Layer7 API Management

  • 1.  Use restman to change listenport settings

    Posted May 02, 2017 07:50 AM

    I would like to use the RestMan interface to change the EnabledCipherSuites for a listenport (to make it easier to use the same set of ciphersuites on all ports, the UI is not very efficient).

    I can't find any examples of a correct message to send with a PUT request.

     

    I'm trying this xml now, that results in a 'error in assertion processing' without any further clues.

    Any hint or working example is appreciated.

     

    <l7:Item xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
    <l7:Name>xxxx (HTTPS)</l7:Name>
       <l7:Id>xxxxx</l7:Id>
       <l7:Type>SSG_CONNECTOR</l7:Type>  
       <l7:Resource>
          <l7:ListenPort id="******" version="149">
             <l7:Name>xxxx (HTTPS)</l7:Name>
             <l7:Enabled>true</l7:Enabled>
             <l7:Protocol>HTTPS</l7:Protocol>
             <l7:Interface>xxxxx</l7:Interface>
             <l7:Port>xxxxx</l7:Port>
             <l7:EnabledFeatures>
                <l7:StringValue>Published service message input</l7:StringValue>
                <l7:StringValue>Password changing service</l7:StringValue>
                <l7:StringValue>WSDL download service</l7:StringValue>
             </l7:EnabledFeatures>
             <l7:TlsSettings>
                <l7:ClientAuthentication>Optional</l7:ClientAuthentication>
                <l7:PrivateKeyReference id="******" resourceUri="http://ns.l7tech.com/2010/04/gateway-management/privateKeys"/>
                <l7:EnabledVersions>
                   <l7:StringValue>TLSv1</l7:StringValue>
                   <l7:StringValue>TLSv1.2</l7:StringValue>
                </l7:EnabledVersions>
                <l7:EnabledCipherSuites>
                   <l7:StringValue>TLS_RSA_WITH_AES_256_CBC_SHA</l7:StringValue>
                   <l7:StringValue>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</l7:StringValue>
                   <l7:StringValue>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</l7:StringValue>
                   <l7:StringValue>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</l7:StringValue>
                   <l7:StringValue>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</l7:StringValue>
                   <l7:StringValue>TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384</l7:StringValue>
                   <l7:StringValue>TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384</l7:StringValue>
                   <l7:StringValue>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</l7:StringValue>
                   <l7:StringValue>TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256</l7:StringValue>
                   <l7:StringValue>TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256</l7:StringValue>
                   <l7:StringValue>TLS_RSA_WITH_AES_256_GCM_SHA384</l7:StringValue>
                </l7:EnabledCipherSuites>
             </l7:TlsSettings>
             <l7:Properties>
                <l7:Property key="useExtendedFtpCommandSet">
                   <l7:StringValue>false</l7:StringValue>
                </l7:Property>
             </l7:Properties>
          </l7:ListenPort>
       </l7:Resource>
    </l7:Item>



  • 2.  Re: Use restman to change listenport settings
    Best Answer

    Posted May 02, 2017 11:36 AM

    To update an existing listen port using restman you need to do a PUT to the 1.0/listenPorts/{id} uri, like this:

       https://[gateway-host]:[port]/restman/1.0/listenPorts/{id}

     

    You will replace {id} with the Listen Port id value found in this XML tag:

       <l7:ListenPort id="******" version="149">

     

    Where I believe you are running into the problem is with the payload you are uploading. You just want the payload to include what is in the <l7:ListenPort> XML tag. So using your example above, the payload should be the following:


    <l7:ListenPort id="******" version="149" xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management>
    <l7:Name>xxxx (HTTPS)</l7:Name>
    <l7:Enabled>true</l7:Enabled>
    <l7:Protocol>HTTPS</l7:Protocol>
    <l7:Interface>xxxxx</l7:Interface>
    <l7:Port>xxxxx</l7:Port>
    <l7:EnabledFeatures>
    <l7:StringValue>Published service message input</l7:StringValue>
    <l7:StringValue>Password changing service</l7:StringValue>
    <l7:StringValue>WSDL download service</l7:StringValue>
    </l7:EnabledFeatures>
    <l7:TlsSettings>
    <l7:ClientAuthentication>Optional</l7:ClientAuthentication>
    <l7:PrivateKeyReference id="******" resourceUri="http://ns.l7tech.com/2010/04/gateway-management/privateKeys"/>
    <l7:EnabledVersions>
    <l7:StringValue>TLSv1</l7:StringValue>
    <l7:StringValue>TLSv1.2</l7:StringValue>
    </l7:EnabledVersions>
    <l7:EnabledCipherSuites>
    <l7:StringValue>TLS_RSA_WITH_AES_256_CBC_SHA</l7:StringValue>
    <l7:StringValue>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</l7:StringValue>
    <l7:StringValue>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</l7:StringValue>
    <l7:StringValue>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</l7:StringValue>
    <l7:StringValue>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</l7:StringValue>
    <l7:StringValue>TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384</l7:StringValue>
    <l7:StringValue>TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384</l7:StringValue>
    <l7:StringValue>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</l7:StringValue>
    <l7:StringValue>TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256</l7:StringValue>
    <l7:StringValue>TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256</l7:StringValue>
    <l7:StringValue>TLS_RSA_WITH_AES_256_GCM_SHA384</l7:StringValue>
    </l7:EnabledCipherSuites>
    </l7:TlsSettings>
    <l7:Properties>
    <l7:Property key="useExtendedFtpCommandSet">
    <l7:StringValue>false</l7:StringValue>
    </l7:Property>
    </l7:Properties>
    </l7:ListenPort>



  • 3.  Re: Use restman to change listenport settings

    Posted May 02, 2017 02:31 PM

    tnx for the quick response. Using just whats inside the <Listenport> tags did the trick.



  • 4.  Re: Use restman to change listenport settings

    Posted May 30, 2018 05:43 AM

    Dear Peterson,

    My issue also related to same thread ,If I am creating new port It's working fine but in case of update its giving me error as below .[ Triggering request with Put method  ]

    <l7:Error xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
    <l7:Type>DuplicateObject</l7:Type>
    <l7:TimeStamp>2018-05-30T07******</l7:TimeStamp>
    <l7:Link rel="self" uri="https://a301-7881-0499.gdzd.ubs.net:443/restmandev/1.0/listenPorts/3f6f4e2f3efa8502106f9acbbc3c2da2"/>
    <l7:Detail>(name)must be unique</l7:Detail>
    </l7:Error>

    I am attaching request below, please help.

    ********************Request***********************************************************

     

    <l7:ListenPort version="2" id="3f6f4e2f3efa8502106f9acbbc3c2da2" xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
    <l7:Name>default_6443</l7:Name>
    <l7:Enabled>true</l7:Enabled>
    <l7:Protocol>HTTPS</l7:Protocol>
    <l7:Port>8443</l7:Port>
    <l7:EnabledFeatures>
    <l7:StringValue>Published service message input</l7:StringValue>
    </l7:EnabledFeatures>
    <l7:TlsSettings>
    <l7:ClientAuthentication>Optional</l7:ClientAuthentication>
    <l7:PrivateKeyReference id="00000000000000000000000000000002:isga-ch-dev-02.ubseng.net" resourceUri="http://ns.l7tech.com/2010/04/gateway-management/privateKeys"/>
    <l7:EnabledVersions>
    <l7:StringValue>TLSv1</l7:StringValue>
    <l7:StringValue>TLSv1.1</l7:StringValue>
    <l7:StringValue>TLSv1.2</l7:StringValue>
    </l7:EnabledVersions>
    <l7:EnabledCipherSuites>
    <l7:StringValue>TLS_RSA_WITH_AES_128_CBC_SHA</l7:StringValue>
    <l7:StringValue>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</l7:StringValue>
    <l7:StringValue>TLS_RSA_WITH_AES_256_CBC_SHA</l7:StringValue>
    <l7:StringValue>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</l7:StringValue>
    <l7:StringValue>TLS_RSA_WITH_AES_128_CBC_SHA256</l7:StringValue>
    <l7:StringValue>TLS_RSA_WITH_AES_256_CBC_SHA256</l7:StringValue>
    <l7:StringValue>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</l7:StringValue>
    <l7:StringValue>TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</l7:StringValue>
    <l7:StringValue>TLS_RSA_WITH_AES_128_GCM_SHA256</l7:StringValue>
    <l7:StringValue>TLS_RSA_WITH_AES_256_GCM_SHA384</l7:StringValue>
    <l7:StringValue>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</l7:StringValue>
    <l7:StringValue>TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</l7:StringValue>
    <l7:StringValue>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</l7:StringValue>
    <l7:StringValue>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</l7:StringValue>
    <l7:StringValue>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</l7:StringValue>
    <l7:StringValue>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</l7:StringValue>
    <l7:StringValue>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</l7:StringValue>
    <l7:StringValue>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</l7:StringValue>
    </l7:EnabledCipherSuites>
    <l7:Properties>
    <l7:Property key="usesTLS">
    <l7:BooleanValue>true</l7:BooleanValue>
    </l7:Property>
    </l7:Properties>
    </l7:TlsSettings>
    <l7:Properties>
    <l7:Property key="server">
    <l7:StringValue>Prashant Server</l7:StringValue>
    </l7:Property>
    <l7:Property key="useExtendedFtpCommandSet">
    <l7:StringValue>false</l7:StringValue>
    </l7:Property>
    </l7:Properties>
    </l7:ListenPort>

    FYI

    *****Wanted to update below property same I am passing in to request*******

    <l7:Property key="server">
    <l7:StringValue>Prashant Server</l7:StringValue>
    </l7:Property>

    Thanks!

    Prashant Srivastava



  • 5.  Re: Use restman to change listenport settings

    Posted May 30, 2018 10:10 AM

    Did you try to remove the id attribute from the ListenPort element and used it in the url for the put?

    This is also what Bill_Peterson described above.



  • 6.  Re: Use restman to change listenport settings

    Posted May 30, 2018 01:04 PM

    Thank you RemcoDekker for looking in to it!!

     

    Yes I tried to remove attribute id from listen port element but I can see same response.

     

    Thanks !

    Prashant Srivastavs



  • 7.  RE: Re: Use restman to change listenport settings

    Posted Feb 06, 2020 08:11 AM
    Hi All,

    I am trying to create listen ports using template retrieved from restman but i am getting bad request error. Not sure what is missing? could you please provide some insight ?

    Request i am using 

    <l7:ListenPort xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management"><l7:ListenPort xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management"> <l7:Name>TESTListenPort</l7:Name> <l7:Port>9999</l7:Port>    <l7:Properties>        <l7:Property key="ConnectorProperty">                    <l7:StringValue>test</l7:StringValue>                </l7:Property>            </l7:Properties></l7:ListenPort>

    Response

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <l7:Error xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
        <l7:Type>BadRequest</l7:Type>
        <l7:TimeStamp>2020-02-06T12:27:26.321Z</l7:TimeStamp>
        <l7:Link rel="self" uri="https://i1.s2.qa.api.emea.dsv.com:9443/restman/1.0/listenPorts"/>
        <l7:Detail>HTTP 400 Bad Request. Caused by: cvc-complex-type.2.4.a: Invalid content was found starting with element 'l7:Port'. One of '{&quot;http://ns.l7tech.com/2010/04/gateway-management&quot;:Enabled}' is expected.</l7:Detail>
    </l7:Error>

    Regards,
    Arjun