As part of the IBM App Connect Operator 8.1.0 release and its associated 12.0.8.0-r2 operand, we are introducing the ability for an integration runtime to be configured with a vault and associated vault key. One of the main use cases this enables is the ability to easily deploy app connect flows that use the discovery connectors. For further information on what a vault is and how it can be used please refer to https://www.youtube.com/watch?v=x78V_8k1P-M
Example Flow
This example is based on the tutorial called "Discovery Connector - Using the Slack Request node". This sample is based around a simple RestAPI which on on the receipt of a POST sent a message to Slack.
Once you have followed the tutorial and successfully tested the flows we can now deploy this flow into a containerised environment.
Export a barflie which contains the RestAPI and Policy. In this example we have called this slackApplication.bar
Vault Configuration
Using a command line navigate to the location of your test IntegrationServer workdir config directory i.e. <workspace>/TEST_SERVER/config.
Create a zip of your vault by running "zip -r vault.zip vault"
Create a configuration of type "vault", first by creating a secret with the vault.zip and then a configuration that references it.
Run the following command to create the secret "oc create secret generic vault -n ace --from-file=configuration=<workspace>/TEST_SERVER/config/vault.zip"
Create a configuration that references the secret above by deploying the following vault.yaml
apiVersion: appconnect.ibm.com/v1beta1
kind: Configuration
metadata:
name: vault
namespace: ace
spec:
type: vault
description: Credentials vault for slack
secretName: vault
VaultKey Configuration
Next we can create the configuration of type "vaultkey", first by creating a secret with the vault.zip and then a configuration that references it.
Run the following command to create the secret "oc create secret generic vaultkey -n ace --from-literal=configuration=<vaultkey>" where <vaultkey> is your vault key
Create a configuration that references the secret above by deploying the following vaultkey.yaml
apiVersion: appconnect.ibm.com/v1beta1
kind: Configuration
metadata:
name: vaultkey
namespace: ace
spec:
type: vaultkey
description: key for vault for slack
secretName: vaultkey
Bar file upload
Next you must either upload your barflies to a dashboard using Dashboard UI or push it to an external repository and configure a bar-auth configuration. For more information on the latter please refer to IBM App Connect Operator: [“What’s New?”] Running IntegrationServers using bar files stored in external endpoints
In this example the barflie has been pushed to the dashboard and the BarURL obtained i.e. https://db-01-quickstart-dash.ace:3443/v1/directories/SlackApplication?162ede4a-b217-4de0-8594-2797be6b730e
IntegrationRuntime
Create an instance of an IntegrationRuntime which references your configurations create above and bar file. Below is an example yaml
apiVersion: appconnect.ibm.com/v1beta1
kind: IntegrationRuntime
metadata:
name: slackpost
namespace: ace
spec:
license:
accept: true
license: L-MJTK-WUU8HE
use: AppConnectEnterpriseNonProductionFREE
version: '12.0'
barURL:
- https://db-01-quickstart-dash.ace:3443/v1/directories/SlackApplication?162ede4a-b217-4de0-8594-2797be6b730e
configurations:
- vault
- vaultkey
Testing
You can now run the test application. To find out the URL of the application you can either
* Use `oc get ir slackpost` which will list the base URL for the integration runtime.
* Use the ACE dashboard to view the endpoint of the application
Once you have the base URL you can build a test command such as `curl -X POST <baseURL>/ExampleSlackFlow --data '{"text":"This is a message from your App Connect Enterprise message flow from ACEccMT"}'.
If successful it should return back the text and it will also post the message to slack such as
