diff --git a/.github/workflows/check-links.yml b/.github/workflows/check-links.yml index 2ea6949..ed4cf1c 100644 --- a/.github/workflows/check-links.yml +++ b/.github/workflows/check-links.yml @@ -1,25 +1,16 @@ -name: Check Markdown links -#on: -# push: -# branches: -# - master -# pull_request: -# branches: [master] +name: 'Check Markdown Links with linkspector' on: push jobs: - markdown-link-check: + check-links: + name: runner / linkspector runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: technote-space/get-diff-action@v6 + - name: Run linkspector + uses: umbrelladocs/action-linkspector@v1 with: - PATTERNS: | - **/**.md - - - uses: gaurav-nelson/github-action-markdown-link-check@v1 - with: - use-quiet-mode: 'yes' - use-verbose-mode: 'yes' - config-file: '.md_check_config.json' + fail_on_error: true + filter_mode: nofilter + show_stats: true diff --git a/.linkspector.yml b/.linkspector.yml new file mode 100644 index 0000000..9e6807c --- /dev/null +++ b/.linkspector.yml @@ -0,0 +1,18 @@ +files: + - README.md +dirs: + - ./ +ignorePatterns: + - pattern: '^https://mynicecompany.com/.*$' + - pattern: '^https://odm.*$' + - pattern: '^https://localhost*$' + - pattern: '^https://dummyUrl$' + - pattern: '^https://cognito-idp.COGNITO_REGION.amazonaws.com/COGNITO_USER_POOL_ID/.*$' +replacementPatterns: + - pattern: "https://www.ibm.com/docs" + replacement: 'https://ibmdocs-test.dcs.ibm.com/docs' +aliveStatusCodes: + - 200 + - 206 + - 429 +useGitIgnore: true \ No newline at end of file diff --git a/authentication/AzureAD/README_WITH_CLIENT_SECRET.md b/authentication/AzureAD/README_WITH_CLIENT_SECRET.md index 3bf2c1f..f2dc29f 100644 --- a/authentication/AzureAD/README_WITH_CLIENT_SECRET.md +++ b/authentication/AzureAD/README_WITH_CLIENT_SECRET.md @@ -2,7 +2,7 @@ -- [Set up a Microsoft Entra ID application using a client secret](#set-up-an-microsoft-entra-id-application-using-a-client-secret) +- [Set up a Microsoft Entra ID application using a client secret](#set-up-a-microsoft-entra-id-application-using-a-client-secret) - [Deploy ODM on a container configured with Microsoft Entra ID Part 2](#deploy-odm-on-a-container-configured-with-microsoft-entra-id-part-2) - [Prepare your environment for the ODM installation](#prepare-your-environment-for-the-odm-installation) - [Create a secret to use the Entitled Registry](#create-a-secret-to-use-the-entitled-registry) @@ -24,7 +24,7 @@ -1. Create the *ODM application*. +## 1. Create the *ODM application*. In **Microsoft Entra Id** / **Manage** / **App registration**, click **New Registration**: @@ -34,7 +34,7 @@ ![New Web Application](images/RegisterApp.png) -2. Retrieve Tenant and Client information. +## 2. Retrieve Tenant and Client information In **Microsoft Entra Id** / **Manage** / **App Registration**, select **ODM Application** and click **Overview**: @@ -43,7 +43,7 @@ ![Tenant ID](images/GetTenantID.png) -3. Generate an OpenID client secret. +## 3. Generate an OpenID client secret. In **Microsoft Entra Id** / **Manage** / **App registrations**, select **ODM Application**: @@ -56,7 +56,7 @@ >Important: This client secret can not be revealed later. If you forgot to take note of it, you'll have to create another one. -4. Add Claims. +## 4. Add Claims. In **Microsoft Entra Id** / **Manage** / **App registrations**, select **ODM Application**, and in **Manage / Token Configuration**: @@ -81,7 +81,7 @@ * Check Security Groups * Click Add -5. Create a custom claim named "identity" +## 5. Create a custom claim named "identity" To allow ODM rest-api to use the password flow with email as user identifier and the client-credentials flow with client_id as user identifier, we need to create a new claim named "identity" that will take the relevant value according to the flow: @@ -95,7 +95,7 @@ 2. User Type: Members / Scoped Groups: 0 / Source: Attribute / Value: user.mail * Click Save -6. API Permissions. +## 6. API Permissions. In **Microsoft Entra Id** / **Manage** / **App Registration**, select **ODM Application**, and then click **API Permissions**. @@ -107,7 +107,7 @@ * Don't forget to **Grant Admin Consent for Default Directory** on these API permissions -7. Manifest change. +## 7. Manifest change. In **Microsoft Entra Id** / **Manage** / **App Registration**, select **ODM Application**, and then click **Manifest**. @@ -126,7 +126,7 @@ Then, click Save. -8. Check the configuration. +## 8. Check the configuration. Download the [azuread-odm-script.zip](azuread-odm-script.zip) file to your machine and unzip it in your working directory. This .zip file contains scripts and templates to verify and set up ODM. @@ -277,9 +277,9 @@ ``` Where: - - *TENANT_ID* and *CLIENT_ID* have been obtained from [previous step](#retrieve-tenant-and-client-information) + - *TENANT_ID* and *CLIENT_ID* have been obtained from [previous step](#2-retrieve-tenant-and-client-information) - *CLIENT_SECRET* is listed in your ODM Application, section **General** / **Client Credentials** - - *GROUP_ID* is the identifier of the ODM Admin group created in a [previous step](#manage-group-and-user) (ID of the group named *odm-admin*) + - *GROUP_ID* is the identifier of the ODM Admin group created in a [previous step](README.md#manage-groups-and-users) (ID of the group named *odm-admin*) - *SSO_DOMAIN* is the domain name of your SSO. If your AzureAD is connected to another SSO, you should add the SSO domain name in this parameter. If your user has been declared as explained in step **Create at least one user that belongs to this new group**, you can omit this parameter. The following four files are generated into the `output` directory: @@ -377,7 +377,7 @@ You can now install the product. We will use the PostgreSQL internal database an #### b. Installation using Ingress Refer to the following documentation to install an NGINX Ingress Controller on: - - [Microsoft Azure Kubernetes Service](../../platform/azure/README.md#create-a-nginx-ingress-controller) + - [Microsoft Azure Kubernetes Service](../../platform/azure/README-NGINX.md) - [Amazon Elastic Kubernetes Service](../../platform/eks/README-NGINX.md) - [Google Kubernetes Engine](../../platform/gcloud/README_NGINX.md) @@ -472,7 +472,7 @@ You can now install the product. We will use the PostgreSQL internal database an ### Access the ODM services -Well done! You can now connect to ODM using the endpoints you got [earlier](#register-the-odm-redirect-url) and log in as an ODM admin with the account you created in [the first step](#manage-group-and-user). +Well done! You can now connect to ODM using the endpoints you got [earlier](#register-the-odm-redirect-urls) and log in as an ODM admin with the account you created in [the first step](README.md#manage-groups-and-users). ### Set up Rule Designer @@ -552,7 +552,7 @@ curl -H "Content-Type: application/json" -k --data @payload.json \ # Troubleshooting -If you encounter any issue, have a look at the [common troubleshooting explanation](../README.md#Troubleshooting) +If you encounter any issue, have a look at the [common troubleshooting explanation](../README.md#troubleshooting) # License diff --git a/authentication/AzureAD/README_WITH_PRIVATE_KEY_JWT.md b/authentication/AzureAD/README_WITH_PRIVATE_KEY_JWT.md index a83513b..e416a6f 100644 --- a/authentication/AzureAD/README_WITH_PRIVATE_KEY_JWT.md +++ b/authentication/AzureAD/README_WITH_PRIVATE_KEY_JWT.md @@ -30,7 +30,7 @@ For additional information regarding the implement in Liberty, please refer to t -1. Create the *ODM application*. +## 1. Create the *ODM application*. In **Microsoft Entra Id** / **Manage** / **App registration**, click **New Registration**: @@ -40,7 +40,7 @@ For additional information regarding the implement in Liberty, please refer to t ![New Web Application](images/RegisterApp.png) -2. Retrieve Tenant and Client information. +## 2. Retrieve Tenant and Client information In **Microsoft Entra Id** / **Manage** / **App Registration**, select **ODM Application** and click **Overview**: @@ -49,7 +49,7 @@ For additional information regarding the implement in Liberty, please refer to t ![Tenant ID](images/GetTenantID.png) -3. Register a public certificate. +## 3. Register a public certificate. To manage private key JWT authentication, you need a private certificate (.key file) and a public certificate (.crt file), which should be registered on the ODM client side (RP) application. On the Microsoft Entra ID (OP) side, you are required to register the public certificate. @@ -71,7 +71,7 @@ For additional information regarding the implement in Liberty, please refer to t * Description: `For ODM integration` * Click **Add** -4. Add Claims. +## 4. Add Claims. In **Microsoft Entra Id** / **Manage** / **App registrations**, select **ODM Application**, and in **Manage / Token Configuration**: @@ -96,7 +96,7 @@ For additional information regarding the implement in Liberty, please refer to t * Check **Security Groups** * Click **Add** -5. Create a custom claim named "identity" +## 5. Create a custom claim named "identity" To enable the ODM REST API to use both the 'Password Credentials' flow with email as the user identifier and the 'Client Credentials' flow with client_id as the user identifier, we must establish a new claim named "identity" that will dynamically capture the appropriate value based on the chosen flow: In **Microsoft Entra Id** / **Manage** / **Enterprise applications**, select **ODM Application**, and in **Manage / Single sign-on**: @@ -108,13 +108,13 @@ For additional information regarding the implement in Liberty, please refer to t 1. User Type: Any / Scoped Groups: 0 / Source: Attribute / Value: 2. User Type: Members / Scoped Groups: 0 / Source: Attribute / Value: user.mail -6. API Permissions. +## 6. API Permissions. In **Microsoft Entra Id** / **Manage** / **App Registration**, select **ODM Application**, and then click **API Permissions**. * Click **Grant Admin Consent for ** -7. Manifest change. +## 7. Manifest change. In **Microsoft Entra Id** / **Manage** / **App Registration**, select **ODM Application**, and then click **Manifest**. @@ -203,8 +203,8 @@ For additional information regarding the implement in Liberty, please refer to t ``` Where: - - *TENANT_ID* and *CLIENT_ID* have been obtained from [previous step](#retrieve-tenant-and-client-information) - - *GROUP_ID* is the identifier of the ODM Admin group created in [Manage groups and users](README.md#manage-group-and-user) (*ID of `odm-admin`*) + - *TENANT_ID* and *CLIENT_ID* have been obtained from [previous step](#2-retrieve-tenant-and-client-information) + - *GROUP_ID* is the identifier of the ODM Admin group created in [Manage groups and users](README.md#manage-groups-and-users) (*ID of `odm-admin`*) - *SSO_DOMAIN* is the domain name of your SSO. If your AzureAD is connected to another SSO, you should add the SSO domain name in this parameter. If your user has been declared as explained in step **Create at least one user that belongs to this new group**, you can omit this parameter. The following four files are generated into the `outputPKeyJWT` directory: @@ -268,7 +268,7 @@ You can now install the product. We will use the PostgreSQL internal database an #### b. Installation using Ingress Refer to the following documentation to install an NGINX Ingress Controller on: - - [Microsoft Azure Kubernetes Service](../../platform/azure/README.md#create-a-nginx-ingress-controller) + - [Microsoft Azure Kubernetes Service](../../platform/azure/README-NGINX.md) - [Amazon Elastic Kubernetes Service](../../platform/eks/README-NGINX.md) - [Google Kubernetes Engine](../../platform/gcloud/README_NGINX.md) @@ -371,7 +371,7 @@ You can now install the product. We will use the PostgreSQL internal database an ### Access the ODM services -Well done! You can now connect to ODM using the endpoints you got [earlier](#register-the-odm-redirect-url) and log in as an ODM admin with the account you created in ['manage groups and users' in the first article](README.md#manage-group-and-user). +Well done! You can now connect to ODM using the endpoints you got [earlier](#register-the-odm-redirect-urls) and log in as an ODM admin with the account you created in ['manage groups and users' in the first article](README.md#manage-groups-and-users). ### Set up Rule Designer @@ -466,7 +466,7 @@ curl -H "Content-Type: application/json" -k --data @payload.json \ # Troubleshooting -If you encounter any issue, have a look at the [common troubleshooting explanation](../README.md#Troubleshooting) +If you encounter any issue, have a look at the [common troubleshooting explanation](../README.md#troubleshooting) # License diff --git a/authentication/Cognito/README.md b/authentication/Cognito/README.md index 35c6a74..9b2e019 100644 --- a/authentication/Cognito/README.md +++ b/authentication/Cognito/README.md @@ -2,6 +2,7 @@ +- [Configuration of ODM with Amazon Cognito](#configuration-of-odm-with-amazon-cognito) - [Introduction](#introduction) - [What is Amazon Cognito?](#what-is-amazon-cognito) - [About this task](#about-this-task) @@ -13,18 +14,19 @@ - [Create an ODM Admin Group](#create-an-odm-admin-group) - [Add the created user to the odm-admin group](#add-the-created-user-to-the-odm-admin-group) - [Create a dedicated App client for the client-credentials flow](#create-a-dedicated-app-client-for-the-client-credentials-flow) - - [Create A custom claim](#create-a-custom-claim) + - [Create a custom claim](#create-a-custom-claim) - [Deploy ODM on a container configured with Cognito Part 2](#deploy-odm-on-a-container-configured-with-cognito-part-2) - - [Create a secret to use the Entitled Registry](#create-a-secret-to-use-the-entitled-registry) - - [Create secrets to configure ODM with Cognito](#create-secrets-to-configure-odm-with-cognito) + - [Prepare your environment for the ODM installation](#prepare-your-environment-for-the-odm-installation) + - [Create a secret to use the Entitled Registry](#create-a-secret-to-use-the-entitled-registry) + - [Create secrets to configure ODM with Cognito](#create-secrets-to-configure-odm-with-cognito) - [Install your ODM Helm release](#install-your-odm-helm-release) - - [Add the public IBM Helm charts repository](#add-the-public-ibm-helm-charts-repository) - - [Check that you can access the ODM chart](#check-that-you-can-access-the-odm-chart) - - [Run the helm install command](#run-the-helm-install-command) + - [Add the public IBM Helm charts repository](#1-add-the-public-ibm-helm-charts-repository) + - [Check that you can access the ODM chart](#2-check-that-you-can-access-the-odm-chart) + - [Run the helm install command](#3-run-the-helm-install-command) - [a. Installation on OpenShift using Routes](#a-installation-on-openshift-using-routes) - [b. Installation using Ingress](#b-installation-using-ingress) - [Complete post-deployment tasks](#complete-post-deployment-tasks) - - [Register the ODM redirect URLs](#register-the-odm-redirect-urls) + - [Register the ODM redirect URL](#register-the-odm-redirect-url) - [Access the ODM services](#access-the-odm-services) - [Set up Rule Designer](#set-up-rule-designer) - [Getting Started with IBM Operational Decision Manager for Containers](#getting-started-with-ibm-operational-decision-manager-for-containers) @@ -492,7 +494,6 @@ In the **Container software library** tile, verify your entitlement on the **Vie ## Install your ODM Helm release - ### 1. Add the public IBM Helm charts repository ```shell @@ -529,7 +530,7 @@ In the **Container software library** tile, verify your entitlement on the **Vie #### b. Installation using Ingress Refer to the following documentation to install an NGINX Ingress Controller on: - - [Microsoft Azure Kubernetes Service](../../platform/azure/README.md#create-a-nginx-ingress-controller) + - [Microsoft Azure Kubernetes Service](../../platform/azure/README-NGINX.md) - [Amazon Elastic Kubernetes Service](../../platform/eks/README-NGINX.md) - [Google Kubernetes Engine](../../platform/gcloud/README_NGINX.md) @@ -686,7 +687,7 @@ curl -k --data @payload.json \ # Troubleshooting -If you encounter any issue, have a look at the [common troubleshooting explanation](../README.md#Troubleshooting) +If you encounter any issue, have a look at the [common troubleshooting explanation](../README.md#troubleshooting) # License diff --git a/authentication/Okta/README.md b/authentication/Okta/README.md index 31938a7..7d19b58 100644 --- a/authentication/Okta/README.md +++ b/authentication/Okta/README.md @@ -262,12 +262,12 @@ In this step, we augment the token with meta-information that is required by the ### Create secrets to configure ODM with Okta -1. Retrieve Okta Server information. +#### 1. Retrieve Okta Server information. From the Okta console, in **Security** / **API** / **default** / **Settings** : - Note the *OKTA_SERVER_NAME* which is the **Okta domain** in the **Issuer** (similar to *\.okta.com*). -2. Create a secret with the Okta Server certificate. +#### 2. Create a secret with the Okta Server certificate. To allow ODM services to access the Okta Server, it is mandatory to provide the Okta Server certificate. You can create the secret as follows: @@ -277,7 +277,7 @@ In this step, we augment the token with meta-information that is required by the kubectl create secret generic okta-secret --from-file=tls.crt=okta.crt ``` -3. Generate the ODM configuration file for Okta. +#### 3. Generate the ODM configuration file for Okta. The [script](generateTemplate.sh) allows you to generate the necessary configuration files. You can download the [okta-odm-script.zip](okta-odm-script.zip) .zip file to your machine. This .zip file contains the [script](generateTemplate.sh) and the content of the [templates](templates) directory. @@ -289,13 +289,14 @@ In this step, we augment the token with meta-information that is required by the Where: - Both *OKTA_CLIENT_ID* and *OKTA_CLIENT_SECRET* are listed in your ODM Application, section **Applications** / **Applications** / **ODM Application** / **General** / **Client Credentials** - - *OKTA_SERVER_NAME* has been obtained from [previous step](#retrieve-okta-server-information) - - *OKTA_ODM_GROUP* is the ODM Admin group we created in a [previous step](#manage-group-and-user) (*odm-admin*) + - *OKTA_SERVER_NAME* has been obtained from [previous step](#1-retrieve-okta-server-information) + - *OKTA_ODM_GROUP* is the ODM Admin group we created in a [previous step](#manage-groups-and-users) (*odm-admin*) - *OKTA_API_SCOPE* has been defined [above](#configure-the-default-authorization-server) (*odmapiusers*) + The files are generated into the `output` directory. -4. Create the Okta authentication secret. +#### 4. Create the Okta authentication secret. ``` kubectl create secret generic okta-auth-secret \ @@ -462,7 +463,7 @@ But if you want to execute a bearer authentication ODM runtime call using the Cl # Troubleshooting -If you encounter any issue, have a look at the [common troubleshooting explanation](../README.md#Troubleshooting) +If you encounter any issue, have a look at the [common troubleshooting explanation](../README.md#troubleshooting) # License diff --git a/platform/gcloud/README.md b/platform/gcloud/README.md index 3fabfc2..525e187 100644 --- a/platform/gcloud/README.md +++ b/platform/gcloud/README.md @@ -48,17 +48,17 @@ Without the relevant billing level, some Google Cloud resources will not be crea -- [Prepare your GKE instance 30 min](#prepare-your-gke-instance-30-min) -- [Create the Google Cloud SQL PostgreSQL instance 10 min](#create-the-google-cloud-sql-postgresql-instance-10-min) -- [Prepare your environment for the ODM installation 10 min](#prepare-your-environment-for-the-odm-installation-10-min) -- [Manage a digital certificate 2 min](#manage-a-digital-certificate-2-min) -- [Install the ODM release 10 min](#install-the-odm-release-10-min) -- [Access ODM services](#access-odm-services) -- [Track ODM usage with the IBM License Service](#track-odm-usage-with-the-ibm-license-service) +- [1. Prepare your GKE instance 30 min](#1-prepare-your-gke-instance-30-min) +- [2. Create the Google Cloud SQL PostgreSQL instance 10 min](#2-create-the-google-cloud-sql-postgresql-instance-10-min) +- [3. Prepare your environment for the ODM installation 10 min](#3-prepare-your-environment-for-the-odm-installation-10-min) +- [4. Manage a digital certificate 2 min](#4-manage-a-digital-certificate-2-min) +- [5. Install the ODM release 10 min](#5-install-the-odm-release-10-min) +- [6. Access ODM services](#6-access-odm-services) +- [7. Track ODM usage with the IBM License Service](#7-track-odm-usage-with-the-ibm-license-service) -### Prepare your GKE instance (30 min) +### 1. Prepare your GKE instance (30 min) Refer to the [GKE quickstart](https://cloud.google.com/kubernetes-engine/docs/quickstart) for more information. @@ -129,7 +129,7 @@ Regions and zones (used below) can be listed respectively with `gcloud compute r kubectl cluster-info ``` -### Create the Google Cloud SQL PostgreSQL instance (10 min) +### 2. Create the Google Cloud SQL PostgreSQL instance (10 min) #### Create the database instance @@ -165,7 +165,7 @@ Where: - `` is the database password (PASSWORD set during the PostgreSQL instance creation above) -### Prepare your environment for the ODM installation (10 min) +### 3. Prepare your environment for the ODM installation (10 min) To get access to the ODM material, you need an IBM entitlement key to pull the images from the IBM Entitled Registry. @@ -210,7 +210,7 @@ NAME CHART VERSION APP VERSION DESCRIPTION ibm-helm/ibm-odm-prod 25.0.0 9.5.0.0 IBM Operational Decision Manager ``` -### Manage a digital certificate (2 min) +### 4. Manage a digital certificate (2 min) #### (Optional) Generate a self-signed certificate @@ -231,7 +231,7 @@ kubectl create secret tls mynicecompany-tls-secret --key mynicecompany.key --cer The certificate must be the same as the one you used to enable TLS connections in your ODM release. For more information, see [Server certificates](https://www.ibm.com/docs/en/odm/9.5.0?topic=servers-server-certificates) and [Working with certificates and SSL](https://docs.oracle.com/cd/E19830-01/819-4712/ablqw/index.html). -### Install the ODM release (10 min) +### 5. Install the ODM release (10 min) #### Install an ODM Helm release @@ -310,7 +310,7 @@ A configuration that uses [BackendConfig](https://cloud.google.com/kubernetes-en ![DecisionCenter session affinity](images/dc_sessionaffinity.png) -### Access ODM services +### 6. Access ODM services In a real enterprise use case, to access the mynicecompany.com domain name, you have to deal with [Google Managed Certificate](https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs) and [Google Cloud DNS](https://cloud.google.com/dns). @@ -345,7 +345,7 @@ We only have to manage a configuration to simulate the mynicecompany.com access. > You can also click the Ingress frontends accessible from the Google Cloud console under the [Kubernetes Engine/Services & Ingress Details Panel](https://console.cloud.google.com/kubernetes/ingresses). > ![Ingress routes](images/ingress_routes.png) -### Track ODM usage with the IBM License Service +### 7. Track ODM usage with the IBM License Service This section explains how to track ODM usage with the IBM License Service. diff --git a/platform/gcloud/README_NGINX.md b/platform/gcloud/README_NGINX.md index b10ae62..2b52524 100644 --- a/platform/gcloud/README_NGINX.md +++ b/platform/gcloud/README_NGINX.md @@ -42,11 +42,11 @@ helm install mycompany ibm-helm/ibm-odm-prod -f gcp-values.yaml \ ### Check the deployment and access ODM services -Refer to the [the main README](README.md#b-check-the-topology) to check the deployment and access the ODM services. +Refer to the [the main README](README.md#check-the-topology) to check the deployment and access the ODM services. ### Deploy and check IBM Licensing Service -Refer to [the main README](README.md#b-check-the-topology) to install IBM Licensing Service, except that you have to apply this updated IBMLicensing instance instead: +Refer to [the main README](README.md#check-the-topology) to install IBM Licensing Service, except that you have to apply this updated IBMLicensing instance instead: ```shell kubectl apply -f licensing-instance-NGINX.yaml -n ibm-licensing