Layer7 API Management

Hi There,

I am getting the below error while doing a migrateIn --test

"Execution failed. Reason: Test migrate in failed: Bad Request Resource validation failed due to 'INVALID_VALUES' Invalid private key data"

Have Ignored type="SSG_KEY_ENTRY from source mapping xml or (migrateOut file) and then tried again. still it's the same error.

Can i get guidance or a tech doc on "how to control the source file or migration without migrating the specific objects like encapsulated assertions, policies, certificates, private keys, FIPs, etc..,

Please help resolving this.

Hi,
Did you use the same "encryptionPassphrase" for both migrateOut and migrateIn?
The sensitive date like private key, or password, will be encrypted by "encryptionPassphrase", or "encryptUsingClusterPassphrase", if migrateIn uses different passphrase, it won't be able to decrypt the data, and fail to migrate in.

For more details, you may refer to,
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-0/gateway-migration/prepare-for-migrations/determine-security-for-migrations.html

Regards,
Mark
Original Message:
Sent: 05-20-2020 10:01 PM
From: Pavansai C
Subject: Handling GMU Errors

Hi There,

I am getting the below error while doing a migrateIn --test

"Execution failed. Reason: Test migrate in failed: Bad Request Resource validation failed due to 'INVALID_VALUES' Invalid private key data"

Have Ignored type="SSG_KEY_ENTRY from source mapping xml or (migrateOut file) and then tried again. still it's the same error.

Can i get guidance or a tech doc on "how to control the source file or migration without migrating the specific objects like encapsulated assertions, policies, certificates, private keys, FIPs, etc..,

Please help resolving this.

Thanks Mark,

I was using encryptUsingClusterPassphrase. now it worked after removing.



Original Message:
Sent: 05-21-2020 12:19 AM
From: Zhijun He
Subject: Handling GMU Errors

Hi,
Did you use the same "encryptionPassphrase" for both migrateOut and migrateIn?
The sensitive date like private key, or password, will be encrypted by "encryptionPassphrase", or "encryptUsingClusterPassphrase", if migrateIn uses different passphrase, it won't be able to decrypt the data, and fail to migrate in.

For more details, you may refer to,
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-0/gateway-migration/prepare-for-migrations/determine-security-for-migrations.html

Regards,
Mark
Original Message:
Sent: 05-20-2020 10:01 PM
From: Pavansai C
Subject: Handling GMU Errors

Hi There,

I am getting the below error while doing a migrateIn --test

"Execution failed. Reason: Test migrate in failed: Bad Request Resource validation failed due to 'INVALID_VALUES' Invalid private key data"

Have Ignored type="SSG_KEY_ENTRY from source mapping xml or (migrateOut file) and then tried again. still it's the same error.

Can i get guidance or a tech doc on "how to control the source file or migration without migrating the specific objects like encapsulated assertions, policies, certificates, private keys, FIPs, etc..,

Please help resolving this.

Dear Pavansai,
Using "encryptUsingClusterPassphrase" can be also fine, but only when the source gateway and target gateway have the same cluster passphrase.

Regards,
Mark
Original Message:
Sent: 05-21-2020 01:09 AM
From: Pavansai C
Subject: Handling GMU Errors

Thanks Mark,

I was using encryptUsingClusterPassphrase. now it worked after removing.



Original Message:
Sent: 05-21-2020 12:19 AM
From: Zhijun He
Subject: Handling GMU Errors

Hi,
Did you use the same "encryptionPassphrase" for both migrateOut and migrateIn?
The sensitive date like private key, or password, will be encrypted by "encryptionPassphrase", or "encryptUsingClusterPassphrase", if migrateIn uses different passphrase, it won't be able to decrypt the data, and fail to migrate in.

For more details, you may refer to,
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-0/gateway-migration/prepare-for-migrations/determine-security-for-migrations.html

Regards,
Mark
Original Message:
Sent: 05-20-2020 10:01 PM
From: Pavansai C
Subject: Handling GMU Errors

Hi There,

I am getting the below error while doing a migrateIn --test

"Execution failed. Reason: Test migrate in failed: Bad Request Resource validation failed due to 'INVALID_VALUES' Invalid private key data"

Have Ignored type="SSG_KEY_ENTRY from source mapping xml or (migrateOut file) and then tried again. still it's the same error.

Can i get guidance or a tech doc on "how to control the source file or migration without migrating the specific objects like encapsulated assertions, policies, certificates, private keys, FIPs, etc..,

Please help resolving this.

Hi,

If you REALLY want to avoid all the GMU errors and pitfalls then consider using our excellent migration product. We have found all these GMU issues and fixed them in our Restman based product.

There are several things which GMU can't do, but AAGM can. For instance we can auto-map by name and folder tree structure when the target system has been externally altered (mismatched IDs etc)-

It also integrates with GIT for version control and offers CI/CD pipelining functionality among many other features.

Don't spend time re-inventing the wheel. Use our last 2 years GMU & Restman experience :-)

https://apiida.com/apiida-api-gateway-manager/?lang=en

Regards

Vince

------------------------------
Senior Architect
Apiida AG
Https://www.apiida.com
------------------------------

Original Message:
Sent: 05-20-2020 10:01 PM
From: Pavansai C
Subject: Handling GMU Errors

Hi There,

I am getting the below error while doing a migrateIn --test

"Execution failed. Reason: Test migrate in failed: Bad Request Resource validation failed due to 'INVALID_VALUES' Invalid private key data"

Have Ignored type="SSG_KEY_ENTRY from source mapping xml or (migrateOut file) and then tried again. still it's the same error.

Can i get guidance or a tech doc on "how to control the source file or migration without migrating the specific objects like encapsulated assertions, policies, certificates, private keys, FIPs, etc..,

Please help resolving this.