On Wed, Jul 18, 2018 at 1:34 PM, Menaka Jayawardena <[email protected]> wrote:
> Hi Isuru, > > The certificate will be added to the nodes that are configured in > Environments in the api-manager.xml. If there is a gateway cluster, only > the manager node trust store will be updated. So we need to sync the trust > store and the sslprofiles.xml file among the other nodes in the cluster. > This should be done manually. > Thanks for the explanation. Since the key store and trust store related to dynamic SSL profiles can be configured via the repository/resources/security/sslprofiles.xml, it actually possible to use a file sync mechanism to synchronize this particular location across the gateways. Lets document this information. > > Thanks and Regards, > Menaka > > > On Wed, Jul 18, 2018 at 1:30 PM, Isuru Haththotuwa <[email protected]> > wrote: > >> Hi Menaka, >> >> In this feature, if there are a more than one Gateway nodes, how do we >> handle the trust store synchronization across those? >> >> Sorry about the extremely late question. >> >> On Wed, Jul 11, 2018 at 5:32 PM, Menaka Jayawardena <[email protected]> >> wrote: >> >>> Hi, >>> >>> I had an offline discussion with Sanjeewa and Malintha regarding the >>> rest API convention of using uuid instead of certificate alias. >>> >>> But, for this feature, if we adopt the UUID approach, there will be a DB >>> level modification and method signature changes. In the current approach, >>> the certificate alias is considered as the unique attribute. So, for this >>> implementation, instead of using uuid, we will be using the alias as the >>> certificate identifier. >>> >>> In the next APIM releases, necessary modifications will be done to the >>> implementation. >>> >>> Thanks and Regards, >>> Menaka >>> >>> On Tue, Jul 10, 2018 at 4:41 PM, Malintha Amarasinghe < >>> [email protected]> wrote: >>> >>>> >>>> >>>> On Tue, 10 Jul 2018, 14:40 Sanjeewa Malalgoda, <[email protected]> >>>> wrote: >>>> >>>>> In our REST API design we keep using UUID to represent path to atomic >>>>> resource. Sometimes even we had unique attribute we still used auto >>>>> generated UUID. If we are using alias to identify resource within resource >>>>> collection we are deviating from that convention. So i think we need to >>>>> think about this again. >>>>> @Malintha Amarasinghe <[email protected]> Thoughts? >>>>> >>>> >>>> +1. Having get certificates using UUID (GET /certificates/{uuid}) is a >>>> better approach which is also consistent with other resources we already >>>> have. Similarly we can do PUT and DELETE to the same resource. To get >>>> a certificate by alias I think we can use the search functionality. (GET >>>> /certificates?alias=wso2carbon) >>>> >>>> Thanks, >>>> Malintha >>>> >>>> >>>>> >>>>> Thanks, >>>>> sanjeewa. >>>>> >>>>> On Tue, Jul 10, 2018 at 2:24 PM Menaka Jayawardena <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Mushthaq/ Fazlan, >>>>>> >>>>>> Thank you very much for the suggestions. >>>>>> >>>>>> I have used the resource path as* '/certificates/{alias}/info'* >>>>>> because it's self-explanatory. The main objective of the API (the initial >>>>>> thought) is to get the status of the certificate. (Whether it is expired >>>>>> or >>>>>> not and the expiry date). But, we can extend this to get other basic >>>>>> information as well. >>>>>> >>>>>> So, I also think that GET *'/certificates/{alias}*' is the better >>>>>> approach. >>>>>> >>>>>> Thanks and Regards, >>>>>> Menaka >>>>>> >>>>>> >>>>>> On Tue, Jul 10, 2018 at 2:02 PM, Fazlan Nazeem <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi Menaka, >>>>>>> >>>>>>> DELETE is expecting alias in a query param and GET is expecting it >>>>>>> to be passed in a path param. I think modifying DELETE as DELETE >>>>>>> certidicates/{alias} and GET as GET certificate/{alias} is more Restful. >>>>>>> >>>>>>> On Tue, Jul 10, 2018 at 12:09 PM Menaka Jayawardena <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> I'm working on implementing a REST API for the Dynamic Certificate >>>>>>>> Installation feature for API Manager. (User stories >>>>>>>> <https://docs.google.com/document/d/1wZfv3gTL65FT-Jzs9CBYcVoIRFFNvSBuIJg3BiC_7PU/edit?usp=sharing> >>>>>>>> ) >>>>>>>> >>>>>>>> The current implementation only supports add, retrieve and delete >>>>>>>> certificate functions. For the REST API, the following additional >>>>>>>> functions >>>>>>>> will be added. >>>>>>>> >>>>>>>> 1. Update a certificate: Users can update an uploaded certificate. >>>>>>>> 2. Get certificate information: Retrieve the basic information of a >>>>>>>> certificate. i.e expiry date, etc. >>>>>>>> >>>>>>>> I have attached the swagger definition for the APIs herewith. >>>>>>>> >>>>>>>> Any suggestions, comments are highly appreciated. >>>>>>>> >>>>>>>> Thanks and Regards, >>>>>>>> Menaka >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> *Menaka Jayawardena* >>>>>>>> Senior Software Engineer >>>>>>>> WSO2 Inc. >>>>>>>> >>>>>>>> Phone : +94 71 350 5470 >>>>>>>> LinkedIn : https://lk.linkedin.com/in/menakajayawardena >>>>>>>> Blog : https://menakamadushanka.wordpress.com/ >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Thanks & Regards, >>>>>>> >>>>>>> *Fazlan Nazeem* >>>>>>> Senior Software Engineer >>>>>>> WSO2 Inc >>>>>>> Mobile : +94772338839 >>>>>>> [email protected] >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> *Menaka Jayawardena* >>>>>> Senior Software Engineer >>>>>> WSO2 Inc. >>>>>> >>>>>> Phone : +94 71 350 5470 >>>>>> LinkedIn : https://lk.linkedin.com/in/menakajayawardena >>>>>> Blog : https://menakamadushanka.wordpress.com/ >>>>>> >>>>>> >>>>> >>>>> -- >>>>> *Sanjeewa Malalgoda* >>>>> WSO2 Inc. >>>>> Mobile : +94 712933253 >>>>> >>>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>>> :http://sanjeewamalalgoda.blogspot.com/ >>>>> <http://sanjeewamalalgoda.blogspot.com/> >>>>> >>>>> >>>>> >>> >>> >>> -- >>> >>> *Menaka Jayawardena* >>> Senior Software Engineer >>> WSO2 Inc. >>> >>> Phone : +94 71 350 5470 >>> LinkedIn : https://lk.linkedin.com/in/menakajayawardena >>> Blog : https://menakamadushanka.wordpress.com/ >>> >>> >> >> >> -- >> Thanks and Regards, >> >> Isuru H. >> +94 716 358 048* <http://wso2.com/>* >> >> >> > > > -- > > *Menaka Jayawardena* > Senior Software Engineer > WSO2 Inc. > > Phone : +94 71 350 5470 > LinkedIn : https://lk.linkedin.com/in/menakajayawardena > Blog : https://menakamadushanka.wordpress.com/ > > -- Thanks and Regards, Isuru H. +94 716 358 048* <http://wso2.com/>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
