Layer7 API Management

  • 1.  Unable to Approve Plan Change

    Posted Sep 11, 2017 05:50 PM

    On Developer Portal 3.5, a developer with the developer role can add an application, and after it is approved they request a plan change (under the application's "API Management" tab). However, it is stuck on "Sandbox", and under Plan Change it shows "Production Plan pending approval". I've logged in as an admin, business manager, and account manager, and I am unable to approve the plan change. It still just says "Production Plan pending approval". Has anyone else seen this, or know how to get our of this wedge? Deleting the API, and re-adding it doesn't do anything. Thanks!



  • 2.  Re: Unable to Approve Plan Change

    Posted Sep 12, 2017 03:07 AM

    I haven't seen this issue before but did you check for any errors in catalina.out once you approve the request



  • 3.  Re: Unable to Approve Plan Change

    Broadcom Employee
    Posted Sep 12, 2017 09:58 AM

    I haven't seen this issue either, but I would look into the users involved with this workflow to see if they are configured correctly.

     

    For both the developer user and the admin user, can you send through the domain, roles, and organizations associated with the users? This can be found the following way:
    -Login to the CMS as the admin user (http://<portal-hostname>/admin)
    -Click on "User Administration" on the left side
    -Click on "Manage Users" on the left side
    -Scroll to find the user in question
    -Note the "Domain" value under the "General" Tab.
    -Note the "Current Roles" under the "Roles" tab.
    -Note the "Current Organizations" under the "Organizations" tab.

     

    --Azad



  • 4.  Re: Unable to Approve Plan Change

    Posted Sep 12, 2017 05:24 PM

    I didn't see any obvious errors in catalina.out.  It looks like it isn't sending an email, but I think this is unrelated.
    09/12 15:44:23.352 INFO (http-37080-4:) - [Email general] -- using SMTPServer=localhost, To=, CC=
    09/12 15:44:23.352 INFO (http-37080-4:) - [Utils general] -- No recipients specified - Email not sent

     

    Developer: (requested plan change)
    Domain: LRSDEVELOPER
    Roles: cmsuser, registeredUser
    Organization: GM_Internal

     

    Admin: (can't approve)
    Domain: INTERNAL
    Roles: administrator
    Organization: none

     

    Business Admin: (can't approve)
    Domain: LRSDEVELOPER
    Roles: businessManager, cmsuser, registeredUser
    Organization: GM_Internal



  • 5.  Re: Unable to Approve Plan Change

    Posted Sep 13, 2017 11:20 AM

    This is a growing problem.  It looks like anything in the lrs.lrsapiplanrequestaudit table gets stuck in this limbo state where the plan change can't be approved or reset.  Anyone else seeing rows with NULL values in them?

     

    select * from lrsapiplanrequestaudit;

    +----+-------+--------+-------+------------------------------------------+--------------------------------------+---------------------+--------+-----------+----------+
    | id | orgId | apiKey | appId | planId | serviceUUID | requestDate | action | returnMsg | username |
    +----+-------+--------+-------+------------------------------------------+--------------------------------------+---------------------+--------+-----------+----------+
    ...
    | 22 | 78 | NULL | 132 | dbdcd64c94287d76e438301921cb82b79b39208f | afce6b6e-1c20-4867-ac4a-2361a10be9c1 | 2017-09-05 17:10:02 | NULL | NULL | NULL |
    | 23 | 78 | NULL | 79 | dbdcd64c94287d76e438301921cb82b79b39208f | afce6b6e-1c20-4867-ac4a-2361a10be9c1 | 2017-09-05 17:10:11 | NULL | NULL | NULL |
    | 24 | 78 | NULL | 141 | 977c74afd779357fff22a8be82cade0f2b7b602c | afce6b6e-1c20-4867-ac4a-2361a10be9c1 | 2017-09-05 18:05:50 | NULL | NULL | NULL |
    | 25 | 78 | NULL | 123 | 977c74afd779357fff22a8be82cade0f2b7b602c | afce6b6e-1c20-4867-ac4a-2361a10be9c1 | 2017-09-06 08:40:50 | NULL | NULL | NULL |
    | 26 | 78 | NULL | 146 | dbdcd64c94287d76e438301921cb82b79b39208f | afce6b6e-1c20-4867-ac4a-2361a10be9c1 | 2017-09-12 14:28:44 | NULL | NULL | NULL |
    +----+-------+--------+-------+------------------------------------------+--------------------------------------+---------------------+--------+-----------+----------+



  • 6.  Re: Unable to Approve Plan Change

    Broadcom Employee
    Posted Sep 13, 2017 12:25 PM

    ChessClub,

     

    I just requested and (successfully) approved an API Plan in my lab, and my lrsapiplanrequestaudit table looks like yours. Meaning that apiKey, action, returnMsg, and username all have values of NULL. So I don't think this is a concern. I'm working to reproduce this issue in my lab at the moment.

     

    --Azad



  • 7.  Re: Unable to Approve Plan Change
    Best Answer

    Posted Sep 14, 2017 11:59 AM

    I might have found a solution.  We didn’t have anyone setup with the organizationAdmin role.  Once we gave someone this role the "Admin" user, and people with the organizationAdmin role were able to see "11 API Plan Change Requests" on the dashboard (which we didn’t see before).  From that link we are able to approve the plan change.



  • 8.  Re: Unable to Approve Plan Change

    Broadcom Employee
    Posted Sep 14, 2017 12:18 PM

    ChessClub,

     

    The organizationAdmin role needs to be assigned to a registeredUser. Each organization needs at least one user that has the roles of organizationAdmin and registeredUser. The organizationAdmin role is not intended to be used with internal users like Admin, ApiOwner, etc. So I would suggest that you remove the role from your admin user, and add the role to your registeredUser.

     

    Here is the list of supported account types and their domains and roles, any other combinations can result in unforeseen behavior:


    Username: AccountManager
    Domain: INTERNAL
    Roles: accountManager

    Username: Admin
    Domain: INTERNAL
    Roles: administrator

    Username: ApiOwner
    Domain: INTERNAL
    Roles: apiOwner, cmsuser

    Username: BusinessManager
    Domain: INTERNAL
    Roles: businessManager

    Username: WebAdmin
    Domain: INTERNAL
    Roles: cmsuser, webAdmin

    External users/developers should have:
    Domain: LRSDEVELOPER
    Roles combo1: organizationAdmin, registeredUser
    Roles combo2: registeredUser

     

    --Azad



  • 9.  Re: Unable to Approve Plan Change

    Posted Sep 14, 2017 01:42 PM

    Yeah, we did assign the organizationAdmin role to a registered user (not admin) to get it working now.  Thanks!