Solved: I can create KVM store in UI but it does not have ...

richardbraman-1 · 03-22-2021 12:51 PM

Is this a permissions problem? I added the Apigee Environment Admin role to my Apigee service account even though it already has Apigee API admin but that had no effect.

dknezic

The KVM is manipulated using the KVM policy from within an API Proxy.

View solution in original post

dchiesa1

Not a permissions problem;

If you are using Apigee X or Apigee hybrid, then... the UI, and in fact the Administrative API, permits Creation and Deletion of named KVM Maps. It does not support populating those KVM maps, or reading and analyzing the content in those maps.

Older versions of Apigee supported reading and analyzing the content in those maps.

What version of Apigee are you using?

richardbraman-1

Hi Dino,

I am using Apigee X. I found the API documentation for keyvaluemaps, and I can sucessfully create a new key value map via the API via POST to

POST https://apigee.googleapis.com/v1/organizations/myorg/keyvaluemaps
{
 "encrypted": true,
 "name": "secretMap"
}

Interestingly, the new map I created does not show in the UI, but it does return I do a GET to the same url.

Also, interestingly, if I posted the sample payload in the documentation:

{
 "encrypted": true,
 "entry": [
 {
 "name": "Key1",
 "value": "*****"
 },
 {
 "name": "Key2",
 "value": "*****"
 }
 ],
 "name": "secretMap"
}

.it returns:

{
  "error": {
    "code": 400,
    "message": "Invalid JSON payload received. Unknown name \"entry\" at 'key_value_map': Cannot find field.",
    "status": "INVALID_ARGUMENT",
    "details": [
      {
        "@type": "type.googleapis.com/google.rpc.BadRequest",
        "fieldViolations": [
          {
            "field": "key_value_map",
            "description": "Invalid JSON payload received. Unknown name \"entry\" at 'key_value_map': Cannot find field."
          }
        ]
      }
    ]
  }
}

So it seems I still cannot create a Key/Value pair....

richardbraman-1

Hi again Dino,

I see now that https://apigee.googleapis.com/v1/organizations/myorg/environments/eval/keyvaluemaps

will show the KVMs scoped to that environment.

But I still don't see how to add the key/values...

dknezic

The KVM is manipulated using the KVM policy from within an API Proxy.

richardbraman-1

that is super interesting

dknezic

Also, depending on your use case, PropertySets may be suitable

https://cloud.google.com/apigee/docs/api-platform/cache/property-sets

richardbraman-1

If the idea behind kvms is to not put your secrets in a proxy, we have solved this by... putting the secrets in a different proxy?

richardbraman-1

I guess the idea is to pass the values in via query string or form post. I see now....

richardbraman-1

So it would seem the only way to set values into a KVM is with a proxy

https://community.apigee.com/questions/39540/adding-a-value-to-kvm.html

smashal

Actually, It doesn’t make sense to not be able to configure/modify KVMs entries except through KVM operations policy. This is against the idea of KVMs to modify configurations without editing API proxy.

ashmitkolli

Exactly, Apigee X seems to be evolving backwards.
So many features of apigee edge are removed or made unnecessarily complicated. I don't even wanna go into the half baked documentation that's there for Apigee X.

Apigee Edge > Apigee X Any day from the perspective of a developer.

I can create KVM store in UI but it does not have option to add Key and Value