BarAuth type
Use the BarAuth
type to create configurations that
contain credentials for connecting to an external repository system that stores one or more BAR
files that you want to deploy to an integration server. This configuration is useful if you have set
up continuous integration and continuous delivery (CI/CD) pipelines to automate and manage your
DevOps processes, and would like to directly reference BAR files in your repository management
system for deployment.
Summary of key details for the configuration type
File name or type | Contains secrets | Path extracted/imported to | Maximum allowed per integration server |
---|---|---|---|
JSON | Yes |
JSON content is extracted to /home/aceuser/secrets/ Any CA certificates are extracted to /home/aceuser/barurlendpoint |
1 |
Creating the file for a configuration object of type BarAuth
The BarAuth
type requires a JSON file that contains credentials for connecting
to an HTTPS endpoint where one or more BAR files are stored.
These BAR files can be referenced in a comma-separated list within the Bar URL field or corresponding spec.barURL parameter when creating an integration server from the App Connect Dashboard, the Red Hat® OpenShift® web console or CLI, or the CLI for a Kubernetes environment. The same credentials must apply for all of the BAR files that you reference for deployment to an integration server.
You can apply only one configuration of type BarAuth
to an integration server.
However, multiple integration servers can use a BarAuth
configuration object to
connect to the same endpoint.
The credentials required to connect to an external repository are dependent on the type of security that is configured for the endpoint. Connections are supported to endpoints that require basic authentication credentials, endpoints that use certificates that are self-signed or issued by a corporate or trusted certificate authority (CA), or endpoints that require no authentication.
- Define the JSON content that will be used to establish your preferred connection:
- If the endpoint requires no authentication, specify a blank username and password in JSON format
in a text editor:
{"authType":"BASIC_AUTH","credentials":{"username":"","password":""}}
- If the endpoint is secured with basic authentication, specify a valid username and password in
JSON format in a text editor:
{"authType":"BASIC_AUTH","credentials":{"username":"myUsername","password":"myPassword"}}
Note:If you are using basic authentication that requires a user name with an API key as the password, you can specify the API key as the myPassword value.
If you are connecting to an endpoint that uses a certificate from a trusted CA, you can connect by using basic authentication without the need to specify any certificate details.
- If you want to ignore all certificate errors from the endpoint, include the
insecureSsl: true
setting in the JSON content in a text editor:{"authType":"BASIC_AUTH","credentials":{"username":"myUsername","password":"myPassword","insecureSsl":"true"}}
- If the endpoint is secured by a certificate that is self-signed or issued by a corporate CA, use
a
caCert
setting to provide the actual certificate. To specify the certificate content in a JSON-compliant format, you must remove any line breaks from the certificate by converting it to a single line.- Use your preferred method to convert the certificate content to a single line. In the following
example, the awk command is used to replace any hidden newline characters in a
certificate file (named caCert.pem) with the end-of-line terminator
(
\n
). The resulting output displays the certificate content as a single line.awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' caCert.pem
- In a text editor, add the following JSON content with a
caCert
value that specifies the single-line output for the certificate content:{"authType":"BASIC_AUTH","credentials":{"username":"myUsername","password":"myPassword","caCert":"-----BEGIN CERTIFICATE-----\nThisText\nREPRESENTSa\nVERYlongSringOfCharactersINa\nSingleLine\n-----END CERTIFICATE-----\n"}}
- Use your preferred method to convert the certificate content to a single line. In the following
example, the awk command is used to replace any hidden newline characters in a
certificate file (named caCert.pem) with the end-of-line terminator
(
- If the endpoint is secured by a certificate that is self-signed or issued by a corporate CA,
supply the certificate in a secret if preferred by using a
caCertSecret
setting:- To create the secret, complete the following steps:
- From your local computer, create and then save a YAML file (for example,
certsecret_cr.yaml) with the following content, where:
- metadata.name is a unique name for the secret.
- metadata.namespace is the namespace in which you want to create the secret and where the integration server will also be deployed.
- data.ca.crt is used to specify the certificate content.
- type identifies the secret type, which must be
kubernetes.io/tls
.
kind: Secret apiVersion: v1 metadata: name: mycaCertSecret namespace: namespaceName data: ca.crt: >- LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtekNDQW9PZ0F3SUJBZ0lVYkhqWkw3MC9RczQyaW9tQUdJbElSYXNuTGpzd0RRWUpLb1pJaHZjTkFRRUwKQl FBd1hURUxNQWtHQTFVRUJoTUNWVXN4RURBT0JnTlZCQWdNQjBoMWNuTnNaWGt4RURBT0JnTlZCQWNNQjBoMQpjbk5zWlhreEREQUtCZ05WQkFvTUEwbENUVEVjTUJvR0NT cUdTSWIzRFFFSkFSWU5hR1Z5WlVCMGFHVnlaUzV2CmJUQWVGdzB5TVRBMU1EY3hNREF3TWpWYUZ3MHlOakExTURZeE1EQXdNalZhTUYweEN6QUpCZ05WQkFZVEFsVkwKTV JBd0RnWURWUVFJREFkSWRYSnpiR1Y1TVJBd0RnWURWUVFIREFkSWRYSnpiR1Y1TVF3d0NnWURWUVFLREFOSgpRazB4SERBYUJna3Foa2lHOXcwQkNRRVdEV2hsY21WQWRH aGxjbVV1YjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCCkFRVUFBNElCRHdBd2dnRUtBb0lCQVFERENLVk1qdzdoMzVHOFFrVTh2cXRuc08wbGs4YWFSUGxpNHBWVENZSjUKZm 9udmR4bmREa3dNRmxYZjBlNmdaMnFpMXJFSy9sLzJqZ1cxdWhjYnliZFdaSEt4OWp3dlJmUFNpekpFQnZlLwpKSmRSN3VDa2tHUmpsRVd1R0hFaU5WeGFQeHJoVXVHMFRLc 21WRVRsNGIva3dEUmR2MlRjYnhaZUFGY09uRTRhCmk2Rkd0U3pRUnhYT3ViZWtmaE5jdzdOdmd2dTdUOE16cU1UcWhlSFJoMmF5UGJpNEIzWC9aYmo3TmJYcVR2RjUKRDE2 VWYvZGR3ejVVV1Jrdk4xa25UTmdrTkp2ZjA4T2gzU2ZqQUUyaUo1eGxJMUdJR2J0eHdVT1o0bWlCZWZZaQovdk9YQlVic1dFZWxvRmFSdVlya0cwNm9KNGhaUXlqWlE3VlJ 0Q3RBcHdlbkFnTUJBQUdqVXpCUk1CMEdBMVVkCkRnUVdCQlIwcm0zWUdNNU5KRUlSOVJ2bGRzMHRScE9mM0RBZkJnTlZIU01FR0RBV2dCUjBybTNZR001TkpFSVIKOVJ2bG RzMHRScE9mM0RBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFDbQo3clhUd3YzMkFNVEJQaUtqSnJFdytUS2ljUExSdmpsZnY4UmlzM UdDV0tBSnlOVG1CWDJOQkdMOFdpbW1ZZ0thCk1mM3VHNUh4NHI4cklsUTVnNUdCV2JvQldQN29vK05LbmMrRHNjTkVBS3I1aWFYNTV3dGxSOWhvTjg1TTlMdlIKYXhqcFRqT WRzQW85cms5Q3QvakJIQ2pyM3pUUWtjMUswMC82M3Vqa20vamYveWNoWEJyQ1BUeTBJd20zazhobgpzUTZTRzBrNnRGakw5SG51TnhTNjdBT2ZSaldhRnRXSnNJWnprRS80c XhrY1FRbGJlclgyU1N3VXNDT0Q4RkNRClF3MVpjQnRVNTFrdkxEam1EdFJkRGlsbmp2b0krdE1CUWxlNDcrYmFIQS8xWjFlOTV5bmE3cTRtdG5VTkt1RkgKMkRGS3dyYUxjU XFRVmVUMUZhL0kKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== tls.crt: '' tls.key: '' type: kubernetes.io/tls
- From the command line, log in to your Red Hat OpenShift cluster by using the oc login command.
- Run the following command to create the secret. (Use the name of the .yaml
file that you created.)
oc apply -f certsecret_cr.yaml
- From your local computer, create and then save a YAML file (for example,
certsecret_cr.yaml) with the following content, where:
- In a text editor, add the following JSON content with a
caCertSecret
value that specifies the name of the secret (that is, the metadata.name value) that you created:{"authType":"BASIC_AUTH","credentials":{"username":"myUsername","password":"myPassword","caCertSecret":"mycaCertSecret"}}
- To create the secret, complete the following steps:
- If the endpoint requires no authentication, specify a blank username and password in JSON format
in a text editor:
- Save the completed file as filename.json and then close it.
After you create the file, you can use it to create a configuration object as described in Configuration reference: Creating an instance from the Red Hat OpenShift web console and Creating an instance from the Red Hat OpenShift CLI.