Cloud-IAM

Appearance

API Automation ​

Cloud-API API ​

Cloud-IAM API is the best way to automate everything. From deployments lifecycle management to keycloak extension uploads !

Cloud-IAM API access is only available for dedicated deployments (starting with Little Bunny plan).

In order to authenticate against Cloud-IAM API, first contact our support to receive a dedicated CLIENT_ID and CLIENT_SECRET then authenticate against Cloud-IAM REST API using the provided service account credentials in your organization as follows (please provide a GPG key):

curl and jq are required to run the example below:

shell
# retrieve a short-lived (expires after 2 minutes) access token
SA_CLIENT_ID=sa_xxxxx
SA_CLIENT_SECRET=xxxx
TOKEN=$(curl https://iam.cloud-iam.com/auth/realms/cloud-iam/protocol/openid-connect/token \
     -H "Content-Type: application/x-www-form-urlencoded" \
     -d "grant_type=client_credentials&client_id=${SA_CLIENT_ID}&client_secret=${SA_CLIENT_SECRET}" \
     | jq -r .access_token)
# retrieve a short-lived (expires after 2 minutes) access token
SA_CLIENT_ID=sa_xxxxx
SA_CLIENT_SECRET=xxxx
TOKEN=$(curl https://iam.cloud-iam.com/auth/realms/cloud-iam/protocol/openid-connect/token \
     -H "Content-Type: application/x-www-form-urlencoded" \
     -d "grant_type=client_credentials&client_id=${SA_CLIENT_ID}&client_secret=${SA_CLIENT_SECRET}" \
     | jq -r .access_token)

How to upload a custom extension on Cloud-IAM ​

Before you continue you'll need to get the deployment id you'll want to interact with. This can be found in the Cloud-IAM Console, near your deployment name.

Get the deployment id
Get the deployment id

Assuming you have build an extension available in /home/user/projects/cloud-iam/extension/target/extension.jar.

shell
DEPLOYMENT_ID=xxxxx
curl -X POST -F extension=@/home/user/projects/cloud-iam/extension/target/extension.jar \
     -H "Authorization: Bearer $TOKEN" \
     https://api.cloud-iam.com/deployments/${DEPLOYMENT_ID}/extensions/jars
DEPLOYMENT_ID=xxxxx
curl -X POST -F extension=@/home/user/projects/cloud-iam/extension/target/extension.jar \
     -H "Authorization: Bearer $TOKEN" \
     https://api.cloud-iam.com/deployments/${DEPLOYMENT_ID}/extensions/jars

This will create a new resource attached to the deployment and will trigger automatically the deployment of the extension on the cluster. During this period, no further interaction with the deployment are available.

TIP

If you need to batch the upload of multiple extension before re-deploying it, simply add ?apply=false at the end of the url to skip the automatic redeployment.

Once you are ready with the configuration / upload of extensions, call the following url to eventually apply all the changes.

shell
DEPLOYMENT_ID=xxxxx
curl -X POST -F content=@/home/user/projects/cloud-iam/extension/target/extension.jar \
     -H "Authorization: Bearer $TOKEN" \
     https://api.cloud-iam.com/deployments/${DEPLOYMENT_ID}/tasks/deploy
DEPLOYMENT_ID=xxxxx
curl -X POST -F content=@/home/user/projects/cloud-iam/extension/target/extension.jar \
     -H "Authorization: Bearer $TOKEN" \
     https://api.cloud-iam.com/deployments/${DEPLOYMENT_ID}/tasks/deploy