Skip to content

Self-Service Portals

Integration with Self-Service Portals

There are scenarios where an Internal Developer Portal (IDP) like Backstage, CMDB such as ServiceNow or a custom portal is the preferred self-service frontend interface for developers/data scientists in an organization. In this set-up, the self-service portal can be configured to leverage Rafay APIs to enable developers/data scientists to spin up namespaces, clusters or full stack environments on demand as necessary.

Rafay supports an Assume User facility which makes it easier to integrate Self-service portals such as Backstage. The Self-Service portal can be configured to make API calls leveraging an Organization's Admin API key and adding user/group details as part of the header. This helps with two things:

  • Removes the need to manage API keys on a per user basis on the self-service portal side
  • Ensures that the necessary security related guardrails are in place - Rafay enforces RBAC based on the user/group details included in the header and audit logs captures the specific user details who performed the operation (e.g. creation of a namespace)

The above pattern (Assume User) is only supported with an Org Admin API key and the following headers needed to be included:

X-RAFAY-IMPERSONATE-USER : <user_name>
X-RAFAY-IMPERSONATE-GROUP: <user_group>

Workflow

Examples

EXAMPLE:

Below is a curl example using V3 API (for creating a Rafay GitOps Docker Agent)

curl --location --request POST 'https://console.stage.rafay.dev/apis/gitops.k8smgmt.io/v3/projects/defaultproject/agents' \
--header 'accept: application/json' \
--header 'X-API-KEY: ra2.1603579db8bb61e09b7b2ba33493b8de81dc1bd8.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
--header 'Content-Type: application/yaml' \
--header 'X-RAFAY-IMPERSONATE-USER: testuser@example.co' \
--header 'X-RAFAY-IMPERSONATE-GROUP: Organization Admins' \
--data-raw 'apiVersion: gitops.k8smgmt.io/v3
kind: Agent
metadata:
  name: agent-demo
  project: defaultproject
spec:
  active: true
  type: Docker

Below is a curl example using V2 API (for creating a Rafay GitOps Docker Agent)

curl --location --request POST 'https://console.stage.rafay.dev/v2/config/project/rx28oml/agent' \
--header 'accept: application/json' \
--header 'X-RAFAY-API-KEYID: ra2.1603579db8bb61e09b7b2ba33493b8de81dc1bd8.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
--header 'Content-Type: application/json' \
--header 'X-RAFAY-IMPERSONATE-USER: testuser2@example.co' \
--header 'X-RAFAY-IMPERSONATE-GROUP: Organization Admins' \
--data-raw '{"metadata":{"name":"agent-demo-v2"},"spec":{"agentType":"DockerAgent"}}'