You can make your user-defined
policy available to API
developers by importing it into an IBM® API
Connect Catalog, or a Space in
a Catalog.
Before you begin
You must possess Catalog edit permissions to complete this task.Before you can import a
user-defined
policy into
IBM API
Connect, you must have
completed the following tasks:
- Described your policy in a YAML file.
- Implemented your policy by using DataPower processing rules and actions.
Note: The tasks described on this page apply only to the DataPower® Gateway (v5
compatible), not to the DataPower API
Gateway.
Procedure
To import a policy into a Catalog or Space in API
Manager, complete the following
steps.
-
Create a .zip file for your policy that contains the following folder
structure:
policy.yaml
implementation/mypolicy.zip
where
- policy.yaml is your policy definition file.
- implementation/mypolicy.zip is your policy
implementation for a policy that is deployed to the DataPower Gateway. The policy
implementation file contains the DataPower processing rules and actions that were exported from
DataPower.
The name of the .zip file must start with the name of the user-defined
policy (as defined in the
policy YAML file). If the implementation requires certificate and key files, these files must be
added to the implementation directory.
Note: Your package
.zip file must contain a .zip policy implementation
file.
-
Use the developer toolkit
command-line tool to import your policy into a Catalog or Space. When successfully imported, the
policy appears on the policy palette of the API Manager assembly editor.
-
Log in to the command-line tool, for example:
apic login --username userid --password password --server mgmt_endpoint_url --realm mode/realm
where
- userid is your user name (you must have permissions to be able to update
resources in the organization and Catalog where the policy is being imported).
- password is your password.
- mgmt_endpoint_url the platform API endpoint URL, for example
platform-api.myserver.com
.
- mode/realm is your authentication scope. mode is the
context of your login, and can be one of two options:
admin
- use this option when you want to log in as an administrator.
provider
- use this option when you want to log in as a Provider
organization.
realm is your identity provider, and this can be an external provider such
as Google, or the identity provider that is configured in the Cloud Manager. For example, if you
are signing in as an administrator by using Google, then the realm option is --realm
admin/google
. If you are signing in as a Provider organization by using an LDAP user
registry called ibm-ldap, then the realm option is --realm
provider/ibm-ldap
.
For full details on how to log in to your management server from
the CLI, see Logging in
to the management server.
For more information about user registries, see
Managing Authentication and
Security.
-
Run the following command:
apic policies:create --catalog catalog --configured-gateway-service gateway --org organization --server mgmnthost.com --scope scope [--space space] mypolicy.zip
where
- catalog is the Catalog name or ID that you want to import your policy
into.
- gateway is the Configured Gateway Service name or ID.
- organization is the Provider Organization name or ID.
- mgmnthost.com is the address of the management server endpoint, for example
example.server.dev.ciondemand.com
.
- scope has one of the following values:
catalog
if the Catalog does not have Spaces enabled.
space
if the Catalog has Spaces enabled. If you
specify space
for the --scope
parameter you must also supply the
--space
parameter.
- (optional) space is the name of the Space. The
--space
parameter is required if the Catalog has Spaces enabled, in which
case you must also include --scope space
in the command.
- mypolicy is the name of your policy .zip file.
Note:
- You must import your user-defined
policy into every Catalog
in API Manager that you
require your policy to run in.
- For the policy to be displayed on the palette in the API assembly editor,
you must import the user-defined
policy into the Sandbox
Catalog.
- If you have more than one Gateway service enabled in your Catalog, you must repeat the import
operation for each Gateway service.
- If Spaces are enabled in a Catalog, a user-defined
policy that you import
into one Space is imported into all Spaces; you cannot import a user-defined
policy into an individual
Space in the Catalog. Any subsequent updates are also applied to all Spaces.
Results
The user-defined
policy is
now imported into a Catalog or Space, and is shown in the list of available policies in the
Policy Assembly tab of the API Editor in the API
Manager. Policies are listed by
their name and version number, and multiple versions of the same policy are grouped under a single
heading.