Using Automation assets
Use IBM Automation foundation assets (Automation assets) to store, manage, and retrieve integration assets.
About Automation assets
Automation assets enables you to share integration assets across instances in Cloud Pak for Integration. Assets (such as JSON schemas) that are stored within this repository can be accessed directly from the user interface of certain instances. For example, an OpenAPI specification asset stored in the repository can be directly imported within an API management instance.
After you deploy an instance of Automation assets (as described in Automation assets deployment), you can access it from the Platform UI by clicking it in the list of instances.
![Platform UI](images/asset_browse_popped.png)
To add assets, click the Add Assets button. You then get a prompt to add an asset from your machine. You can also add assets that are located in remote repositories, such as Git. In this way, you can take advantage of the versioning functionality that is offered by the remote repository. Assets that are stored in a remote repository are read-only. For more information, see Remotes.
Providing user access to Automation assets
Automation assets provides fine-grained authorization by using Keycloak. For more information about Keycloak, see Managing users in Keycloak.
Each instance of Automation assets has its own Keycloak client. The Keycloak client is named <instance_name>-<namespace>-ar-keycloak
and it defines the roles and permissions needed to authorize the actions on that Automation assets instance.
You can assign specific roles to users on the Access control page. These roles control what actions each user can perform.
Roles
Automation assets defines the following roles:
assets-admin
assets-editor
assets-viewer
In addition, Automation assets allows the integration
roles admin
and viewer
to perform the same actions as the assets-admin
and assets-viewer
roles, respectively. For more information, see Cloud Pak for Integration roles and permissions.
To get the Automation assets roles in the Keycloak UI, click the Automation assets Keycloak client option, then click the Roles tab.
Actions
Automation assets allows different actions to be applied to the repository. These actions are grouped with their available permissions, as follows:
catalogs - create, read, delete
assets - create, read, update, delete, approve
remotes - create, read, update, delete
Actions and associated roles
The following table lists each action with an available permission (for example, assets.create
) and the roles that are allowed to perform them.
Action | Roles |
---|---|
assets.create | assets-admin , assets-editor |
assets.read | assets-admin , assets-editor , assets-viewer |
assets.update | assets-admin , assets-editor |
assets.delete | assets-admin , assets-editor |
assets.approve | assets-admin |
remotes.create | assets-admin |
remotes.read | assets-admin , assets-editor , assets-viewer |
remotes.update | assets-admin |
remotes.delete | assets-admin |
File-type viewers
Built into the Automation assets is support for viewers corresponding to different file types. Files are automatically opened in their associated viewer when selected from either the scroll view or the assets table.
![Asset code](images/asset_homepage.png)
All nonbinary text files have an option to view the associated text underlying the file. If the asset type does not have additional viewer support, the default text viewer is presented. However, if there is additional viewer support, the text view can be opened by clicking the Code button.
These asset types have additional support:
Open API - Explore the details of an Open API specification asset stored in the repository. Click any particular call to see further details. Click Code to see the actual code.
JSON Schema - Explore the details of a JSON schema by selecting a particular field. Click Code to see the actual code.
Designer API Implementation and Designer Event Driven Flow - The viewer lets you review the contents of the given asset and it also presents cards presenting either the API or the event connections between different triggers.
PDF - The visualizer lets you to review the contents of a PDF file.
Image - The image viewer lets you to view image files, provided they are of one of the supported types listed above.
Avro Schema - The visualizer validates webhook configurations so you can review JSON records for Avro schemas.
Robotic Process Automation Bot - The visualizer lets you to see the associated contents of the Robotic Process Automation Bot.
Custom Resource Asset Types - Store and reuse custom resources for CP4I components to streamline configuration and deployment.
Remotes
The Automation assets can include assets in a remote Git repository. Any Git implementation can be used, as long as it supports one of the following:
No authorization
SSH key authorization
Assets stored in a remote repository are read-only.
Click Remotes on the Automation assets. The Remote listing page opens.
To add a new remote repository, click Create Remote. A blank configuration page opens. Complete the fields as needed. The Git URL is automatically tested.
![Automation assets config](images/asset_new_remote_filled.png)
Sync Options
When creating a remote you can select the interval at which remotes are synchronised. This can be done by selecting the dropdown menu under the Automatic sync options
tab, and select from one of the possible intervals.
![Sync Options](images/asset_remotes_new_snyc_options.png)
Branch Selector
After adding the remote URL, you can select a remote branch by selecting the branch from the drop down menu under the Branch
label.
![Branch Selector](images/asset_remotes_new_branch_dropdown.png)
Type Selector
When creating a remote, you can select which type of assets are imported from that remote by selecting one of the supported asset types in the Asset types to synchronize
section.
![Type Selector](images/asset_remotes_new_completed.png)
SSH Key Auth
You can use an SSH key to access the remote repository. To use SSH, complete these steps:
Set Use SSH authentication to on to turn on SSH authentication.
Copy the key presented in the dialog.
Configure your Git repository to use the copied key. For Github, see Github help.
Set the Git URL to the correct address. For a Github repository, this address begins with
git@github.com
.Click Create Remote. Once the synchronization completes, the new remote is listed.
The Automation assets automatically resynchronizes with the remote repository at the interval you set, at the point of adding the remote. Click the Edit icon to set the synchronization interval.
Employing user-supplied keys
You can employ user-supplied SSH keys rather than the default. Complete the following steps to use your own keys:
Locate or generate the SSH keys you want to use. This must be an RSA key, with no newline or whitespace characters.
Make sure the remote repository is configured to use this keypair.
Log in to the cluster using the oc login command.
Change to the namespace used for the Automation assets.
Edit the secret containing the Automation assets keypair.
oc edit secret <instance name>-ibm-integration-asset-repository-ssh-keypair
Set
data:id_rsa
to the base 64 encoded private key anddata:id_rsa.pub
to the base 64 encoded public key.Enable the secret changes to take effect with the following command:
oc scale deployment/<instance name>-ibm-integration-asset-repository-api --replicas=0 oc scale deployment/<instance name>-ibm-integration-asset-repository-api --replicas=3
If you configured Automation assets to automatically synchronize with the remote repository, complete these additional steps:
Click Remotes to see the list of available remote repositories.
Click the Edit icon (pencil icon) for the remote you need to edit.
Select
Never
in the Automatic sync options field.Click Edit Remote. The page with the list of available remotes opens.
Click the
 Edit icon for the remote you want to edit.
Select the previously set value in the Automatic sync options field.
Click Edit Remote. The page with the list of available remotes opens.
The new keys are now used. Repeat this process for each remote you want to use new keypairs.
Marking assets as approved
Administrators can mark automation assets as approved. Use this feature to indicate to other users that an asset is approved according to criteria you determine, such as rules from your organization.
Approved assets are marked in the Browse Assets tab with an Approved label or with a checkmark icon in the asset table. You can also filter the assets shown using the Show only approved assets switch.
![Screenshot of the Automation assets page, showing the Approved label and checkmark icon](images/asset_homepage_approve_asset.png)
You can mark assets as approved in the following ways:
When you add an individual asset. In the Add asset page, upload the asset, then set the Mark as approved switch to On.
When you create or edit a remote asset repository. In the Create remote or Edit remote page, set the Mark assets synced from this remote as approved switch to On. This switch applies to all assets that you later import from this repository.
After you add or import an asset. In the Browse Assets tab, find the card for the asset, click the overflow (Options) menu in the card, then click Mark as approved. Alternatively, click the asset in the table to open it, then set the Mark as approved switch to On.
These switches and menu options are disabled if you do not have the assets.admin
role.
![Screenshot of an asset with the Mark as approved toggle](images/asset_view_approve_asset.png)
![Screenshot of the Edit remote page, showing the Mark assets synced from this remote as approved toggle](images/asset_remotes_approved_assets.png)
AI-powered asset recommendations
Automation assets provides an AI-powered recommendations feature using Watson natural language processing (NLP) within Designer to provide recommendations from templates that are stored within Automation assets. You can describe your intent by using English natural language, and Watson Insights is used to recommend up to three matching templates that are the best semantic matches for your utterance.
When the feature is enabled, your Automation assets instance includes an auto-created remote that contains App Connect templates. The remote and templates cannot be deleted; they can only be removed if the feature is disabled.
Learn more about the asset recommendations feature in Designer in the App Connect documentation.
Enable AI-powered features for use with Designer
When creating an Automation assets instance, you can enable the Designer AI-powered features. To do so, either set the spec.designerAIFeatures.enabled
value to true
directly in the Automation assets CR, or select one of the sample "with AI enabled" tiles in Platform UI, as shown:
![Automation assets with AI enabled tiles](images/asset_nlp_tile.png)
Learn more about AI features in the App Connect documentation.
After you've created your instance, you can also choose to enable the feature by editing the Automation assets CR to set the spec.designerAIFeatures.enabled
value. Use the advanced options to specify the NLP image and the associated replica count and resource defaults.
![Enable Designer AI features](images/asset_nlp_setup.png)
If you are enabling the AI-powered features in an air-gapped environment, you must update the auto-created remote URL to point to a clone of the App Connect templates Git repository that is hosted on the air-gapped network.
Disabling the AI-powered features
To create or use Automation assets without making asset recommendations available in Designer, ensure that the spec.designerAIFeatures.enabled
value is set to false
in the Automation assets CR. You can use the OpenShift web console, OpenShift CLI, or Platform UI to make this update.
Supported file types
To prevent the upload of malicious files, only the following file types are supported in Automation assets:
Any non-binary text file
Code files:
.json
,.yaml
,.yml
,.avsc
,.wal
Text files:
.zip
,.pdf
Images:
.svg
,.png
,.jpg
,.webp
,.bmp
,.gif
,.avif
Advanced configuration options
To configure the advanced options, log in to the Platform UI. Click Edit on a deployed instance of automation assets, and then click YAML.
Use the following table for reference.
Available options:
Field name | Description |
---|---|
Designer AI features | Flag to enable AI-powered asset recommendations. |
Automation assets NLP image | Use a custom image for the Automation assets NLP container. |
Automation assets API image | The Docker registry location for pulling the Automation assets API image |
Automation assets UI image | The Docker registry location for pulling the Automation assets UI image |
Automation assets CouchDB image | The Docker registry location for pulling the Automation assets CouchDB image |
Image pull policy | Configure whether you want images to be pulled every time, only if they're not present, or never |
Image pull secrets | Configure the secret used for pulling images. If you're using the Entitled Registry and have created a secret for that, you should use that secret here. |
Replicas | Number of replicas that each service has. The default is 3. Tip: Couch replicas are fixed during the first installation of your Automation assets. Changes to replicas after installation will only affect the UI and API services. |
Annotations | Additional annotations to be added to Automation assets pods. |
Node Selector | If you wish to assign the pods to a subset of the nodes of your cluster, you can use multiple Node Selectors. For more information, see Assigning Pods to Nodes in the Kubernetes documentation. Note: This setting only applies to Automation assets UI and API pods. CouchDB pods aren't affected. |
Resources | Use the Resources section to override the default resource request and limit values. You can set limit and request values for the Automation assets API, UI, NLP and CouchDB pods. Any values not configured here default to the values listed in "Default values:". For more information about request and limit values, see Requests and limits in the Kubernetes documentation. Important: For a given resource, if you set the request, you must also set the limit, and if you want to set the limit, you must also set the request. CouchDB search and management values are now deprecated and have no effect. To increase the resources available to the CouchDB container, use the "CouchDB db" resource values. Default values: The following values are the defaults for each resource. The request and limit values are the same for each resource. Important: You cannot create an Automation assets with values smaller than the following: Automation assets API CPU: 200m . Automation assets API Memory: 150Mi .Automation assets UI CPU: 200m . Automation assets UI Memory: 150Mi . CouchDB DB CPU: 300m . CouchDB DB Memory: 700Mi |
To disable runtime checks, add the annotation com.ibm.cp4i/disable-webhook-runtime-checks: true
to the Automation assets YAML:
metadata:
annotations:
com.ibm.cp4i/disable-webhook-runtime-checks: true
Storing and managing templates of instances
For information on how to create and import templates that other users can use to create instances, see the "Creating a new template from an existing template" section in Using the Platform UI.
Troubleshooting
For information about known issues, workarounds, and troubleshooting information, see Known Limitations.
You try to set up the default remote created with the Designer AI feature enabled, and it doesn't work automatically.
If you are seeing an issue with the IBM App Connect templates remote not working automatically after you have enabled the Designer AI feature, you need to either allow the cluster environment you are using to access
github.com
or clone the repository (https://github.com/ot4i/app-connect-templates/tree/cp4i-templates
) and host it on another git provider that is accessible from the cluster.