Merge pull request #25 from Axway-API-Management-Plus/smtp

Support SMTP Connection Security

README.md

@@ -1,25 +1,25 @@
 # APIM Environmentalization
 
-Axway APIM supports environmentalization through Configuration Studio and envSettings.props file, it does partially support environment variables. 
+Axway APIM supports environmentalization through Configuration Studio and envSettings.props file, it does partially support environment variables.
 
-Main objective of the project is to support environmentalization for EMT ( externally managed topology ) to reuse the container in upstream environments ( QA, Production, etc..).  The same approach could be used for classic deployment as well. 
+Main objective of the project is to support environmentalization for EMT ( externally managed topology ) to reuse the container in upstream environments ( QA, Production, etc..).  The same approach could be used for classic deployment as well.
 
 List of supported environment listed in EMT ( externally managed topology ) - [APIM Runtime Parameters](https://docs.axway.com/bundle/axway-open-docs/page/docs/apim_installation/apigw_containers/container_env_variables/index.html)
 
-Environment variables should be prefixed with **environment** for  APIM. The **environment** prefix could be used in most of the filters and connections, [ Refer  database connection environment prefix Usage](#database-environmentalization-example-with-environment-prefix). 
+Environment variables should be prefixed with **environment** for  APIM. The **environment** prefix could be used in most of the filters and connections, [ Refer  database connection environment prefix Usage](#database-environmentalization-example-with-environment-prefix).
 
 ## Advantages of using environment variables
 
-- Securly store credentilas (password and certificate) using Kubernetes secrets. 
+- Securly store credentilas (password and certificate) using Kubernetes secrets.
 - Adhere to The Twelve-Factor App rule **Store config in the environment** - https://12factor.net/config
 
 
-## Database Environmentalization example with **environment** prefix. 
+## Database Environmentalization example with **environment** prefix.
 - Database connection URL is environmentalized with environment variable db_url
 
 ![Database Connection](images/db.png)
 
-- Database password should use the option Wildcard Password for environmentalization 
+- Database password should use the option Wildcard Password for environmentalization
 
 #### Environmentalization Classic APIM  example
 **Remove "environment" prefix when referening environment variable**
@@ -65,9 +65,11 @@ environment:
 |smtp_manager_password|SMTP Server|Enables environmentalization of API manager SMTP and Alert Email **Password** field|
 |smtp_manager_username|SMTP Server|Enables environmentalization of API manager SMTP and Alert Email **Username** field|
 |smtp_manager_url|SMTP Server|Enables environmentalization of API manager SMTP and Alert Email **SMTP Server Hostname** field|
+|smtp_manager_connectionType|SMTP Server|Enables environmentalization of API manager SMTP and Alert Email **SMTP Connection Connection Security** field, possible values ** NONE, SSL, TLS**, default value **NONE** |
 |smtp_servername_password|SMTP Server|Enables environmentalization of **Password** field|
 |smtp_servername_username|SMTP Server|Enables environmentalization of **Username** field|
 |smtp_servername_url|SMTP Server|Enables environmentalization of **SMTP Server Hostname** field|
+|smtp_servername_connectionType|SMTP Server|Enables environmentalization of **SMTP Server Connection Security** field, possible values ** NONE, SSL, TLS**, default value **NONE** |
 |httpbasic_profilename_password|Client Authentication - Http Basic|Enables environmentalization of **Password** field|
 |disablehttps_portname|Client Authentication - Http Basic|Disables HTTPS Listener Interface, possible values true and false|
 |disablehttp_portname|Client Authentication - Http Basic|Disables HTTP Listener Interface, possible values true and false|
@@ -81,7 +83,7 @@ environment:
 
 ### Example
 
-LDAP Connections, JMS, SMTP does not support environment variables. 
+LDAP Connections, JMS, SMTP does not support environment variables.
 
 For example  LDAP environment variable follows a format **ldap_axway_username**
 
@@ -142,7 +144,7 @@ $export disablehttps_portname=true
 $export disablehttp_portname=true
 ```
 
-- Radius 
+- Radius
 ```bash
 ```
 ### Cassandra
@@ -246,13 +248,13 @@ s2+QnHEKNi5n6eyF81l1X3AGOMp2uUF4CfU=
 -----END CERTIFICATE-----"
 ```
 
-- Connect to URL  2-Way SSL / Mutual SSL Authentication 
-  
-To update Connect to URL  SSL certificate, there are two environment variables used to set up certificate for SSL Authentication 
+- Connect to URL  2-Way SSL / Mutual SSL Authentication
 
-  -- connecttourl_certandkey_sslauth
+To update Connect to URL  SSL certificate, there are two environment variables used to set up certificate for SSL Authentication
 
-  -- connecttourlcertandkeypassword_sslauth
+-- connecttourl_certandkey_sslauth
+
+-- connecttourlcertandkeypassword_sslauth
 
 ```bash
 $export connecttourl_certandkey_sslauth="MIIL5gIBAzCCC7AGCSqGSIb3DQEHAaCCC6EEggudMIILmTCCBi8GCSqGSIb3DQEHBqCCBiAwggYcAgEAMIIGFQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI9bSw5/Kr0SsCAggAgIIF6DTG3vfPtoc4NPgJE9FU43PRyMpBcv/JIefNDTvC5CNQ+7b47Afqo6mJFIndSxTEbHcnWNG/ufC2/C+7oTn8aZyrgi868fgysv9knhOe+tPJ1O6RyF690m00CmoRhE4kCDKMPaAeRR2ZAMAqj9nPrxjWMXKdrS8+LeEhq2SYSozP8VR+llaTrDPtO8+mC9KRfJIgrKpbB0G/qdnJNtrhJJ8fhaE+/Ufkhydwe0tldu+kOGMODCWVpCY5q2MRrQlhvQhLOYJ7LA/Ovz1ZDjOAE9oujqvhegDxwHj4I6sxHYhGsPUYstNiiqpI5ZcODxUajd5JmEGytk9LU/9PtKEQrXMB4/H7RsRV2bVMWtDaHVW5g0h0oUTw5SBJuPEZMljfLSIXiazerlDC5wybVKVoImDcSiYqHzEKj4DivSclrNfFk4JMMaKIphZZ2qBkCEZ0hEyGxwixyE09yexzW6/5Aq/LF51NJ8THjVHFFScDyOdNsAjiNugXFKe9OkuXW130bbLO+iGscWeJ6vGzjQRM9XIcAOiGJf0jwrGmTu+lFu70C4w+ka5oe6smcABsi52NbeZ7ylW74Fd+fU/O18nXoa7kTbzW5V/BaN+r5flxh1Xd2tUfvG00ABcWtDfHGXSuAtPp+LKRvgU0zS9BVMEr/ZpBpT3KbZAfGjk7Ies/ICpu1OKIDmLrrXHS6ZFhr7+frSjUrmrqGW4+eRBpLQDWD1/XNVzRkbfyE6Lv/lMBjc5BAEG3ZVRSpg9FemyYe5mVk1ehOMdQvUqEGd7DkmfMyXgpUVAbOqebhkS2PSRfcwZZ8O+LQOAnrWI4PRsO0XhmKpmith7S4F+IZ+xKVtkDJbNjAW63OVXKK1E914n7DuI07YCn3CGC4V4i3QlGUgY6kHoEIEfYroCGwupkSh2VLdtsru0dhoP8Dzo0AteWt7knjSQ+era/aPy3qSDE6uUbFNEHD+ol7iD5JMPGG1vnmlCu3nedwkH66LI4Zh8JSQ8qfNwSPt6GVScmpu6HmyuEH1gx6C98bvdzQMcsE+VmjldgGOIobIsTFFmcQMHEM/12R5A/VtnVEQHUY6giuFJpA7IZ2fKHtUiH0ijq1gntkUwWiJml/rb9DQHeZloKpYTEs7GuFdi8CNBZ/vThUcFPVlu8XslPm1zQZlXLb4/ian2Mdu78/FIWz7VVVSpJOablgltcIzOR2QdVYv/rmJsqecAnn2g1f+c5RvLMv2XfyJUzyfW/krlwswDiySV788BsSDylAAthUzs0RjOSIkRnaBGhYEEwhgcHOZV3l5xBjbde+0mR2hiZ3XdfQN9ZITHeCrkSv6yTtH3zh4X6YiPnY0BptOvAV/Vk/Ktdio5rSg8zjC8EDGun1p8vt/eYiIu6YEmeLxwrH27SJSgpnRkpN+u23Mq0zRrQevc7VEej0q1l4XrTDJcCTJhr5swT1UUnJ57tnKnz5X3rqrq9UrTzohVFR445PJFxHbrzyAq9og4OOU3Ya4NHcJmm0+st/V2kBs65oAGNItDJGBGyObXSKMJb4yFc6lf7EneHRMDnLTlz8XES/AN1KVih3TMfjUfgfcXFVLWKRoPVuQP0uNIPto9AIasnrxIc2zhcFpebbnUIAVRUBvNfbkHOGnjYTPf1iXs1uyDRmnQxWXbFpsBQ77wGkXrEHACbCg6pBoe9Lw2A0N5LWQniZy5dire24ZczJRKnk1W6T5W7khIqQ0h1leHsDS+bRSjaKt7MmPbp50MhoK/pX7M0Y2oO7p7Y3lQDtJ2VblMtwe7xWDbHMXDtpKQmcJg1rb5Q/2RZ3VUm08sEH3thughjogoXqCXOXn/FaJ7lVGA3qdjGgaZi1JLXd8NozwEcuNvSy/517a4Ek/uRXKVzV8WsdW8JZGvyELvlbIrdk5evNLc8W7nG4Q4BGSvEAhdLqLkpfBxgER+SU/ojSTa2wm8r/bKK5q8SVxvxaFYEAhJJyf3BrRNm9PokzDWlRR08teSkL2WKIWVX1Bw0Wo1F78Ee7DCCBWIGCSqGSIb3DQEHAaCCBVMEggVPMIIFSzCCBUcGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZIhvcNAQwBAzAOBAg6h0uS8i8h6AICCAAEggTIpKit9ZymYjEoIoMkUpAq44lSCclY8qSmRhoaWnDNTQLhy37fxMf0hiJZ2krvBzGhNLQyBB2Yrob9lry0Sv24mkOUjRxCAhpDu03EThSC/cebaKN0+W1g4qR3EG5zLDtljI+7tgDBhE/PWuV12ZgoP3t9+JHCo1/OVv/IPtUuiP+EVk+SKW9x9/u/HKaordRi4WMhEVW8pUdMktRSQjSzupDE+8GV2ykaZ5BSfbk4RsZD2dyl5hW9lLQ9xFV786667MQcsDh4DhObWQZtX/bASw0/XS6L+TdJmxSOyIci/RGg5iyLxx7xcWRP6zfIiwacrYMxnEB7GX1QDiS3AdjeFoua+htX1DlP7Om15w/b8q79dLhMw+eSUn8g/aLp9n0PKs5mxn6rMcCrmOZJQq5y+0u7g6zOarKx08d6w7yDNCnDS7Hu2DqwaxhHyToEFjQtCw3e7ALdyB/QsZ5HpNNJjyoS+OYbAUJFU5i/oPSX3714wU/gwx/ZiVt4yWW808b8T8ksAKWhp4Gce+VipuNIXKKMdKgx7GiFK12ev31x5BHw+zSUXGc5TXXy0Nb51PTlFwF9/RBXEEleIq0914cK9UumJ6EpdfX6ssqwS9ASFhXfidAlhwH2fuw9lanFB8Y8IDnvBYCxxxtWymh7RZyBumBIdopRA8D2X51BuX6XeYVCYP7PJtXObQfLvGkY50SNOmHbCexq77UxezbMQES+mKW8YXLtZlsD1poOSmrkmRy+jvMXrHFAQidsI5Z2hZjo2sMZSPe+NAwM84yLJYoAq6LuDyhtk3WEbQNO+GB/KqFBOY3fcX0lHFdYEIovTBW+BhspdYEPvJJ01uzgG2VhvriqJ3/ETinKmMvgf5UpJDY+DJ6tgqprN3YCtPB9+NR4cmNz/OUoZKARy64UPWJuX6APGPFIAOD0gNgHqYcrpuksprX/YiYsBVOv/ouqJ9MG36EZ2WYG/KsdtCTssfHYAll5WFu1pGVKVtQJE7sN3Y34jSJDF2F2UoxQbg2CmEnM57GK7kcPjiPnCKPj+o+SEnC8BIO1TxoYnMUB87zfuO53qAdLdQkBvg2salAUsBEHmrDyIOGnEXBuAhHSHbSZSnGpD8gbhnOqfHkRu/OT5BVvnJE+w+dfTlh9vB777VbA5aEYSN16HucPkj3BelDU9+1GctZsSNg4fV/rla7RMf0SUZ02rVbX+52UwxUvuaDH+Pe+QvkTy6sc4b9IIXTphXoZWGClWBGOLBpHfMyxzu2IX4jE4M26DIwUZnVd0vkMYh8dZywgjBCoAJji6Oc1QiNzI3hAwO2sRTaVX5pxZApR+JwPY9ZwLyaOpTSbOXOP7rNZNTMCs1OUHgQdrmPPkE5EBjD/VqXOfLks0Nc8fV1zhofKe088UTZ/qCZKQwK40qhjnYLZ2C1rYjgGtiGHMaPznmwuIazZV9pKgVw+TGTWQmnmuWq7XDEzorbxh0ExjG4S45IQUaTG2kZ9GuHMj3Ocpmf/cJhTZl7wro2x+p/opJYqdKbMOaA+8orsU5r9BCv7NZFh278fSo3fpPut9+ZpmSaYDPpDjAuYlpzv1NFTyAz8Q2myFWFHSxh+KnSfhrEtf4euDRgQ/9gZ2IqXUsZ3FXUNtymfMUYwHwYJKoZIhvcNAQkUMRIeEABDAE4APQBhAHgAdwBhAHkwIwYJKoZIhvcNAQkVMRYEFFnwiPQwNks1gKUHDM3ye/ArMTPaMC0wITAJBgUrDgMCGgUABBQMVJgNbDx/sDqV37rk+lgsiaWPhgQIXKMl/uHVEFw"
@@ -263,16 +265,16 @@ $export connecttourlcertandkey_sslauth = /opt/Axway/apigateway/certs/cert.p12
 # Use k8s secret to manage password
 $export connecttourlcertandkeypassword_sslauth=changeit
 ```
-**sslauth** is the name of  Connect to URL filter **WARNING**: Do not use blank spaces in Connect to URL filter name. 
+**sslauth** is the name of  Connect to URL filter **WARNING**: Do not use blank spaces in Connect to URL filter name.
 
 ![connect_to_url client_auth](images/connect2urlsslauth.PNG)
 
 ### Https Listener
 
 - PKCS12 - To update the https listener certificate.  There are two environment variables used to set up certificate on Listener interface
-  
+
   -- certandkey_secureport
-  
+
   -- certandkeypassword_secureport
 
 ```bash
@@ -284,13 +286,13 @@ $export certandkey_secureport = /opt/Axway/apigateway/certs/cert.p12
 # Use k8s secret to manage password
 $export certandkeypassword_secureport=changeit
 ```
-**secureport** is the name of the https interface **WARNING**: Do not use blank spaces. 
+**secureport** is the name of the https interface **WARNING**: Do not use blank spaces.
 
 ![secureport Interface](images/https_interface.png)
 
 ## Implemenation Details
 
-This project uses **Loadable module** feature to support environmentalization [Refer Java interfaces for extending API Gateway for more information](https://docs.axway.com/bundle/axway-open-docs/page/docs/apigtw_devguide/java_extend_gateway/index.html). 
+This project uses **Loadable module** feature to support environmentalization [Refer Java interfaces for extending API Gateway for more information](https://docs.axway.com/bundle/axway-open-docs/page/docs/apigtw_devguide/java_extend_gateway/index.html).
 
 
 ### Build the project
@@ -320,21 +322,21 @@ $mvn clean install
 ### Add Loadable Module to EMT Container
 
 - Import Loadable Module
-      Open Policystudio, Navigate to menu File -> Import -> Import Custom filters, select apim-policy-password-cert-env/src/main/resources/typeSet.xml. It will add Loadable module to entity store. 
-   
+  Open Policystudio, Navigate to menu File -> Import -> Import Custom filters, select apim-policy-password-cert-env/src/main/resources/typeSet.xml. It will add Loadable module to entity store.
+
 - Export fed file ( e.g container_env.fed) to build container
-
-- Build a container merge directory ( **--merge-dir** ) option 
 
-     - The merge directory must be called apigateway and must have the same directory structure as in an API Gateway installation.
-     - Copy the JAR file to a new directory /Users/axway/APIM/apigw-emt-scripts-2.1.0-SNAPSHOT/apigateway/ext/lib/ and specify /Users/axway/APIM/apigw-emt-scripts-2.1.0-SNAPSHOT/apigateway to the --merge-dir option.
-
+- Build a container merge directory ( **--merge-dir** ) option
+
+  - The merge directory must be called apigateway and must have the same directory structure as in an API Gateway installation.
+  - Copy the JAR file to a new directory /Users/axway/APIM/apigw-emt-scripts-2.1.0-SNAPSHOT/apigateway/ext/lib/ and specify /Users/axway/APIM/apigw-emt-scripts-2.1.0-SNAPSHOT/apigateway to the --merge-dir option.
+
 ```bash
 ./build_gw_image.py --license=/Users/axway/APIM/apigw-emt-scripts-2.1.0-SNAPSHOT/licenses/apim.lic --default-cert --parent-image=apigw-base --merge-dir=/Users/axway/APIM/apigw-emt-scripts-2.1.0-SNAPSHOT/apigateway --fed=container_env.fed --out-image=apim:latest
 ```
-- Push it to docker registry if needed. 
+- Push it to docker registry if needed.
 
-### Add Loadable Module to classic API Gateway 
+### Add Loadable Module to classic API Gateway
 
 
 
@@ -350,7 +352,7 @@ Guide to Externalize EMT Admin node manager and gateway domain certificates - [d
 
 ## Contributing
 
-![Contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen)  
+![Contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen)
 
 Please read [Contributing.md](https://github.com/Axway-API-Management-Plus/Common/blob/master/Contributing.md) for details on our code of conduct, and the process for submitting pull requests to us.  
 Also please read this page on [how to contribute](https://github.com/Axway-API-Management-Plus/apimanager-swagger-promote/wiki/7.1-Contribute-to-this-project) to this project.

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>com.axway</groupId>
     <artifactId>apim-env-module</artifactId>
-    <version>1.1.5</version>
+    <version>1.1.6</version>
 
     <name>apim-env-module</name>
     <url>https://axway.com</url>
@@ -15,9 +15,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <maven.compiler.source>1.8</maven.compiler.source>
         <maven.compiler.target>1.8</maven.compiler.target>
-        <api.version>7.7</api.version>
-        <!--apim.lib.path>/Users/rnatarajan/AxwayProducts/apim_7_7_nov/lib</apim.lib.path-->
-        <apim.lib.path>C:\Axway\Axway77March2021\apigateway\system\lib</apim.lib.path>
+        <api.version>7.7.0.20210830-2</api.version>
     </properties>
 
     <dependencies>
@@ -30,58 +28,42 @@
         <dependency>
             <groupId>apigw-common</groupId>
             <artifactId>apigw-common</artifactId>
-            <scope>system</scope>
             <version>${api.version}</version>
-            <systemPath>${apim.lib.path}/plugins/apigw-common-2.0.1.jar</systemPath>
         </dependency>
         <dependency>
             <groupId>vordel-trace</groupId>
             <artifactId>vordel-trace</artifactId>
-            <scope>system</scope>
             <version>${api.version}</version>
-            <systemPath>${apim.lib.path}/plugins/vordel-trace-7.7.0.20210330-6.jar</systemPath>
         </dependency>
         <dependency>
             <groupId>vordel-apigateway</groupId>
             <artifactId>vordel-apigateway</artifactId>
-            <scope>system</scope>
             <version>${api.version}</version>
-            <systemPath>${apim.lib.path}/vordel-apigateway-7.7.0.20210330-6.jar</systemPath>
         </dependency>
         <dependency>
             <groupId>vordel-core-runtime</groupId>
             <artifactId>vordel-core-runtime</artifactId>
-            <scope>system</scope>
             <version>${api.version}</version>
-            <systemPath>${apim.lib.path}/vordel-core-runtime-7.7.0.20210330-6.jar</systemPath>
         </dependency>
         <dependency>
             <groupId>es-core</groupId>
             <artifactId>es-core</artifactId>
-            <scope>system</scope>
             <version>${api.version}</version>
-            <systemPath>${apim.lib.path}/plugins/es-core-2.0.11.jar</systemPath>
         </dependency>
         <dependency>
             <groupId>vordel-common</groupId>
             <artifactId>vordel-common</artifactId>
-            <scope>system</scope>
             <version>${api.version}</version>
-            <systemPath>${apim.lib.path}/plugins/vordel-common-7.7.0.20210330-6.jar</systemPath>
         </dependency>
         <dependency>
             <groupId>vordel-system</groupId>
             <artifactId>vordel-system</artifactId>
-            <scope>system</scope>
             <version>${api.version}</version>
-            <systemPath>${apim.lib.path}/plugins/vordel-system-7.7.0.20210330-6.jar</systemPath>
         </dependency>
         <dependency>
             <groupId>vordel-config</groupId>
             <artifactId>vordel-config</artifactId>
-            <scope>system</scope>
             <version>${api.version}</version>
-            <systemPath>${apim.lib.path}/plugins/vordel-config-7.7.0.20210330-6.jar</systemPath>
         </dependency>
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>

src/main/java/com/axway/ExternalConfigLoader.java

@@ -309,10 +309,12 @@ private void updateSMTP(EntityStore entityStore, Credential credential) {
             entity = getEntity(entityStore, "/[SMTPServerGroup]name=SMTP Servers/[SMTPServer]name=" + credential.getFilterName());
         }
         setUsernameAndPassword(credential, entity, "username");
+
         String host = credential.getUrl();
         if (host != null) {
             entity.setStringField("smtpServer", host);
         }
+        updateMailConnectionType(entity, credential.getFilterName());
         entityStore.updateEntity(entity);
     }
 
@@ -327,9 +329,21 @@ private void updateAlertSMTP(EntityStore entityStore, Credential credential) {
             if (host != null) {
                 entity.setStringField("smtp", host);
             }
+            updateMailConnectionType(entity, credential.getFilterName());
             entityStore.updateEntity(entity);
         }
     }
+    private void updateMailConnectionType(Entity entity, String filterName) {
+        String connectionType = System.getenv("smtp_" + filterName + "_connectionType");
+        if (connectionType != null) {
+            // Possible Values NONE, SSL TLS
+            if (MailConnectionTypes.valueOf(connectionType) != null) {
+                entity.setStringField("connectionType", connectionType);
+            } else {
+                Trace.error("Invalid connection type : " + connectionType);
+            }
+        }
+    }
 
     private void updateCassandraCert(EntityStore entityStore, String alias, boolean append) {
         String shorthandKey = "/[CassandraSettings]name=Cassandra Settings";
@@ -602,4 +616,6 @@ private void updateCassandraConsistencyLevel(ShorthandKeyFinder shorthandKeyFind
         }
     }
 
+    public enum MailConnectionTypes {NONE, SSL, TLS}
+
 }