Skip to content

Commit

Permalink
Merge pull request #107 from Axway/APIGOV-20935
Browse files Browse the repository at this point in the history 
APIGOV-20935 update documentation references to Central service accounts
  • Loading branch information
@cshantakumar
cshantakumar authored Nov 9, 2021
2 parents 3e67d15 + 815fbfc commit 8eff95a
Show file tree
Hide file tree
Showing 18 changed files with 60 additions and 555 deletions.
13 changes: 2 additions & 11 deletions apigee/apigee-extension/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,17 +35,8 @@ $ axway central config set extensions.apigee <path to where you installed module

# Getting started

You must be logged into the Axway Amplify Platform before uploading any generated resource files. You'll also need to setup a Service (DOSA) account. To find out how to create one visit [Get started with Amplify CLI](https://docs.axway.com/bundle/axway-open-docs/page/docs/central/cli_getstarted/index.html). Log in to the [Axway Amplify Platform](https://www.axway.com/en/products/amplify) using the following command:

```bash
$ axway auth login --client-id <DOSA Service Account> --secret-file <Private Key>
```

To see available help, options and examples add `-h` or `--help` option on any command:

```bash
$ axway auth logout -h
```
You must be logged into the Axway Amplify Platform before uploading any generated resource files.
Refer to the Axway Central CLI [documentation](https://docs.axway.com/bundle/amplify-central/page/docs/integrate_with_central/cli_central/cli_install/index.html) for more information.

# General usage

Expand Down
93 changes: 4 additions & 89 deletions axway-api-manager/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,98 +24,13 @@ Follow the steps below to use this example:
### Prerequisites: Configure the Axway V7 agent to discover and publish the APIs from Axway API Manager
Documentation available [here](https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/filtering-apis-to-be-discovered/index.html)

### Step 1: Create Amplify Central Service Account (using OAuth2 Client Credentials Grant Type)
### Step 1: Create Platform Service Account (using Client Secret)

This service account is different from the one used by the Amplify agents or Amplify CLI.
The Service Account can be created using the [Platform UI](https://docs.axway.com/bundle/platform-management/page/docs/management_guide/organizations/managing_organizations/index.html#managing-service-accounts) or the [Axway CLI](https://docs.axway.com/bundle/axwaycli-open-docs/page/docs/authentication/service_accounts/index.html)

This account can be used in services (Integration Builder or Power Automate for example) where private/public keys can not be stored and used.
More details on how to achieve this are also presented in this [blog post](https://blog.axway.com/apis/axway-amplify-platform-api-calls).

Save the **clientId** and **clientSecret** from the response which will be used later in the flow.

##### Option 1 - using axway cli and jq

Install [Amplify Central CLI](https://docs.axway.com/bundle/axway-open-docs/page/docs/central/cli_central/cli_install/index.html)
Install [jq](https://stedolan.github.io/jq/download/)

Make sure you log out from all active sessions.


```powershell
axway auth logout --all
```

Go to Amplify platform, login with an account that is assigned the Administrator platform role, and copy the OrgID.
The OrgID (Organization ID) can be obtained by visiting: [https://platform.axway.com/#/org](https://platform.axway.com/#/org).

Set the **ORG_ID** in the command below and execute it.

```sh
axway auth login
ORG_ID=<org_id_value> && TOKEN=$(axway auth list --json | jq -r ".[] | select( .org.id == $ORG_ID ) | .auth.tokens.access_token") && curl -vv 'https://apicentral.axway.com/api/v1/serviceAccounts' \
--header "Authorization: Bearer ${TOKEN}" \
--header "X-Axway-Tenant-Id: ${ORG_ID}" \
--header 'Content-Type: application/json' \
--data-raw '{
"serviceAccountType": "DOSA",
"serviceAccountName": "catalog-integration",
"clientAuthType": "SECRET"
}'
```

##### Option 2 - using postman collection

Use the postman **[collection](https://github.com/Axway/unified-catalog-integrations/blob/axwayTokenFromSA/utils/postman)**.

1. Import the [Manage service accounts.postman_collection.json](https://github.com/Axway/unified-catalog-integrations/blob/axwayTokenFromSA/utils/postman/Manage%20service%20accounts.postman_collection.json) collection in Postman.

2. Import the [Amplify Environment configuration file](https://github.com/Axway/unified-catalog-integrations/blob/axwayTokenFromSA/utils/postman/AMPLIFY%20Central%20Production.postman_environment.json) in Postman.

3. For authentication, the APIs require OAuth2 implicit. To authenticate, go to Postman Collection, click on the "..." button and then select _Edit_.

![postman image](../images/PostmanAuthenticate.PNG)

4. From the new screen, go to _Authorization_ and click on _Get New Access Token_. To authenticate use:
* Grant Type: `Implicit`
* Auth URL:`https://login.axway.com/auth/realms/Broker/protocol/openid-connect/auth?idpHint=360`
* Client ID: `apicentral`

![postman image](../images/GetAccessTokenPostman.PNG)

Copy the access token. You will use this to set the AMPLIFY Central Production environment variables.

5. Set the Amplify Central Production environment variables. From the top right corner, select the _AMPLIFY Central Production_ environment from the dropdown, and then click on the eye button next to the dropdown.
* Set the CURRENT VALUE for the **org_id**: Go to the Amplify platform, login with an account that is assigned the Administrator platform role, and copy the OrgID.
* Set the CURRENT VALUE for the **auth_token**: Copy and paste the access token from the previous step.

![postman_env](../images/ConfigureEnvironmentPostman.PNG)


6. Run the **Create Service Account of type SECRET** POST request. In the body payload, you could change the `serviceAccountName` to a value of your choice.

![service_account](../images/CreateServiceAccount.PNG)

Save the **clientId** and **clientSecret** from the response which will be used in the Microsoft flow. Below is an example of the response body.

```json
{
"name": "amplify-integration",
"type": "DOSA",
"clientId": "DOSA_f0c4b70**********",
"clientAuthType": "SECRET",
"clientSecret": "07b*************",
"registrationToken": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3NjE5OGUwZS1lNTcz******",
"tokenUrl": "https://login.axway.com/auth/realms/Broker/protocol/openid-connect/token",
"aud": "https://login.axway.com/auth",
"realm": "Broker",
"certificate": {},
"metadata": {
"createTimestamp": "2020-07-01T20:24:02.059Z",
"createUserId": "e1add099-59da-40b6-b13f-912bfa816697",
"modifyTimestamp": "2020-07-01T20:24:02.059Z",
"modifyUserId": "e1add099-59da-40b6-b13f-912bfa816697"
}
}
```
After creating the Service Account, save the **clientId** and **clientSecret**.

### Step 2: Configure Microsoft Teams flow to Approve / Reject subscription requests
***
Expand Down
93 changes: 11 additions & 82 deletions azure/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,96 +17,21 @@ The basic use case is as follows:
The technologies that were used for this project:

* [Amplify Unified Catalog](https://docs.axway.com/bundle/axway-open-docs/page/docs/catalog/index.html) as the central place to publish and discover the APIs.
* [Amplify Central CLI](https://docs.axway.com/bundle/axway-open-docs/page/docs/central/cli_getstarted/index.html) to fetch the APIs from Azure API Management and promote them to the Unified Catalog.
* [Amplify Central CLI](https://docs.axway.com/bundle/amplify-central/page/docs/integrate_with_central/cli_central/cli_install/index.html) to fetch the APIs from Azure API Management and promote them to the Unified Catalog.
* [Integration Builder](https://www.axway.com/en/products/application-integration) to implement the logic for the subscription management and email notifications.
* MS Teams for notifications and approval or rejection of subscription requests.
* Azure API Management.

Follow the steps below to use this example:


### Step 1: Create Amplify Central Service Account
### Step 1: Create Platform Service Account (using Client Secret)

Save the clientId and clientSecret from the response which will be used in Integration Builder flow.
The Service Account can be created using the [Platform UI](https://docs.axway.com/bundle/platform-management/page/docs/management_guide/organizations/managing_organizations/index.html#managing-service-accounts) or the [Axway CLI](https://docs.axway.com/bundle/axwaycli-open-docs/page/docs/authentication/service_accounts/index.html)

##### Option 1
More details on how to achieve this are also presented in this [blog post](https://blog.axway.com/apis/axway-amplify-platform-api-calls).

Make sure you log out from all active sessions.


```powershell
axway auth logout --all
```

Go to the Amplify platform, login with an account that is assigned the Administrator platform role, and copy the OrgID. Set the **ORG_ID** in the command below and execute it.
To run the command, you need to have jq installed.
```sh
axway auth login
ORG_ID=<org_id_value> && TOKEN=$(axway auth list --json | jq -r ".[] | select( .org.id == $ORG_ID ) | .auth.tokens.access_token") && curl -vv 'https://apicentral.axway.com/api/v1/serviceAccounts' \
--header "Authorization: Bearer ${TOKEN}" \
--header "X-Axway-Tenant-Id: ${ORG_ID}" \
--header 'Content-Type: application/json' \
--data-raw '{
"serviceAccountType": "DOSA",
"serviceAccountName": "catalog-integration",
"clientAuthType": "SECRET"
}'
```

##### Option 2

Use the postman **[collection](https://github.com/Axway/unified-catalog-integrations/blob/axwayTokenFromSA/utils/postman)**.

1. Import the [Manage service accounts.postman_collection.json](https://github.com/Axway/unified-catalog-integrations/blob/axwayTokenFromSA/utils/postman/Manage%20service%20accounts.postman_collection.json) collection in Postman.

2. Import the [AMPLIFY Environment configuration file](https://github.com/Axway/unified-catalog-integrations/blob/axwayTokenFromSA/utils/postman/AMPLIFY%20Central%20Production.postman_environment.json) in Postman.

3. For authentication, the APIs require OAuth2 implicit. To authenticate, go to Postman Collection, click on the "..." button and then select _Edit_.

<img src="https://github.com/Axway/unified-catalog-integrations/blob/master/images/PostmanAuthenticate.PNG" width="300" height="450" />

4. From the new screen, go to _Authorization_ and click on _Get New Access Token_. To authenticate use:
* Grant Type: `Implicit`
* Auth URL:`https://login.axway.com/auth/realms/Broker/protocol/openid-connect/auth?idpHint=360`
* Client ID: `apicentral`

<img src="https://github.com/Axway/unified-catalog-integrations/blob/master/images/GetAccessTokenPostman.PNG" width="600" height="400" />

Copy the access token. You will use this to set the Amplify Central Production environment variables.

5. Set the Amplify Central Production environment variables. From the top right corner, select the _AMPLIFY Central Production_ environment from the dropdown, and then click on the eye button next to the dropdown.
* Set the CURRENT VALUE for the **org_id**: Go to the Amplify platform, login with an account that is assigned the Administrator platform role, and copy the OrgID.
* Set the CURRENT VALUE for the **auth_token**: Copy and paste the access token from the previous step.

<img src="https://github.com/Axway/unified-catalog-integrations/blob/master/images/ConfigureEnvironmentPostman.PNG" width="600" height="400" />


6. Run the **Create Service Account of type SECRET** POST request. In the body payload, you could change the `serviceAccountName` to a value of your choice.

<img src="https://github.com/Axway/unified-catalog-integrations/blob/master/images/CreateServiceAccount.PNG" width="600" height="250" />

Save the **clientId** and **clientSecret** from the response which will be used in Integration Builder flow. Below is an example of the response body.

```json
{
"name": "amplify-integration",
"type": "DOSA",
"clientId": "DOSA_f0c4b70**********",
"clientAuthType": "SECRET",
"clientSecret": "07b*************",
"registrationToken": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3NjE5OGUwZS1lNTcz******",
"tokenUrl": "https://login.axway.com/auth/realms/Broker/protocol/openid-connect/token",
"aud": "https://login.axway.com/auth",
"realm": "Broker",
"certificate": {},
"metadata": {
"createTimestamp": "2020-07-01T20:24:02.059Z",
"createUserId": "e1add099-59da-40b6-b13f-912bfa816697",
"modifyTimestamp": "2020-07-01T20:24:02.059Z",
"modifyUserId": "e1add099-59da-40b6-b13f-912bfa816697"
}
}
```
After creating the Service Account, save the **clientId** and **clientSecret**.

### Step 2: Create a Service Principal in Azure API Management using the CLI
***
Expand Down Expand Up @@ -709,11 +634,15 @@ To verify if the CLI extension was successfully set, you can run: `axway central
**2. Configure extension**

Configure the extension prior to generating the resources.
You must be logged into the Axway Amplify Platform before uploading any generated resource files. You'll also need to setup a Service (DOSA) account. To find out how to create one, visit [Get started with Amplify CLI](https://docs.axway.com/bundle/axway-open-docs/page/docs/central/cli_getstarted/index.html).

# Getting started

You must be logged into the Axway Amplify Platform before uploading any generated resource files.
Refer to the Axway Central CLI [documentation](https://docs.axway.com/bundle/amplify-central/page/docs/integrate_with_central/cli_central/cli_install/index.html) for more information.

* Log in to the [Axway Amplify Platform](https://www.axway.com/en/products/amplify) using the following command:
```powershell
axway auth login --client-id <DOSA Service Account> --secret-file <private_key_for_service_account>
axway auth login --client-id <Service Account> --secret-file <private_key_for_service_account>
```
Example: `axway auth login --client-id DOSA_105cf15d051c432c8cd2e1313f54c2da --secret-file ~/test/private_key.pem`

Expand Down
12 changes: 2 additions & 10 deletions azure/azure-extension/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,17 +35,9 @@ $ axway central config set extensions.azure <path to where you installed module>

# Getting started

You must be logged into the Axway Amplify Platform before uploading any generated resource files. You'll also need to setup a Service (DOSA) account. To find out how to create one visit [Get started with Amplify CLI](https://docs.axway.com/bundle/axway-open-docs/page/docs/central/cli_getstarted/index.html). Log in to the [Axway Amplify Platform](https://www.axway.com/en/products/amplify) using the following command:
You must be logged into the Axway Amplify Platform before uploading any generated resource files.
Refer to the Axway Central CLI [documentation](https://docs.axway.com/bundle/amplify-central/page/docs/integrate_with_central/cli_central/cli_install/index.html) for more information.

```bash
$ axway auth login --client-id <DOSA Service Account> --secret-file <Private Key>
```

To see available help, options and examples add `-h` or `--help` option on any command:

```bash
$ axway auth logout -h
```

# General usage

Expand Down
4 changes: 2 additions & 2 deletions cicd/Jenkinsfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ pipeline {
defaultValue: params.CENTRAL_ENV_NAME ?: '')
string(
name: 'DOSA_CLIENT_ID',
description: 'Central DOSA Service account client Id. ',
description: 'Service Account client Id. ',
defaultValue: params.DOSA_CLIENT_ID ?: '')
string(
name: 'SPECIFICATION_URL',
Expand All @@ -69,7 +69,7 @@ pipeline {
name: 'DOSA_SECRET',
credentialType: 'org.jenkinsci.plugins.plaincredentials.impl.FileCredentialsImpl',
required: true,
description: 'DevOps Service Account secret key file to be used for managing Amplify Central resources. ',
description: 'Service Account secret key file to be used for managing Amplify Central resources. ',
defaultValue: params.DOSA_SECRET ?: '')

}
Expand Down
18 changes: 9 additions & 9 deletions cicd/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,16 +23,16 @@ We also download the specification file of petstore and add it in APIServiceRevi
- Node.js
- Axway cli
* AMPLIFY Central Provisioned Organization
* DOSA Service Account in AMPLIFY Central
* Service Account in AMPLIFY
* AMPLIFY Central Environment
* Github Account or Gitlab Account


### Configure the DOSA (Service Account) on AMPLIFY central
* Follow the below procedure to create DOSA (Service Account) step by generating the key pair.
https://docs.axway.com/bundle/axway-open-docs/page/docs/central/cli_central/cli_install/index.html
### Configure the (Service Account) on AMPLIFY central

* Create a new service account with generated public key. Make a note of the client-id, it will be used as an environment variable in the pipeline.
The Service Account can be created using the [Platform UI](https://docs.axway.com/bundle/platform-management/page/docs/management_guide/organizations/managing_organizations/index.html#managing-service-accounts) or the [Axway CLI](https://docs.axway.com/bundle/axwaycli-open-docs/page/docs/authentication/service_accounts/index.html)

After creating the Service Account with method Client Certificate, make a note of the client-id, it will be used as an environment variable in the pipeline.

### Create an Environment in AMPLIFY central

Expand Down Expand Up @@ -61,7 +61,7 @@ RUN npm install -g @axway/axway-cli
1. Download the pipeline folder files into your own github repository for which you want to publish in AMPLIFY Catalog.
In order to create a new github repository, please use this link https://help.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-new-repository

2. Encrypt the private key generated for the DOSA service account using the gpg.
2. Encrypt the private key generated for the service account using the gpg.
Refer: https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#limits-for-secrets
```bash
gpg --symmetric --cipher-algo AES256 private_key.pem
Expand Down Expand Up @@ -141,7 +141,7 @@ jobs:
SERVICE_HOST_BASEPATH: /v2
# Central Environment name used for creation of these resources.
CENTRAL_ENV_NAME: petstore-staging
# Central DOSA Service account client Id.
# Platform Service Account client Id.
DOSA_CLIENT_ID: DOSA_CLIENT_ID_VALUE
# User service specification url for fetching the swagger/oas3 etc. Used in the script
SPECIFICATION_URL: https://petstore.swagger.io/v2/swagger.json
Expand All @@ -158,7 +158,7 @@ jobs:
1. Download the pipeline folder files into your own gitlab repository for which you want to publish in AMPLIFY Catalog.
In order to create a new gitlab repository, please use this link https://docs.gitlab.com/ee/gitlab-basics/create-project.html
2. Add the DOSA secret key (DOSA_SECRET) in the gitlab variables as a file type. Eg: $DOSA_SECRET Refer the process here https://docs.gitlab.com/ee/ci/variables/README.html#create-a-custom-variable-in-the-ui
2. Add the Service Account secret key (DOSA_SECRET) in the gitlab variables as a file type. Eg: $DOSA_SECRET Refer the process here https://docs.gitlab.com/ee/ci/variables/README.html#create-a-custom-variable-in-the-ui
3. Copy the resources directory under cicd into your gitlab repository at root level.
4. Create a .gitlab-ci.yml file in the root directory. Setup the runner for your project. You can follow this link https://docs.gitlab.com/ee/ci/runners/ for setup.
5. Modify the details of each resource files in the resources folder depending on the project details if needed.
Expand Down Expand Up @@ -278,7 +278,7 @@ Command line parameters for the `create.sh` script:

| Name | Default value | Description |
|---------------------------|-------------------------------|---------------------------------------------------------------------------------------|
| -a or --auth-type | DOSA or web | The type if authentication used by the CLI |
| -a or --auth-type | SA or web | The type if authentication used by the CLI |
| -pk or --primary-key | ./private_key.pem | The location of the pem encoded private key if DOSA is used |
| -did or --dosa-id | NO_DEFAULT_VALUE | DOSA cline id if DOSA used for auth |
| -cen or --central-env-name| petstore-sample | The Environment resource name where AMPLIFY Catalog resources will be created |
Expand Down
Loading

0 comments on commit 8eff95a

Please sign in to comment.