrancha:1.0.0 supersede.txt 49 | echo : 50 | 51 | echo product states 52 | apic products:list-all --server %server% --org %porg_name% --catalog sandbox --scope catalog 53 | echo : 54 | 55 | echo subscription states 56 | set ACMD=apic subscriptions:list --server %server% --org %porg_name% --catalog sandbox --consumer-org eights --app blackball 57 | for /f "tokens=1 delims= " %%a in ('%ACMD%') do set sb=%%a 58 | echo subscription id %sb% 59 | echo : 60 | 61 | rem get a copy of the subscription yaml 62 | apic subscriptions:get --server %server% --org %porg_name% --catalog sandbox --consumer-org eights --app blackball %sb%>nul 63 | 64 | echo show subscription details examine product url 65 | 66 | set sb_file=%sb%.yaml 67 | for /F "delims=" %%i in (%sb_file%) do ( 68 | echo "%%i" | findstr /C:"updated">nul && ( 69 | goto :eof 70 | ) || ( 71 | echo.%%i 72 | ) 73 | ) 74 | echo : 75 | 76 | 77 | echo build migration target file 78 | echo plans: >> migrate.txt 79 | echo - source: default >> migrate.txt 80 | echo target: default >> migrate.txt 81 | type migrate.txt 82 | echo : 83 | 84 | echo set migration target 85 | apic products:set-migration-target --server %server% --org %porg_name% --catalog sandbox --scope catalog findbrancha:2.0.0 migrate.txt 86 | echo : 87 | 88 | echo migrate subscriptions 89 | apic products:execute-migration-target --server %server% --org %porg_name% --catalog sandbox --scope catalog findbrancha:2.0.0 90 | echo : 91 | 92 | echo subscription states 93 | set ACMD=apic subscriptions:list --server %server% --org %porg_name% --catalog sandbox --consumer-org eights --app blackball 94 | for /f "tokens=1,2,3,4 delims= " %%a in ('%ACMD%') do set sb=%%a 95 | echo subscription id %sb% 96 | echo : 97 | 98 | echo show subscription details examine product url 99 | apic subscriptions:get --server %server% --org %porg_name% --catalog sandbox --consumer-org eights --app blackball --output - %sb% 100 | 101 | echo work done 102 | apic logout --server %server% 103 | 104 | -------------------------------------------------------------------------------- /batch/doapic-org.bat: -------------------------------------------------------------------------------- 1 | echo off 2 | setlocal 3 | set server=%1 4 | set user=admin 5 | set password=%2 6 | set user_file=user-steve.txt 7 | set porg_name=steveorg 8 | set api_file=findbrancha.yaml 9 | set prod_file=brancha_prod.yaml 10 | 11 | rem Create provider org file stub 12 | echo name: %porg_name%>%porg_name%.txt 13 | echo title: %porg_name%>>%porg_name%.txt 14 | 15 | echo log in as CMC admin 16 | apic login --server %server% --username %user% --password %password% --realm admin/default-idp-1 17 | 18 | timeout /t 2 /nobreak > NUL 19 | 20 | echo : 21 | echo create new Provider org admin user and create org file 22 | 23 | set ACMD="apic users:create --server %server% --org admin --user-registry api-manager-lur "%user_file% 24 | for /f "tokens=4 delims= " %%a in ('%ACMD%') do set URL=%%a 25 | set owner_url=owner_url: %URL% 26 | echo %owner_url% >> %porg_name%.txt 27 | type %porg_name%.txt 28 | 29 | echo : 30 | echo create new Provider org 31 | apic orgs:create --server %server% %porg_name%.txt 32 | 33 | timeout /t 4 /nobreak > NUL 34 | echo : 35 | 36 | echo log out as cmc admin 37 | apic logout --server %server% 38 | 39 | timeout /t 2 /nobreak > NUL 40 | echo : 41 | 42 | for /F "tokens=1,2 delims= " %%a in (%user_file%) do ( 43 | if %%a==username: ( 44 | set new-user=%%b ) 45 | if %%a==password: ( 46 | set new-user-password=%%b ) 47 | ) 48 | 49 | echo logging in as provider org username %new-user% password %new-user-password% 50 | apic login --server %server% --username %new-user% --password %new-user-password% --realm provider/default-idp-2 51 | 52 | timeout /t 2 /nobreak > NUL 53 | echo : 54 | 55 | setlocal ENABLEDELAYEDEXPANSION 56 | echo list available gateway(s) for sandbox catalog 57 | set ACMD=apic gateway-services:list --server %server% --org %porg_name% --scope org 58 | set count=0 59 | for /f "tokens=2 delims= " %%a in ('%ACMD%') do ( 60 | set gURL=%%a 61 | set /a count=count+1 62 | echo.!gURL! 63 | set gateway_url=gateway_service_url: !gURL! 64 | echo !gateway_url! > gwsvc!count!.txt 65 | ) 66 | 67 | echo there are !count! gateway services 68 | echo : 69 | 70 | echo configure gateway(s) for sandbox catalog 71 | set /a i = 1 72 | :loop 73 | 74 | if !i! leq !count! ( 75 | apic configured-gateway-services:create --server %server% --org %porg_name% --scope catalog --catalog sandbox gwsvc!i!.txt 76 | set /a i=!i!+1 77 | goto :loop 78 | ) 79 | endlocal 80 | 81 | echo : 82 | echo work complete log out 83 | apic logout --server %server% 84 | 85 | 86 | 87 | 88 | -------------------------------------------------------------------------------- /batch/doapic-prod.bat: -------------------------------------------------------------------------------- 1 | echo off 2 | setlocal 3 | set server=%1 4 | set user=steve 5 | set password=Passw0rd 6 | set user_file=user-steve.txt 7 | set porg_name=steveorg 8 | set api_file=findbrancha.yaml 9 | set prod_file=brancha_prod.yaml 10 | 11 | apic login --server %server% --username %user% --password %password% --realm provider/default-idp-2 12 | timeout /t 3 /nobreak > NUL 13 | 14 | echo Current draft apis: 15 | apic draft-apis:list-all --server %server% --org %porg_name% 16 | echo Current draft products: 17 | apic draft-products:list-all --server %server% --org %porg_name% 18 | echo : 19 | echo create new draft prod 20 | apic draft-products:create --server %server% --org %porg_name% brancha_prod.yaml 21 | echo : 22 | echo publish same draft prod 23 | echo : 24 | 25 | rem capture product url for use in replace map 26 | set ACMD=apic products:publish --server %server% --org %porg_name% --catalog sandbox brancha_prod.yaml 27 | for /f "tokens=4 delims= " %%a in ('%ACMD%') do set gURL=%%a 28 | set product_url=product_url: %gURL% 29 | echo %product_url%>prodmap.txt 30 | echo plans:>>prodmap.txt 31 | echo - source: default>>prodmap.txt 32 | echo target: default>>prodmap.txt 33 | 34 | echo Published product list 35 | apic products:list-all --server %server% --org %porg_name% --catalog sandbox --scope catalog 36 | echo : 37 | 38 | rem create new api and prod yaml locally 39 | rem first make sure file doesn't exist 40 | del findbrancha2.yaml 41 | del brancha_prod2.yaml 42 | for /F "delims=" %%i in (%api_file%) do ( 43 | echo "%%i" | findstr /C:"version: 1">nul && ( 44 | echo version: 2.0.0 >> findbrancha2.yaml 45 | ) || ( 46 | echo.%%i >> findbrancha2.yaml 47 | ) 48 | ) 49 | 50 | for /F "delims=" %%i in (%prod_file%) do ( 51 | echo "%%i" | findstr /C:"version: 1">nul && ( 52 | echo version: 2.0.0 >> brancha_prod2.yaml 53 | ) || ( 54 | echo "%%i" | findstr /C:"findbrancha.yaml">nul && ( 55 | echo $ref: findbrancha2.yaml>>brancha_prod2.yaml ) 56 | ) || ( 57 | echo.%%i >> brancha_prod2.yaml 58 | ) 59 | ) 60 | 61 | echo stage new version of product 62 | apic products:publish --server %server% --org %porg_name% --catalog sandbox --stage brancha_prod2.yaml 63 | timeout /t 2 /nobreak > NUL 64 | echo : 65 | 66 | echo list all products in catalog - note staged 67 | apic products:list-all --server %server% --org %porg_name% --catalog sandbox --scope catalog 68 | echo : 69 | 70 | echo replace published with staged product 71 | apic products:replace --server %server% --org %porg_name% --scope catalog --catalog sandbox findbrancha:2.0.0 prodmap.txt 72 | timeout /t 1 /nobreak > NUL 73 | echo : 74 | 75 | echo list all products in catalog - note state 76 | apic products:list-all --server %server% --org %porg_name% --catalog sandbox --scope catalog 77 | echo : 78 | 79 | echo delete retired product 80 | apic products:delete --server %server% --org %porg_name% --scope catalog --catalog sandbox findbrancha:1.0.0 81 | echo : 82 | 83 | echo list products 84 | apic products:list-all --server %server% --org %porg_name% --catalog sandbox --scope catalog 85 | echo : 86 | 87 | echo work done 88 | apic logout --server %server% -------------------------------------------------------------------------------- /batch/findbrancha.yaml: -------------------------------------------------------------------------------- 1 | swagger: "2.0" 2 | info: 3 | title: FindBranch 4 | x-ibm-name: findbranch 5 | version: 1.0.0 6 | schemes: 7 | - https 8 | basePath: /findbranch 9 | security: 10 | - clientID: [] 11 | securityDefinitions: 12 | clientID: 13 | type: apiKey 14 | in: header 15 | name: X-IBM-Client-Id 16 | x-ibm-configuration: 17 | phase: realized 18 | testable: true 19 | enforced: true 20 | properties: 21 | target-url: 22 | value: https://apim-services.mybluemix.net/banka/v1/branches 23 | description: The URL of the target service 24 | encoded: false 25 | cors: 26 | enabled: true 27 | assembly: 28 | execute: 29 | - invoke: 30 | title: invoke 31 | version: 2.0.0 32 | verb: keep 33 | target-url: $(target-url) 34 | gateway: datapower-api-gateway 35 | type: rest 36 | application-authentication: 37 | certificate: false 38 | definitions: 39 | branch: 40 | type: object 41 | description: The format of the branch field. 42 | properties: 43 | address: 44 | $ref: '#/definitions/address' 45 | properties: {} 46 | description: The address of the branch 47 | type: 48 | type: string 49 | description: The type of branch 50 | example: atm 51 | id: 52 | type: string 53 | description: The ID of the branch 54 | example: "\t9d72ece0-7e7b-11e5-9038-55f9f9c08c06" 55 | address: 56 | type: object 57 | properties: 58 | street1: 59 | type: string 60 | description: The first line of the address 61 | example: 4660 La Jolla Village Drive 62 | street2: 63 | type: string 64 | description: The second line of the address 65 | example: Suite 300 66 | city: 67 | type: string 68 | description: The city of the address 69 | example: San Diego 70 | state: 71 | type: string 72 | description: The state of the address 73 | example: CA 74 | zip_code: 75 | type: string 76 | description: The zip code of the address 77 | example: "92122" 78 | paths: 79 | /details: 80 | get: 81 | responses: 82 | "200": 83 | description: 200 OK 84 | schema: 85 | $ref: '#/definitions/branch' 86 | parameters: [] 87 | -------------------------------------------------------------------------------- /batch/undoapic-consumer.bat: -------------------------------------------------------------------------------- 1 | echo off 2 | setlocal 3 | set server=%1 4 | set user=steve 5 | set password=Passw0rd 6 | set porg_name=steveorg 7 | set api_file=findbrancha.yaml 8 | set prod_file=brancha_prod.yaml 9 | 10 | echo log into provider org 11 | apic login --server %server% --username %user% --password %password% --realm provider/default-idp-2 12 | timeout /t 1 /nobreak > NUL 13 | 14 | echo remove app in consumer org 15 | apic apps:delete --server %server% --org %porg_name% --consumer-org eights --catalog sandbox blackball 16 | 17 | echo delete consumer org 18 | apic consumer-orgs:delete --server %server% --org %porg_name% --catalog sandbox eights 19 | timeout /t 3 /nobreak > NUL 20 | echo : 21 | 22 | echo remove consumer user 23 | apic users:delete --server %server% --org %porg_name% --user-registry sandbox-catalog eighter 24 | 25 | echo work done 26 | apic logout --server %server% 27 | -------------------------------------------------------------------------------- /batch/undoapic-org.bat: -------------------------------------------------------------------------------- 1 | echo off 2 | setlocal 3 | set server=%1 4 | set user=admin 5 | set password=%2 6 | set user_file=user-steve.txt 7 | set porg_name=steveorg 8 | 9 | 10 | for /F "tokens=1,2 delims= " %%a in (%user_file%) do ( 11 | if %%a==username: ( 12 | set new-user=%%b ) 13 | if %%a==password: ( 14 | set new-user-password=%%b ) 15 | ) 16 | 17 | echo logging in as provider org admin 18 | apic login --server %server% --username %new-user% --password %new-user-password% --realm provider/default-idp-2 19 | 20 | timeout /t 2 /nobreak > NUL 21 | echo : 22 | 23 | 24 | echo remove all products - may be none 25 | apic products:clear-all --server %server% --org %porg_name% --catalog sandbox --scope catalog --confirm sandbox 26 | apic products:list-all --server %server% --org %porg_name% --catalog sandbox --scope catalog 27 | 28 | echo log out as provider admin 29 | apic logout --server %server% 30 | 31 | echo : 32 | echo log in as CMC admin 33 | apic login --server %server% --username %user% --password %password% --realm admin/default-idp-1 34 | 35 | timeout /t 2 /nobreak > NUL 36 | 37 | echo : 38 | echo delete provider org - long delay 39 | apic orgs:delete --server %server% %porg_name% 40 | 41 | timeout /t 3 /nobreak > NUL 42 | echo : 43 | 44 | echo delete Provider org admin user 45 | apic users:delete --server %server% --org admin --user-registry api-manager-lur %new-user% 46 | 47 | echo : 48 | 49 | echo work done log out as cmc admin 50 | apic logout --server %server% 51 | 52 | 53 | -------------------------------------------------------------------------------- /batch/user-steve.txt: -------------------------------------------------------------------------------- 1 | username: steve 2 | email: steve@gmail.com 3 | first_name: Steve 4 | last_name: Scripted 5 | password: Passw0rd 6 | -------------------------------------------------------------------------------- /change-owner/transfercatalogowner.md: -------------------------------------------------------------------------------- 1 | # Transfer Catalog Owner 2 | The Catalog Owner or an Organization Administrator can change the owner of the catalog. The new owner could be an associate in the provider org or a catalog member. 3 | > Originally published in [pramodvallanur/samples](https://github.com/pramodvallanur/samples). Copied & edited with permission from Pramodh. 4 | 5 | ## Steps to transfer ownership to a catalog member 6 | 7 | 1. Login as the owner of the catalog to initiate the transfer 8 | ``` 9 | apic login --server apicserver 10 | Enter your API Connect credentials 11 | Realm? provider/default-idp-2 12 | Username? steve 13 | Password? ***** 14 | Logged into apicserver successfully 15 | ``` 16 | 17 | 1. Get list of catalog members 18 | ``` 19 | apic members:list --scope catalog --org acme --catalog sandbox --server apicserver 20 | jason [state: enabled] https://apicserver/api/catalogs/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/f91c075c-1097-4ae0-99b4-1a80dadb63a2/members/9d04dc76-54a8-4e4b-89ba-dfee18eeddb9 21 | steve [state: enabled] https://apicserver/api/catalogs/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/f91c075c-1097-4ae0-99b4-1a80dadb63a2/members/a35d66b7-be19-46e1-9a7a-1e129208dd22 22 | ``` 23 | Please note the scope is important, as you can only transfer to a member already in the catalog. `steve` is the current owner of the catalog and is wanting to transfer the ownership to `jason` (jason's role within the catalog does not matter) 24 | 25 | 1. create a json file (in my case: transferOwner.json) with the jason's catalog member url 26 | ``` 27 | { 28 | "new_owner_member_url": "https://apicserver/api/catalogs/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/f91c075c-1097-4ae0-99b4-1a80dadb63a2/members/9d04dc76-54a8-4e4b-89ba-dfee18eeddb9", 29 | } 30 | ``` 31 | 32 | 1. Initiate the transfer 33 | ``` 34 | apic catalogs:transfer-owner --server apicserver --org acme sandbox transferOwner.json 35 | sandbox https://apicserver/api/catalogs/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/f91c075c-1097-4ae0-99b4-1a80dadb63a2 36 | ``` 37 | 38 | You have now successfully transferred the ownership. 39 | 40 | ## Steps to transfer ownership to an associate in the org 41 | 42 | 1. Login as the owner of the catalog to initiate the transfer 43 | ``` 44 | apic login --server apicserver 45 | Enter your API Connect credentials 46 | Realm? provider/default-idp-2 47 | Username? steve 48 | Password? ***** 49 | Logged into apicserver successfully 50 | ``` 51 | 52 | 1. Get list of associates at the org 53 | ``` 54 | apic associates:list --scope org --org acme --server apicserver 55 | jason https://apicserver/api/orgs/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/associates/69fb9b7c-7071-42a2-b76d-bf48f28cb04c 56 | steve https://apicserver/api/orgs/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/associates/7158d40d-3983-427d-8977-294b82d6c8d8 57 | ``` 58 | `steve` is the current owner of the catalog and is wanting to transfer the ownership to `jason` (jason's role in the catalog does not matter) 59 | 60 | 1. Create a json file (in my case: transferOwner.json) with the jason's catalog member url 61 | ``` 62 | { 63 | "new_owner_associate_url": "https://apicserver/api/orgs/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/associates/69fb9b7c-7071-42a2-b76d-bf48f28cb04c", 64 | } 65 | ``` 66 | 67 | 1. Initiate the transfer 68 | ``` 69 | apic catalogs:transfer-owner --server apicserver --org acme sandbox transferOwner.json 70 | sandbox https://apicserver/api/catalogs/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/f91c075c-1097-4ae0-99b4-1a80dadb63a2 71 | ``` 72 | 73 | You have now successfully transferred the ownership. 74 | -------------------------------------------------------------------------------- /change-owner/transferproviderorgowner.md: -------------------------------------------------------------------------------- 1 | # Transfer Org Owner 2 | The Owner, or an Organization Administrator, can change the owner of the Organization. The new Owner could be member of the Organization or an associate. The example below details steps for a Provider Org. The same steps can be executed for the `admin` org as well. 3 | > Originally published in [pramodvallanur/samples](https://github.com/pramodvallanur/samples). Copied & edited with permission from Pramodh. 4 | ## Steps for transferring ownership to an org member 5 | 6 | 1. Login as the owner of the org to initiate the transfer 7 | ``` 8 | apic login --server apicserver 9 | Enter your API Connect credentials 10 | Realm? provider/default-idp-2 11 | Username? steve 12 | Password? ***** 13 | Logged into apicserver successfully 14 | ``` 15 | 16 | 1. Get list of organization members 17 | ``` 18 | apic members:list --scope org --org acme --server apicserver 19 | jason [state: enabled] https://apicserver/api/orgs/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/members/5e2d1d36-70fd-4334-879d-df6019d69ed3 20 | steve [state: enabled] https://apicserver/api/orgs/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/members/f6e80fb0-eed7-419b-a682-365a904d18eb 21 | ``` 22 | `steve` is the current owner of the org and is wanting to transfer the ownership to `jason` 23 | 24 | 1. Create a json file (in my case: transferOwner.json) with the jason's member url 25 | ``` 26 | { 27 | "new_owner_member_url": "https://apicserver/api/orgs/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/members/5e2d1d36-70fd-4334-879d-df6019d69ed3", 28 | } 29 | ``` 30 | 31 | 1. Initiate the transfer 32 | ``` 33 | apic orgs:transfer-owner --server apicserver acme transferOwner.json 34 | acme [state: enabled] https://apicserver/api/orgs/5f9fba35-a5d9-46ea-ae57-6c1d7324133c 35 | ``` 36 | 37 | You have now successfully transferred the ownership. 38 | 39 | ## Steps for transferring ownership to an associate 40 | 41 | 1. Login as the owner of the org to initiate the transfer 42 | ``` 43 | apic login --server apicserver 44 | Enter your API Connect credentials 45 | Realm? provider/default-idp-2 46 | Username? steve 47 | Password? ***** 48 | Logged into apicserver successfully 49 | ``` 50 | 51 | 1. Get list of associates of the organization 52 | ``` 53 | apic associates:list --scope org --org acme --server apicserver 54 | jason https://apicserver/api/orgs/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/associates/69fb9b7c-7071-42a2-b76d-bf48f28cb04c 55 | steve https://apicserver/api/orgs/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/associates/7158d40d-3983-427d-8977-294b82d6c8d8 56 | ``` 57 | `steve` is the current owner of the org and is wanting to transfer the ownership to `jason` 58 | 59 | 1. create a json file (in my case: transferOwner.json) with the jason's associate url 60 | ``` 61 | { 62 | "new_owner_associate_url": "https://apicserver/api/orgs/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/associates/69fb9b7c-7071-42a2-b76d-bf48f28cb04c" 63 | } 64 | ``` 65 | 66 | 1. Initiate the transfer 67 | ``` 68 | apic orgs:transfer-owner --server apicserver acme transferOwner.json 69 | acme [state: enabled] https://apicserver/api/orgs/5f9fba35-a5d9-46ea-ae57-6c1d7324133c 70 | ``` 71 | 72 | You have now successfully transferred the ownership. 73 | -------------------------------------------------------------------------------- /change-owner/transferspacesowner.md: -------------------------------------------------------------------------------- 1 | # Transfer Space Owner 2 | The Space Owner or an Organization Administrator can change the owner of the space. The new owner could be an associate in the provider org or a member of the space. 3 | > Originally published in [pramodvallanur/samples](https://github.com/pramodvallanur/samples). Copied & edited with permission from Pramodh. 4 | 5 | ## Steps for transfering ownership to a space member 6 | 7 | 1. Login as the owner of the space to initiate the transfer 8 | ``` 9 | apic login --server apicserver 10 | Enter your API Connect credentials 11 | Realm? provider/default-idp-2 12 | Username? steve 13 | Password? ***** 14 | Logged into apicserver successfully 15 | ``` 16 | 17 | 1. Get list of catalog members 18 | ``` 19 | apic members:list --scope space --server apicserver --org lob-one --catalog catalog-one --space space-one 20 | jason [state: enabled] https://mystack.loki.dev.ciondemand.com/api/spaces/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/7fb311c3-21bc-43f3-bd51-da8656e62666/e0dc6c6c-7426-45c5-94e3-2c8137d687f2/members/1926bbfd-b5fb-4d7b-89f3-30e67f9a7f2c 21 | steve [state: enabled] https://mystack.loki.dev.ciondemand.com/api/spaces/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/7fb311c3-21bc-43f3-bd51-da8656e62666/e0dc6c6c-7426-45c5-94e3-2c8137d687f2/members/5a845fcc-49b3-4e06-9aa0-369c3bfaf3bc 22 | ``` 23 | Please note the scope is important, as you can only transfer to a member already in the `space`. `steve` is the current owner of the space and is wanting to transfer the ownership to `jason` (jason's role within the space does not matter) 24 | 25 | 1. create a json file (in my case: transferOwner.json) with the jason's space member url 26 | ``` 27 | { 28 | "new_owner_member_url": "https://apicserver/api/spaces/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/7fb311c3-21bc-43f3-bd51-da8656e62666/e0dc6c6c-7426-45c5-94e3-2c8137d687f2/members/1926bbfd-b5fb-4d7b-89f3-30e67f9a7f2c", 29 | } 30 | ``` 31 | 32 | 1. Initiate the transfer 33 | ``` 34 | apic spaces:transfer-owner --server apicserver --org lob-one --catalog catalog-one space-one transferOwner.json 35 | space-one https://apicserver/api/spaces/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/7fb311c3-21bc-43f3-bd51-da8656e62666/d1245d4c-2308-488f-92b9-f6198f2d9115 36 | ``` 37 | 38 | You have now successfully transferred the ownership. 39 | 40 | ## Steps for transfering ownership to an associate in the org 41 | 42 | 1. Login as the owner of the space to initiate the transfer 43 | ``` 44 | apic login --server apicserver 45 | Enter your API Connect credentials 46 | Realm? provider/default-idp-2 47 | Username? steve 48 | Password? ***** 49 | Logged into apicserver successfully 50 | ``` 51 | 52 | 1. Get list of associates of the org 53 | ``` 54 | apic associates:list --scope org --org acme --server apicserver 55 | jason https://apicserver/api/orgs/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/associates/69fb9b7c-7071-42a2-b76d-bf48f28cb04c 56 | steve https://apicserver/api/orgs/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/associates/7158d40d-3983-427d-8977-294b82d6c8d8 57 | ``` 58 | `steve` is the current owner of the space and is wanting to transfer the ownership to `jason` (jason's role in the catalog does not matter) 59 | 60 | 1. Create a json file (in my case: transferOwner.json) with the jason's catalog member url 61 | ``` 62 | { 63 | "new_owner_associate_url": "https://apicserver/api/orgs/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/associates/69fb9b7c-7071-42a2-b76d-bf48f28cb04c", 64 | } 65 | ``` 66 | 67 | 1. Initiate the transfer 68 | ``` 69 | apic spaces:transfer-owner --server apicserver --org lob-one --catalog catalog-one space-one transferOwner.json 70 | space-one https://apicserver/api/spaces/5f9fba35-a5d9-46ea-ae57-6c1d7324133c/7fb311c3-21bc-43f3-bd51-da8656e62666/d1245d4c-2308-488f-92b9-f6198f2d9115 71 | ``` 72 | 73 | You have now successfully transferred the ownership. 74 | -------------------------------------------------------------------------------- /docs/CommandLine-Intro.md: -------------------------------------------------------------------------------- 1 | # IBM API Connect 2 | > ## v10 Command Line - Introduction 3 | > Ravi Ramnarayan 4 | > © IBM v0.75 2022-01-24 5 | 6 | This is gist of **lessons learned** from my struggles with the `apic-slim` command. I found it difficult to get started. Once I realized that the installer created the `admin` Organization, Scope & Realm, progress was much smoother. After that I introduce a few commands and steps to extract data to support automation scripts. 7 | 8 | 9 | After installation: 10 | - Log into the Cloud Manager Console (CMC) as `admin` 11 | - Set password & email address for `admin` through the GUI 12 | Yes, you could do it via command line. Trust me. Use the GUI. 13 | - Push the tile **Download toolkit** and download the "CLI Only" for your platform along with the `client-creds` 14 | 15 | > ***Note***: I renamed `apic-slim` to `apic` for simplicity. 16 | 17 | ## Get started with command line 18 | Each user belongs to a `realm` and authenticates with an `identity-provider`. To log in, even the `admin` needs to provide the name of the `identity-provider`. How can I find the name of the `identity-provider` if I cannot login? There is a way out. CMC objects belong to the `admin` scope. This command works without login: 19 | 20 | ``` 21 | $ ./apic identity-providers:list --scope admin --server platform.mgmt.dev.apic.xxxxx.test --fields name,title 22 | total_results: 1 23 | results: 24 | - name: default-idp-1 25 | title: Cloud Manager User Registry 26 | ``` 27 | > ***Note***: Your endpoints might be different. 28 | 29 | Log in as `admin`: 30 | ``` 31 | $ ./apic login 32 | Enter your API Connect credentials 33 | Server? apim.mgmt.dev.apic.xxxxx.test 34 | Realm? admin/default-idp-1 35 | Username? admin 36 | Password? 37 | ``` 38 | 39 | At this stage there is only one *Organization*: 40 | ``` 41 | $ ./apic orgs:list -s apim.mgmt.dev.apic.xxxxx.test --format yaml 42 | total_results: 1 43 | results: 44 | - type: org 45 | api_version: 2.0.0 46 | id: 790cbfc3-fafc-489e-a2fe-d7e827cea731 47 | name: admin 48 | title: Cloud Admin 49 | summary: Cloud Admin organization 50 | state: enabled 51 | org_type: admin 52 | owner_url: >- 53 | https://apim.mgmt.dev.apic.xxxxx.test/api/user-registries/790cbfc3-fafc-489e-a2fe-d7e827cea731/7218cc7f-4ac9-4f0a-992c-53ec31eb032e/users/6037d730-4218-4ed2-8e03-1aa596d34671 54 | created_at: '2020-07-21T14:15:19.160Z' 55 | updated_at: '2020-07-21T14:15:19.160Z' 56 | url: >- 57 | https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731 58 | ``` 59 | The output for just one `org` is voluminous. Other objects emit far more data. You can generate JSON with `--format json`, pipe it through `jq` and extract desired elements to feed your automated scripts. 60 | ``` 61 | $ ./apic orgs:list -s apim.mgmt.dev.apic.xxxxx.test --format json | jq '.results[0] | {name: .name, org_type: .org_type, summary: .summary, id: .id}' 62 | { 63 | "name": "admin", 64 | "org_type": "admin", 65 | "summary": "Cloud Admin organization", 66 | "id": "790cbfc3-fafc-489e-a2fe-d7e827cea731" 67 | } 68 | ``` 69 | [JQ Tutorial](https://stedolan.github.io/jq/tutorial/) is an excellent reference. 70 | 71 | ## Resources 72 | ### Email Server 73 | Create the mail server through the GUI. Too much work to do so via command line. Enable *Secure Connection* and select *Default TLS client profile*. 74 | ``` 75 | $ ./apic cloud-settings:mail-server-configured -s apim.mgmt.dev.apic.xxxxx.test --format yaml 76 | configured: true 77 | ``` 78 | If you wish to modify settings using the `apic` toolkit or through REST API, retrieve the mail server settings in a file, make changes and update the mail server. 79 | ``` 80 | $ ./apic mail-servers:list -s apim.mgmt.dev.apic.xxxxx.test -o admin --format json 81 | { 82 | "total_results": 1, 83 | "results": [ 84 | { 85 | "type": "mail_server", 86 | "api_version": "2.0.0", 87 | "id": "97a1b1e9-e65a-4147-869b-a66b996ec022", 88 | "name": "ibm-lab-mail", 89 | "title": "IBM Lab Mail", 90 | "host": "mail.xxxxx.test", 91 | "port": 25, 92 | "credentials": {}, 93 | "timeout": 10000, 94 | "secure": true, 95 | "tls_client_profile_url": "https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731/tls-client-profiles/e6af6dad-caf5-4ac2-9764-6eec79b0c934", 96 | "created_at": "2020-07-22T21:18:35.189Z", 97 | "updated_at": "2020-07-22T21:20:37.756Z", 98 | "url": "https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731/mail-servers/97a1b1e9-e65a-4147-869b-a66b996ec022" 99 | } 100 | ] 101 | } 102 | ``` 103 | You can filter the JSON: 104 | ``` 105 | $ ./apic mail-servers:list -s apim.mgmt.dev.apic.xxxxx.test -o admin --format json | jq '.results[0] | {name: .name, type: .type, host: .host, port: .port, id: .id}' 106 | { 107 | "name": "ibm-lab-mail", 108 | "type": "mail_server", 109 | "host": "mail.xxxxx.test", 110 | "port": 25, 111 | "id": "97a1b1e9-e65a-4147-869b-a66b996ec022" 112 | } 113 | ``` 114 | 115 | ### User Registries 116 | Create a user registry, LDAP in this case, using the GUI. Capture the settings for documentation and automation in the future. Play with the commands and options to develop your style. The examples below illustrate four variations of `user-registries`. 117 | - Short list of user registries 118 | > **Note**: Use `-o admin` to list all user registries. 119 | 120 | ``` 121 | $ ./apic user-registries:list -s apim.mgmt.dev.apic.xxxxx.test -o admin 122 | api-manager-lur https://apim.mgmt.dev.apic.xxxxx.test/api/user-registries/790cbfc3-fafc-489e-a2fe-d7e827cea731/9d96be5b-02c5-4802-a8ed-ca23c241f150 123 | cloud-manager-lur https://apim.mgmt.dev.apic.xxxxx.test/api/user-registries/790cbfc3-fafc-489e-a2fe-d7e827cea731/7218cc7f-4ac9-4f0a-992c-53ec31eb032e 124 | ibm-lab-ldap https://apim.mgmt.dev.apic.xxxxx.test/api/user-registries/790cbfc3-fafc-489e-a2fe-d7e827cea731/65b6dc90-1ac4-4145-8d3d-d1cad499bb95 125 | ``` 126 | 127 | - Capture setting for `ibm-lab-ldap` in a file `ibm-lab-ldap.yaml` in the current directory 128 | ``` 129 | $ ./apic user-registries:get -s apim.mgmt.dev.apic.xxxxx.test -o admin ibm-lab-ldap --format yaml 130 | ``` 131 | - Dump settings for `ibm-lab-ldap` to the console 132 | ``` 133 | $ ./apic user-registries:get -s apim.mgmt.dev.apic.xxxxx.test -o admin ibm-lab-ldap --format yaml --output - 134 | type: user_registry 135 | api_version: 2.0.0 136 | id: 65b6dc90-1ac4-4145-8d3d-d1cad499bb95 137 | name: ibm-lab-ldap 138 | title: IBM Lab LDAP 139 | integration_url: >- 140 | https://apim.mgmt.dev.apic.xxxxx.test/api/cloud/integrations/user-registry/5f52edfd-64bf-447c-a6b2-cd675c39c37b 141 | registry_type: ldap 142 | user_managed: false 143 | user_registry_managed: false 144 | case_sensitive: false 145 | identity_providers: 146 | - name: ibm-lab-ldap 147 | title: IBM Lab LDAP 148 | visibility: 149 | type: public 150 | configuration: 151 | attribute_mapping: {} 152 | authenticated_bind: 'false' 153 | authentication_method: search_dn 154 | protocol_version: '3' 155 | search_dn_base: 'ou=Users,dc=ibmlab,dc=test' 156 | search_dn_filter_prefix: (uid= 157 | search_dn_filter_suffix: ) 158 | endpoint: 159 | endpoint: 'ldap://ldap.xxxxx.test:389' 160 | owned: true 161 | created_at: '2020-07-22T22:08:05.567Z' 162 | updated_at: '2020-07-22T22:08:05.567Z' 163 | org_url: >- 164 | https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731 165 | url: >- 166 | https://apim.mgmt.dev.apic.xxxxx.test/api/user-registries/790cbfc3-fafc-489e-a2fe-d7e827cea731/65b6dc90-1ac4-4145-8d3d-d1cad499bb95 167 | ``` 168 | 169 | - Details of user registries 170 | Play around with commands and options. The `list` command with `--format json` provides details. The example below filters the data and returns it as an array. 171 | 172 | ``` 173 | $ ./apic user-registries:list -s apim.mgmt.dev.apic.xxxxx.test -o admin --format json | jq '[.results[] | { name: .name, registry_type: .registry_type, visibility: .visibility.type, id: .id }]' 174 | [ 175 | { 176 | "name": "api-manager-lur", 177 | "registry_type": "lur", 178 | "visibility": "private", 179 | "id": "9d96be5b-02c5-4802-a8ed-ca23c241f150" 180 | }, 181 | { 182 | "name": "cloud-manager-lur", 183 | "registry_type": "lur", 184 | "visibility": "private", 185 | "id": "7218cc7f-4ac9-4f0a-992c-53ec31eb032e" 186 | }, 187 | { 188 | "name": "ibm-lab-ldap", 189 | "registry_type": "ldap", 190 | "visibility": "public", 191 | "id": "65b6dc90-1ac4-4145-8d3d-d1cad499bb95" 192 | } 193 | ] 194 | ``` 195 | 196 | ## Topology 197 | 198 | ### Cloud topology snapshot 199 | [ChrisPhillips-cminion/APIConnect-Profiler](https://github.com/ChrisPhillips-cminion/APIConnect-Profiler) provides a snapshot of your API Connect solution comprising Provider Organizations, Catalogs with associated Consumer Organizations, and operational aspects such as webhooks. If you want a different set of information, you can follow steps in [Extract topology data for automation](#Extract-topology-data-for-automation). 200 | 201 | ### Management Service 202 | The installer creates the *default* Availability Zone and a Management Service. Almost all installations will use only one Availability Zone with one Management Service. 203 | ``` 204 | $ ./apic availability-zones:list -s apim.mgmt.dev.apic.xxxxx.test -o admin --format json | jq '.results[0] | {name: .name, type: .type, management: .management, id: .id}' 205 | { 206 | "name": "availability-zone-default", 207 | "type": "availability_zone", 208 | "management": true, 209 | "id": "311ca835-766d-45fb-ad69-daaf2404d654" 210 | } 211 | ``` 212 | 213 | ### Gateway Service [⇡](#Cloud-topology-for-governance) 214 | Define Gateway Services in the CMC console. 215 | 216 | ``` 217 | $ ./apic gateway-services:list --availability-zone availability-zone-default -o admin -s apim.mgmt.dev.apic.xxxxx.test --format yaml 218 | total_results: 1 219 | results: 220 | - type: gateway_service 221 | api_version: 2.0.0 222 | id: f84a3961-17da-4ca5-8b63-afe212c41459 223 | name: apigw 224 | title: apigw 225 | integration_url: >- 226 | https://apim.mgmt.dev.apic.xxxxx.test/api/cloud/integrations/gateway-service/345a1dc9-3f75-4931-8dde-9dc2954b4958 227 | gateway_service_type: datapower-api-gateway 228 | endpoint: 'https://service.gw.dev.apic.xxxxx.test' 229 | api_endpoint_base: 'https://api.gw.dev.apic.xxxxx.test' 230 | tls_client_profile_url: >- 231 | https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731/tls-client-profiles/e6af6dad-caf5-4ac2-9764-6eec79b0c934 232 | sni: 233 | - host: '*' 234 | tls_server_profile_url: >- 235 | https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731/tls-server-profiles/91d93b6b-e36a-41e6-905c-d20326a3032b 236 | oauth_shared_secret: '********' 237 | visibility: 238 | type: public 239 | owned: true 240 | configuration: 241 | domain_name: apiconnect 242 | gateway_version: 6.0.0.0 243 | managed_by: apim 244 | analytics_service_url: >- 245 | https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731/availability-zones/311ca835-766d-45fb-ad69-daaf2404d654/analytics-services/60f54cb3-e903-430d-a6fd-102953976ffe 246 | webhook_url: >- 247 | https://apim.mgmt.dev.apic.xxxxx.test/api/cloud/webhooks/061611de-9e39-4793-8994-759e591a5dd6 248 | availability_zone_url: >- 249 | https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731/availability-zones/311ca835-766d-45fb-ad69-daaf2404d654 250 | created_at: '2020-08-03T22:01:53.044Z' 251 | updated_at: '2020-08-03T22:12:19.889Z' 252 | org_url: >- 253 | https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731 254 | url: >- 255 | https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731/availability-zones/311ca835-766d-45fb-ad69-daaf2404d654/gateway-services/f84a3961-17da-4ca5-8b63-afe212c41459 256 | 257 | ``` 258 | ### Analytic Services 259 | ``` 260 | $ ./apic analytics-services:list --availability-zone availability-zone-default -o admin -s apim.mgmt.dev.apic.xxxxx.test --format yaml 261 | total_results: 1 262 | results: 263 | - type: analytics_service 264 | api_version: 2.0.0 265 | id: 60f54cb3-e903-430d-a6fd-102953976ffe 266 | name: analytics 267 | title: Analytics 268 | endpoint: 'https://client.analytics.dev.apic.xxxxx.test' 269 | ingestion_endpoint: 'https://ingestion.analytics.dev.apic.xxxxx.test' 270 | ingestion_endpoint_tls_client_profile_url: >- 271 | https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731/tls-client-profiles/41baf21b-27a0-4a1b-a846-8bdc1593b1a7 272 | client_endpoint: 'https://client.analytics.dev.apic.xxxxx.test' 273 | client_endpoint_tls_client_profile_url: >- 274 | https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731/tls-client-profiles/35446fca-4588-4590-b1a3-147d8a842f7a 275 | availability_zone_url: >- 276 | https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731/availability-zones/311ca835-766d-45fb-ad69-daaf2404d654 277 | created_at: '2020-08-03T22:10:28.131Z' 278 | updated_at: '2020-08-03T22:10:28.131Z' 279 | org_url: >- 280 | https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731 281 | url: >- 282 | https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731/availability-zones/311ca835-766d-45fb-ad69-daaf2404d654/analytics-services/60f54cb3-e903-430d-a6fd-102953976ffe 283 | ``` 284 | ### Portal Services 285 | ``` 286 | $ ./apic portal-services:list --availability-zone availability-zone-default -o admin -s apim.mgmt.dev.apic.xxxxx.test --format yaml 287 | total_results: 1 288 | results: 289 | - type: portal_service 290 | api_version: 2.0.0 291 | id: 2cdf182d-71c2-40a3-9374-d05c31f2512e 292 | name: portal 293 | title: Portal 294 | web_endpoint_base: 'https://portal.dev.apic.xxxxx.test' 295 | endpoint: 'https://api.portal.dev.apic.xxxxx.test' 296 | endpoint_tls_client_profile_url: >- 297 | https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731/tls-client-profiles/20195467-f5c4-411a-b440-46c1669d2d36 298 | visibility: 299 | type: public 300 | owned: true 301 | webhook_url: >- 302 | https://apim.mgmt.dev.apic.xxxxx.test/api/cloud/webhooks/237498d0-bcd1-41a3-bbb8-99be3500a351 303 | availability_zone_url: >- 304 | https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731/availability-zones/311ca835-766d-45fb-ad69-daaf2404d654 305 | created_at: '2020-08-03T22:11:46.957Z' 306 | updated_at: '2020-08-03T22:11:48.246Z' 307 | org_url: >- 308 | https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731 309 | url: >- 310 | https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731/availability-zones/311ca835-766d-45fb-ad69-daaf2404d654/portal-services/2cdf182d-71c2-40a3-9374-d05c31f2512e 311 | ``` 312 | 313 | ### Extract topology data for automation 314 | The full dump yields two sub documents **counts** and **orgs**: 315 | ``` 316 | $ ./apic cloud-settings:topology -s apim.mgmt.dev.apic.xxxxx.test --format json 317 | { 318 | "counts": { 319 | "users": 1, 320 | "provider_orgs": 0, 321 | "catalogs": 0, 322 | "draft_products": 0, 323 | "draft_apis": 0, 324 | "apis": 0, 325 | "products": 0, 326 | "consumer_orgs": 0, 327 | "subscriptions": 0 328 | }, 329 | "orgs": { 330 | "total_results": 1, 331 | "results": [ 332 | { 333 | "id": "790cbfc3-fafc-489e-a2fe-d7e827cea731", 334 | "name": "admin", 335 | "title": "Cloud Admin", 336 | "summary": "Cloud Admin organization", 337 | "state": "enabled", 338 | "org_type": "admin", 339 | "owner_url": "https://apim.mgmt.dev.apic.xxxxx.test/api/user-registries/790cbfc3-fafc-489e-a2fe-d7e827cea731/7218cc7f-4ac9-4f0a-992c-53ec31eb032e/users/6037d730-4218-4ed2-8e03-1aa596d34671", 340 | "owner": { 341 | "email": "boromir@ibmlab.test", 342 | "first_name": "Cloud", 343 | "last_name": "Owner" 344 | }, 345 | "counts": { 346 | "members": 1 347 | }, 348 | "url": "https://apim.mgmt.dev.apic.xxxxx.test/api/orgs/790cbfc3-fafc-489e-a2fe-d7e827cea731" 349 | } 350 | ] 351 | } 352 | } 353 | ``` 354 | Extract fields from **counts** 355 | ``` 356 | $ ./apic cloud-settings:topology -s apim.mgmt.dev.apic.xxxxx.test --format json | jq '[{ users: .counts.users, provider_orgs: .counts.provider_orgs, catalogs: .counts.catalogs, draft_products: .counts.draft_products, draft_apis: .counts.draft_apis, apis: .counts.apis, products: .counts.products, consumer_orgs: .counts.consumer_orgs, subscriptions: .counts.subscriptions } ]' 357 | [ 358 | { 359 | "users": 1, 360 | "provider_orgs": 0, 361 | "catalogs": 0, 362 | "draft_products": 0, 363 | "draft_apis": 0, 364 | "apis": 0, 365 | "products": 0, 366 | "consumer_orgs": 0, 367 | "subscriptions": 0 368 | } 369 | ] 370 | ``` 371 | Extract fields from **orgs**: 372 | ``` 373 | $ ./apic cloud-settings:topology -s apim.mgmt.dev.apic.xxxxx.test --format json | jq '[ .orgs.results[] | { name: .name, title: .title, state: .state, org_type: .org_type, id: .id, owner_email: .owner.email, counts_members: .counts.members } ]' 374 | [ 375 | { 376 | "name": "admin", 377 | "title": "Cloud Admin", 378 | "state": "enabled", 379 | "org_type": "admin", 380 | "id": "790cbfc3-fafc-489e-a2fe-d7e827cea731", 381 | "owner_email": "boromir@ibmlab.test", 382 | "counts_members": 1 383 | } 384 | ] 385 | ``` 386 | 387 | ## Add User to a Catalog 388 | The member invitation request comprises the member's name & email address, roles, provider organization and catalog name. 389 | 390 | > **Note**: In this example, the *Scope* is *Catalog*. Parameters such as *Role* should be valid within the scope. 391 | 392 | An example with mock data drawn from 393 | ``` 394 | { 395 | "name": "Alice Wells", 396 | "scope": "jucavunohbu", 397 | "notify": true, 398 | "email": "mannuf@opa.gu", 399 | "org_type": "zoruhjadomow", 400 | "role_urls": [ 401 | "http://cono.pm/keljihzu", 402 | "http://nivpuraw.cg/lo", 403 | "http://fasfo.la/mucojo" 404 | ], 405 | "expires_at": "2020-01-22T05:36:15.888Z", 406 | "org_url": "http://jiweif.cr/da", 407 | "catalog_url": "http://wa.gq/kogzoces", 408 | } 409 | ``` 410 | 411 | - User Roles within Scope 412 | 413 | ``` 414 | ./apic roles:list -s apim.mgmt.dev.apic.xxxxx.test --scope catalog -o porg1 -c p1cat-a --fields name,id,url 415 | total_results: 7 416 | results: 417 | - name: administrator 418 | id: a01cef65-051c-4ed8-a11d-ef35170f4779 419 | url: >- 420 | https://apim.mgmt.dev.apic.xxxxx.test/api/catalogs/1c8769ad-b8a6-41a0-9356-71135f5e28e0/b4fd469b-f25a-4c57-9242-8571cfa7d650/roles/a01cef65-051c-4ed8-a11d-ef35170f4779 421 | - name: api-administrator 422 | id: 2f18c12d-b5c9-4fd2-abdb-24c37bb52463 423 | url: >- 424 | https://apim.mgmt.dev.apic.xxxxx.test/api/catalogs/1c8769ad-b8a6-41a0-9356-71135f5e28e0/b4fd469b-f25a-4c57-9242-8571cfa7d650/roles/2f18c12d-b5c9-4fd2-abdb-24c37bb52463 425 | - name: community-manager 426 | id: 668dc36f-7d48-4982-8dcc-4ede5aa9cc42 427 | url: >- 428 | https://apim.mgmt.dev.apic.xxxxx.test/api/catalogs/1c8769ad-b8a6-41a0-9356-71135f5e28e0/b4fd469b-f25a-4c57-9242-8571cfa7d650/roles/668dc36f-7d48-4982-8dcc-4ede5aa9cc42 429 | - name: developer 430 | id: dbf34782-2ab8-4730-b90f-d1ee1d851198 431 | url: >- 432 | https://apim.mgmt.dev.apic.xxxxx.test/api/catalogs/1c8769ad-b8a6-41a0-9356-71135f5e28e0/b4fd469b-f25a-4c57-9242-8571cfa7d650/roles/dbf34782-2ab8-4730-b90f-d1ee1d851198 433 | - name: member 434 | id: 1ef19174-49ac-4948-8eb7-6cef6efb22df 435 | url: >- 436 | https://apim.mgmt.dev.apic.xxxxx.test/api/catalogs/1c8769ad-b8a6-41a0-9356-71135f5e28e0/b4fd469b-f25a-4c57-9242-8571cfa7d650/roles/1ef19174-49ac-4948-8eb7-6cef6efb22df 437 | - name: owner 438 | id: afd6e4eb-ae53-49cc-bf50-bf6bf0e9a9d0 439 | url: >- 440 | https://apim.mgmt.dev.apic.xxxxx.test/api/catalogs/1c8769ad-b8a6-41a0-9356-71135f5e28e0/b4fd469b-f25a-4c57-9242-8571cfa7d650/roles/afd6e4eb-ae53-49cc-bf50-bf6bf0e9a9d0 441 | - name: viewer 442 | id: 965e2b0f-4a86-481d-83f7-9559cd635ae4 443 | url: >- 444 | https://apim.mgmt.dev.apic.xxxxx.test/api/catalogs/1c8769ad-b8a6-41a0-9356-71135f5e28e0/b4fd469b-f25a-4c57-9242-8571cfa7d650/roles/965e2b0f-4a86-481d-83f7-9559cd635ae4 445 | ``` 446 | -------------------------------------------------------------------------------- /docs/REST-API-FirstSteps.md: -------------------------------------------------------------------------------- 1 | # IBM API Connect 2 | > ## v10 REST API: First Steps 3 | > Ravi Ramnarayan, Eric Fan 4 | > © IBM v0.8 2022-07-20 5 | 6 | ## Goal 7 | - Open the doors to [APIConnect REST API](https://apic-api.apiconnect.ibmcloud.com/v10/) 8 | 9 | 10 | ### List *Provider* Identity Providers 11 | 12 | `$ curl -k -H "Accept: application/json" https://platform.mgmt.dev.apic.xxxxx.xxx/api/cloud/provider/identity-providers` 13 | ``` 14 | { 15 | "total_results": 2, 16 | "results": [ 17 | { 18 | "name": "default-idp-2", 19 | "title": "API Manager User Registry", 20 | "default": false, 21 | "registry_type": "lur", 22 | "user_managed": true, 23 | "realm": "provider/default-idp-2" 24 | }, 25 | { 26 | "name": "ibm-lab-ldap", 27 | "title": "IBM Lab LDAP", 28 | "default": true, 29 | "registry_type": "ldap", 30 | "user_managed": false, 31 | "realm": "provider/ibm-lab-ldap" 32 | } 33 | ] 34 | } 35 | 36 | ``` 37 | > ***Note***: Your endpoints might be different. 38 | 39 | 40 | ### Create Consumer Application 41 | Log into API Connect CLI as user with (adequate) `admin` privileges. 42 | 43 | - Input file 44 | 45 | ``` 46 | $ cat myapp1.json 47 | { 48 | "name": "myapp1", 49 | "client_id": "myapp1id", 50 | "client_secret": "myapp1secret", 51 | "client_type": "toolkit" 52 | } 53 | ``` 54 | 55 | Why did we use `"client_type": "toolkit"`? Run the following command to list the complete set: 56 | `$ apic registrations:list -s platform.mgmt.dev.apic.xxxxx.xxx` 57 | 58 | - Command 59 | `apic registrations:create --server apim.mgmt.dev.apic.xxxxx.xxx myapp1.json` 60 | `myapp1 [state: enabled] https://platform.mgmt.dev.apic.xxxxx.xxx/api/cloud/registrations/dec850ab-7b73-48b0-ad08-adde3da12d14` 61 | 62 | - Get `myapp1` 63 | `$ apic registrations:get -s platform.mgmt.dev.apic.xxxxx.xxx myapp1` 64 | `myapp1 myapp1.yaml https://platform.mgmt.dev.apic.xxxxx.xxx/api/cloud/registrations/dec850ab-7b73-48b0-ad08-adde3da12d14 ` 65 | 66 | - Examine `myapp1.yaml` 67 | 68 | ``` 69 | $ cat myapp1.yaml 70 | type: registration 71 | api_version: 2.0.0 72 | id: dec850ab-7b73-48b0-ad08-adde3da12d14 73 | name: myapp1 74 | title: myapp1 75 | state: enabled 76 | client_type: toolkit 77 | client_id: myapp1id 78 | client_secret: '********' 79 | scopes: 80 | - 'cloud:view' 81 | - 'cloud:manage' 82 | - 'provider-org:view' 83 | - 'provider-org:manage' 84 | - 'org:view' 85 | - 'org:manage' 86 | - 'product-drafts:view' 87 | - 'product-drafts:edit' 88 | - 'api-drafts:view' 89 | - 'api-drafts:edit' 90 | - 'child:view' 91 | - 'child:create' 92 | - 'child:manage' 93 | - 'product:view' 94 | - 'product:stage' 95 | - 'product:manage' 96 | - 'approval:view' 97 | - 'approval:manage' 98 | - 'api-analytics:view' 99 | - 'api-analytics:manage' 100 | - 'consumer-org:view' 101 | - 'consumer-org:manage' 102 | - 'app:view:all' 103 | - 'app:manage:all' 104 | - 'my:view' 105 | - 'my:manage' 106 | - 'webhook:view' 107 | created_at: '2021-11-19T17:44:39.000Z' 108 | updated_at: '2021-11-19T17:44:39.000Z' 109 | url: >- 110 | https://platform.mgmt.dev.apic.xxxxx.xxx/api/cloud/registrations/dec850ab-7b73-48b0-ad08-adde3da12d14 111 | ``` 112 | 113 | ### Generate API Token 114 | To REST. At last. 115 | 116 | `curl -v -k -X POST -d '{"username": "fbaggins", "password": "********", "realm": "provider/ibm-lab-ldap", "client_id": "myapp1id", "client_secret": "myapp1secret", "grant_type": "password"}' -H 'Content-Type: application/json' -H 'Accept: application/json' https://platform.mgmt.dev.apic.xxxxx.xxx/api/token` 117 | 118 | ``` 119 | { 120 | "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXV ... XXXX ... al6lQFV4UeiG_88gO6j7q_MQ", 121 | "token_type": "Bearer", 122 | "expires_in": 28800 123 | * Connection #0 to host platform.mgmt.dev.apic.xxxxx.xxx left intact 124 | } 125 | ``` 126 | 127 | ### Retrieve `ibm-lab-ldap` Users 128 | Use the token to make REST API calls within the scope of application `myapp1`. 129 | 130 | 131 | `$ curl -k --request GET \ 132 | --url 'https://platform.mgmt.dev.apic.xxxxx.xxx/api/user-registries/p1org/ibm-lab-ldap/users?fields=name' --header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXV ... XXXX ... al6lQFV4UeiG_88gO6j7q_MQ' --header 'accept: application/json'` 133 | 134 | There is only one user in this registry. 135 | 136 | ``` 137 | { 138 | "total_results": 1, 139 | "results": [ 140 | { 141 | "name": "fbaggins" 142 | } 143 | ] 144 | } 145 | ``` 146 | --------------------------------------------------------------------------------