Service definition onboarding for Helm
The service definition onboarding can be done via API commands.
The following sample shows how the service API and the action role mappings can be specified in the JSON format for a service, in this case sample-api:
-
Create the service API action roles JSON file:
The following sample is a service API action role mapping for the GET, PUT, POST, DELETE methods. Note the chartName, actions.id, and actions.roles:
action_role_sampleapi.json: { "chartName": "sample-api", "displayName": { "default": "sampleapi" }, "actions": [ { "id": "GET /sample-api/api/v1/repos", "displayName": { "default": "sampleapi.repos.get.allorsingular" }, "roles": [ "crn:v1:icp:private:iam::::role:ClusterAdministrator", "crn:v1:icp:private:iam::::role:CloudPakAdministrator", "crn:v1:icp:private:iam::::role:Administrator", "crn:v1:icp:private:iam::::role:Operator", "crn:v1:icp:private:iam::::role:Editor", "crn:v1:icp:private:iam::::role:Viewer" ] }, { "id": "PUT /sample-api/api/v1/repos", "displayName": { "default": "sampleapi.repos.put.updaterepo" }, "roles": [ "crn:v1:icp:private:iam::::role:ClusterAdministrator" ] }, { "id": "POST /sample-api/api/v1/repos", "displayName": { "default": "sampleapi.repos.post.addrepo" }, "roles": [ "crn:v1:icp:private:iam::::role:ClusterAdministrator" ] }, { "id": "DELETE /sample-api/api/v1/repos", "displayName": { "default": "sampleapi.repos.delete.removerepo" }, "roles": [ "crn:v1:icp:private:iam::::role:ClusterAdministrator" ] }], "enabled": true, "supportedAttributes": [ { "key": "string" }], "supportedRoles": [ { "id": "crn:v1:icp:private:iam::::role:ClusterAdministrator" }, { "id": "crn:v1:icp:private:iam::::role:CloudPakAdministrator" }, { "id": "crn:v1:icp:private:iam::::role:Administrator" }, { "id": "crn:v1:icp:private:iam::::role:Operator" }, { "id": "crn:v1:icp:private:iam::::role:Editor" }, { "id": "crn:v1:icp:private:iam::::role:Viewer" }] } -
Create or update the service API action roles:
PUT /acms/v1/services/SERVICE_NAME
Input: Replace the following in the curl command: ${ACCESS_TOKEN} ---> User access token ${MASTER_NODE_IP} ---> Master node ipaddress or VIP ipaddress in HA ${SERVICE_NAME} ---> New service name ${API_ACTION_ROLES_JSON_FILE} ---> API action roles json file name e.g., action_role_helmapi.json export API_ACTION_ROLES_JSON_FILE=action_role_helmapi.json export SERVICE_NAME=helmapi-service curl -k -X PUT -H 'Content-Type: application/json' -H 'Accept: application/json' -H "Authorization: Bearer ${ACCESS_TOKEN}" -d @${API_ACTION_ROLES_JSON_FILE} "https://${MASTER_NODE_IP}:8443/iam-pap/acms/v1/services/${SERVICE_NAME}" Response: {"name":"sampleapi-service","displayName":{"default":"sampleapi"},"actions":[{"id":"GET /sample-api/api/v1/repos","displayName":{"default":"sampleapi.repos.get.allorsingular"},"roles":["crn:v1:icp:private:iam::::role:ClusterAdministrator","crn:v1:icp:private:iam::::role:CloudPakAdministrator","crn:v1:icp:private:iam::::role:Administrator","crn:v1:icp:private:iam::::role:Operator","crn:v1:icp:private:iam::::role:Editor","crn:v1:icp:private:iam::::role:Viewer"]},{"id":"PUT /sample-api/api/v1/repos","displayName":{"default":"sampleapi.repos.put.updaterepo"},"roles":["crn:v1:icp:private:iam::::role:ClusterAdministrator"]},{"id":"POST /sample-api/api/v1/repos","displayName":{"default":"sampleapi.repos.post.addrepo"},"roles":["crn:v1:icp:private:iam::::role:ClusterAdministrator"]},{"id":"DELETE /sample-api/api/v1/repos","displayName":{"default":"sampleapi.repos.delete.removerepo"},"roles":["crn:v1:icp:private:iam::::role:ClusterAdministrator"]},"platformExtensions":{"supportedAttributes":[{"key":"accountId"},{"key":"serviceName"}],"supportedRoles":[]},"links":{"href":"https://9.30.255.32:8443/acms/v1/services/sampleapi-service","link":"self"}}