Apigee Management API command-line interface with multi-factor authentication (MFA) and single sign-on (SSO)/SAML support
Project description
Welcome to the Apigee Management API command-line interface!
This is not an officially supported Google product, and is not affiliated with Apigee or Google in any way.
This is a user-friendly command-line interface to the Apigee Management API providing features that automate steps that are too cumbersome to perform manually or are non-existent in existing tools such as multi-factor authentication (MFA) and single sign-on (SSO)/SAML.
This tool was made with certain clients in mind, and is intended for general administrative use from your shell, as a package for developers, and to support automation for common development tasks, such as test automation or Continuous Integration/Continuous Deployment (CI/CD).
Usage: apigee [OPTIONS] COMMAND [ARGS]...
Welcome to the Apigee Management API command-line interface!
Docs: https://mdelotavo.github.io/apigee-cli/
PyPI: https://pypi.org/project/apigeecli/
GitHub: https://github.com/mdelotavo/apigee-cli
Options:
-V, --version Show the version and exit.
-h, --help Show this message and exit.
Commands:
apiproducts API products enable you to bundle and distribute your APIs...
apis The proxy APIs let you perform operations on API proxies,...
apps Management APIs available for working with developer apps.
auth Custom authorization commands.
backups Download configuration files from Apigee that can later be...
caches A lightweight persistence store that can be used by...
configure Configure Apigee Edge credentials.
deployments API proxies that are actively deployed in environments on...
developers Developers implement client/consumer apps and must be...
keyvaluemaps Key/value maps at the environment scope can be accessed by...
maskconfigs Specify data that will be filtered out of trace sessions.
permissions Permissions for roles in an organization on Apigee Edge.
sharedflows You can use the following APIs to manage shared flows and...
targetservers TargetServers are used to decouple TargetEndpoint...
userroles Roles for users in an organization on Apigee Edge.
Installation
The easiest way to install apigee-cli is to use pip in a virtualenv:
$ pip install apigeecli
or, if you are not installing in a virtualenv, to install globally:
$ sudo pip install apigeecli
or for your user:
$ pip install --user apigeecli
If you have the apigee-cli installed and want to upgrade to the latest version you can run:
$ pip install --upgrade apigeecli
Getting Started
Before using apigee-cli, you need to tell it about your Apigee Edge credentials. You can do this in three ways:
Environment variables
Config file
Command-line arguments
The quickest way to get started is to run the apigee configure command:
$ apigee configure Apigee username (email) []: my_email Apigee password []: my_pass Apigee MFA key (optional) []: my_key Identity zone name (to support SAML authentication) []: Use OAuth, no MFA (optional)? [y/N]: n Default Apigee organization (recommended) []: my_org Default team/resource prefix (optional) []:
You can also do the same thing using command-line arguments:
$ apigee configure -P default -u <my_email> -p <my_pass> -o <my_org> -mfa '' -z '' --no-token --prefix ''
You may need to specify empty strings as above. Also note the --prefix option. This option will filter the output of some commands, such as the list type commands, by the prefix which may be useful to some people, but if you want to avoid confusion just keep this value empty. You can also explicitly specify the --prefix for those commands if you need it on the fly.
To use environment variables, do the following:
$ export APIGEE_USERNAME=<my_email> $ export APIGEE_PASSWORD=<my_pass> $ export APIGEE_MFA_SECRET=<my_key> $ export APIGEE_ZONENAME=<my_zonename> $ export APIGEE_IS_TOKEN=<bool> $ export APIGEE_ORG=<my_org> $ export APIGEE_CLI_PREFIX=<my_prefix>
To use the configuration file, create an INI formatted file like this:
[default] username = my_email org = my_org mfa_secret = my_key prefix = my_prefix password = my_pass [produser] org = my_org username = my_email password = my_pass mfa_secret = my_key
and place it in ~/.apigee/credentials.
As you can see, you can have multiple profiles defined in the configuration file. You can then specify which profile to use by using the -P/--profile option. If no profile is specified the default profile is used.
Using SAML authentication
If you specified an Identity zone name (to support SAML authentication) during setup, the CLI will automatically use SAML authentication. If you are not currently signed in by your identity provider, you will be prompted to sign in:
$ apigee apis list SSO authorization page has automatically been opened in your default browser. Follow the instructions in the browser to complete this authorization request. If your browser did not automatically open, go to the following URL and sign in: https://{zoneName}.login.apigee.com/passcode then copy the Temporary Authentication Code. Please enter the Temporary Authentication Code:
zoneName will be the Identity zone name you previously configured.
Refer to the official Apigee documentation to learn more about how to Access the Edge API with SAML.
Using SAML with automated tasks
The CLI also supports machine users as described in Using SAML with automated tasks when SAML is enabled to support automation for common development tasks, such as test automation or Continuous Integration/Continuous Deployment (CI/CD).
To tell the CLI that the current user --profile is a machine user and thus to not redirect you to an identity provider, you can set the following environment variable like so:
$ export APIGEE_CLI_IS_MACHINE_USER=true
To continue using an ordinary user, you will need to unset this variable or set it to false.
Refer to the official Apigee documentation to learn more about identity zones: SAML Overview.
Tabulating deployments
Deployments information can be too verbose but you may just want to see a quick summary of which revisions of an API proxy are deployed and their status.
To tabulate the deployments response, use the -r/--revision-name-only flag in the following command:
$ apigee deployments get -n <API_NAME> -r
This will output a table like so:
name revision state prod ['1'] ['deployed'] test ['1'] ['deployed']
Tabulating resource permissions
Resource permissions responses can be slightly difficult to read so the CLI outputs this information as a table by default:
$ apigee permissions get -n <ROLE_NAME> organization path permissions my_org / ['delete', 'get', 'put'] my_org /environments ['get'] my_org /environments/* ['get'] my_org /apimonitoring ['delete', 'get', 'put']
If you need the JSON response, use the --format json option:
$ apigee permissions get -n <ROLE_NAME> --format json { "resourcePermission" : [ { "organization" : "my_org", "path" : "/", "permissions" : [ "put", "get", "delete" ] }, { "organization" : "my_org", "path" : "/environments", "permissions" : [ "get" ] }, { "organization" : "my_org", "path" : "/environments/*", "permissions" : [ "get" ] }, { "organization" : "my_org", "path" : "/apimonitoring", "permissions" : [ "put", "get", "delete" ] } ] }
Deploy API Proxy bundles
You can also deploy API proxy bundles to Apigee.
This command is an enhanced version of the Apigee API Proxy Deploy Tool.
It supports a bunch of useful features such as MFA, SAML, seamless deployments and automatic handling of missing and broken deployments.
Usage: apigee apis deploy [OPTIONS]
Deploy APIs using an improved version of the Apigee API Proxy Deploy Tool:
https://github.com/apigee/api-platform-samples/tree/master/tools
=========================================================================
== NOTICE file corresponding to the section 4 d of ==
== the Apache License, Version 2.0, ==
== in this case for the Apigee API Proxy Deploy Tool code. ==
=========================================================================
Apigee API Proxy Deploy Tool https://github.com/apigee/api-platform-
samples/tree/master/tools These files are Copyright 2015 Apigee
Corporation, released under the Apache2 License.
Options:
-P, --profile TEXT name of the user profile to authenticate
with [default: default]
-o, --org TEXT [default: (current org)]
-z, --zonename TEXT [default: (current identity zone name)]
--token / --no-token specify to use oauth without MFA [default:
False]
-mfa, --mfa-secret TEXT
-p, --password TEXT [default: (current password)]
-u, --username TEXT [default: (current username)]
-v, --verbose [default: (toggle verbose output)]
--silent [default: (toggle silent output)]
-e, --environment TEXT environment [required]
-n, --name TEXT name [required]
-d, --directory DIRECTORY directory with the apiproxy/ bundle
[required]
Deployment options: [mutually_exclusive]
The deployment options
-i, --import-only / -I, --no-import-only
import only and not deploy
-s, --seamless-deploy / -S, --no-seamless-deploy
seamless deploy the bundle
-h, --help Show this message and exit.
If deploying via CI/CD you may end up with a lot of undeployed revisions. In this case, you can make use of the apigee apis clean command to delete all those undeployed revisions and even specify to always keep the last few revisions.
Push commands
Some commands support the push subcommand which combines CRUD API calls to manage the creation, update and sometimes deletion of resources using a single command.
The following commands support the push subcommand:
apiproducts
caches
keyvaluemaps
targetservers
maskconfigs
Push commands read JSON from a file and can be invoked like so:
$ apigee keyvaluemaps push -e <env> -f <file_path.json>
This will create the KVM if it does not exist, and update it if it does.
Troubleshooting
If you get an error like so:
An exception of type jwt.api_jws.DecodeError occurred. Arguments: Invalid crypto padding
Try deleting the cached access token:
$ rm ~/.apigee/access_token
Getting Help
Disclaimer
This is not an officially supported Google product.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for apigeecli-0.44.6-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 14f4cfec2e76c73cd211f444388b648faac51ca95a9637f15e333fafefee7ae2 |
|
MD5 | 0e7782cc5ce15119c49fc176ca264383 |
|
BLAKE2b-256 | 74f616ed0d3c9f73a1462b3e1104463b40f7770c0a3732d1ef916480a82ed235 |