Direct API interactions in Lagoon are done via GraphQL.
In order to authenticate with the API, we need a JWT (JSON Web Token) that allows us to use the GraphQL API as admin. To generate this token, open the terminal of the auto-idler
pod via the OpenShift UI or oc rsh
on the command line and run the following command:
./create_jwt.sh
This will return a long string which is the JWT token. Make a note of this, as we will need it to send queries.
We also need the URL of the API endpoint, which can be found under "Routes" in the OpenShift UI or oc get route api
on the command line. Make a note of this endpoint URL, which we will also need.
To compose and send GraphQL queries, we recommend GraphiQL.app, a desktop GraphQL client with features such as autocomplete. To continue with the next steps, install and start the app.
Under "GraphQL Endpoint", enter the API endpoint URL with /graphql
on the end. Then click on "Edit HTTP Headers" and add a new header:
- "Header name":
Authorization
- "Header value":
Bearer [JWT token]
(make sure that the JWT token has no spaces, as this would not work)
Press ESC to close the HTTP header overlay and now we are ready to send the first GraphQL request!
Enter this in the left panel
query allProjects{
allProjects {
name
}
}
And press the
If all went well, your first GraphQL response should appear shortly afterwards in the right pane.
Let's create the first project for Lagoon to deploy! For this we'll use the queries from the GraphQL query template in create-project.gql
.
For each of the queries (the blocks starting with mutation {
), fill in all of the empty fields marked by TODO comments and run the queries in GraphiQL.app. This will create one of each of the following two objects:
openshift
: The OpenShift cluster to which Lagoon should deploy. Lagoon is not only capable of deploying to its own OpenShift, but also to any OpenShift anywhere in the world.project
: The Lagoon project to be deployed, which is a Git repository with a.lagoon.yml
configuration file committed in the root.
In Lagoon, each developer authenticates via their SSH key(s). This determines their access to:
- The Lagoon API, where they can see and edit projects they have access to.
- Remote shell access to containers that are running in projects they have access to.
- The Lagoon logging system, where a developer can find request logs, container logs, Lagoon logs and more.
To allow access to the project, we first need to add a new group to the API:
mutation {
addGroup (
input: {
# TODO: Enter the name for your new group.
name: ""
}
) {
id
name
}
}
Then we need to add a new user to the API:
mutation {
addUser(
input: {
email: "michael.schmid@example.com"
firstName: "Michael"
lastName: "Schmid"
comment: "CTO"
}
) {
# TODO: Make a note of the user ID that is returned.
id
}
}
Then we can add an SSH public key for the user to the API:
mutation {
addSshKey(
input: {
# TODO: Fill in the name field.
# This is a non-unique identifier for the SSH key.
name: ""
# TODO: Fill in the keyValue field.
# This is the actual SSH public key (without the type at the beginning and without the comment at the end, ex. `AAAAB3NzaC1yc2EAAAADAQ...3QjzIOtdQERGZuMsi0p`).
keyValue: ""
# TODO: Fill in the keyType field.
# Valid values are either SSH_RSA or SSH_ED25519.
keyType: SSH_RSA
user: {
# TODO: Fill in the userId field.
# This is the user ID that we noted from the addUser query.
id:"0",
email:"michael.schmid@example.com"
}
}
) {
id
}
}
After we add the key, we need to add the user to a group:
mutation {
addUserToGroup (
input: {
user: {
#TODO: Enter the email address of the user.
email: ""
}
group: {
#TODO: Enter the name of the group you want to add the user to.
name: ""
}
#TODO: Enter the role of the user.
role: OWNER
}
) {
id
name
}
}
After running one or more of these kinds of queries, the user will be granted access to create tokens via SSH, access containers and more.
If you want to know what is going on during a deployment, we suggest configuring notifications for your project, which provide:
- Push notifications
- Build start information
- Build success or failure messages
- And many more!
As notifications can be quite different in terms of the information they need, each notification type has its own mutation.
As with users, we first add the notification:
mutation {
addNotificationSlack(
input: {
# TODO: Fill in the name field.
# This is your own identifier for the notification.
name: ""
# TODO: Fill in the channel field.
# This is the channel for the message to be sent to.
channel: ""
# TODO: Fill in the webhook field.
# This is the URL of the webhook where messages should be sent, this is usually provided by the chat system to you.
webhook: ""
}
) {
id
}
}
After the notification is created, we can now assign it to our project:
mutation {
addNotificationToProject(
input: {
notificationType: SLACK
# TODO: Fill in the project field.
# This is the project name.
project: ""
# TODO: Fill in the notification field.
# This is the notification name.
notificationName: ""
}
) {
id
}
}
Now for every deployment you will receive messages in your defined channel.
The OpenShift cluster to which Lagoon should deploy. Lagoon is not only capable of deploying to its own OpenShift, but also to any OpenShift anywhere in the world.
mutation {
addOpenshift(
input: {
# TODO: Fill in the name field.
# This is the unique identifier of the OpenShift.
name: ""
# TODO: Fill in consoleUrl field.
# This is the URL of the OpenShift console (without any `/console` suffix).
consoleUrl: ""
# TODO: Fill in the token field.
# This is the token of the `lagoon` service account created in this OpenShift (this is the same token that we also used during installation of Lagoon).
token: ""
}
) {
name
id
}
}
This query will add a group to a project. Users of that group will be able to access the project. They will be able to make changes, based on their role in that group.
mutation {
mutation {
addGroupsToProject (
input: {
project: {
#TODO: Enter the name of the project.
name: ""
}
groups: {
#TODO: Enter the name of the group that will be added to the project.
name: ""
}
}
) {
id
}
}
This query adds a new Lagoon project to be deployed, which is a Git repository with a .lagoon.yml
configuration file committed in the root.
If you omit the privateKey
field, a new SSH key for the project will be generated automatically.
If you would like to reuse a key from another project. you will need to supply the key in the addProject
mutation.
mutation {
addProject(
input: {
# TODO: Fill in the name field.
# This is the project name.
name: ""
# TODO: Fill in the private key field (replace newlines with '\n').
# This is the private key for a project, which is used to access the Git code.
privateKey: ""
# TODO: Fill in the OpenShift field.
# This is the id of the OpenShift to assign to the project.
openshift: 0
# TODO: Fill in the name field.
# This is the project name.
gitUrl: ""
# TODO: Fill in the branches to be deployed.
branches: ""
# TODO: Define the production environment.
productionEnvironment: ""
}
) {
name
openshift {
name
id
}
gitUrl
activeSystemsDeploy
activeSystemsRemove
branches
pullrequests
}
}
This is a good query to see an overview of all projects, OpenShifts and groups that exist within our Lagoon.
query {
allProjects {
name
gitUrl
}
allOpenshifts {
name
id
}
allGroups{
id
name
members {
# This will display the users in this group.
user {
id
firstName
lastName
}
role
}
groups {
id
name
}
}
}
If you want a detailed look at a single project, this query has been proven quite good:
query {
projectByName(
# TODO: Fill in the project name.
name: ""
) {
id
branches
gitUrl
pullrequests
productionEnvironment
notifications(type: SLACK) {
... on NotificationSlack {
name
channel
webhook
id
}
}
environments {
name
deployType
environmentType
}
openshift {
id
}
}
}
Don't remember the name of a project, but know the Git URL? Search no longer, there is a GraphQL query for that:
query {
projectByGitUrl(gitUrl: "git@server.com:org/repo.git") {
name
}
}
The Lagoon GraphQL API can not only disply objects and create objects, it also has the capability to update existing objects, using a patch object.
Update the branches to deploy within a project:
mutation {
updateProject(
input: { id: 109, patch: { branches: "^(prod|stage|dev|update)$" } }
) {
id
}
}
Update the production environment within a project: !!!hint This needs a redeploy in order for the changes to be reflected in the containers.
mutation {
updateProject(
input: { id: 109, patch: { productionEnvironment: "master" } }
) {
id
}
}
You can also combine multiple changes at once:
mutation {
updateProject(
input: {
id: 109
patch: {
productionEnvironment: "master"
branches: "^(prod|stage|dev|update)$"
}
}
) {
id
}
}
You can also use the Lagoon GraphQL API to delete an environment. You'll need to know the project name and the environment name in order to run the command.
mutation {
deleteEnvironment(
input: {
# TODO: Fill in the name field.
# This is the environment name.
name:""
# TODO: Fill in the project field.
# This is the project name.
project:""
execute:true
}
)
}
Want to see what groups and users have access to a project? Want to know what their roles are? Do I have a query for you! Using the query below you can search for a project and display the groups, users, and roles that are assigned to that project.
query search{
projectByName(
#TODO: Enter the name of the project.
name: ""
) {
id,
branches,
productionEnvironment,
pullrequests,
gitUrl,
openshift {
id
},
groups{
id
name
groups {
id
name
}
members {
role
user {
id
email
}
}
}
}
}