Export issue's API-gateway Policy Plugin when there is an gateway audit key in use. 

book

Article ID: 209350

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

The API-gateway Policy Plugin  is unable to export any data from the source gateway when the gateway is using a  private key marked as "Audit viewer key" 

Execution failed for task ':export-raw'. 
> API Call (GET) to gateway returned status 500 for uri: https://localhost:18443/restman/1.0/bundle?encassAsPolicyDependency=true&includeDependencies=true&all=true&encryptSecrets=true 
Response:

* Try: 
Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Exception is: 
org.gradle.api.tasks.TaskExecutionException: Execution failed for task ':export-raw'. 
Caused by: com.ca.apim.gateway.cagatewayconfig.util.connection.GatewayClientException: API Call (GET) to gateway returned status 500 for

uri: https://localhost:18443/restman/1.0/bundle?encassAsPolicyDependency=true&includeDependencies=true&all=true&encryptSecrets=true 
Response:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> 
<l7:Error xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management"> 
<l7:Type>Runtime</l7:Type> 
<l7:TimeStamp>2020-11-09T13:23:52.200Z</l7:TimeStamp> 
<l7:Link rel="self" uri="https://localhost:18443/restman/1.0/bundle?encassAsPolicyDependency=true&amp;includeDependencies=true&amp;all=true&amp;encryptSecrets=true"/
<l7:Detail>Could not retrieve private key for export. Key: 00000000000000000000000000000002:dummy-audit-key Message: Use of this private key is restricted and its use is not permitted in this context.</l7:Detail> 
</l7:Error>

Cause

The API gateway rest api does not not allow the export of private key which is marked for special purpose .

 

Environment

Release : 9.4 10.x

Component : API GATEWAY

Resolution

This will be resolved in GW 10 CR3 and for GW 9.4 there is a hotfix available which can be obtained from support by raising a support case.

Which allows the policy plugin to export the public part of the audit viewer key so it continues the export when there is a audit viewer key in use on the gateway.