search cancel

API Gateway: Problems with Global Policy and API Developer Portal

book

Article ID: 188695

calendar_today

Updated On:

Products

CA API Gateway API SECURITY STARTER PACK-7

Issue/Introduction

We've recently added a Global Policy in our code repository and I cannot "migrateIn" the policies and services using the GMU utility, if a Global Policy exists in the services/policies definition when API Gateway is "enrolled" with the API developer portal.

There is a note in your documentation regarding to the global policies and API developer portal:

- Ensure that no global policies, including message-received, are configured on the API Proxy. No global policies can exist while the Gateway is integrated with API Portal.

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-developer-portal/4-4/set-up-and-maintenance/integrate-on-premise-api-proxies.html

Here is the error log that's being reported when I try to "migrateIn" the policies and services in the Gateway using GMU:

<l7:Mapping action="NewOrUpdate" errorType="UniqueKeyConflict" srcId="e47c4cdc7c7c83e900c9516d0d3d9fbd" srcUri="https://10.0.2.15:9443/restman/1.0/policies/e47c4cdc7c7c83e900c9516d0d3d9fbd" type="POLICY">

                <l7:Properties>

                    <l7:Property key="ErrorMessage">

                        <l7:StringValue>(name) (internalTag, type)  must be unique</l7:StringValue>

                    </l7:Property>

                </l7:Properties>

            </l7:Mapping>

I was able to "migrateIn" my policies and service in the Gateway, but I had to remove the global policy before trying to "migrateIn".

Is this error expected when you try to "migrateIn" a Global policy when the API developer portal and API Gateway are "enrolled"?

Environment

API Gateway: 9.X

Resolution

When you enroll the gateway to the portal, three folders get created: API Portal Integration, API Portal SSO, and Portal APIs. There are multiple policies that get created in these folders.

In the API Portal Integration folder, there is a sub-folder called Portal Custom Messages. In this sub-folder, there are the message-received and message-completed policies.

When you attempt to do your migrateIn, you're trying to import policies that already exist. This will cause a conflict and UniqueKeyConflict error is produced. 

You can only have one set of global policies on any gateway.