This repository demonstrates how to use many of 3scale’s features.
| Parameter | Example Value | Definition |
|---|---|---|
token |
sha256~vFanQbthlPKfsaldJT3bdLXIyEkd7ypO_XPygY1DNtQ |
access token for a user with cluster-admin privileges |
server |
OpenShift cluster API URL |
After the installation there are some steps that need to be done using 3scale’s console.
Remove code on: https://${3scale-admin-portal}/site/dns
add a name for the provider here: https://${3scale-admin-portal}/p/admin/account/edit
export UAT_TOKEN, PROD_TOKEN and DOMAIN as environment variables, then run the following command.
3scale remote add -k uat https://${UAT_TOKEN}@uat-admin.apps.${DOMAIN}
3scale remote add -k prod https://${PROD_TOKEN}@prod-admin.apps.${DOMAIN}
3scale backend copy -k -s prod -d uat database-backend 3scale product copy -k -s prod -d uat database-api
3scale application-plan export prod database-api basic -k > basic-plan.yml 3scale application-plan import uat -f basic-plan.yml database-api -k
Find an account:
3scale account find uat admin+test@example.com -a -k
Create the application with the account information:
3scale application create -k uat ${ACCOUNT_ID} ${SERVICE_ID} basic 'Test App' --application-id=${APP_ID} --application-key=${USER_KEY} --redirect-url=' ' --description='some description'
this demo has many different features that can me demonstrated for different purpouse. I will document here some things you may need to know.
both are using self-generated crendentials.
-
Look for the
system-seedsecret for the 3scale’s credentials in thedemo-3scaleproject -
Look for the
credential-example-keycloakfor SSO’s crendentials in thedemo-rhssoproject
the Postman collection has 3 requests:
-
Request SSO token
-
GET Database API
-
POST Database API
before starting using it, update the cluster_domain variable to reflect your OpenShift enviroment.
To be able to get an valid token from SSO, you need to update the Request SSO Token headers with the credentials generated for the application.
Go to SSO console and retrieve the client_id and client_secret from the latest created client.
SMTP configuiration is required for 3scale’s notification system to be able to send emails. For this demo we can mock one using Mailhog. To access it just hit the URL:
URL=$(oc get route mailhog -n demo-tools -o jsonpath='{.spec.host}')
echo https://$URL
This demo comes with a pipeline that downloads an Open API spec from Registry, publish it in 3scale and creates a configmap for an application to consume.
You can find it in the demo-cicd project.
To demonstrate that feature you need an application like the one here.
You will need to configure that API on 3scale.
-
3scale ERD
-
component architecture:
-
env variables
$ export OIDC_PROVIDER_HOSTNAME=<hostname of RHBK> $ export OIDC_TOKEN_URL=https://$OIDC_PROVIDER_HOSTNAME/auth/realms/threescale-apps/protocol/openid-connect/token $ export API_SSO_CLIENT_ID=<3scale app id> $ export API_SSO_CLIENT_CRED=<3scale app secret> $ export API_GW_HOSTNAME=<hostname of 3scale APIcast gw> $ export API_GW_URL=https://$API_GW_HOSTNAME/backend
-
Retrieve tokens and parse for access_token :
$ TKN=$(curl -X POST "$OIDC_TOKEN_URL" \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "grant_type=client_credentials" \ -d "client_id=$API_SSO_CLIENT_ID" \ -d "client_secret=$API_SSO_CLIENT_CRED" \ -d "scope=openid" \ | sed 's/.*access_token":"//g' | sed 's/".*//g') -
Inspect token:
$ jq -R 'split(".") | .[] | @base64d | fromjson' <<< $TKN | jq . -
Populate backend service with an Attendee resource (in json representation):
$ curl -v \ -H "Authorization: Bearer $TKN" \ -H "Content-Type: application/json" \ -X POST $API_GW_URL \ -d '{"name": "test", "email": "test@gmail.com" }' -
Retreive list of Attendee resources:
$ curl -v \ -H "Authorization: Bearer $TKN" \ -X GET $API_GW_URL
