Configuring IBM Cloud App ID From the Toolchain
Recently, while refreshing our Cloud Insurance Co. demo, we replaced our own database-backed user management with Cloud Directory of IBM Cloud App ID. The change was seamless, and most users didn’t notice. There are several ways that the App ID can be customized. Because the microservices are deployed using IBM Cloud Continuous Delivery, we needed to configure App ID during the automatic toolchain-based deployment. In the following, I am going to give an overview of how to configure IBM Cloud App ID from the toolchain.
Cloud Insurance Co. Architecture
The whole Cloud Insurance Co. demo consists of several IBM Cloud services and functions implemented as microservices. The entire solution can be deployed via toolchain with the press of a single button. Users are taken to a browser-based configuration wizard. There, they pick GitHub repository names and decide which repository features get enabled. In a second step, they will specify app names and choose the code branch that gets deployed. Once the toolchain is created, it creates all the necessary objects, instantiates Cloud services, and deploys the apps.
Deploy and configure App ID
The App ID service is used for the insurance web portal to identify and authenticate users. The common central toolchain calls the deploy script for the insurance web portal. In that script, the services for the portal, including App ID, are created. The individual services are then set up.
To configure App ID, the tenant identifier and the related management URL are needed. Additionally, for authentication, an IAM (Identity and Access Management) OAuth token is required. The deploy script uses the IBM Cloud CLI to perform the necessary steps. It logs into IBM Cloud, extracts the tenant ID and management URL from the App ID service key, and creates a new access token. Then it executes the “curl” command to configure App ID using its API. The configuration is taken from a JSON file. Here is the simplified version of the relevant parts in the deploy script.
We recently replaced our own user management with an off-the self-solution, IBM Cloud App ID. Everything was seamless, and most users didn’t notice any changes. After some investigation, we found that App ID can be easily configured from the toolchain, and it fits nicely in with the existing continuous delivery process.