Alias-Update Operation

[pawankopparthi]

Hi,

I am using Apigee-config-maven-plugin version (2.4.4), for updating the certificate in the alias, using the update operation I didn't get excepted output it is showing first delete the existing alias and re-create with the updated certificate, but I don't want to delete the existing alias as we may have down time.
we have tested with the management API call for aliases update it is able to update the certificate can we integrate the below management call for update operation using the plugin?

Management API ----
: curl --location 'https://apigee.googleapis.com/v1/organizations/XXXXX/environments/XXXXX/keystores/XXXXX/aliases?alias=XXXXXX&format=keycertfile' --header 'Authorization: Bearer XXXXX --header 'Content-Type: multipart/form-data'
--form 'data=" XXXXX

please find the below screenshots for your reference with the curl which is able to update the cert.

, please find the below screenshots for your reference with the plugin not able to update the cert.

[praoCNB]

Do we have any update on this? We are seeing the same logs as in the screenshot above while using update operation for Aliases.

The keystore and alias are currently assigned to a target server and we cannot delete it as there would be a downtime.

[ssvaidyanathan]

Will work on this and get back in a day or two

[ssvaidyanathan]

@praoCNB - can you confirm what type of certs are you updating?
Is it a simple cert file? or a cert + key file? or a self signed cert?

Looks like we wont be able to run the "update" command for the "selfsignedcert" type and "keycertfile" type if it includes a key file as well.

Will that limitation impact your usecase?

From the screenshot above you are just using the cert file and trying to update an alias with a new cert file. See screenshot below. If its just "Certificate" (that is for your truststore) alone, I might have it all working and can release it upon your confirmation

[praoCNB]

@ssvaidyanathan , we were looking for both "Certificate" and "keycertfile" update with the "update" command. However, I just realized that keycertfile update is not allowed with Apigee managment API as well.

That said, "Certificate" update is also a requirement and if you can fix that it would be really helpful. For keycertfile we would be creating a new alias using Create operation and update the target servers.

[ssvaidyanathan]

@praoCNB - Thanks a lot. Will provide an update soon

[ssvaidyanathan]

@praoCNB - I just released v2.9.2-rc1
Can you please try using that version. Just update the following in your pom

<groupId>com.apigee.edge.config</groupId>
<artifactId>apigee-config-maven-plugin</artifactId>
<version>2.9.2-rc1</version>

NOTE: The update option does not support selfsignedcert, pkcs12. For these, you will have to re-create them
and when you try to update a cert-key pair, only the certs are updated, the keys are ignored.
The plugin will print those log messages as well.

Please try it out and let me know. Once you confirm, I will release it as v2.9.2

[praoCNB]

@ssvaidyanathan . Thanks. It works.

Please do let me know once the release v2.9.2 is live.

[ssvaidyanathan]

Thanks for testing and getting back.
v2.9.2 is released.
Am closing this issue right now