API Manager: Onboarding consumer or partner organization

Consumer onboarding is automated via ansible and triggered via jenkins jobs by name AM_Onboard_Consumers

Steps for onboarding new consumer

• Open file inventories/<env_name>/group_vars/<env_name>-kong-api
• Add a new object in kong_consumers variable. Example

  - username: api-management-test-user # change this according to consumer
    groups: "{{ kong_all_consumer_groups }}" # or array of groups needed for consumer
    state: present

• Run the jenkins job <env_name>/AM_Onboard_Consumers
• The JWT token for the consumer is will be available in jenkins job console output

Note: JWT token will be shared via more secure manner in future. This could be achieved by having dev portal where API users can generate token themselves via self service mechanism. Other alternative is to change ansible scripts to mail the token to specific user email ids

Steps for onboarding new partner organization

• Get public key and iss details from partner organization. Steps for generating keys available in wiki
• Open file inventories/<env_name>/group_vars/<env_name>-kong-api
• Add a new object in kong_consumers variable. Example

  - username: apekx-integrator-user # change this according to consumer
    groups: "{{ integration_partner_groups }}"
    state: present
    credential_algorithm: "RS256"
    credential_rsa_public_key: "-----BEGIN PUBLIC KEY-----\nMII .......dYw\nUQIDAQAB\n-----END PUBLIC KEY-----" # change this according to consumer
    credential_iss: "apekx" # change this according to consumer

• Run the jenkins job <env_name>/AM_Onboard_Consumers
• Partner organisation can generate the token following the steps in this wiki

Steps for removing consumer / partner organization

• Open file inventories/<env_name>/group_vars/<env_name>-kong-api
• Search for consumer to remove in kong_consumers array
• Change the state to absent. Example

  - username: <consumer-to-be-removed>
    state: absent

• Run the jenkins job <env_name>/AM_Onboard_Consumers