APIC Toolkit Reference - ibmArtifacts/APIC_Toolkit_Reference GitHub Wiki
apic login -s <cm_url> --realm <admin/default-idp-1> --username <username> --password <password>
How to get the realm: apic identity-providers:list -s <cm_url> --scope admin|provider
apic me:change-password -s server CHANGE_PASSWORD.yaml
Sample CHANGE_PASSWORD.yaml:
current_password: OLD_PASSWORD
password: NEW_PASSWORD
apic keystores:create -s <cm_url> -o admin keystore.json
Sample keystore.json:
NOTICE: the private key and public cert content must be converted properly with the \n for line breaks in actual cryptos.
{
"title": "test",
"name": "test",
"summary": "",
"password": "password",
"keystore": "-----BEGIN CERTIFICATE-----\nMIIDUTCCAjmgAwIBAgIIRaMSHIh7VigwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE\nAwwVKi5ydHAucmFsZWlnaC5pYm0uY29tMB4XDTIwMTAyODIxMDEyNVoXDTMwMTAy\nNjIxMDEyNVowIDEeMBwGA1UEAwwVKi5ydHAucmFsZWlnaC5pYm0uY29tMIIBIjAN\nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+sx4zopPJQWYpGljXQf3Bcr6bJI+\n4f2RjpOMSoZQiOwRSbVTpfLwH2XkK1CxCu79RBAUIQfj2upkIOEfxnWZZFnlMAHP\nhuJw7guaw4x1iA2c86FWtB9S40h1bU+CQ/J4XUkLQ0QfUbEePdlaTjUHsNeo8HwF\nK1cJcwBU3phLLLmkCaIRkMZiFe0xC0yGLAVSlC/CY6+nMX5oQfhbI8TV9hCoS6pc\nMR3XrcDB+A7K71R+1WKFRQ2MRrFymczUTF3urLds1huwx1Fnx61apwvtdOVK7u6B\nH2hufG0AyrwslbzfRjFzqvLrxoHXKp5NfSOr7GfB9Fm+MxFzEDxfoKA3IQIDAQAB\no4GOMIGLMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBf7JLJxrlysUA/jVqJkQG3i\ng4dfME8GA1UdIwRIMEaAFBf7JLJxrlysUA/jVqJkQG3ig4dfoSSkIjAgMR4wHAYD\nVQQDDBUqLnJ0cC5yYWxlaWdoLmlibS5jb22CCEWjEhyIe1YoMAsGA1UdDwQEAwIC\nvDANBgkqhkiG9w0BAQsFAAOCAQEA59qfsaGIJQdukMl23HaI+QNjWqqFHoEMN1Zu\n3jP3pTEZ5cg6x7IvH2BfY6xD/ugIJwYdZ5hly22Vizkf8kzZ6jVwq0+O6eOE5jBK\nsgZIqUtlDrV1IUW5slX9YgaxKQrC3vHAzQY0TeCOjK6xxmwFWUryac9Kq8W6wYST\nYP4lRKCnGc8QiLWXC3PJnHQyltms08dY+Eut0C/fypSrJtdvp7aZ70QfyeffN6Fi\nylZ8lbrdvM6/iM0P0kdyvD794XR6YeD3sKBsZSsP5vKJrNhjkGm+s0lQunMYsWj+\nSDghPLy51d+p9e9LwrBth0FWLk1/fzajiBnC9qg4Ht4S3KT1Ng==\n-----END CERTIFICATE-----\n-----BEGIN PRIVATE KEY----- \nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQD6zHjOik8lBZik\naWNdB/cFyvpskj7h/ZGOk4xKhlCI7BFJtVOl8vAfZeQrULEK7v1EEBQhB+Pa6mQg\n4R/GdZlkWeUwAc+G4nDuC5rDjHWIDZzzoVa0H1LjSHVtT4JD8nhdSQtDRB9RsR49\n2VpONQew16jwfAUrVwlzAFTemEssuaQJohGQxmIV7TELTIYsBVKUL8Jjr6cxfmhB\n+FsjxNX2EKhLqlwxHdetwMH4DsrvVH7VYoVFDYxGsXKZzNRMXe6st2zWG7DHUWfH\nrVqnC+105Uru7oEfaG58bQDKvCyVvN9GMXOq8uvGgdcqnk19I6vsZ8H0Wb4zEXMQ\nPF+goDchAgMBAAECggEAN5WrzLLwuZbU7tOAtzS1te33tKpxD2tAoGXpOPct0Drp\n1fk/Mc93Eq5ldIgsxOyU60nY/D0gbft296aNgVG9DnWyCwLLuOxk9Q1TXrW5ss65\nk3GVotQybbc4d2Kgz2hk7t/qhB0MB/IGbtTGZADy1GnnwmzqRGHE8V0IclE0kBOg\nicv0zLKruCSub8IzdmjeiFQ+fsjSTn0KX4sCgWyQp6dHYnqk0ZayFRv2yGET22Vs\nVynHOTSGh8quwbwqkMCr6Qr/pt6lyWvs9Fm6m4J8NWalYhOEvshP468GdrNUgHZJ\nqw0w5iv6CK0MvnpIkdrpPDtbRSfur9BoykTeVCNTwQKBgQD/6ax6v/TcTfc42pYN\nNHM1rgSAorxBCKXBByi/Lnc5fH10guj4heeuqCjPXOI9nPc+fmCwqdBdZnDdvS9T\nlwWgx8jIu0OV8/K7QsguIPqpPAbMsGpdkm0cnp2bNP5RXA2bAPB1wzMO4nDMkGNo\nMa7RdoUIpCR37Rl1SuLPPaERyQKBgQD64locQlBTV50GTMui0K9D6rhYqlmoDZwh\n1cdpr0dV3bziXKmAo8zSnGhzZutEAww8HgGqQRw6u1wejo5yJtgpEEFpk0Tflmkn\nbfQMy31mRnXbzSxDzHuZSDrnyLdU5JQIul+ATf43OVn3Iqm8s9Jr99ulwiYVr640\nCxRby1LmmQKBgAobFDCUu/qnKYgZOauz0ojgIlViF8UJrmH9AmLqVtLyU5HySXjm\n8Ms44MOvi0+bjzfsjazsR8oobXSUL/ZBFHvQ5+DlZDnbtE4oyPbpXnyoXixfGxQu\n4BgtO1QRt6lG1VK1qsk7uBxyXLn3SbWnoJus7nv032vM9SBooKRGbsHhAoGAaMWo\njg6fjv6Sw/PEQv1VhE58qAKUKJtuba7idV9OsixE2l+KJf/B5N6OvErpy2Bedqit\nV1WTnW9rPBOap09TjGqOdrGa3Kjqxx2jAsjkWJbqV12qs7GsmEnS18M51MkUjUSP\n53wqwxM/X/bo3bZXFOHQp7uZvgq8/Fz4JpGV0FkCgYBmeemQfVuzzTOUkA3aWj6R\nQn+hHmJVM6z1zkytMsN0+2tp5kHP/95+C4TXWq6si+sUcSLMoM/mlb8Wjnb2H9xY\nnjc/bZqTrzn6EU4ehAz1CqnMrFRoNk4B56yCd1c8+EjziIPbdrOTQQMOEZi8GSW+\nx4ua6l4RaSXIXRTusQjtwA==\n-----END PRIVATE KEY-----\n"
}
apic tls-server-profiles:create -s <cm_url> -o admin new-server-profile.yaml
Sample new-server-profile.yaml:
type: tls_server_profile
api_version: 2.0.0
name: new-client-profile
version: 1.0.0
title: New TLS client profile
summary: New TLS client profile
protocols:
- tls_v1.2
ciphers:
- ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- ECDHE_RSA_WITH_AES_256_GCM_SHA384
- ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- ECDHE_RSA_WITH_AES_256_CBC_SHA384
- ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- ECDHE_RSA_WITH_AES_256_CBC_SHA
- DHE_DSS_WITH_AES_256_GCM_SHA384
- DHE_RSA_WITH_AES_256_GCM_SHA384
- DHE_RSA_WITH_AES_256_CBC_SHA256
- DHE_DSS_WITH_AES_256_CBC_SHA256
- DHE_RSA_WITH_AES_256_CBC_SHA
- DHE_DSS_WITH_AES_256_CBC_SHA
- RSA_WITH_AES_256_GCM_SHA384
- RSA_WITH_AES_256_CBC_SHA256
- RSA_WITH_AES_256_CBC_SHA
- ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- ECDHE_RSA_WITH_AES_128_GCM_SHA256
- ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- ECDHE_RSA_WITH_AES_128_CBC_SHA256
- ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- ECDHE_RSA_WITH_AES_128_CBC_SHA
- DHE_DSS_WITH_AES_128_GCM_SHA256
- DHE_RSA_WITH_AES_128_GCM_SHA256
- DHE_RSA_WITH_AES_128_CBC_SHA256
- DHE_DSS_WITH_AES_128_CBC_SHA256
- DHE_RSA_WITH_AES_128_CBC_SHA
- DHE_DSS_WITH_AES_128_CBC_SHA
- RSA_WITH_AES_128_GCM_SHA256
- RSA_WITH_AES_128_CBC_SHA256
- RSA_WITH_AES_128_CBC_SHA
server_name_indication: true
keystore_url: >-
https://cloud.192.168.1.21.nip.io/api/orgs/6ec7d8cc-29f9-4c90-beb1-6f07871f67c8/keystores/9e237907-16b2-4190-8e56-59dc8d3a7129
truststore_url: >-
https://cloud.192.168.1.21.nip.io/api/orgs/6ec7d8cc-29f9-4c90-beb1-6f07871f67c8/truststores/b4695ff9-a4dc-419d-93c9-3b98167c6ed1
visibility:
type: private
Dependent calls:
keystore_url: apic keystores:list -s <cm_url> -o admin
truststore_url: apic truststores:list -s <cm_url> -o admin
apic gateway-services:create -s <cm_url> -o admin --availability-zone <availability-zone-default> v5c-gateway-service.yaml
Sample v5c-gateway-service.yaml:
type: gateway_service
api_version: 2.0.0
name: v5c-gateway-service
title: v5c-gateway-service
gateway_service_type: datapower-gateway
endpoint: 'https://192.168.1.44:3000'
api_endpoint_base: 'https://192.168.1.44:9443'
tls_client_profile_url: >-
https://cloud.192.168.1.21.nip.io/api/orgs/6ec7d8cc-29f9-4c90-beb1-6f07871f67c8/tls-client-profiles/c3c73996-634c-4c05-a341-cb8441cfd$
sni:
- host: '*'
tls_server_profile_url: >-
https://cloud.192.168.1.21.nip.io/api/orgs/6ec7d8cc-29f9-4c90-beb1-6f07871f67c8/tls-server-profiles/6afede02-865d-43d5-a83d-fda35$
visibility:
type: public
availability_zone_url: >-
https://cloud.192.168.1.21.nip.io/api/orgs/6ec7d8cc-29f9-4c90-beb1-6f07871f67c8/availability-zones/4ae140f8-b376-4b2a-afe3-f112b4a5d3$
org_url: >-
https://cloud.192.168.1.21.nip.io/api/orgs/6ec7d8cc-29f9-4c90-beb1-6f07871f67c8
Dependent calls:
tls_client_profile_url: apic tls-client-profiles:list-all -s <cm_url> -o admin
tls_server_profile_url: apic tls-server-profiles:list-all -s <cm_url> -o admin
availability_zone_url: apic availability-zones:list -s <cm_url> -o admin
org_url: apic orgs:list -s <cm_url> --my
apic analytics-services:create -s server -o admin --availability-zone <availability-zone-default> analytics.yaml
Sample analytics.yaml:
type: analytics_service
api_version: 2.0.0
name: analytics
title: analytics
endpoint: 'https://analytics-client.192.168.1.22.nip.io'
ingestion_endpoint: 'https://analytics-ingestion.192.168.1.22.nip.io'
ingestion_endpoint_tls_client_profile_url: >-
https://cloud.192.168.1.21.nip.io/api/orgs/6ec7d8cc-29f9-4c90-beb1-6f07871f67c8/tls-client-profiles/a29f7523-eab0-45fe-a8ff-deaa17796898
client_endpoint: 'https://analytics-client.192.168.1.22.nip.io'
client_endpoint_tls_client_profile_url: >-
https://cloud.192.168.1.21.nip.io/api/orgs/6ec7d8cc-29f9-4c90-beb1-6f07871f67c8/tls-client-profiles/3a6307bf-c34e-4261-8f75-f48d8b811af0
availability_zone_url: >-
https://cloud.192.168.1.21.nip.io/api/orgs/6ec7d8cc-29f9-4c90-beb1-6f07871f67c8/availability-zones/4ae140f8-b376-4b2a-afe3-f112b4a5d3b6
org_url: >-
https://cloud.192.168.1.21.nip.io/api/orgs/6ec7d8cc-29f9-4c90-beb1-6f07871f67c8
Dependent calls:
ingestion_endpoint_tls_client_profile_url & client_endpoint_tls_client_profile_url: apic tls-client-profiles:list-all -s <cm_url> -o admin
availability_zone_url: apic availability-zones:list -s <cm_url> -o admin
org_url: apic orgs:list -s <cm_url> --my
To verify whether the ADMIN user has been created in APIM:
apic users:list -s <cm_url> -o admin --user-registry api-manager-lur
If ADMIN user is not listed, then create:
apic users:create -s <cm_url> -o admin --user-registry api-manager-lur create-apim-user.yaml
Sample create-apim-user.yaml:
type: user
name: admin
title: admin
state: enabled
identity_provider: default-idp-2
username: admin
email: [email protected]
first_name: first
last_name: last
metadata:
name: admin
username: admin
apic orgs:create new_org.yaml -s server
Sample new_org.yaml:
type: org
api_version: 2.0.0
name: new-org
title: new org
state: enabled
org_type: provider
owner_url: >-
https://cloud.192.168.1.21.nip.io/api/user-registries/6ec7d8cc-29f9-4c90-beb1-6f07871f67c8/ea9516b4-2dd0-4b51-9ef8-85451582f300/users/8843d6f5-e1ef-4ea5-9be0-e132f21fbd7c
Dependent calls:
owner_url: apic users:list -s <cm_url> -o admin --user-registry api-manager-lur
apic login -s <apim_url> --realm <provider/default-idp-2> --username <username> --password <password>
How to get the realm: apic identity-providers:list -s <apim_url> --scope admin|provider
apic catalogs:create -s <apim_url> -o sfni catalog_create.yaml
Sample catalog_create.yaml:
name: test
title: test
summary: test catalog
NOTE: If the “Catalog defaults” in the CM is set with a gateway already, then you will see the error
Error: The Configured Gateway Service cannot be created with name ‘name_of_gateway’. Another resource of type configured_gateway_service (id: 65932f1d-4335-4b53-afc0-e39f6639b09d) already exists with the same name.
apic configured-gateway-services:create -s <apim_url> -o <provider_org> -c <catalog> --scope catalog configured-v5-eat-gateway.yaml
Sample configured-v5-east-gateway.yaml:
type: configured_gateway_service
gateway_service_url: https://apic_url/api/orgs/57849fb1-34f7-45d4-bf-bf51aa86/gateway-services/34494951-2111-4de8-b4a-c5d4cba31
Dependent calls:
gateway_service_url: apic gateway-services:list -s <apim_url> -o admin --availability-zone <availability-zone> --scope org
NOTE: The –-availability-zone name should be used, and not the title of the availability-zone.
apic consumer-orgs:create -s <apim_url> -o sfni -c test corg_create.yaml
Sample corg_create.yaml:
name: corg-test
title: corg-test
owner_url: https://apic_url/api/user-registries/549fb1-3f7-45d4-b-bfa0a86/dbb123b-3266-4a16-a0c-e631d/users/f24baa-9082-4e83-828-68da33
Dependent calls:
owner_url: apic users:list -s <apim_url> -o <provider_org> -c <catalog> --scope catalog
apic apps:create -s <apim_url> -o <provider_org> -c <catalog> --consumer-org <consumer_org> appcred.yaml
Sample appcred.yaml:
type: app
api_version: 2.0.0
name: testapp
title: testapp
state: enabled
client_secret: mySecret
client_id: myId
catalog_url: https://apic_url/api/catalogs/57849fb1-34f7-45d4-bf-bf56aaa86/b29ce-17ed-440-a0f3-583fe
consumer_org_url: https://apic_url/api/consumer-orgs/57849fb1-34f7-45d4-bf-bf56aaa86/b29ce-17ed-440-a0f3-583fe/a69d8a4c-c504-44bb-8767-c1a4b4b03bfb
Dependent calls:
catalog url: apic catalogs:list -s <apim_url> -o <provider_org>
consumer_org_url: apic consumer-orgs:list -s <apim_url> -o <provider_org> -c <catalog>
apic subscriptions:create –s <apim_url> –o <provider_org> –c <catalog> --app <application_name> –-consumer-org <consumer_organization> create_subscription.yaml
Sample create_subscription.yaml:
plan: default-plan
product_url: https://apic_url/api/catalogs/57849fb1-34f7-45d4-bf-bf56aaa86/b29ce-17ed-440-a0f3-583fe/products/3d7e8f5c-c7a6-4905-8c30-d61e3c6ec7ba
Dependent calls:
product_url: apic products:list-all -s <apim_url> -o <provider_org> -c <catalog> --scope catalog