Getting Started with the Red Hat Partner Connect API
What is the Connect API?
The Red Hat Partner Connect API provides Red Hat partners with a REST interface for automating common functions within Red Hat Partner Connect certification use cases. The purpose of this post is to provide partners with an overview of Partner Connect’s API functions and the fundamentals of access and testing. This post is part of a series which is intended to supplement Red Hat’s Partner Guide for OpenShift Operator and Container Certification. Please refer to that guide for Red Hat Certification related processes and information. This post only discusses the version 2 endpoint for the Connect API.
Before You Get Started
Before using the Partner Connect API, your company must first be a Red Hat partner. For further information on joining Red Hat Partner Connect and becoming a Red Hat partner, please refer to this General Program Guide for Partners. Once you’re a Red Hat partner, ensure you can access the OpenShift & Containers zone. Zone membership is automatic for new partners but, in case you’re a partner with an older account, instructions for joining the zone can be found here.
Most resources made available by the Connect API require authorization to use. Using the Partner Connect portal, you can generate API keys here, then record your generated key values as they will only be printed once at the time of generation.
For accessing and testing the Connect API, any clients capable of interacting with a REST interface are acceptable. The curl utility is a tool that is commonly used from the command line. You can refer to this Red Hat sysadmin blog for a detailed post on using curl with APIs. If a GUI is preferred, Postman is a popular option. Installation and usage documentation can be found here.
Now that you have a Partner Connect account and an API key, you are ready to start using the API. Discussed here are commonly used functions that can be used to programmatically perform different steps within the certification process and achieve an automated workflow.
First, it’s important to understand the different queries you can perform to look up data with the Connect API. Technically, these lookups are HTTP GET requests that require bearer authentication in the form of your API key to be presented in an Authorization header as a bearer token. See the example curl command below requesting a project resource using an API key:
$ curl -X GET "https://connect.redhat.com/api/v2/projects/ospid-48654aae-f611-41c8-a967-8b261661c6ea" \ -H "Authorization: Bearer [api key]"
You can request these resources: companies, certification status, projects, tags, vulnerabilities, products, and users. For reference, the complete list of Partner Connect API v2 functions can be found documented here (login required). With these various API resources at your disposal, data can be collected and used to build more advanced use cases. Let’s take a look at some usage examples below.
Example Use Cases
For small certification products, which may only contain a handful of projects (container images and operators), the Partner Connect web interface can be used effectively with minimal effort. However, large products, which may contain tens or hundreds of projects, require more time to create and manage effectively when using the Connect web interface. This is a great use case for using the Connect API. Projects can be automatically and rapidly created using a single API call per project. See the example below of creating a project using Postman:
Another scenario where the Connect API comes in handy is in certification maintenance. Partner certification is a continuous process where container images and operators must be maintained. For example, over time the base images, upon which partner certified products are built, are determined to contain vulnerabilities which need remediation. Similar to traditional RHEL errata which is released asynchronously, Red Hat Universal Base Images (UBI) are updated as security fixes are available. In order to maintain certification, products must be rebuilt using updated base images and pass certification image scans.
In the situation above, the Connect API is here to help automate this process. Consider the following example workflow that can be implemented for automating continuous certification:
- Get a list of current vulnerabilities for a container image
- Build a new image incorporating security fixes
- Tag and upload the new image
- Verify a passing certification scan result
- Publish the new image tag
Combining common API functions, these steps can all be written and incorporated into a partner's build process. We will look at detailed implementations in future posts.
As we’ve seen in this post, the Partner Connect API can be utilized to automate and increase the efficiency of the OpenShift certification process. This post is intended to introduce the fundamental concepts of understanding, accessing, and testing the Connect API. In future posts in this series, we will explore the implementations of certification workflow use cases. Thank you and stay tuned!
See the related article about the Red Hat Partner Connect Automated Build Service.