Registry Application

• The Registry is a web application with a basic UI to support a virtual file system.

• It supports HTTP GET, PUT, and DELETE methods, used by Maven, to browse and manipulate data.

• It implements NuGet and NPM REST APIs.

• Access to the application is authorized.

• The Registry stores data in an IBM Cloud Object Storage instance accessed by a dedicated Service ID, which is not exposed to the end user.

• Users are granted access rights by the owner, who manages them in the IAM API Keys dashboard of another dedicated Service ID.

• Access rights are granted for read or write and are subject to directory filtering.

User

Users can configure Maven, NuGet, NPM, or other tools to use the application as a private registry.

Steps to Configure Maven

1. Configure settings.xml

Define repositories and credentials in the settings.xml file, which is typically located in the ${MAVEN_HOME}/conf directory or the ${USER_HOME}/.m2 directory.

Adding Repositories

Add repositories in the profiles section of the settings.xml file. Here’s an example:

<settings>
  <servers>
    <server>
      <id>my-private-repo</id>
      <username>your-username</username>
      <password>your-password</password>
    </server>
  </servers>

  <profiles>
    <profile>
      <id>private-repo-profile</id>
      <repositories>
        <repository>
          <id>my-private-repo</id>
          <url>https://your-private-repo-url/repository/</url>
        </repository>
      </repositories>
    </profile>
  </profiles>

  <activeProfiles>
    <activeProfile>private-repo-profile</activeProfile>
  </activeProfiles>
</settings>

Replace my-private-repo, your-username, your-password, and https://your-private-repo-url/repository/ with your repository ID, credentials, and URL.

2. Deploying Artifacts

To deploy artifacts, use the deploy:deploy-file goal to specify the repository URL and credentials directly in the command line or in a profile.

Here’s an example of how to deploy an artifact using the deploy:deploy-file goal:

mvn deploy:deploy-file -DgroupId=com.example -DartifactId=my-artifact -Dversion=1.0.0
  -Dpackaging=jar -Dfile=path-to-your-artifact.jar
  -DrepositoryId=my-private-repo
  -Durl=https://your-private-repo-url/repository/maven-releases/

3. Using the Private Repository in Other Projects

To use the private repository in other projects, ensure that the settings.xml file on the machines where these projects are built includes the profile with the repository configuration.

Steps to Configure NuGet

1. Add the Private NuGet Source

Use the dotnet nuget add source command to add your private NuGet source. Replace source-name, https://your-private-repo-url/nuget/v3/index.json, your-username, and your-password with your repository name, URL, and credentials.

dotnet nuget add source --name source-name
  --username your-username
  --password your-password
  --store-password-in-clear-text https://your-private-repo-url/nuget/v3/index.json

Owner

Steps to Create and Manage the Registry Application

TL;DR

The following are lengthy steps on the IBM Cloud site to configure and manage a new registry application. If you prefer not to follow detailed instructions, you can use the cloud-setup.sh and manage-users.sh that will do all the work for you.

Detailed Steps

1. Create or select an existing IBM Cloud Object Storage instance (referred to later as CLOUD_OBJECT_STORAGE).

• Cloud Object Storage
  

• Create Instance
  

• Storage Configuration
  

2. Create a new bucket in "Cloud Object Storage"/"Instances"/CLOUD_OBJECT_STORAGE (referred to later as APP_BUCKET).

• Create Bucket
  

• Use Simple Bucket Configuration
  

• Select Bucket Parameters
  

• Mutable Without Versioning
  

• Don't Expose It as a Static Site
  

• If you get lost after creation, go to the Resource List and
  

• Select Storage
  

3. Create a new Service ID (referred to later as APP_USER) that will be used to access Cloud Object Storage and IAM Identity service to validate users. Take note of the ID of APP_USER by clicking "Details".

• Service ID
  

• Create Service ID
  

4. Click API Keys of the APP_USER Service ID, and create an Access Key. Note its name and access key.

• Service ID API Keys
  

• Create API Key
  

• API Key Created
  

5. Assign write access for APP_USER to CLOUD_OBJECT_STORAGE.

• Click "Assign Access" in the Access tab of the Service ID APP_USER
  

• Follow the "Assign Access" wizard and select the CLOUD_OBJECT_STORAGE service
  

• All Resources, and "Writer" Role
  

• Verify, Add, and then assign the access.
  

6. Assign IAM Identity keys inspection to the API_USER.

• Click "Assign Access" in the Access tab of the Service ID APP_USER
  

• Follow the "Assign Access" wizard and select the IAM Identity Service service, All Resources, and "Operator" role or a custom role containing the action iam-identity.apikey.get. Verify, Add, and then assign the access.
  

7. Create another Service ID (referred to later as USERS_CONTAINER) that will be used to create access keys with grants to access the application.

• Create Service ID
  

8. Create a Code Engine project (referred to later as MY_REGISTRY). During project creation, make sure you select the correct project location and a resource group. In general, it should be the same as for CLOUD_OBJECT_STORAGE.

• Cloud Engine Projects
  

• Create Project
  

• Click Create and then follow the project link to go to the project page
  

9. Go to the "Project Settings"/"Integrations"

• to configure service bindings and connect it to a resource group and then to configure "Container Registry" - this is the place where application images are stored
  

10. Inside the MY_REGISTRY project, create a new "service binding" to Cloud Object Storage using the Access Key for APP_USER.

• Service Binding
  

• Select Service
  

• Make sure the service binding prefix is an empty value. During service binding, select APP_USER as the service credential, and verify that the role is Writer.
  

11. Create an application within the project

• Select "Applications" and click "Create"

• Configure the image to build from source, and click "Specify Build Details"

• where you put repository details

• select "Cloud Native Buildpack" build strategy

• Select a registry server (e.g., private.icr.io), select or create a registry secret (e.g., "Code Engine managed secret"), select namespace and define image name

• In the Resources & Scaling section, set "Scale-down delay" to a non-zero value (e.g., 120 seconds).

In the environment variable section, add the following variables:

• APP_BUCKET - with the bucket name.
• APP_USER_SERVICE_ID - with the USERS_CONTAINER.

Create the instance

12. Build and deploy the application image.

• In "Image Builds" of the application, you can see existing build runs
  

• or create a new build
  

• go into the application (notice the "Open URL" link), and
  

• then into configuration and click "Redeploy"
  

  After this step, the application is up and running, so you can open the application URL.

13. The final administrative step is to manage users.

• Go to Access (IAM)
  

• into API Keys of the Service ID USERS_CONTAINER
  

• Create an API Key for a user.
  

• The API key secret should be given to the users.

• Use the Description to configure access rights. It should contain JSON in the format:

{
  "role": "reader or writer or owner", 
  "include": ["glob"],
  "exclude": ["glob"]
}

• If "role" is not specified, then "reader" is assumed.
• If "include" is not specified, then access is permitted to the whole tree; otherwise, only to a subtree matched to some include glob.
• If "exclude" is not specified, then access is not additionally restricted; otherwise, it's restricted to subtrees matched to any exclude glob.
• Other properties are permitted, e.g., "accesskey": "secret" to memorize the API Key secret.

Repeat the last step for all users.

That's all!