Can an Identity application be created and configured declaratively (via application configuration)?

Hello,

Background info:
I have a business application A which needs to make API calls to both the Zeebe API as well as the Tasklist API. Both APIs are secured via Identity Authentication.

My approach for authenticating the business application is to create an application entity in Identity, called A. This creates a client ID and a client secret for this application. Then, under “Applications → A → Access to APIs”, I add the Zeebe write permission and the two available Tasklist API permissions.

In my Java application, I use the Zeebe client lib and the Tasklist client lib. When bulding both clients I pass the client ID and client secret of application A. The calls work successfully.

My question:
Is there a way to create the Identity application entity A via configuration? This way the client secret and client ID would be in the Identity configuration as opposed to manually configuring them on each environment?
Also, can the rest of the setup - setting tenants, setting permissions, etc. be done solely via configuration?

Many thanks and kind regards,
bpmnenthusiast

Hi @bpmnenthusiast - are you looking for something like this:

Would you be using Docker, Helm, or something else? Some of these configuration options will be changing with the 8.6 release, because the architecture/packaging of the software is changing, but there should still be support for this type of initialization.

Hello @nathan.loding,

many thanks, this worked great!

I am using Docker Compose for local development and Helm for shared environments. I will then keep an eye on the changed architecture/packaging in 8.6.

One additional question: Is it perhaps possible to create and setup Tenant entities using environment variables similar to these ones? I looked at the docker-compose.yaml file that you had linked but in the initial setup of Identity no tenants are created.

Many thanks and kind regards,
bpmnenthusiast

@bpmnenthusiast - you can!

      IDENTITY_TENANTS_0_NAME: Default
      IDENTITY_TENANTS_0_TENANTID: <default>
      IDENTITY_TENANTS_0_MEMBERS_0_TYPE: APPLICATION
      IDENTITY_TENANTS_0_MEMBERS_0_APPLICATIONID: zeebe

Or in YAML (in the application.yaml file, not Helm):

  tenants:
    - name: Identity Team
      tenantId: identity-team
      members:
        - type: GROUP
          group-name: "Test Group"
        - type: USER
          username: my-demo-user
        - type: APPLICATION
          application-id: test-application

We are working on some docs upgrades to include this information, but I don’t know exactly when that will be published.

Hello @nathan.loding,

this is great! Thanks for the info, looking forward to the upgraded docs.

Kind regards,
bpmnenthusiast

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.