Connecting to your custom attribute provider

After you create a custom attribute provider API server, you must connect IBM Cloud Pak for Data to the custom attribute provider.

Who needs to complete this task?
To complete this task, you must be either:
  • A cluster administrator
  • An instance administrator
When do you need to complete this task?

Complete this task if you want to use a custom attribute provider to automatically append attributes to a user's Cloud Pak for Data user profile.

Before you begin

Best practice: You can run many of the commands in this task exactly as written if you set up environment variables for your installation. For instructions, see Setting up installation environment variables.

Ensure that you source the environment variables before you run the commands in this task.

You must have an existing custom attribute provider API server.

Procedure

To connect to your custom attribute provider, complete the following steps:

  1. Set the following environment variables:
    1. Set the CONFIGMAP_NAME environment variable to the name you want to use to identify the configuration.

      The following example uses the recommended name, cpd-custom-attribute-provider-extension:

      export CONFIGMAP_NAME=cpd-custom-attribute-provider-extension
    2. Set the API_SERVER_URL environment variable to the URL of the custom attribute provider: 
      export API_SERVER_URL=<URL>
    3. Set the DISPLAY_NAME environment variable to the display name you want to use to identify the configuration in the database where Cloud Pak for Data metadata is stored. 
      export DISPLAY_NAME="Custom Attribute Provider"
  2. Create an attribute_provider extension:
    The API server does not require any authentication 
    cat <<EOF |oc apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    icpdata_addon: "true"
  name: ${CONFIGMAP_NAME}
  namespace: ${PROJECT_CPD_INST_OPERANDS}
data:
  extensions: |
    [
      {
        "extension_point_id": "attribute_provider",
        "extension_name": "custom_attribute_provider"
        "display_name": "${DISPLAY_NAME}",
        "order_hint": 600,
        "details": {
          "url": "${API_SERVER_URL}"
        }
      }
    ]
EOF
    The API server requires a bearer token for authentication 
    cat <<EOF |oc apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    icpdata_addon: "true"
  name: ${CONFIGMAP_NAME}
  namespace: ${PROJECT_CPD_INST_OPERANDS}
data:
  extensions: |
    [
      {
        "extension_point_id": "attribute_provider",
        "extension_name": "custom_attribute_provider"
        "display_name": "${DISPLAY_NAME}",
        "order_hint": 600,
        "details": {
          "url": "${API_SERVER_URL}"
          "secretTokenKey": "custom_attribute_provider_token"
        }
      }
    ]
EOF
    The API server requires a TLS certificate for authentication 
    cat <<EOF |oc apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    icpdata_addon: "true"
  name: ${CONFIGMAP_NAME}
  namespace: ${PROJECT_CPD_INST_OPERANDS}
data:
  extensions: |
    [
      {
        "extension_point_id": "attribute_provider",
        "extension_name": "custom_attribute_provider"
        "display_name": "${DISPLAY_NAME}",
        "order_hint": 600,
        "details": {
          "url": "${API_SERVER_URL}"
          "secretCertificateKey": "custom_attribute_provider_certificate"
        }
      }
    ]
EOF
    The API server requires a bearer token and TLS certificate for authentication 
    cat <<EOF |oc apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    icpdata_addon: "true"
  name: ${CONFIGMAP_NAME}
  namespace: ${PROJECT_CPD_INST_OPERANDS}
data:
  extensions: |
    [
      {
        "extension_point_id": "attribute_provider",
        "extension_name": "custom_attribute_provider"
        "display_name": "${DISPLAY_NAME}",
        "order_hint": 600,
        "details": {
          "url": "${API_SERVER_URL}"
          "secretCertificateKey": "custom_attribute_provider_certificate"
          "secretTokenKey": "custom_attribute_provider_token"
        }
      }
    ]
EOF
  3. If your API server requires authentication, set the following environment variables:
    1. If your API server requires a bearer token for authentication, set the BEARER_TOKEN environment variable to the value of the bearer token: 
      export BEARER_TOKEN=<bearer-token>
    2. If your API server requires a TLS certificate for authentication, set the TLS_CERTIFICATE environment variable to the fully qualified name of the TLS certificate: 
      export TLS_CERTIFICATE=<fully-qualified-tls-certificate-name>
  4. Create a secret named zen-ext-attribute-provider-secret:
    The API server does not require any authentication 
    oc create secret generic zen-ext-attribute-provider-secret \
-n ${PROJECT_CPD_INST_OPERANDS}
    The API server requires a bearer token for authentication 
    oc create secret generic zen-ext-attribute-provider-secret \
-n ${PROJECT_CPD_INST_OPERANDS} \
--from-literal=custom_attribute_provider_token=${BEARER_TOKEN}
    The API server requires a TLS certificate for authentication 
    oc create secret generic zen-ext-attribute-provider-secret \
-n ${PROJECT_CPD_INST_OPERANDS} \
--from-file=custom_attribute_provider_certificate=${TLS_CERTIFICATE}
    The API server requires a bearer token and TLS certificate for authentication 
    oc create secret generic zen-ext-attribute-provider-secret \
-n ${PROJECT_CPD_INST_OPERANDS} \
--from-literal=custom_attribute_provider_token=${BEARER_TOKEN} \
--from-file=custom_attribute_provider_certificate=${TLS_CERTIFICATE}

What to do next

Now that you've connected IBM Cloud Pak for Data to your custom attribute provider, you're ready to complete Specifying which custom attributes to use in IBM Cloud Pak for Data.