We're trying to do a protocol transformation between sftp and http on the API gateway (version 9.1). The goal is to receive an inbound attachment via SFTP and forward the message to a web service.
I've found some documentation on how to use the SFTP within the API Gateway but did not found an answer yet.
* Working with SCP/SFTP Messages - CA API Gateway - 9.1 - CA Technologies Documentation
* Accepting requests via SSH2 on the Layer 7 Gateway
In the attached screenshot you'll see I'm able to connect to the API Gateway using a sftp client (configured via SSH2 Inbound listen port). When sending a document ('test.json' in my example), the API Gateway service is correctly invoked (see service debugger) but I'm not able to extract the attachment from it and route it to the web service.
Anyone has idee how this should be done?
Big thanks in advance!Samuel Vandecasteele
Hi Samuel is this 9.1?
I have done similar and seen similar in 9.2
I am uploading a sample of a policy that I have made in house that I know works. Which is a get not a put.
And I have seen the reverse done (your usecase) with a message-received policy where it sftp was routed to a http back-end call.
If you use a non json file is it working? Are you Auditing the request.mainpart? I see the policy debugger but it might be of value to audit the response.mainpart.
Do you see multiple executions? I know at connection it tends to run through a message received policy multiple times.
But I would wonder
1) if its specific to the file type?
2) Is it specific to the listen port settings for sftp listen port is it streaming etc..
If you want to open a support case we can likely help you as well.
Thanks for your response! yes we're running 9.1 and i'm auditing the request.mainpart (added now in separate audit) but it's still empty (also in audit logs).
I see one execution for each sftp command. All 3 scenarios (A, B and C) below invoke the service debugger. See screenshot below:
A: From client execute an 'ls' which should list the remote directory. This fails as there is no remote sftp exposed directory.
B & C: Trying to upload a file to the Gateway. Both fail with same error 'Couldn't get handle: Failure'.
My conclusion would be that this is not possible as the exposed policy on the gateway does not speak the sftp protocol. And the gateway can only be used to proxy sftp traffic, so there is always a separate sftp server needed.
I hope you can tell me that my conclusion is wrong
In your sample policy, you connect to an external sftp server and the gateway is playing the role of an sftp client.
I just ran a quick test and this if working fine for me I can upload the file via ftp and I can see the contents of the file.
try adding request.mainpart.size to your service debugger output. If it has a size but the content are not showing it might be a issue with the ContentType you specified in the listener port causing this. you can also try changing the contentType in the listen port to be text/plain and see if you see the mainpart then.
Thanks for the feedback. We finally managed to have a working setup for this use case. Also a big thanks for the input by CA Support!
The API Gateway has an sftp server on OS level to which we'll route the incoming sftp commands. When it's a PUT command we'll put the file in the /tmp directory of the gateway and retrieve it back within the same thread. See image below for the assertion:
Example connecting to this service via SFTP: