From a2cbded91371260f2c6332e36702688e726cfb88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Thu, 27 Jun 2019 17:29:50 +0200 Subject: [PATCH] first pipeline --- README.md | 15 ++ SETUP.md | 63 +++++++ saas-usecase-apikey/README.md | 21 +++ saas-usecase-apikey/env-saas.yaml | 35 ++++ saas-usecase-apikey/pipeline.yaml | 265 ++++++++++++++++++++++++++++++ 5 files changed, 399 insertions(+) create mode 100644 README.md create mode 100644 SETUP.md create mode 100644 saas-usecase-apikey/README.md create mode 100644 saas-usecase-apikey/env-saas.yaml create mode 100644 saas-usecase-apikey/pipeline.yaml diff --git a/README.md b/README.md new file mode 100644 index 0000000..5aab3ec --- /dev/null +++ b/README.md @@ -0,0 +1,15 @@ +# Deploy APIs with the 3scale_toolbox and Tekton + +This repository holds code samples to showcase the use of the [3scale toolbox](https://github.com/3scale/3scale_toolbox) to automate the delivery of APIs using Tekton. + +## Usecases + +| Usecase | Security | Target | Notes | +|-------------------------------------------------|---------------------|----------------------------------|---------------------| +| [SaaS - API Key](saas-usecase-apikey/) | API Key | SaaS | - | + +## Setup + +Before you can deploy the provided pipelines, you will need to setup your environment accordingly. + +**Follow the [SETUP guide](SETUP.md).** diff --git a/SETUP.md b/SETUP.md new file mode 100644 index 0000000..e6736a1 --- /dev/null +++ b/SETUP.md @@ -0,0 +1,63 @@ +# Environment Setup + +## Pre-requisites + +- OpenShift Cluster +- Linux or Mac Workstation +- [3scale SaaS Tenant](https://www.3scale.net/signup) + +## 3scale SaaS Environment + +- Go to your 3scale SaaS Admin console +- [Generate a new Access Token](https://access.redhat.com/documentation/en-us/red_hat_3scale/2-saas/html/accounts/tokens) that has **write access** to the **Account Management API** +- Save the generated access token for later use: + +```sh +export SAAS_ACCESS_TOKEN=123...456 +``` + +- Save the name of your 3scale tenant (the string before `-admin.3scale.net` in your Admin Console) for later use + +```sh +export SAAS_TENANT=nmasse-redhat +``` + +- Navigate to **Audience** > **Accounts** > **Listing** +- Click on **Developer** +- Saver the **Developer** Account ID that is the last part of the URL (after **/buyers/accounts/**) + +```sh +export SAAS_DEVELOPER_ACCOUNT_ID=2445582535751 +``` + +## Install Tekton + +Create an OpenShift project to hold all your artefacts: + +```sh +oc project api-lifecycle +``` + +Save the name of the project for later use: + +```sh +export TEKTON_NAMESPACE=api-lifecycle +``` + +Install Tekton: + +```sh +oc new-project tekton-pipelines +oc adm policy add-scc-to-user anyuid -z tekton-pipelines-controller +oc apply --filename https://storage.googleapis.com/tekton-releases/latest/release.yaml +``` + +## Generate the 3scale toolbox secret + +- First, [install the 3scale toolbox locally](https://github.com/3scale/3scale_toolbox#installation). +- Then, create a secret that contains all your [3scale remotes](https://github.com/3scale/3scale_toolbox/blob/master/docs/remotes.md): + +```sh +3scale remote add 3scale-saas "https://$SAAS_ACCESS_TOKEN@$SAAS_TENANT-admin.3scale.net/" +oc create secret generic 3scale-toolbox -n "$TEKTON_NAMESPACE" --from-file="$HOME/.3scalerc.yaml" +``` diff --git a/saas-usecase-apikey/README.md b/saas-usecase-apikey/README.md new file mode 100644 index 0000000..6111965 --- /dev/null +++ b/saas-usecase-apikey/README.md @@ -0,0 +1,21 @@ +# Usecase "SaaS - API Key": Deploy a simple API on 3scale SaaS + +In this usecase, a [Tekton pipeline](pipeline.yaml) will deploy an API described by an [OpenAPI Specification file](swagger.yaml) on a 3scale SaaS instance. The API is secured using API Keys as described in the OAS. + +## Pre-requisites + +Make sure you completed the [SETUP guide](../SETUP.md). + +## Installation + +Deploy the pipeline: + +```sh +oc apply -f saas-usecase-apikey/pipeline.yaml +``` + +## Deployment + +```sh +m4 -D__SAAS_DEVELOPER_ACCOUNT_ID__=$SAAS_DEVELOPER_ACCOUNT_ID < saas-usecase-apikey/env-saas.yaml | oc apply -f - +``` diff --git a/saas-usecase-apikey/env-saas.yaml b/saas-usecase-apikey/env-saas.yaml new file mode 100644 index 0000000..491429d --- /dev/null +++ b/saas-usecase-apikey/env-saas.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: tekton.dev/v1alpha1 +kind: PipelineResource +metadata: + name: skaffold-git +spec: + type: git + params: + - name: revision + value: master + - name: url + value: https://github.com/nmasse-itix/3scale-toolbox-tekton.git +--- +apiVersion: tekton.dev/v1alpha1 +kind: PipelineRun +metadata: + name: deploy-api +spec: + pipelineRef: + name: deploy-api + params: + - name: targetSystemName + value: test + - name: destination + value: 3scale-saas + - name: secretName + value: 3scale-toolbox + - name: pathToOpenAPI + value: saas-usecase-apikey/swagger.yaml + - name: developerAccountID + value: "__SAAS_DEVELOPER_ACCOUNT_ID__" + resources: + - name: api-artefacts + resourceRef: + name: skaffold-git diff --git a/saas-usecase-apikey/pipeline.yaml b/saas-usecase-apikey/pipeline.yaml new file mode 100644 index 0000000..c1809d9 --- /dev/null +++ b/saas-usecase-apikey/pipeline.yaml @@ -0,0 +1,265 @@ +--- +apiVersion: tekton.dev/v1alpha1 +kind: Task +metadata: + name: import-openapi +spec: + inputs: + resources: + - name: api-artefacts + type: git + params: + - name: pathToOpenAPI + description: The path to the dockerfile to build + default: /workspace/api-artefacts/openapi-spec.yaml + - name: destination + description: The name of the 3scale_toolbox remote + - name: privateBaseURL + description: The URL of the API Backend + default: http://echo-api.3scale.net + - name: systemName + description: The system_name of the service to create + default: api + - name: secretName + description: Name of the secret containing the 3scale_toolbox remotes list + steps: + - name: import-openapi + image: nmasse/3scale-toolbox:master + env: + - name: "HOME" + value: "/config" + command: + - 3scale + args: + - import + - openapi + - -d + - ${inputs.params.destination} + - ${inputs.params.pathToOpenAPI} + - --override-private-base-url=${inputs.params.privateBaseURL} + - --target_system_name=${inputs.params.systemName} + volumeMounts: + - name: "toolbox-config" + mountPath: /config + volumes: + - name: toolbox-config + secret: + secretName: ${inputs.params.secretName} +--- +apiVersion: tekton.dev/v1alpha1 +kind: Task +metadata: + name: apply-application-plan +spec: + inputs: + resources: + - name: api-artefacts + type: git + params: + - name: destination + description: The name of the 3scale_toolbox remote + - name: secretName + description: Name of the secret containing the 3scale_toolbox remotes list + - name: serviceSystemName + description: The system_name of the service + - name: systemName + description: The system_name of the plan to create + - name: name + description: The name of the plan to create + steps: + - name: apply-application-plan + image: nmasse/3scale-toolbox:master + env: + - name: "HOME" + value: "/config" + command: + - 3scale + args: + - application-plan + - apply + - ${inputs.params.destination} + - ${inputs.params.serviceSystemName} + - ${inputs.params.systemName} + - --name=${inputs.params.name} + volumeMounts: + - name: "toolbox-config" + mountPath: /config + volumes: + - name: toolbox-config + secret: + secretName: ${inputs.params.secretName} +--- +apiVersion: tekton.dev/v1alpha1 +kind: Task +metadata: + name: apply-application +spec: + inputs: + params: + - name: destination + description: The name of the 3scale_toolbox remote + - name: secretName + description: Name of the secret containing the 3scale_toolbox remotes list + - name: serviceSystemName + description: The system_name of the service + - name: planSystemName + description: The system_name of the application plan + - name: name + description: The name of the application to create + - name: description + description: The description of the application to create + - name: userKey + description: The API Key of the Application + - name: account + description: The Application's account ID + steps: + - name: apply-application + image: nmasse/3scale-toolbox:master + env: + - name: "HOME" + value: "/config" + command: + - 3scale + args: + - application + - apply + - ${inputs.params.destination} + - ${inputs.params.userKey} + - --service=${inputs.params.serviceSystemName} + - --plan=${inputs.params.planSystemName} + - --name=${inputs.params.name} + - --description=${inputs.params.description} + - --account=${inputs.params.account} + volumeMounts: + - name: "toolbox-config" + mountPath: /config + volumes: + - name: toolbox-config + secret: + secretName: ${inputs.params.secretName} +--- +apiVersion: tekton.dev/v1alpha1 +kind: Task +metadata: + name: promote-to-production +spec: + inputs: + params: + - name: destination + description: The name of the 3scale_toolbox remote + - name: secretName + description: Name of the secret containing the 3scale_toolbox remotes list + - name: serviceSystemName + description: The system_name of the service + steps: + - name: promote-to-production + image: nmasse/3scale-toolbox:master + env: + - name: "HOME" + value: "/config" + command: + - 3scale + args: + - proxy + - promote + - ${inputs.params.destination} + - ${inputs.params.serviceSystemName} + volumeMounts: + - name: "toolbox-config" + mountPath: /config + volumes: + - name: toolbox-config + secret: + secretName: ${inputs.params.secretName} +--- +apiVersion: tekton.dev/v1alpha1 +kind: Pipeline +metadata: + name: deploy-api +spec: + resources: + - name: api-artefacts + type: git + tasks: + - name: import-openapi + taskRef: + name: import-openapi + params: + - name: pathToOpenAPI + value: /workspace/api-artefacts/${params.pathToOpenAPI} + - name: systemName + value: ${params.targetSystemName} + - name: destination + value: ${params.destination} + - name: secretName + value: ${params.secretName} + resources: + inputs: + - name: api-artefacts + resource: api-artefacts + - name: apply-application-plan + taskRef: + name: apply-application-plan + runAfter: + - import-openapi + params: + - name: destination + value: ${params.destination} + - name: secretName + value: ${params.secretName} + - name: serviceSystemName + value: ${params.targetSystemName} + - name: systemName + value: test + - name: name + value: Test Plan + resources: + inputs: + - name: api-artefacts + resource: api-artefacts + - name: apply-application + taskRef: + name: apply-application + runAfter: + - apply-application-plan + params: + - name: destination + value: ${params.destination} + - name: secretName + value: ${params.secretName} + - name: serviceSystemName + value: ${params.targetSystemName} + - name: planSystemName + value: test + - name: name + value: Test Application + - name: description + value: Created by Tekton + - name: account + value: ${params.developerAccountID} + - name: userKey + value: super-secret-key-1234 + - name: promote-to-production + taskRef: + name: promote-to-production + runAfter: + - apply-application + params: + - name: destination + value: ${params.destination} + - name: secretName + value: ${params.secretName} + - name: serviceSystemName + value: ${params.targetSystemName} + params: + - name: targetSystemName + description: The system_name of the service to create + default: api + - name: destination + description: The name of the 3scale_toolbox remote + - name: secretName + description: Name of the secret containing the 3scale_toolbox remotes list + - name: pathToOpenAPI + description: The path to the OpenAPI File to import + - name: developerAccountID + description: The id of the developer account