Author: Kishori Patil
Content
- For authentication you can use Anypoint platform credentials but instead of storing your anypoint credentials you can make use of connected apps. Connected apps help users delegate their access without sharing sensitive credentials or giving full control of their accounts to third parties. The Connected Apps feature enables to use secure authentication protocols and control an app’s access to user data. In this blog we will see how to create connected apps for your CI/CD implementation and how to use connected apps to configure your settings.xml and pom.xml.
Setup
Create Connected App for CI/CD at Anypoint platform:
- To create connected apps go to Anypoint platform > Access management > Connected apps > Create app.
- Give name to your App and Select App acts on its own behalf (client credentials).
- Now we will also have to select scopes for this application. For CI/CD ,we need an Exchange Administrator or the Exchange Contributor scope as well as we need access to a runtime manager to create and read an application and manage the settings of the application deployed. You can give permission to specific environments as per your requirements.
- Then click on Save and copy the Client ID and Client secret of the connected application as for connected application authentication we need them.
Setup pom.xml:
- Add below plugin in build tag of pom.xml of your project for CloudHub deployment using connected apps:
<plugin>
<groupId>org.mule.tools.maven</groupId>
<artifactId>mule-maven-plugin</artifactId>
<version>${mule.maven.plugin.version}</version>
<extensions>true</extensions>
<configuration>
<cloudHubDeployment>
<uri>${anypoint.uri}</uri>
<muleVersion>${mule.version}</muleVersion>
<connectedAppClientId>${cloudhub.user}</connectedAppClientId>
<connectedAppClientSecret>${cloudhub.password}</connectedAppClientSecret>
<connectedAppGrantType>client_credentials</connectedAppGrantType>
<applicationName>${project.artifactId}${env.suffix}</applicationName>
<environment>${env.name}</environment>
<workerType>${cloudhub.workerType}</workerType>
<workers>${cloudhub.workerCount}</workers>
<region>${cloudhub.region}</region>
<objectStoreV2>true</objectStoreV2>
<persistentQueues>false</persistentQueues>
<artifact>${artifact}</artifact>
<properties>
<mule.env>${mule.env}</mule.env> <mule.encryptionKey>${mule.encryptionKey}</mule.encryptionKey> <anypoint.platform.client_id>${env.client.id}</anypoint.platform.client_id> <anypoint.platform.client_secret>${env.client.secret}</anypoint.platform.client_secret> <anypoint.platform.config.analytics.agent.enabled>${anypoint.monitoring}</anypoint.platform.config.analytics.agent.enabled>
</properties>
</cloudHubDeployment>
<classifier>mule-application</classifier>
</configuration>
</plugin>
Setup settings.xml:
- In settings.xml ,add the following to the servers section of your settings.xml . One for your nexus repo and one to use connected application authentication.
<server>
<id>nexux-ee</id>
<username>YOUR_NEXUX_ID</username>
<password>YOUR_NEXUX_PASSWORD</password>
</server>
<server>
<id>anypoint-exchange-v2</id>
<username>~~~Client~~~</username>
<password>CONNECTED_APP_CLIENT_ID~?~CONNECTED_APP_CLIENT_SECRET</password>
</server>
- Then make a mule profile and add following section in repository tag and replace the ORGANIZATION_ID with your Organization ID:
<repository>
<id>anypoint-exchange-v2</id>
<name>Exchange Repository</name>
<url>https://maven.anypoint.mulesoft.com/api/v2/organizations/ORGANIZATION_ID/maven</url>
<layout>default</layout>
</repository>
<repository>
<id>nexux-ee</id>
<name>nexux-ee</name>
<url>https://repository.mulesoft.org/nexus-ee/content/repositories/releases-ee/</url>
<layout>default</layout>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
- Also add mule public, release ,release-ee and public repositories in Standard repository and also in pluginRepository
Upload settings.xml in Azure:
- Login to your azure account and goto project > pipelines > library . Click on secure files > +secure file.
- Browse the file and add that file as a secure file in the library.
Reference Links:
- https://docs.mulesoft.com/mule-runtime/3.5/configuring-maven-pom-files-and-settings
- https://docs.mulesoft.com/access-management/connected-apps-overview
- https://docs.mulesoft.com/mule-runtime/4.3/mmp-concept
