Using Automation assets

Use IBM Automation foundation assets (Automation assets) to store, manage, and retrieve integration assets.

About Automation assets
Remotes
Marking assets as approved
AI-powered asset recommendations
Supported file types
Advanced configuration options
Storing and managing templates of instances
Deploying previous instance versions
Cluster-scoped permissions required by operator
Troubleshooting

About Automation assets

Automation assets enables you to share integration assets across instances in Cloud Pak for Integration. Assets (such as JSON schemas) that are stored within this repository can be accessed directly from the user interface of certain instances. For example, an OpenAPI specification asset stored in the repository can be directly imported within an API management instance.

After you deploy an instance of Automation assets (as described in Automation assets deployment), you can access it from the Platform UI by clicking it in the list of instances.

To add assets, click the Add Assets button. You then get a prompt to add an asset from your machine. You can also add assets that are located in remote repositories, such as Git. In this way, you can take advantage of the versioning functionality that is offered by the remote repository. Assets that are stored in a remote repository are read-only. For more information, see Remotes.

Important: If you want the Automation assets catalog to be auto-initialized and include App Connect templates from an auto-created remote, you must enable the AI feature.

Providing user access to Automation assets

Automation assets provides fine-grained authorization by using Keycloak. For more information about Keycloak, see Managing users in Keycloak.

Each instance of Automation assets has its own Keycloak client. The Keycloak client is named <instance_name>-<namespace>-ar-keycloak and it defines the roles and permissions needed to authorize the actions on that Automation assets instance.

You can assign specific roles to users on the Access control page. These roles control what actions each user can perform.

Roles

Automation assets defines the following roles:

assets-admin
assets-editor
assets-viewer

In addition, Automation assets allows the integration roles admin and viewer to perform the same actions as the assets-admin and assets-viewer roles, respectively. For more information, see Cloud Pak for Integration roles and permissions.

To get the Automation assets roles in the Keycloak UI, click the Automation assets Keycloak client option, then click the Roles tab.

Actions

Automation assets allows different actions to be applied to the repository. These actions are grouped with their available permissions, as follows:

catalogs - create, read, delete
assets - create, read, update, delete, approve
remotes - create, read, update, delete

Actions and associated roles

The following table lists each action with an available permission (for example, assets.create) and the roles that are allowed to perform them.

Action	Roles
assets.create	`assets-admin`, `assets-editor`
assets.read	`assets-admin`, `assets-editor`, `assets-viewer`
assets.update	`assets-admin`, `assets-editor`
assets.delete	`assets-admin`, `assets-editor`
assets.approve	`assets-admin`
remotes.create	`assets-admin`
remotes.read	`assets-admin`, `assets-editor`, `assets-viewer`
remotes.update	`assets-admin`
remotes.delete	`assets-admin`

File-type viewers

Built into the Automation assets is support for viewers corresponding to different file types. Files are automatically opened in their associated viewer when selected from either the scroll view or the assets table.

All nonbinary text files have an option to view the associated text underlying the file. If the asset type does not have additional viewer support, the default text viewer is presented. However, if there is additional viewer support, the text view can be opened by clicking the Code button.

These asset types have additional support:

Open API - Explore the details of an Open API specification asset stored in the repository. Click any particular call to see further details. Click Code to see the actual code.
JSON Schema - Explore the details of a JSON schema by selecting a particular field. Click Code to see the actual code.
Designer API Implementation and Designer Event Driven Flow - The viewer lets you review the contents of the given asset and it also presents cards presenting either the API or the event connections between different triggers.
PDF - The visualizer lets you to review the contents of a PDF file.
Image - The image viewer lets you to view image files, provided they are of one of the supported types listed above.
Avro Schema - The visualizer validates webhook configurations so you can review JSON records for Avro schemas.
Robotic Process Automation Bot - The visualizer lets you to see the associated contents of the Robotic Process Automation Bot.
Custom Resource Asset Types - Store and reuse custom resources for CP4I components to streamline configuration and deployment.

Remotes

The Automation assets can include assets in a remote Git repository. Any Git implementation can be used, as long as it supports one of the following:

No authorization
SSH key authorization

Assets stored in a remote repository are read-only.

Click Remotes on the Automation assets. The Remote listing page opens.

To add a new remote repository, click Create Remote. A blank configuration page opens. Complete the fields as needed. The Git URL is automatically tested.

Sync Options

When creating a remote you can select the interval at which remotes are synchronised. This can be done by selecting the dropdown menu under the Automatic sync options tab, and select from one of the possible intervals.

Important: If you want the Automation assets catalog to be auto-initialized and include App Connect templates from an auto-created remote, *you must enablSelecting an automatic sync option requires 25m CPU and 100Mi memory per remote.

Branch Selector

After adding the remote URL, you can select a remote branch by selecting the branch from the drop down menu under the Branch label.

Type Selector

When creating a remote, you can select which type of assets are imported from that remote by selecting one of the supported asset types in the Asset types to synchronize section.

SSH Key Auth

You can use an SSH key to access the remote repository. To use SSH, complete these steps:

Set Use SSH authentication to on to turn on SSH authentication.
Copy the key presented in the dialog.
Configure your Git repository to use the copied key. For Github, see Github help.
Set the Git URL to the correct address. For a Github repository, this address begins with git@github.com.
Click Create Remote. Once the synchronization completes, the new remote is listed.
The Automation assets automatically resynchronizes with the remote repository at the interval you set, at the point of adding the remote. Click the Edit icon to set the synchronization interval.

Employing user-supplied keys

You can employ user-supplied SSH keys rather than the default. Complete the following steps to use your own keys:

Locate or generate the SSH keys you want to use. This must be an RSA key, with no newline or whitespace characters.
Make sure the remote repository is configured to use this keypair.
Log in to the cluster using the oc login command.
Change to the namespace used for the Automation assets.
Edit the secret containing the Automation assets keypair.
```
oc edit secret <instance name>-ibm-integration-asset-repository-ssh-keypair
```
Set data:id_rsa to the base 64 encoded private key and data:id_rsa.pub to the base 64 encoded public key.

Enable the secret changes to take effect with the following command:

oc scale deployment/<instance name>-ibm-integration-asset-repository-api --replicas=0
oc scale deployment/<instance name>-ibm-integration-asset-repository-api --replicas=3

If you configured Automation assets to automatically synchronize with the remote repository, complete these additional steps:

Click Remotes to see the list of available remote repositories.
Click the Edit icon (pencil icon) for the remote you need to edit.
Select Never in the Automatic sync options field.
Click Edit Remote. The page with the list of available remotes opens.
Click the Edit icon for the remote you want to edit.
Select the previously set value in the Automatic sync options field.
Click Edit Remote. The page with the list of available remotes opens.

The new keys are now used. Repeat this process for each remote you want to use new keypairs.

Marking assets as approved

Administrators can mark automation assets as approved. Use this feature to indicate to other users that an asset is approved according to criteria you determine, such as rules from your organization.

Approved assets are marked in the Browse Assets tab with an Approved label or with a checkmark icon in the asset table. You can also filter the assets shown using the Show only approved assets switch.

Screenshot of the Automation assets page, showing the Approved label and checkmark icon

You can mark assets as approved in the following ways:

When you add an individual asset. In the Add asset page, upload the asset, then set the Mark as approved switch to On.
When you create or edit a remote asset repository. In the Create remote or Edit remote page, set the Mark assets synced from this remote as approved switch to On. This switch applies to all assets that you later import from this repository.
After you add or import an asset. In the Browse Assets tab, find the card for the asset, click the overflow (Options) menu in the card, then click Mark as approved. Alternatively, click the asset in the table to open it, then set the Mark as approved switch to On.

These switches and menu options are disabled if you do not have the assets.admin role.

Screenshot of an asset with the Mark as approved toggle

Screenshot of the Edit remote page, showing the Mark assets synced from this remote as approved toggle

AI-powered asset recommendations

Automation assets provides an AI-powered recommendations feature using Watson natural language processing (NLP) within Designer to provide recommendations from templates that are stored within Automation assets. You can describe your intent by using English natural language, and Watson Insights is used to recommend up to three matching templates that are the best semantic matches for your utterance.

When the feature is enabled, your Automation assets instance includes an auto-created remote that contains App Connect templates. The remote and templates cannot be deleted; they can only be removed if the feature is disabled.

Learn more about the asset recommendations feature in Designer in the App Connect documentation.

Enable AI-powered features for use with Designer

When creating an Automation assets instance, you can enable the Designer AI-powered features. To do so, either set the spec.designerAIFeatures.enabled value to true directly in the Automation assets CR, or select one of the sample "with AI enabled" tiles in Platform UI, as shown:

Learn more about AI features in the App Connect documentation.

After you've created your instance, you can also choose to enable the feature by editing the Automation assets CR to set the spec.designerAIFeatures.enabled value. Use the advanced options to specify the NLP image and the associated replica count and resource defaults.

If you are enabling the AI-powered features in an air-gapped environment, you must update the auto-created remote URL to point to a clone of the App Connect templates Git repository that is hosted on the air-gapped network.

Disabling the AI-powered features

To create or use Automation assets without making asset recommendations available in Designer, ensure that the spec.designerAIFeatures.enabled value is set to false in the Automation assets CR. You can use the OpenShift web console, OpenShift CLI, or Platform UI to make this update.

Supported file types

To prevent the upload of malicious files, only the following file types are supported in Automation assets:

Any non-binary text file
Code files: .json, .yaml, .yml, .avsc, .wal
Text files: .zip, .pdf
Images: .svg,.png, .jpg, .webp, .bmp, .gif, .avif

Advanced configuration options

To configure the advanced options, log in to the Platform UI. Click Edit on a deployed instance of automation assets, and then click YAML.

Use the following table for reference.

Available options:

Field name	Description
Designer AI features	Flag to enable AI-powered asset recommendations.
Automation assets NLP image	Use a custom image for the Automation assets NLP container.
Automation assets API image	The Docker registry location for pulling the Automation assets API image
Automation assets UI image	The Docker registry location for pulling the Automation assets UI image
Automation assets CouchDB image	The Docker registry location for pulling the Automation assets CouchDB image
Image pull policy	Configure whether you want images to be pulled every time, only if they're not present, or never
Image pull secrets	Configure the secret used for pulling images. If you're using the Entitled Registry and have created a secret for that, you should use that secret here.
Replicas	Number of replicas that each service has. The default is 3. Tip: Couch replicas are fixed during the first installation of your Automation assets. Changes to replicas after installation will only affect the UI and API services.
Annotations	Additional annotations to be added to Automation assets pods.
Node Selector	If you wish to assign the pods to a subset of the nodes of your cluster, you can use multiple Node Selectors. For more information, see Assigning Pods to Nodes in the Kubernetes documentation. Note: This setting only applies to Automation assets UI and API pods. CouchDB pods aren't affected.
Resources	Use the `Resources` section to override the default resource `request` and `limit` values. You can set limit and request values for the Automation assets API, UI, NLP and CouchDB pods. Any values not configured here default to the values listed in "Default values:". For more information about request and limit values, see Requests and limits in the Kubernetes documentation. Important: For a given resource, if you set the request, you must also set the limit, and if you want to set the limit, you must also set the request. CouchDB search and management values are now deprecated and have no effect. To increase the resources available to the CouchDB container, use the "CouchDB db" resource values. Default values: The following values are the defaults for each resource. The request and limit values are the same for each resource. Important: You cannot create an Automation assets with values smaller than the following: Automation assets API CPU: `200m`. Automation assets API Memory: `150Mi`.Automation assets UI CPU: `200m`. Automation assets UI Memory: `150Mi`. CouchDB DB CPU: `300m`. CouchDB DB Memory: `700Mi`

To disable runtime checks, add the annotation com.ibm.cp4i/disable-webhook-runtime-checks: true to the Automation assets YAML:

metadata:
  annotations:
    com.ibm.cp4i/disable-webhook-runtime-checks: true

Storing and managing templates of instances

For information on how to create and import templates that other users can use to create instances, see the "Creating a new template from an existing template" section in Using the Platform UI.

Troubleshooting

For information about known issues, workarounds, and troubleshooting information, see Known Limitations.

You try to set up the default remote created with the Designer AI feature enabled, and it doesn't work automatically.

If you are seeing an issue with the IBM App Connect templates remote not working automatically after you have enabled the Designer AI feature, you need to either allow the cluster environment you are using to access github.com or clone the repository (https://github.com/ot4i/app-connect-templates/tree/cp4i-templates) and host it on another git provider that is accessible from the cluster.