first pipeline

README.md

@@ -0,0 +1,15 @@
+# Deploy APIs with the 3scale_toolbox and Tekton
+
+This repository holds code samples to showcase the use of the [3scale toolbox](https://github.com/3scale/3scale_toolbox) to automate the delivery of APIs using Tekton.
+
+## Usecases
+
+| Usecase                                         | Security            | Target                           | Notes               |
+|-------------------------------------------------|---------------------|----------------------------------|---------------------|
+| [SaaS - API Key](saas-usecase-apikey/)          | API Key             | SaaS                             | -                   |
+
+## Setup
+
+Before you can deploy the provided pipelines, you will need to setup your environment accordingly.
+
+**Follow the [SETUP guide](SETUP.md).**

SETUP.md

@@ -0,0 +1,63 @@
+# Environment Setup
+
+## Pre-requisites
+
+- OpenShift Cluster
+- Linux or Mac Workstation
+- [3scale SaaS Tenant](https://www.3scale.net/signup)
+
+## 3scale SaaS Environment
+
+- Go to your 3scale SaaS Admin console
+- [Generate a new Access Token](https://access.redhat.com/documentation/en-us/red_hat_3scale/2-saas/html/accounts/tokens) that has **write access** to the **Account Management API**
+- Save the generated access token for later use:
+
+```sh
+export SAAS_ACCESS_TOKEN=123...456
+```
+
+- Save the name of your 3scale tenant (the string before `-admin.3scale.net` in your Admin Console) for later use
+
+```sh
+export SAAS_TENANT=nmasse-redhat
+```
+
+- Navigate to **Audience** > **Accounts** > **Listing**
+- Click on **Developer**
+- Saver the **Developer** Account ID that is the last part of the URL (after **/buyers/accounts/**)
+
+```sh
+export SAAS_DEVELOPER_ACCOUNT_ID=2445582535751
+```
+
+## Install Tekton
+
+Create an OpenShift project to hold all your artefacts:
+
+```sh
+oc project api-lifecycle
+```
+
+Save the name of the project for later use:
+
+```sh
+export TEKTON_NAMESPACE=api-lifecycle
+```
+
+Install Tekton:
+
+```sh
+oc new-project tekton-pipelines
+oc adm policy add-scc-to-user anyuid -z tekton-pipelines-controller
+oc apply --filename https://storage.googleapis.com/tekton-releases/latest/release.yaml
+```
+
+## Generate the 3scale toolbox secret
+
+- First, [install the 3scale toolbox locally](https://github.com/3scale/3scale_toolbox#installation).
+- Then, create a secret that contains all your [3scale remotes](https://github.com/3scale/3scale_toolbox/blob/master/docs/remotes.md):
+
+```sh
+3scale remote add 3scale-saas "https://$SAAS_ACCESS_TOKEN@$SAAS_TENANT-admin.3scale.net/"
+oc create secret generic 3scale-toolbox -n "$TEKTON_NAMESPACE" --from-file="$HOME/.3scalerc.yaml"
+```

saas-usecase-apikey/README.md

@@ -0,0 +1,21 @@
+# Usecase "SaaS - API Key": Deploy a simple API on 3scale SaaS
+
+In this usecase, a [Tekton pipeline](pipeline.yaml) will deploy an API described by an [OpenAPI Specification file](swagger.yaml) on a 3scale SaaS instance. The API is secured using API Keys as described in the OAS.
+
+## Pre-requisites
+
+Make sure you completed the [SETUP guide](../SETUP.md).
+
+## Installation
+
+Deploy the pipeline:
+
+```sh
+oc apply -f saas-usecase-apikey/pipeline.yaml
+```
+
+## Deployment
+
+```sh
+m4 -D__SAAS_DEVELOPER_ACCOUNT_ID__=$SAAS_DEVELOPER_ACCOUNT_ID < saas-usecase-apikey/env-saas.yaml | oc apply -f -
+```

saas-usecase-apikey/env-saas.yaml

@@ -0,0 +1,35 @@
+---
+apiVersion: tekton.dev/v1alpha1
+kind: PipelineResource
+metadata:
+  name: skaffold-git
+spec:
+  type: git
+  params:
+  - name: revision
+    value: master
+  - name: url
+    value: https://github.com/nmasse-itix/3scale-toolbox-tekton.git
+---
+apiVersion: tekton.dev/v1alpha1
+kind: PipelineRun
+metadata:
+  name: deploy-api
+spec:
+  pipelineRef:
+    name: deploy-api
+  params:
+  - name: targetSystemName
+    value: test
+  - name: destination
+    value: 3scale-saas
+  - name: secretName
+    value: 3scale-toolbox
+  - name: pathToOpenAPI
+    value: saas-usecase-apikey/swagger.yaml
+  - name: developerAccountID
+    value: "__SAAS_DEVELOPER_ACCOUNT_ID__"
+  resources:
+  - name: api-artefacts
+    resourceRef:
+      name: skaffold-git

saas-usecase-apikey/pipeline.yaml

@@ -0,0 +1,265 @@
+---
+apiVersion: tekton.dev/v1alpha1
+kind: Task
+metadata:
+  name: import-openapi
+spec:
+  inputs:
+    resources:
+    - name: api-artefacts
+      type: git
+    params:
+    - name: pathToOpenAPI
+      description: The path to the dockerfile to build
+      default: /workspace/api-artefacts/openapi-spec.yaml
+    - name: destination
+      description: The name of the 3scale_toolbox remote
+    - name: privateBaseURL
+      description: The URL of the API Backend
+      default: http://echo-api.3scale.net
+    - name: systemName
+      description: The system_name of the service to create
+      default: api
+    - name: secretName
+      description: Name of the secret containing the 3scale_toolbox remotes list
+  steps:
+  - name: import-openapi
+    image: nmasse/3scale-toolbox:master
+    env:
+    - name: "HOME"
+      value: "/config"
+    command:
+    - 3scale
+    args:
+    - import
+    - openapi
+    - -d
+    - ${inputs.params.destination}
+    - ${inputs.params.pathToOpenAPI}
+    - --override-private-base-url=${inputs.params.privateBaseURL}
+    - --target_system_name=${inputs.params.systemName}
+    volumeMounts:
+    - name: "toolbox-config"
+      mountPath: /config
+  volumes:
+  - name: toolbox-config
+    secret:
+      secretName: ${inputs.params.secretName}
+---
+apiVersion: tekton.dev/v1alpha1
+kind: Task
+metadata:
+  name: apply-application-plan
+spec:
+  inputs:
+    resources:
+    - name: api-artefacts
+      type: git
+    params:
+    - name: destination
+      description: The name of the 3scale_toolbox remote
+    - name: secretName
+      description: Name of the secret containing the 3scale_toolbox remotes list
+    - name: serviceSystemName
+      description: The system_name of the service
+    - name: systemName
+      description: The system_name of the plan to create
+    - name: name
+      description: The name of the plan to create
+  steps:
+  - name: apply-application-plan
+    image: nmasse/3scale-toolbox:master
+    env:
+    - name: "HOME"
+      value: "/config"
+    command:
+    - 3scale
+    args:
+    - application-plan
+    - apply
+    - ${inputs.params.destination}
+    - ${inputs.params.serviceSystemName}
+    - ${inputs.params.systemName}
+    - --name=${inputs.params.name}
+    volumeMounts:
+    - name: "toolbox-config"
+      mountPath: /config
+  volumes:
+  - name: toolbox-config
+    secret:
+      secretName: ${inputs.params.secretName}
+---
+apiVersion: tekton.dev/v1alpha1
+kind: Task
+metadata:
+  name: apply-application
+spec:
+  inputs:
+    params:
+    - name: destination
+      description: The name of the 3scale_toolbox remote
+    - name: secretName
+      description: Name of the secret containing the 3scale_toolbox remotes list
+    - name: serviceSystemName
+      description: The system_name of the service
+    - name: planSystemName
+      description: The system_name of the application plan
+    - name: name
+      description: The name of the application to create
+    - name: description
+      description: The description of the application to create
+    - name: userKey
+      description: The API Key of the Application
+    - name: account
+      description: The Application's account ID
+  steps:
+  - name: apply-application
+    image: nmasse/3scale-toolbox:master
+    env:
+    - name: "HOME"
+      value: "/config"
+    command:
+    - 3scale
+    args:
+    - application
+    - apply
+    - ${inputs.params.destination}
+    - ${inputs.params.userKey}
+    - --service=${inputs.params.serviceSystemName}
+    - --plan=${inputs.params.planSystemName}
+    - --name=${inputs.params.name}
+    - --description=${inputs.params.description}
+    - --account=${inputs.params.account}
+    volumeMounts:
+    - name: "toolbox-config"
+      mountPath: /config
+  volumes:
+  - name: toolbox-config
+    secret:
+      secretName: ${inputs.params.secretName}
+---
+apiVersion: tekton.dev/v1alpha1
+kind: Task
+metadata:
+  name: promote-to-production
+spec:
+  inputs:
+    params:
+    - name: destination
+      description: The name of the 3scale_toolbox remote
+    - name: secretName
+      description: Name of the secret containing the 3scale_toolbox remotes list
+    - name: serviceSystemName
+      description: The system_name of the service
+  steps:
+  - name: promote-to-production
+    image: nmasse/3scale-toolbox:master
+    env:
+    - name: "HOME"
+      value: "/config"
+    command:
+    - 3scale
+    args:
+    - proxy
+    - promote
+    - ${inputs.params.destination}
+    - ${inputs.params.serviceSystemName}
+    volumeMounts:
+    - name: "toolbox-config"
+      mountPath: /config
+  volumes:
+  - name: toolbox-config
+    secret:
+      secretName: ${inputs.params.secretName}
+---
+apiVersion: tekton.dev/v1alpha1
+kind: Pipeline
+metadata:
+  name: deploy-api
+spec:
+  resources:
+  - name: api-artefacts
+    type: git
+  tasks:
+  - name: import-openapi
+    taskRef:
+      name: import-openapi
+    params:
+    - name: pathToOpenAPI
+      value: /workspace/api-artefacts/${params.pathToOpenAPI}
+    - name: systemName
+      value: ${params.targetSystemName}
+    - name: destination
+      value: ${params.destination}
+    - name: secretName
+      value: ${params.secretName}
+    resources:
+      inputs:
+      - name: api-artefacts
+        resource: api-artefacts
+  - name: apply-application-plan
+    taskRef:
+      name: apply-application-plan
+    runAfter:
+    - import-openapi
+    params:
+    - name: destination
+      value: ${params.destination}
+    - name: secretName
+      value: ${params.secretName}
+    - name: serviceSystemName
+      value: ${params.targetSystemName}
+    - name: systemName
+      value: test
+    - name: name
+      value: Test Plan
+    resources:
+      inputs:
+      - name: api-artefacts
+        resource: api-artefacts
+  - name: apply-application
+    taskRef:
+      name: apply-application
+    runAfter:
+    - apply-application-plan
+    params:
+    - name: destination
+      value: ${params.destination}
+    - name: secretName
+      value: ${params.secretName}
+    - name: serviceSystemName
+      value: ${params.targetSystemName}
+    - name: planSystemName
+      value: test
+    - name: name
+      value: Test Application
+    - name: description
+      value: Created by Tekton
+    - name: account
+      value: ${params.developerAccountID}
+    - name: userKey
+      value: super-secret-key-1234
+  - name: promote-to-production
+    taskRef:
+      name: promote-to-production
+    runAfter:
+    - apply-application
+    params:
+    - name: destination
+      value: ${params.destination}
+    - name: secretName
+      value: ${params.secretName}
+    - name: serviceSystemName
+      value: ${params.targetSystemName}
+  params:
+  - name: targetSystemName
+    description: The system_name of the service to create
+    default: api
+  - name: destination
+    description: The name of the 3scale_toolbox remote
+  - name: secretName
+    description: Name of the secret containing the 3scale_toolbox remotes list
+  - name: pathToOpenAPI
+    description: The path to the OpenAPI File to import
+  - name: developerAccountID
+    description: The id of the developer account