Common operations

This doc provides steps to use a CI/CD user for common operations with Axual Platform.

Prerequisite: CI/CD User

To make use of CI/CD support, you need a CI/CD user which can be set up by your stream team. Please refer to Create CI/CD user for creating the CI/CD user.

Identify necessary endpoints

Check which endpoints to use by looking at the information below.

Service Endpoint Purpose

Management API

"https://<MGMT_DOMAIN>/api"

Resource Server for creating streams, applications and more resource

Keycloak Token

"https://<MGMT_KEYCLOAK_DOMAIN>/auth/realms/<your-realm>/protocol/openid-connect/token"

Authorization Server for obtaining JWT token

In case you are not using any load-balancer, use the MGMT_API_HOST:MGMT_API_PORT and KEYCLOAK_HOSTNAME:KEYCLOAK_PORT

1. Add CI/CD user to a Group

In Self Service portal, add the CI/CD user to the group that has the ownership of required streams and applications.You must already be part of this group to add the CI/CD user.

Now you can access other endpoints to create streams, applications, and other resources.

2. Create a stream with the CI/CD user

This is an example on how to create a stream resource.

Obtain a JWT token

To obtain a JWT token, make a call to the Authorization Server (Keycloak) with client ID, username, password and realm to receive a JWT token.

Below is an example CURL call

curl --request POST \
 --url https://<MGMT_KEYCLOAK_DOMAIN>/auth/realms/<your_realm>/protocol/openid-connect/token \
 --header 'Content-Type: application/x-www-form-urlencoded' \
 --data client_id=self-service \
 --data username=<username> \
 --data password=<password> \
 --data realm=<your_realm> \
 --data grant_type=password
If this host is using self-signed certificates or certificates signed by an untrusted certificate authority, you need to add --insecure

You should get back a 200 OK response with the access_token (JWT) inside.

{
  "access_token": "eyJh...",
  "expires_in": 299,
  "refresh_expires_in": 3600,
  "refresh_token": "zfAu...",
  "token_type": "bearer",
  "not-before-policy": 0,
  "session_state": "899970b8-8058-48da-ae95-7797010f59da",
  "scope": "profile email"
}

Call Management API with JWT token to create a stream

With the access_token received in previous request, make a curl call to Management API with the access_token as the Bearer value to /api/streams for creating a STRING/STRING stream in the Self-Service.

curl 'https:/<MGMT_DOMAIN>/api/streams' -i -X POST \
    -H 'realm: <your_realm>' \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer <access_token>' \
    -d '{
  "name" : "your-stream",
  "description" : "Your stream description",
  "keyType" : "STRING",
  "valueType" : "STRING",
  "retentionPolicy" : "delete",
  "owners" : "https://<MGMT_DOMAIN>/api/groups/<your_group_uid>"
}'
The URI for owners need to be a valid URI, you can retrieve from the self-service portal while viewing the group detail
If this host is using self-signed certificates or certificates signed by an untrusted certificate authority, you need to add --insecure

You should get back a response like below.

{
  "properties" : { },
  "name" : "your-stream",
  "description" : "Your stream description",
  "keyType" : "String",
  "valueType" : "String",
  "retentionPolicy" : "delete",
  "uid" : "f750bd...",
  "created_at" : "2021-04-22T09:32:24.214479",
  "modified_at" : "2021-04-22T09:32:24.214479",
  "created_by" : "<your_ci_cd_user>",
  "modified_by" : "<your_ci_cd_user>",
  "_embedded" : {
    "owners" : {
      "phoneNumber" : null,
      "name" : "<your_group>",
      "emailAddress" : null,
      "uid" : "dd84b...",
      "_links" : {
        "self" : {
          "href" : "https://<MGMT_DOMAIN>/api/groups/<your_group_uid>{?projection}",
          "templated" : true,
          "title" : "URI pointing to current request"
        },
        "members" : {
          "href" : "https://<MGMT_DOMAIN>/api/groups/<your_group_uid>/members{?projection}",
          "templated" : true,
          "title" : "Users belonging to this group"
        }
      }
    }
  },
  "_links" : {
    "self" : {
      "href" : "https://<MGMT_DOMAIN>/api/streams/f750bd...",
      "title" : "URI pointing to current request"
    },
    "stream" : {
      "href" : "https://<MGMT_DOMAIN>/api/streams/f750bd...{?projection}",
      "templated" : true,
      "title" : "A stream"
    },
    "edit" : {
      "href" : "https://<MGMT_DOMAIN>/api/streams/f750bd...",
      "title" : "Indication that this entity can be edited"
    },
    "delete" : {
      "href" : "https://<MGMT_DOMAIN>/api/streams/f750bd...",
      "title" : "Indication that this entity can be deleted"
    },
    "valueSchema" : {
      "href" : "https://<MGMT_DOMAIN>/api/streams/f750bd.../valueSchema{?projection}",
      "templated" : true,
      "title" : "The AVRO schema configured for value"
    },
    "owners" : {
      "href" : "https://<MGMT_DOMAIN>/api/streams/f750bd.../owners{?projection}",
      "templated" : true,
      "title" : "The group responsible for this object"
    },
    "keySchema" : {
      "href" : "https://<MGMT_DOMAIN>/api/streams/f750bd.../keySchema{?projection}",
      "templated" : true,
      "title" : "The AVRO schema configured for key"
    },
    "confidentiality" : {
      "href" : "https://<MGMT_DOMAIN>/api/streams/f750bd.../confidentiality{?projection}",
      "templated" : true,
      "title" : "The confidentiality configured for the object"
    },
    "integrity" : {
      "href" : "https://<MGMT_DOMAIN>/api/streams/f750bd.../integrity{?projection}",
      "templated" : true,
      "title" : "The integrity configured for the object"
    }
  }

Reference

More examples can be found in the API documentation (see link below).