Merge pull request #506 from Axway-API-Management-Plus/develop

Release 1.14.6

.github/workflows/integration-test.yml

@@ -8,10 +8,10 @@ env:
   CACHE_FILE_APIM: api-manager_7_7_20240530.cache.tar
   CACHE_FILE_CASSANDRA: cassandra_4_0_13.cache.tar
   FED_FILE: swagger-promote-7.7-20240530.fed
-  LOG_LEVEL: info
+  LOG_LEVEL: debug
 
 jobs:
-  build:
+  integration-test:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -58,9 +58,9 @@ jobs:
         run: |
           mkdir licenses
           echo ${{ secrets.APIM_LIC }} | base64 -di > licenses/apim.lic
-          docker-compose run --rm start_cassandra
-          docker-compose run --rm start_apimgmt
-          docker-compose logs --tail 30 apimgmt
+          docker compose run --rm start_cassandra
+          docker compose run --rm start_apimgmt
+          docker compose logs --tail 30 apimgmt
       - name: Maven APIM Integration Test
         run: mvn verify -P integration-tests
 

CHANGELOG.md

@@ -4,6 +4,22 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+# [1.14.6] In progress
+## Fixed
+- Importing SOAP API with different endpoints (for import and for runtime calls)  (See issue [#501](https://github.com/Axway-API-Management-Plus/apim-cli/issues/501))
+- -returnCodeMapping option does not work on apim-cli org import (See issue [#496](https://github.com/Axway-API-Management-Plus/apim-cli/issues/496))
+- The output of command 'apim api get' is not containing the complete list of client applications (array) of the api (See issue [#495](https://github.com/Axway-API-Management-Plus/apim-cli/issues/495))
+- Update API with Assigned Quota (See issue [#499](https://github.com/Axway-API-Management-Plus/apim-cli/issues/499))
+
+### Added
+- Force APIM-cli to download the latest Trusted Certificates in a Frontend API (See issue [#494](https://github.com/Axway-API-Management-Plus/apim-cli/issues/494))
+
+### Changed
+- Updated libs to fix security vulnerabilities 
+    - com.graphql-java:graphql-java from 21.3 to 21.5
+    - commons-io:commons-io from 2.11.0 to 2.14.0
+
+
 # [1.14.5] 2024-07-12
 
 ## Fixed

DEVELOPMENT.md

@@ -19,50 +19,11 @@ are ready for the next version. This means that the develop branch is actually s
 - GnuPG for Code-Signing (e.g. https://gnupg.org/)
 - Apache Maven 3.6.3 or higher
 
-#### Maven settings.xml
+### Maven pgp usage
+- https://maven.apache.org/plugins/maven-gpg-plugin/usage.html
 
-A server configuration for GitHub write access by Maven using your personal access token. 
 
-```xml
-    <server>
-      <id>github</id>
-      <username>[email protected]</username>
-      <password>YOUR_GITHUB_PAT</password>
-    </server>
-```
-The Code must be signed to be published to Maven-Central. A Signing-Key must be created and published:  
-Learn more: https://central.sonatype.org/publish/requirements/gpg/  
-
-Confguration required for the Sonatype communication:  
-Learn more: https://github.com/chhh/sonatype-ossrh-parent/blob/master/publishing-to-maven-central.md  
-
-A profile Sonatype servers used by Sonatype maven plugin.
-
-```xml
-    <server>
-      <id>ossrh</id>
-      <username>YOUR_OSSRH_USERNAME</username>
-      <password>YOUR_OSSRH_PASSWORD</password>
-    </server>
-```
-
-A profile for GPG which is used by the `maven-gpg-plugin` plugin.
-
-```xml
-    <profile>
-      <id>ossrh</id>
-      <activation>
-        <activeByDefault>true</activeByDefault>
-      </activation>
-      <properties>
-        <gpg.executable>gpg</gpg.executable>
-        <gpg.passphrase>axway</gpg.passphrase>
-      </properties>
-    </profile>
-```
-Learn more: https://maven.apache.org/plugins/maven-gpg-plugin/usage.html
-
-### Create a new release
+## Create a new release
 
 For the release, develop is merged into Master and the release is generated on Master with Maven.
 
@@ -85,47 +46,12 @@ git commit
 git push
 ```
 
-### 4. Create Pre-Release with Maven 
+### 4. Create Release with Maven 
 
-```sh
-mvn -Darguments=-DskipTests release:prepare -P release
-
-# Set the version number following [Semantic Versioning](https://semver.org/)
-# Git-Label version should be for example: 1.11.0
-# Next SNAPSHOT Version: 1.12.0-SNAPSHOT
-```
-
-### 5. Validate the Pre-Release
-
-- Use the Pre-Release to manually perform some smoke tests  
-`apim-cli\distribution\target`
-  - If you are not happy with the actual build for any reason, you need to rollback the actual release prepare:  
-  ```sh
-  mvn release:rollback
-  # Sometimes the created tag isn't removed automatically. You need to delete it to re-execute release:prepare: 
-  git tag -d 1.11.0
-  git push origin :refs/tags/1.11.0
-  ```
-
-### 6. Create the release
-
-```sh
-# This uploads the release artifacts to Maven-Central automatically
-mvn -Darguments=-DskipTests release:perform -P release
-```
-
-### 7. Create a release on GitHub
+- Run Github action Release API CLI on github and Maven repository
 
-- Select the tag created by Maven
-- Use the description from the previous release and modify it
-- It also pushes the Chocolately package
-- upload the created release files to GitHub: 
-  ```
-  target/checkout/distribution/target/axway-apimcli-1.11.0.zip
-  target/checkout/distribution/target/axway-apimcli-1.11.0.tar.gz
-  ```
 
-### 8. Commit all changes and merge master into develop
+### 5. Commit all changes and merge master into develop
 ```
 git checkout develop
 git merge master

ROTATE_PGP_KEY.md

@@ -0,0 +1,43 @@
+# Rotate PGP Keys.
+
+PGP key comes with expiry date. 
+
+
+## Create new key
+
+```bash
+➜  apim-cli git:(master) gpg --gen-key
+gpg (GnuPG) 2.4.5; Copyright (C) 2024 g10 Code GmbH
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Note: Use "gpg --full-generate-key" for a full featured key generation dialog.
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: Rathna
+Email address: [email protected]
+You selected this USER-ID:
+    "Rathna <[email protected]>"
+
+Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
+```
+
+## Push the key to Key server
+
+Use the pgp id to upload it key server
+
+```bash
+ gpg --keyserver keyserver.ubuntu.com --send-keys 5D8F776E941F2D1D91EB2875212961A21019826F
+```
+
+## Store the key password and private key to Github action secrets and variables. 
+
+- Secret names
+  - GPG_PASSPHRASE
+  - GPG_PRIVATE_KEY
+
+### Export private key
+```bash
+gpg --output private.pgp --armor --export-secret-key 5D8F776E941F2D1D91EB2875212961A21019826F
+```

distribution/pom.xml

@@ -12,7 +12,6 @@
 	<artifactId>distribution</artifactId>
 	<packaging>pom</packaging>
 	<name>Distribution</name>
-
 	<dependencies>
 		<dependency>
 			<groupId>com.github.axway-api-management-plus.apim-cli</groupId>
@@ -52,6 +51,7 @@
 	</dependencies>
 
 	<build>
+        <finalName>axway-apimcli-1.14.5.1-SNAPSHOT</finalName>
 		<plugins>
 			<plugin>
 				<artifactId>maven-assembly-plugin</artifactId>

docker-compose.yml

@@ -2,13 +2,14 @@ version: "2"
 
 services:
   cassandra:
+    # image: cassandra:4.0.13
     image: ${CASSANDRA_DOCKER_IMAGE}
     ports:
       - 9042:9042   # Cassandra listen socket
     hostname: cassandra
 
   apimgmt:
-    # image: docker-registry.demo.axway.com/swagger-promote/api-mgr-with-policies:7.7
+    # image: docker.repository.axway.com/apigateway-docker-prod/7.7/gateway:7.7.0.20240530-2-BN0004-ubi9
     image: ${APIM_DOCKER_IMAGE}
     volumes:
       - ${GITHUB_WORKSPACE}/licenses:/opt/Axway/apigateway/conf/licenses

modules/apim-adapter/src/main/java/com/axway/apim/adapter/apis/APIFilter.java

@@ -200,12 +200,9 @@ public void setApiPath(String apiPath) {
             op = "like";
             apiPath = apiPath.replace("*", "");
         }
-        // Only from version 7.7 on we can query for the path directly.
-        if (APIManagerAdapter.hasAPIManagerVersion("7.7")) {
-            filters.add(new BasicNameValuePair(FIELD, "path"));
-            filters.add(new BasicNameValuePair(OP, op));
-            filters.add(new BasicNameValuePair(VALUE, apiPath));
-        }
+        filters.add(new BasicNameValuePair(FIELD, "path"));
+        filters.add(new BasicNameValuePair(OP, op));
+        filters.add(new BasicNameValuePair(VALUE, apiPath));
     }
 
     public String getQueryStringVersion() {

modules/apim-adapter/src/main/java/com/axway/apim/adapter/apis/APIManagerAPIAdapter.java

@@ -417,7 +417,7 @@ public void translateMethodIdsToName(APIQuota apiQuota, String apiId) throws App
             APIManagerAPIMethodAdapter methodAdapter = APIManagerAdapter.getInstance().getMethodAdapter();
             List<QuotaRestriction> quotaRestrictions = apiQuota.getRestrictions();
             for (QuotaRestriction quotaRestriction : quotaRestrictions) {
-                APIMethod apiMethod = methodAdapter.getMethodForId(apiId, quotaRestriction.getApiId());
+                APIMethod apiMethod = methodAdapter.getMethodForId(apiId, quotaRestriction.getMethod());
                 if (apiMethod != null)
                     quotaRestriction.setMethod(apiMethod.getName());
             }
@@ -605,7 +605,7 @@ public API updateAPIProxy(API api) throws AppException {
         }
     }
 
-    private String[] getSerializeAllExcept() throws AppException {
+    public String[] getSerializeAllExcept() throws AppException {
         String[] serializeAllExcept;
         // queryStringPassThrough added in inboundProfiles on API manager version 7.7.20220530
         if (queryStringPassThroughBreakingVersion.contains(APIManagerAdapter.getInstance().getApiManagerVersion())) {

modules/apim-adapter/src/main/java/com/axway/apim/adapter/apis/APIManagerAPIMethodAdapter.java

@@ -83,6 +83,8 @@ public APIMethod getMethodForName(String apiId, String methodName) throws AppExc
     }
 
     public APIMethod getMethodForId(String apiId, String methodId) throws AppException {
+        if(methodId.equals("*"))
+            return null;
         List<APIMethod> apiMethods = getAllMethodsForAPI(apiId);
         if (apiMethods.isEmpty()) {
             LOG.warn("No operations found for API with id: {}", apiId);