I want to write a Java program running externally to Bluemix that interacts with the instance of the Bluemix Object Store I have provisioned.
The program will use the Swift REST APIs to interact with the service.
The documentation for how to use the REST API is mainly missing in the service documentation and the OpenStack documentation is not helpful with specifics on how to reach the Bluemix service.
Can someone tell me what headers to set and what URL to use to authenticate with the service, and then what headers to set and what URL to use to further interact with the service ? Where do I find this information for my instance of the service ? It doesn't seem to all be available in the service credentials that are displayed.
Also, do I need to do basic authentication every time a REST call is made, or is there a way to get a token ? Where is that explained ?
The Bluemix Object Storage uses the OpenStack Identity (Keystone) v3 API for authentication. For complete documentation on the REST API, see: http://developer.openstack.org/api-ref-identity-v3.html
Since your application will be developed in Java, I'd suggest you use the openstack4j SDK. For example of using openstack4j with Bluemix object storage service, see: https://developer.ibm.com/recipes/tutorials/connecting-to-ibm-object-storage-for-bluemix-with-java/
Related
We have created two APIs and deployed them to a Service Fabric Cluster, which exposes them as https://[clusterurl]:8100 and https://[ClusterURL]>:8101.
Now we want to expose these APIs via API Management Service, and we couldn't find any easy way to do so. There is one article at https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-tutorial-deploy-api-management, but it's really very hard to understand and relate it with this SDK.
We managed to create an API Management Service instance and also to create a blank API (or import through Swagger) using the SDK. But we don't know how to import the Service Fabric API.
And we could create an API Management BackEnd pointing to the Service Fabric app, but then we couldn't find any way to bind this BackEnd to any API created in the API Management Service.
Any help, sample, and/or pointing in right direction is greatly appreciated.
For service fabric integration to work you need:
VNET that includes both your SF cluster and APIM instance.
Backend entity: https://learn.microsoft.com/en-us/rest/api/apimanagement/backend/createorupdate it will let APIM know where your cluster is and provide it with necessary credentials to make calls.
set-backend-service policy: https://learn.microsoft.com/en-us/azure/api-management/api-management-transformation-policies#SetBackendService It's usually placed in inbound section of API that needs to talk to SF. You should omit "base-url" attribute, use "backend-id" to specify id of backend entity created in previous point, and other "sf-*" to configure how exactly call should be made.
I am using IBM COS for various bucket operations. While I could find various ways of programmatically performing various bucket operations, I was wondering if there are any ways of programmatically(any sdk or rest apis) creating Service credentials as well as editing the policy for a service id?
Yes, there are APIs available to access and manage Cloud IAM
Go to the following API docs to review the available APIs:
IAM Identity Services API
IAM Access Groups API
IAM Policy Management API
Gaurav,
See this doc page to provision an instance of IBM Cloud Object Storage
https://cloud.ibm.com/docs/services/cloud-object-storage/basics/developers.html#provision-an-instance-of-ibm-cloud-object-storage
We developed a web application using SAP Web-IDE Full Stack; we need to retrieve the details of the user logged into application (as defined in SAP Cloud Platform Identity Authentication Administration), for example display name and assigned groups.
We tried the userapi/currentUser API, but it seems to work only on NEO environment, for this reason is working fine while debugging in Web-IDE, but we get a 404 error when deploying the app on Cloud Foundry.
Do we need to add a new destination to make userapi work also on CF? Or is there some kind of similar solution available on Cloud Foundry?
I highly suggest using the SAP S/4HANA Cloud SDK for such tasks. It is an SDK developed to make building applications for SAP Cloud Platform easy, by providing easy to use mechanisms for all the Cloud Platform mechanisms.
Regarding your task at hand, there is a UserAccessor class that you can use like this:
final Optional<User> user = UserAccessor.getCurrentUser();
This works on Neo as well as on Cloud Foundry, i.e. there is a single interface for both platforms, which allows you to develop your app in a platform agnostic way.
If this sounds like it could solve your problem, I recommend checking out this blog post series to get started.
Alternatively, you can also simply add the following dependency to your project to start testing the SDK:
<dependency>
<groupId>com.sap.cloud.s4hana.cloudplatform</groupId>
<artifactId>scp-neo</artifactId>
<version>2.7.0</version>
</dependency>
For Cloud Foundry use scp-cf instead of scp-neo.
Hope this helps!
P.S.: To answer your question also on a technical level, Cloud Foundry uses so-called JWTs for authentication and authorization. You can check whether a JWT is present by looking at the Authorization header of the request. The JWT should hold the information you're looking for.
In SAP Cloud Foundry if you develop a MTA using XSUAA service to manage User Authentication and Admistration, defined for example in the mta.yaml,
...
resources:
- name: uaa_myapp
parameters:
path: ./xs-security.json
service-plan: application
service: xsuaa
type: org.cloudfoundry.managed-service
...
you can use the UAA API published from XSUAA service self to manage user authentication and authorization (e.g.: retrieve user info, groups assigned, password management etc..). also in the case the application is federated with another IDP.
To consume this API for example to retrieve user info you need to:
Determine the XSUAA endpoint bound to your app (SCP Cockpit > XSUAA service detail > take the value url)
Create a destination (xsuaa_api_destination) of type OAuth2TokenExchange bound to your app with url url took before, and fill OAuth2 authentication parameters with the data contained in XSUAA service detail (step 1).
From your app execute the call xsuaa_api_destination/userinfo, for example using an ajax if you are using JS.
You can find other info in Account and Authentication Service of the Cloud Foundry Environment SAP doc.
In cloud foundry how can I get the client_id and client_secret code.
This will be used in Basic authentication instead of passing the user and password for respective api calls
In general, this is something that you would get from your platform administrator. He or she would be able to provide you with a properly configured client id and client secret to fit your needs. If you are not the administrator, then you won't be able to do this.
If you are an administrator, read on. There are many existing client and secret pairs within a Cloud Foundry platform. It's also possible, and suggested, to create custom client and secret pairs for use with non-platform apps. You shouldn't use a platform client for your custom app, you should use your own custom client, that way if the client is compromised you can delete it or change the secret.
All of this, viewing & managing client data, is done through UAA, so I'd recommend starting with the docs on UAA. Make sure that you understand the concepts. You may even want to take a step further back and review concepts of OAuth2 as well. Understanding OAuth2 will make working with UAA much easier.
https://docs.cloudfoundry.org/uaa/uaa-overview.html
After that, you'll need the uaac (i.e. UAA client) installed.
https://github.com/cloudfoundry/cf-uaac
Once you're familiar with UAA & have the client installed, this doc on how to manage clients should provide you with instructions to view or create a new client.
https://github.com/cloudfoundry/uaa/blob/master/docs/Sysadmin-Guide.rst#manage-client-registrations
You will need admin role to be able to create a client or get its details.
Refer https://docs.cloudfoundry.org/api/uaa/version/4.7.1/index.html#clients to see various api to manage and create clients.
You can also use the uaa client to get the client details.
Refer https://docs.cloudfoundry.org/uaa/uaa-user-management.html for more info.
I'm having trouble connecting to the Bluemix Object Store using the instructions presented by this link: https://knowledgelayer.softlayer.com/procedure/connect-object-storage-using-sftp
It's unclear to me what the username and account ID are so I would appreciate it if someone can clarify
The instructions are valid
Where I can find the values for SLOS/IBMOS etc?
I do not have access to the Softlayer customer portal as this service as created in Bluemix.
I can confirm that an sftp server is listening at the appropriate region endpoint.
Brien, it is not possible to use SFTP to access the Bluemix Object Storage if you create it from the Services catalog area of the Bluemix UI:
https://console.ng.bluemix.net/catalog/services/object-storage
This one can be accessed via swift cli or REST API.
To use SFTP to access your Object Storage you need to create it from the Infrastructure are of the Bluemix UI - that is the legacy Softayer that is now integrated with Bluemix.
https://console.ng.bluemix.net/catalog/infrastructure/object_storage/
Also, to create the Object Storage from the Infrastructure catalog you need to first link your Bluemix and Softlayer accounts:
https://console.ng.bluemix.net/docs/admin/softlayerlink.html