I'm looking for easier ways of deploying policies between environments. I know that this can be done via the GUI but would like to do this through the command line instead.
It depends a bit on which version of the CA API Gateway you are running, but the short answer is "Yes, we have a method available to migrate policies via the command line".
In version 8.3.00 (our latest version at the time of this writing), we built in a new feature we call the "GMU" or "Gateway Migration Utility" which allows migration of policies using the command line. For several versions prior to 8.3.00, we have a Tactical Project which can be used and is called the "CMT" or "Command-line Migration Tool" which is more or less similar to the "GMU" of 8.3.00, just requiring an additional installation rather than being included in the version itself.
For more information on the GMU in version 8.3.00, please consult the CA Wiki page for it: https://wiki.ca.com/display/GATEWAY83/Configure+GMU+and+Gateways+for+Migration
If you require a copy of the CMT for a version prior to 8.3.00, please open up a Support case so we can deliver it to you via the Support case. Be sure to include which exact version of the CA API Gateway you are running (command to run to confirm: # rpm -qa | grep ssg).
I hope the above helps.
Support Engineer, Global Customer Success
Phone: +1 800 225 5224
Outside of North America - ca.com/us/worldwide.aspx
thanks for getting back to me. we are running Secure Span Gateway 8.2.00. I will log a ticket to get access to the CMT. A quick question though, how will the migration deal with policy fragments? for example, I have policy fragments that are used to maintain environment wide settings (LDAP server IPs etc). I used policy fragments to make the management of the IPs etc easier. when I export a policy to an xml file there is a reference to a policy fragment with a GUID. given the GUID will be different in each environment, how will this be handled when it is exported?
The CMT & GMU can both migrate policy fragments and other dependencies (encapsulated assertions, etc.) smoothly. You can see on this page in the wiki that dependencies are supported when it states "yes" to "migrate dependencies" and "map dependencies".
Here is another useful page in the wiki which will go over a large example of a migration which also shows how to migrate between environments when the destination environment already has the same fragment in it but with a different GUID, how to map the dependency and how to overwrite them, etc.... Migration Examples
I hope the information (more specifically the information found on the wiki pages) noted above is what you are looking for.
Retrieving data ...