BarAuth type

Use the BarAuth type to create configurations that contain credentials for connecting to an external repository system that stores one or more BAR files that you want to deploy to an integration server. This configuration is useful if you have set up continuous integration and continuous delivery (CI/CD) pipelines to automate and manage your DevOps processes, and would like to directly reference BAR files in your repository management system for deployment.

Note: Only JFrog Artifactory has been tested as an external file repository system, but alternative repository systems that use HTTPS and basic authentication are anticipated to work.

Summary of key details for the configuration type

File name or type Contains secrets Path extracted/imported to Maximum allowed per integration server

JSON content is extracted to /home/aceuser/secrets/

Any CA certificates are extracted to /home/aceuser/barurlendpoint


About the BarAuth file

The BarAuth type requires a JSON file that contains credentials for connecting to an HTTPS endpoint where one or more BAR files are stored.

These BAR files can be referenced in a comma-separated list within the Bar URL field or corresponding spec.barURL parameter when creating an integration server from the App Connect Dashboard, the Red Hat® OpenShift® web console or CLI, or the CLI for a Kubernetes environment. The same credentials must apply for all of the BAR files that you reference for deployment to an integration server.

You can apply only one configuration of type BarAuth to an integration server. However, multiple integration servers can use a BarAuth configuration object to connect to the same endpoint.

The credentials required to connect to an external repository are dependent on the type of security that is configured for the endpoint. Connections are supported to endpoints that require basic authentication credentials, endpoints that use certificates that are self-signed or issued by a corporate or trusted certificate authority (CA), or endpoints that require no authentication.

To specify credentials for connecting to an external repository where the BAR files are stored, complete the following steps:
  1. Define the JSON content that will be used to establish your preferred connection:
    • If the endpoint requires no authentication, specify a blank username and password in JSON format in a text editor:
    • If the endpoint is secured with basic authentication, specify a valid username and password in JSON format in a text editor:

      If you are using basic authentication that requires a user name with an API key as the password, you can specify the API key as the myPassword value.

      If you are connecting to an endpoint that uses a certificate from a trusted CA, you can connect by using basic authentication without the need to specify any certificate details.

    • If you want to ignore all certificate errors from the endpoint, include the insecureSsl: true setting in the JSON content in a text editor:
    • If the endpoint is secured by a certificate that is self-signed or issued by a corporate CA, use a caCert setting to provide the actual certificate. To specify the certificate content in a JSON-compliant format, you must remove any line breaks from the certificate by converting it to a single line.
      1. Use your preferred method to convert the certificate content to a single line. In the following example, the awk command is used to replace any hidden newline characters in a certificate file (named caCert.pem) with the end-of-line terminator (\n). The resulting output displays the certificate content as a single line.
        awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' caCert.pem
      2. In a text editor, add the following JSON content with a caCert value that specifies the single-line output for the certificate content:
        {"authType":"BASIC_AUTH","credentials":{"username":"myUsername","password":"myPassword","caCert":"-----BEGIN CERTIFICATE-----\nThisText\nREPRESENTSa\nVERYlongSringOfCharactersINa\nSingleLine\n-----END CERTIFICATE-----\n"}}
    • If the endpoint is secured by a certificate that is self-signed or issued by a corporate CA, supply the certificate in a secret if preferred by using a caCertSecret setting:
      1. To create the secret, complete the following steps:
        1. From your local computer, create and then save a YAML file (for example, certsecret_cr.yaml) with the following content, where:
          • is a unique name for the secret.
          • metadata.namespace is the namespace in which you want to create the secret and where the integration server will also be deployed.
          • is used to specify the certificate content.
          • type identifies the secret type, which must be
          kind: Secret
          apiVersion: v1
            name: mycaCertSecret
            namespace: namespaceName
            ca.crt: >-
            tls.crt: ''
            tls.key: ''
        2. From the command line, log in to your Red Hat OpenShift cluster by using the oc login command.
        3. Run the following command to create the secret. (Use the name of the .yaml file that you created.)
          oc apply -f certsecret_cr.yaml
      2. In a text editor, add the following JSON content with a caCertSecret value that specifies the name of the secret (that is, the value) that you created:
  2. Save the completed file as filename.json and then close it.

After you create the configuration, ensure that its check box is selected in the configurations table.

When you deploy the integration server, the .json file will be extracted into the default configuration directory /home/aceuser/secrets/, and any CA certificates that you specify in the credentials are extracted to: /home/aceuser/barurlendpoint.

Creating a configuration for the BarAuth type by using the configuration panel

You can create a BarAuth-type configuration while creating an integration server, or independently, as follows:

  1. From the Configuration page (accessed by clicking the Configuration icon Configuration icon), or the Configuration panel of an integration server that you are creating, click Create configuration. For more information about this page or panel, see Managing configuration objects from the Configuration page.
  2. From the Create configuration panel, select BarAuth from the Type list.
  3. In the Name field, specify a name for this configuration.
  4. In the Description field, specify text that might help you identify the integration server for which authentication credentials are configured, or the HTTPS endpoint that the credentials relate to.
    Create configuration panel
  5. Complete the BarAuth section by completing either of the following steps:
    • Copy the contents of your .json file and then paste it into the BarAuth text editor.
      BarAuth text editor with pasted contents
    • Import your .json file from your file system:
      1. Click the Import barauth file icon Import icon.
      2. Click within the boxed area to select the file from a file browser, or drag-and-drop the file.
        Import barauth view

        The name of the imported file is displayed.

      3. If you want to view the file contents, click View file contents to return to the text editor.
        BarAuth text editor with imported contents
    Tip: For security reasons, the password in the .json content that you add is available only as a REDACTED value after you create the configuration.
  6. Click Create. The configuration is added to the configurations table and can be selected for use with an integration server.

Updating or deleting a configuration

If you need to update the content or settings in a configuration, or delete a configuration that's no longer required, see Managing configuration objects from the Configuration page.