I'm deploying via Delivery Pipeline on IBM Bluemix Cloud Foundry.
On logs I have this message:
WARNING: Deploying to Cloud Foundry without specifying an API KEY is DEPRECATED. Press the [CONFIGURE] button above to include an API KEY for this job.
What is API KEY and where I have to set it?
The API key can be set in the Deploy configuration, around the middle of the panel:
From the drop-down, select 'Add an existing API key' and then paste in a key.
(The key can be created on the command line using ibmcloud iam api-key-create MyKey -d "this is my API key" --file key_file if there isn't already one for the user whose identity the deploy should be done under.)
Related
To configure my Terraform to use my IBM cloud I need to generate an API key and Classic infrastructure key. This gives the error "API key could not be created".
What settings needs to be changed in order for this to work?
Your cloud administrator needs to add the IAM Identity Service - Service ID creator rights
I have an existing instance of Db2 Warehouse on Cloud which is deployed to an org and space. Now, I would like to bind that service to an app for deployment with IBM Cloud Code Engine.
ibmcloud ce application bind --name henriks-app --service-instance myDb2
myDb2 does not exist as IAM resource because it is a CF resource. How would I bind the two together? It seems that I would need to create some form of custom wrapper.
The best way to manually connect services to your Code Engine application is to add service credentials to a Code Engine secret, and then attach that secret to your application using environment variables or volume mounting.
While you're correct that Db2 Warehouse isn't a typical IAM-Enabled service type, based on the IBM Cloud Db2 Warehouse docs, it's possible to create a client connection with Db2 Warehouse using an IAM Service ID & API Key.
Here's how I'd "bind" the Db2 instance to a Code Engine app:
Create a new service ID from the IAM Service IDs page
Under "Assign Access" > "Access service ID additional access" > "IAM Service", you'll find "Db2 Warehouse" as an option, and you can configure exact permissions from there (e.g. which instance(s) to grant permissions to, which roles, etc)
Finish the configuration by clicking "Assign access"
Using the CLI, log in to your account and generate a new API Key, e.g. ibmcloud iam service-api-key-create mydb2key SERVICE_ID_NAME --output JSON > mydb2.json where SERVICE_ID_NAME is the name of the service ID created in Step 1
Target your Code Engine project, then create a new secret using the API Key JSON, e.g. ibmcloud ce secret create --name mydb2 --from-file MYDB2=mydb2.json
Attach the secret to your application as an environment variable, e.g. ibmcloud ce app update --name myapp --env-from-secret mydb2
After the app update goes through, your application will have access to an environment variable named MYDB2, which will have the value of a JSON object string containing your API Key.
You'll find more information about creating secrets and using secrets with applications in the Code Engine docs.
I have an IBM Watson Assistant service with username and password format and now I want to create new credentials which should have IAM key for this service, Please let us know how we can achieve this.
You can also migrate your Cloud Foundry service instance that uses un:pw to one that supports IAM. See Migrating Watson services from Cloud Foundry
There are (at least) two options to obtain IAM credentials for you IBM Watson Assistant service:
In the browser, go to the service dashboard by going to the IBM Cloud resources portal, locate your service instance, click on it and then in its dashboard on Service credentials. There you can create new credentials.
In a terminal and using the IBM Cloud CLI you can use ibmcloud resource service-key-create to generate credentials.
Both options assume that you have migrated your service instance from Cloud Foundry to IAM.
For creating a new credential, you can directly go to your watson assistant service/resource page, once there, on the left hand side, you would find "Service Credentials" menu button, there you would find an option to create a "New credential", and once the credential is created, then the "apikey" of that "New credential", would actually be your "IAM key", which can be viewed by clicking on the "View Credential" button highlighted below in the image.
*This is for IBM Watson Assistant V1 only.
ibmcloud create action through cli is not working . Getting an exception
Unable to authenticate with Cloud Functions: Unable to obtain wsk
authentication key for Org 'xxxxx' and Space 'xxxx': Target Org
'xxxxm' and Space 'xxxx' do not have an auth key; if Space 'dev' was
recently created, try again in a couple minutes.
But I have logged in successfully using ibmcloud login command
Issue is resolved now. The account I created at IBM was lite account where the initial credentials were created with different location. But my ibmcloud login was picking another location api. Even if i could give the api enpoint manually, org and space was not matching. Since it was a Lite account, there was no permission to add another org and space. AFter sending mail to IBM, I could add my credit card details and I could create a new space and creating action worked now
I have IBM COS service and able to use Curl command via cli to retrieve objects. I used IAM tokens to retrieve. But how do I let an external web app ex., node access this service?
what value should be there in authorization for external app access?
External apps will come in the form of something like the AWS CLI or any other app that uses either an HTTP library coupled with IBM Cloud Object Storage API or even an SDK for languages like Python, Java or Node.Js
All of the above will ask you for access key and secret key.
You can get both of them from the IBM Cloud console by generating new HMAC Credentials [1]:
Navigate to your Cloud Object storage account
Click on right under Service credentials
Click New credentials button on right
For the "Add Inline Configuration Parameters (Optional)" text box enter the following JSON:
{"HMAC":true}
[1] https://console.bluemix.net/docs/services/cloud-object-storage/iam/service-credentials.html#service-credentials
We'll you could use the ibm-cos-sdk Node library https://www.npmjs.com/package/ibm-cos-sdk. You'll need to use your HMAC credentials.
var config = {
endpoint: '<endpoint>',
ibmAuthEndpoint: 'https://iam.ng.bluemix.net/oidc/token',
serviceInstanceId: '<resource-instance-id>',
accessKeyId: '<HMAC access_key>',
secretAccessKey: '<HMAC secret access key>'
};