Configuring IBM Cloud Automation Manager Provider in MCMP Portal

Prerequisites

Before configuring Cloud Automation Manager Provider in MCMP, you must meet these requirements:

Verifying Cloud Automation Manager Provider is enabled in Enterprise Marketplace

Cloud Automation Manager Provider must be enabled to create Cloud Automation Manager Provider accounts. Complete the following steps to verify that Cloud Automation Manager Provider is enabled in MCMP:

  1. Log in to the MCMP Portal with the Catalog Admin or Service Designer role.
  2. Click the Enterprise Marketplace link to go to Enterprise Marketplace.
  3. In Enterprise Marketplace, click the Open Menu icon and select Catalog Admin.
  4. On the Catalog Admin page, verify that IBM Cloud Private is listed.

If IBM Cloud Private is listed, then you can create Cloud Automation Manager Provider accounts. If not, you must configure Cloud Automation Manager as a provider.

Enabling Cloud Automation Manager as a provider in Enterprise Marketplace

  1. Clone the cb-consume-bootstrap repo from this link: https://github.ibm.com/cloudMatrix-CAM/cb-consume-bootstrap.
  2. Go to the Cloud Automation Manager directory.
  3. Run the setup_icamadapter.sh file with following arguments: A. cb_host: Enterprise Marketplace API gateway URL. B. icb_username: Enterprise Marketplace admin username. C. icb_apikey: Enterprise Marketplace admin user API key. D. team_code: Enterprise Marketplace admin team.

Creating Cloud Automation Manager Provider accounts in MCMP

Prerequisites

To create Cloud Automation Manager Provider accounts in MCMP, you must meet these requirements:

API: {{GATEWAY_HOST_URL}}/cam/tenant/api/v1/tenants/getTenantOnPrem Method: GET Headers: Enterprise Marketplace user name, Enterprise Marketplace API key Headers:

{
    Accept  : application/json
    username: Enterprise Marketplace username
    apikey  : Enterprise Marketplace user API key generated MCMP Portal
}

Sample payload response:

{
  "id": "tenant_id",
  "name": "ICP Account",
  "ownerId": "On_Prem",
  "wlpClientId": "clientId",
  "camVersion": "3.2.1.0",
  "namespaces": [
      {
          "name": "namespace1",
          "uid": "namespace1",
          "teamName": "namespace1"
      },
      {
        "name": "namespace2",
        "uid": "namespace2",
        "teamName": "namespace3"
    }

  ]
}

Creating Cloud Automation Manager Provider accounts

To create a Cloud Automation Manager Provider account, complete these steps:

  1. Log in to the portal with either the Team Setup Admin or System Admin role.
  2. Click the Admin Console link.
  3. On the User Access Management page, click the Open Menu icon.
  4. Click Provider Account.
  5. On the Account Management page, select New Asset Account.
  6. Select IBM Cloud Private.
  7. Fill in all the required fields for the account. For more information, see the “Field details” section.
  8. Click Apply Credentials.
  9. Click Create Account.

Field details

Field Details
Name Provide a unique name for the provider account.
Description (optional) Create a description for the provider account.
Cloud Automation Manager version Enter the proper Cloud Automation Manager version. If you do not know it, you can get the Cloud Automation Manager version from your Cloud Automation Manager UI.
ICP Team Enter all as a value in the field.
Cloud Automation Manager Endpoint URL Specify the gateway API URL for MCMP portal.
ICP Endpoint URL Enter NA as a value in the field.
Tenant ID Specify the Tenant ID you get from the API mentioned in the prerequisites. If you upgrade the Cloud Automation Manager instance in the future, you will also need to update the tenant ID because it will change after upgrade.
Namespace (cloudOE_spaceGuid) Specify the team's Team ID here for the Admin that that is creating the Cloud Automation Manager Provider account.
Proxy Flag Set the flag to False.
MCMP Flag Set the flag to True.
Add Credential Click Add Credential to open the Add Credential pane.
Credential name Provide a suitable name for your credential.
Purpose Select both purposes for your credential because the account will be used for on-boarding and provisioning.
Description (optional) Provide a suitable description for your credentials.
User Name Specify the Enterprise Marketplace user name.
Password Provide the Enterprise Marketplace user's API key.
Business Entities Select the team from the business entities listed.

Getting a team name and team ID in MCMP

To get a team name and team ID in MCMP, complete these steps:

  1. Log in to MCMP portal with the Team Setup Admin or System Admin role.
  2. Click the Admin Console link.
  3. On the User Access Management page, click Teams.
  4. Search for the team of the user you want to create a provider account for and get the team name and team ID.

Associating the Cloud Automation Manager Namespace context

You do not need to add the namespace in the Namespace field of the provider account. Instead, you assign namespaces to the Cloud Automation Manager Namespace context while adding credentials and team to the provider account. The Cloud Automation Manager Namespace context is created automatically. You just need to create values for that context.

With this design, multiple contexts can be added to a single provider account so that one provider account can be used to perform operations in Cloud Automation Manager for multiple namespaces. Users with the System Admin role can associate the Cloud Automation Manager Namespace context to Account, Buyer, Service Designer, and any Cloud Automation Manager-specific role.

Note: Context values of Cloud Automation Manager Namespace context will become namespaces in Cloud Automation Manager.

Associating the Cloud Automation Manager Namespace context with the provider account.

While you are adding credentials to the provider account, any context that you have created will be visible in the “Associate this credential with a business entity" section. Select the context to add the value from the drop-down to that context. After it is added, that context will be associated to that provider account.

Note: When a service is created in Cloud Automation Manager within a namespace, that service will be pushed to Enterprise Marketplace using the provider account that has the same namespace associated to it. If the namespace is not associated with the account, this pushing of the service will fail.

Associating the Cloud Automation Manager Namespace context with roles in a team

For any team added in the Enterprise Marketplace, if that team is added to the Cloud Automation Manager provider account in the Team context, then that team should be added with any Cloud Automation Manager role and the Cloud Automation Manager Namespace context associated with that role.

When the roles are associated with Cloud Automation Manager Namespace context, a user associated with that role can perform operations for any services in that name space. If it is 'ALL' it means that user will be able to perform for all the services irrespective of namespace. You might, for example, assign the Cloud Automation Manager Namespace 'ALL' value to the Cloud Automation Manager Operator role. Any user with that role can then access any namespace on Cloud Automation Manager. Other roles can be assigned a specific namespace value so they only have access to those namespaces.

Creating context value for Cloud Automation Manager Namespace in Enterprise Marketplace

To create context values for Cloud Automation Manager Namespace in Enterprise Marketplace, complete these steps:

  1. Log in to Enterprise Marketplace using a role with the proper permissions.
  2. Click the Context Type tab.
  3. Click the Actions menu (the vertical ellipsis) for the ICAM_Namespace and select Add Context Value.
  4. Enter an ID and Name for the new context value.
  5. Click Create to add the new context value to ICAM_Namespace.
  6. Repeat steps 3 to 5 for each context value that you want to add.

You can click the Actions menu for the context values to access these options: