This tool lets you interact with Application Integration, Integration Connectors or Apigee Integration/Connector APIs. The tool lets you manage (create, del, get, list) integrations, connections etc.

License: Apache License 2.0

Dockerfile 0.46% Go 98.61% Shell 0.93%

application-integration gcp google-cloud-platform

application-integration-management-toolkit's Introduction

integrationcli

This is a tool to interact with Application Integration APIs and Connector APIs. The tool lets you manage (Create,Get, List, Update, Delete, Export and Import) Integration entities like integrations, authConfigs etc.

Installation

integrationcli is a binary and you can download the appropriate one for your platform from here

NOTE: Supported platforms are:

Darwin
Windows
Linux

Run this script to download & install the latest version (on Linux or Darwin)

curl -L https://raw.githubusercontent.com/GoogleCloudPlatform/application-integration-management-toolkit/main/downloadLatest.sh | sh -

Getting Started

User Tokens

The simplest way to get started with integrationcli is

token=$(gcloud auth print-access-token)
project=$(gcloud config get-value project | head -n 1)
region=<set region here>

integrationcli integrations list -p $project -r $region -t $token

Metadata Tokens

If you are using integrationcli on Cloud Shell, GCE instances, Cloud Build, then you can use the metadata to get the access token

integrationcli integrations list -p $project -r $region --metadata-token

Google Default Application Credentials

You can configure gcloud to setup/create default application credentials. These credentials can be used by integrationcli.

gcloud auth application-default login
integrationcli integrations list -p $project -r $region --default-token

or through impersonation

gcloud auth application-default login --impersonate-service-account <SA>
integrationcli integrations list -p $project -r $region --default-token

Set Preferences

If you are using the same GCP project for Integration, then consider setting up preferences so they don't have to be included in every command

project=$(gcloud config get-value project | head -n 1)
region=<set region here>

integrationcli prefs set --reg=$region --proj=$project

Subsequent commands can be like this:

token=$(gcloud auth print-access-token)
integrationcli integrations list -t $token

Access Token Generation

integrationcli can use the service account directly and obtain an access token.

integrationcli token gen -a serviceaccount.json

Parameters The following parameters are supported. See Common Reference for a list of additional parameters.

--account -a (required) Service Account in json format

Use this access token for all subsequent calls (token expires in 1 hour)

Access Token Caching

integrationcli caches the OAuth Access token for subsequent calls (until the token expires). The access token is stored in $HOME/.integrationcli. This path must be readable/writeable by the integrationcli process.

integrationcli token cache -a serviceaccount.json

token=$(gcloud auth print-access-token)
integrationcli token cache -t $token

integrationcli token cache --metadata-token

Available Commands

Here is a list of available commands

Enviroment Variables

The following environment variables may be set to control the behavior of integrationcli. The default values are all false

INTEGRATIONCLI_DEBUG=true enables debug log
INTEGRATIONCLI_SKIPCACHE=true will not cache the access token on the disk
INTEGRATIONCLI_DISABLE_RATELIMIT=true disables rate limiting when making calls to Integration or Connectors APIs
INTEGRATIONCLI_NO_USAGE=true does not print usage when the command fails
INTEGRATIONCLI_NO_ERRORS=true does not print error messages from the CLI (control plane error messages are displayed)
INTEGRATIONCLI_DRYRUN=true does not execute control plane APIs

Automate via Cloud Build

Please see here for details on how to automate deployments via Cloud Build. The container images for integrationcli are:

Container image for the CLI

docker pull us-docker.pkg.dev/appintegration-toolkit/images/integrationcli:latest

Creating Integration Connectors

integrationcli can be used to create Integration Connectors. There are two types of Integration Connectors:

Connectors for Google Managed Applications

Google managed applications include systems like BigQuery, PubSub, Cloud SQL etc. It is best to generate configuration like below by running the command:

integrationcli connectors get -n name -p project -r region --minimal=true --overrides=true -t $token

The file produced will be like this:

{
    "description": "This is a sample",
    "connectorDetails": {
        "provider": "gcp", ## the name of the provider
        "name": "pubsub", ## type of the connector
        "version": 1 ## version is always 1
    },
    "configVariables": [ ## these values are specific to each connector type. this example is for pubsub
        {
            "key": "project_id",
            "stringValue": "$PROJECT_ID$" ## if the project id is the same as the connection, use the variable. Otherwise set the project id explicitly
        },
        {
            "key": "topic_id",
            "stringValue": "mytopic"
        }
    ]
}

NOTE: For ConfigVariables that take a region as a parameter (ex: CloudSQL), you can also use $REGION$

Then execute via integrationcli like this:

integrationcli connectors create -n name-of-the-connector -f ./test/pub_sub_connection.json

You can optionally pass the service account to be used from the command line:

integrationcli connectors create -n name-of-the-connector -f ./test/pub_sub_connection.json -sa <sa-name> -sp <sa-project-id>

NOTES:

This command assumes the token is cached, otherwise pass the token via -t
If the service account project is not passed and the service account name is passed, then the connection's project id is used
If the service account doesn't exist, it will be created
For Google connectors integrationcli adds the IAM permissions for the service account to the resource (if the -g flag is passed)

Connectors for Third Party Applications

Third party application include connectors like Salesforce, Service Now, etc. It is best to generate configuration like below by running the command:

integrationcli connectors get -n name -p project -r region --minimal=true --overrides=true -t $token

The file produced will be like this:

{
    "description": "SFTP Test for demo",
    "connectorDetails": {
        "provider": "...", ## provider name
        "name": "...", ## type of the connector
        "version": 1 ## version is always 1
    },
    "configVariables": [ ## these values are specific to each connector type. this example is for sftp
        {
            "key": "remote_host",
            "stringValue": "example.net"
        },
        {
            "key": "remote_port",
            "stringValue": "22"
        }
    ],
    "authConfig": {
        "authType": "USER_PASSWORD",
        "userPassword": {
            "username": "demo",
            "passwordDetails": {
                "secretName": "sftp-demo", ## this secret is provisioned if it doesn't already exist
                "reference": "./test/password.txt" ## this file contains the data/contents (encrypted or clear) to put in secret manager
            }
        }
    }
}

If the connector depends on secret manager, integrationcli can create the Secret Manager secret if it is not already provisioned.

Then execute via integrationcli like this:

integrationcli connectors create -n name-of-the-connector -f ./test/sftp_connection.json

NOTE: This command assumes the token is cached, otherwise pass the token via -t

Encrypting the Password

When setting the passwordDetails, the contents of the password can be encrypted using Cloud KMS

"passwordDetails": {
    "secretName": "sftp-demo",
    "reference": "./test/password.txt" ## the file containing the password - clear text or encrypted
}

The file for the password can be in clear text or encrypted text. If encrypted, then a cloud kms key can be passed for decryption. Before storing the file, the file can be encrypted like this:

gcloud kms encrypt --plaintext-file=./test/password.txt --keyring $key-ring --project $project --location us-west1 --ciphertext-file=enc_passsword.txt --key=$key
base64 ./test/enc_password.txt > ./test/b64_enc_password.txt # on MacOS, use base64 -i ./test/enc_password.txt > ./test/b64_enc_password.txt

Examples of Creating Connectors

CICD with Application Integration

Please refer to this article in Google Cloud Community for how to perform CICD in Application Integration with integrationcli

How do I verify the binary?

All artifacts are signed by cosign. We recommend verifying any artifact before using them.

You can use the following public key to verify any integrationcli binary with:

cat cosign.pub
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQBXcARDlva9s89a5299yn/VboBdd
9bDj+j7FVYyzKAufqC9kaCR3naZ3JIAFYjxrXF0GlRjKzJU4ubriT4P6zQ==
-----END PUBLIC KEY-----

cosign verify-blob --key=cosign.pub --signature integrationcli_<platform>_<arch>.zip.sig integrationcli_<platform>_<arch>.zip

Where platform can be one of Darwin, Linux or Windows and arch (architecture) can be one of arm64 or x86_64

How do I verify the integrationcli containers?

All images are signed by cosign. We recommend verifying any container before using them.

cat cosign.pub
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQBXcARDlva9s89a5299yn/VboBdd
9bDj+j7FVYyzKAufqC9kaCR3naZ3JIAFYjxrXF0GlRjKzJU4ubriT4P6zQ==
-----END PUBLIC KEY-----

cosign verify --key=cosign.pub us-docker.pkg.dev/appintegration-toolkit/images/integrationcli:latest

Support

This is not an officially supported Google product

application-integration-management-toolkit's People

Contributors

Stargazers

Watchers

Forkers

mtalreja16 analyticsworld1 ssvaidyanathan samkenxstream anasomar5511 richak-bcone deepgoel17 jaysonv asmeyatsky cagancosan rodneypuplampu renovate-bot teliatko

application-integration-management-toolkit's Issues

Update connectors not working as expected

Created a connector successfully using the console
Stored the connector.json using the integrationcli connectors get command
Updated the host info and ran the integrationcli connectors update command
Command fails with the following error

Error: Bad Request - malformed request syntax: {
  "error": {
    "code": 400,
    "message": "The request was invalid: update_mask contains invalid fields",
    "status": "INVALID_ARGUMENT",
    "details": [
      {
        "@type": "type.googleapis.com/google.rpc.BadRequest",
        "fieldViolations": [
          {
            "field": "update_mask"
          }
        ]
      },
      {
        "@type": "type.googleapis.com/google.rpc.RequestInfo",
        "requestId": "1077ae27d9d651cf"
      }
    ]
  }
}

enable golangci-lint

invalid path to provision client

paginate connections and integrations

Integration deploy with create not working as expected

I'm trying to region specific deployments (overrides will be differ per region) with integrationcli integrations create but noticed below two issues post integration deployment to target environment.

integrationcli version 0.69.1-beta

I have few regions specific parm override for environments but with integrationcli integrations create, overrides from overrides not reflecting in target environments:

overrides for us-central1:

"param_overrides": [
	{
		"key": "_coveoUrl",
		"defaultValue": {
			"stringValue": "https://*************rest/search/v2"
		}
	},
	{
		"key": "_ctBrandUrl",
		"defaultValue": {
			"stringValue": "https://api.us-central1.*******.com/hl-shop-stg/graphql"
		}
	},
	{
		"key": "_ctCcUrl",
		"defaultValue": {
			"stringValue": "https://api.us-central1.**********.com/hl-shop-stg/graphql"
		}
	}
]

overrides for europe-west1:

"param_overrides": [
	{
		"key": "_coveoUrl",
		"defaultValue": {
			"stringValue": "https://*************rest/search/v2"
		}
	},
	{
		"key": "_ctBrandUrl",
		"defaultValue": {
			"stringValue": "https://api.europe-west1.*******.com/hl-shop-stg/graphql"
		}
	},
	{
		"key": "_ctCcUrl",
		"defaultValue": {
			"stringValue": "https://api.europe-west1.**********.com/hl-shop-stg/graphql"
		}
	}
]

we have requirement to deploy connectors and integrations in two regions (us-cetral1 and west-europe1) with same name but overrides of integrations differ
Expectation: Integration of us-cetral1 should refer to us-cetral1 connector and Integration of west-europe1 should refer to west-europe1 connector

issue: integration which deployed in west-europe1 by using integrations create option, referring to us-cetral1 connector instead of west-europe1.

whereas above two issues not encountering if i use integration apply but here limitation is we don't have option to choose overrides based on regions

errorCatcherConfigs not exporting via Scaffold and deployment of integrations is failing if we have errorCatcherConfigs

We have setup an Apigee Integration, with the use of Error Catcher. We found that the errorCatcherConfigs can't be exported via scaffold action.
--------------------errorCatcherConfigs -------------
"errorCatcherConfigs": [{
"label": "Save PII error catcher",
"errorCatcherNumber": "1",
"startErrorTasks": [{
"taskId": "5"
}],
"position": {
"x": 420,
"y": -882
},
"errorCatcherId": "SavePii_errorCatcher"
}],

Exported Apigee Integration via Apigee Console and it has errorCatcherConfigs , but integration deployment failing with below error (complaining missing errorCatcherConfigs).

{
"error": {
"code": 400,
"message": "Task with name Build Retrieval payload does not have an incoming edge from either task or trigger. Please connect the task to another task or a trigger by hovering the cursor over the outgoing edge of another task/trigger and dragging the edge to this task.",
"status": "INVALID_ARGUMENT"
}
}

Error: Bad Request - malformed request syntax: {
"error": {
"code": 400,
"message": "Task with name Build Retrieval payload does not have an incoming edge from either task or trigger. Please connect the task to another task or a trigger by hovering the cursor over the outgoing edge of another task/trigger and dragging the edge to this task.",
"status": "INVALID_ARGUMENT"
}
}

scaffold command:

/home/runner/.integrationcli/bin/integrationcli integrations scaffold -n ${{ inputs.integration-name }} -s ${{ inputs.version }} -f ${{ inputs.version }}

clean up: restructure folder to move internal packages

Error catcher handing export/deployment is not working when we added errorCatcherId at Api trigger level

Error catcher handing export is not working when we added errorCatcherId at Api trigger but working if errorCatcherId at task level.

Please find the below Screen shots manual export vs export via integration cli.
Manul export:

Export via integration cli:

Can't override Trigger

I have an integration with the following Trigger portion:

	"triggerConfigs": [
		{
			"label": "API Trigger",
			"triggerType": "API",
			"triggerNumber": "1",
			"triggerId": "api_trigger/template-db_API_1",
			"startTasks": [
				{
					"taskId": "1",
					"condition": "$operation$ = \"GET\"",
					"displayName": "LIST"
				},
				{
					"taskId": "5",
					"condition": "$operation$ = \"POST\"",
					"displayName": "INSERT"
				}
			],
			"properties": {
				"Trigger name": "template-db_API_1"
			}
		}
	]

I want to be able to specify/change, using the overrides file, the triggerId and the Trigger Name property, but apparently these two items are not in the Trigger struct in the overrides.go file.

I want to be able to specify something like this in my overrides file:

	"trigger_overrides": [{
        "triggerNumber": "1",
        "triggerId": "api_trigger/_DBNAME__API_1",
		"properties": {
			"Trigger name": "_DBNAME__API_1"
		}
    }]

add support to override entity type

Add the ability to override the entity type in a connector task

generate third party license file

multiple nakedret issues in cmd folder

feat: Add support for metadata tokens

simplify the build process

improve cicd docs

handle error catchers in integration

Access GOOGLE_CREDENTIALS for security key

integrationCli should able to look at the GOOGLE_CREDENTIALS environment variable for security key when token has expired or not set.

use local variables for bool

return resp body during error

fix linting issues

fix generated cloud build

download release broken

support other internal endpoints

fix display when searching

remove depguard from golang-ci

standardize builds across docker and goreleaser

enable patch on connectors

manage certificates

move to artifact registry

command to manage DNS Peering

connectors are missing sslconfig and logconfig

decouple from apigeecli

Move clilog to be local

Provision App Integration

Option to provision

add signature verification to downloadLatest.sh

Auth Profile Update

After reviewing official documentation for data update in Auth Profiles ( https://cloud.google.com/application-integration/docs/reference/rest/v1/projects.locations.authConfigs/patch ) can we add a method to the cli tool?

It doesn't exist according documentation https://github.com/GoogleCloudPlatform/application-integration-management-toolkit/blob/main/docs/integrationcli_authconfigs.md

Integration export is working as expected with errorCatcherConfigs but deployment failing with below error if error cache ID refer inside other integration tasks.

Thanks @srinandan. export is working as expected with errorCatcherConfigs but deployment failing with below error if error cache ID refer inside other integration tasks.

integrationcli version: v0.70.1-beta

ERROR: 2023/09/14 14:42:07 httpclient.go:129: error parsing response: unexpected end of JSON input
Publish integration hl-shared-retry-failure-integration with version a55c3dbd-6203-4f50-8afa-5c6dc574629a
{
"error": {
"code": 400,
"message": "Tasks in normal workflow can not be used as start error tasks for another normal task JavaScriptTask",
"status": "INVALID_ARGUMENT"
}
}

Error: Bad Request - malformed request syntax: {
"error": {
"code": 400,
"message": "Tasks in normal workflow can not be used as start error tasks for another normal task JavaScriptTask",
"status": "INVALID_ARGUMENT"
}
}

Originally posted by @kondurure in #127 (comment)

googlecloudplatform / application-integration-management-toolkit Goto Github PK