Importing a user-defined policy into a Catalog

You can make your user-defined policy available to API developers by importing it into an IBM® API Connect Catalog, or a Space in a Catalog.

To import a policy into a Catalog or Space in API Manager, complete the following steps.

1. Create a .zip file for your policy that contains the following folder structure:

   policy.yaml
   implementation/mypolicy.zip

   where

   • policy.yaml is your policy definition file.
   • implementation/mypolicy.zip is your policy implementation for a policy that is deployed to the DataPower Gateway. The policy implementation file contains the DataPower processing rules and actions that were exported from DataPower.

   The name of the .zip file must start with the name of the user-defined policy (as defined in the policy YAML file). If the implementation requires certificate and key files, these files must be added to the implementation directory.

   Note: Your package .zip file must contain a .zip policy implementation file.
2. Use the developer toolkit command-line tool to import your policy into a Catalog or Space. When successfully imported, the policy appears on the policy palette of the API Manager assembly editor.
   1. Log in to the command-line tool, for example:

      apic login --username userid --password password --server mgmt_endpoint_url --realm mode/realm

      where

      • userid is your user name (you must have permissions to be able to update resources in the organization and Catalog where the policy is being imported).
      • password is your password.
      • mgmt_endpoint_url the platform API endpoint URL, for example platform-api.myserver.com.
      • mode/realm is your authentication scope. mode is the context of your login, and can be one of two options:
        • admin - use this option when you want to log in as an administrator.
        • provider - use this option when you want to log in as a Provider organization.
        realm is your identity provider, and this can be an external provider such as Google, or the identity provider that is configured in the Cloud Manager.

        For example, if you are signing in as an administrator by using Google, then the realm option is --realm admin/google. If you are signing in as a Provider organization by using an LDAP user registry called ibm-ldap, then the realm option is --realm provider/ibm-ldap.

        For full details on how to log in to your management server from the CLI, see Logging in to the management server.

      For more information about user registries, see Managing Authentication and Security.
   2. Run the following command:

      apic policies:create --catalog catalog --configured-gateway-service gateway --org organization --server mgmnthost.com --scope scope [--space space] mypolicy.zip

      where

      • catalog is the Catalog name or ID that you want to import your policy into.
      • gateway is the Configured Gateway Service name or ID.
      • organization is the Provider Organization name or ID.
      • mgmnthost.com is the address of the management server endpoint, for example example.server.dev.ciondemand.com.
      • scope has one of the following values:
        • catalog if the Catalog does not have Spaces enabled.
        • space if the Catalog has Spaces enabled. If you specify space for the --scope parameter you must also supply the --space parameter.
      • (optional) space is the name of the Space. The --space parameter is required if the Catalog has Spaces enabled, in which case you must also include --scope space in the command.
      • mypolicy is the name of your policy .zip file.

      Note:

      • You must import your user-defined policy into every Catalog in API Manager that you require your policy to run in.
      • For the policy to be displayed on the palette in the API assembly editor, you must import the user-defined policy into the Sandbox Catalog.
      • If you have more than one Gateway service enabled in your Catalog, you must repeat the import operation for each Gateway service.
      • If Spaces are enabled in a Catalog, a user-defined policy that you import into one Space is imported into all Spaces; you cannot import a user-defined policy into an individual Space in the Catalog. Any subsequent updates are also applied to all Spaces.