Victor Kazakov

Using the Container Gateway in a Development Environment - Part 1

Blog Post created by Victor Kazakov Employee on Feb 2, 2018

In previous posts I talk about bootstrapping bundles of policies and services for container gateways. But how do you build these bundles in the first place. This blog post talks about how to use the Container Gateway to build bundles of gateway policies and services. Part 2 of this post will go into more details of how to improve the exports from the gateway and commit those to a version control system.


In order to run the Gateway Container on your local machine you need to have  Docker installed.

You need to have a valid license for the CA API Gateway.

Lastly you need the Policy Manager in order to create policies and services.

Setting up the Development Environment

The first thing you need to do is build your docker-compose file. This will enable you to easily start and stop your development gateway. Below is a docker-compose file to start from.

version: '3.4'
    image: caapim/gateway:9.3.00
    hostname: gateway-dev
      - "8080:8080"
      - "8443:8443"
      - /opt/SecureSpan/Gateway/node/default/etc/bootstrap/services/restman
      - source: license
        target: /opt/SecureSpan/Gateway/node/default/etc/bootstrap/license/license.xml
      ACCEPT_LICENSE: "true"
      SSG_ADMIN_USERNAME: "admin"
      SSG_ADMIN_PASSWORD: "password"
    file: ./license.xml

You can also download the docker compose file here.

Some notable details on the docker-compose file:

  • The restman volume: /opt/SecureSpan/Gateway/node/default/etc/bootstrap/services/restman
    • This creates a volume mounted to the above location. When the gateway is starting up when it see that a file exists at that location it will make restman available on the gateway. 
  • The license secret
    • The Gateway license file is loaded as a secret. This is the preferred way to provide licenses to a gateway. 

If you now run:

docker-compose up

This will start a CA API Gateway. The gateway will have restman available on it and you could login to it with policy manager using 'admin' as the username and 'password' as the password.

Exporting from the Development Gateway

The next step would be to write some policy and services. In order to make the export simpler create a folder and put all the policies and services you write into that folder. For example you folder structure could look something like this where the root folder is OTK and all the other services and policies are underneath it:

Export your folder using the following command:

curl -k -u admin:password "https://gateway-dev:8443/restman/1.0/bundle?encassAsPolicyDependency=true&folder=<folderID>" | tail -n +9 | tail -r | tail -n +3 | tail -r | sed '1i<l7:Bundle xmlns:l7="">' > bundle.bundle

Where <folderID> is the ID of the folder that your policies are in. You can get this ID from the policy manager by right clicking on the folder and selecting Folder Properties

Once the curl command is run you will have a file called bundle.bundle that contains the exported policies and services you have created along with any other dependencies they reference.

Note, the tail commands at the end of the export command are used to clean up the export so that it can be mounted to the container and imported properly. The next blog post will look at improving this command.

Re-Deploying with new Configuration

To make sure that the exported policies and services are available next time you restart your development Gateway update your docker-compose file to add the following volume mount:

- ./bundle.bundle:/opt/SecureSpan/Gateway/node/default/etc/bootstrap/bundle/bundle.req.bundle

Now if you restart your development Gateway the policies and services you worked on will be loaded.

Next Steps

As you are working on your policies and service make sure you continuously export in order to backup and save your changes.

In the next post I will discuss improving the export command and committing the exported bundle to a version control system.