Integration workflow

Hello,

I’m considering how to integrate app runtime hosted application with 3rd party hosted multitenant backend. Could you please share workflow intended by Pantaris architecture?

1. Does runtime/marketplace have possibility to configure app instance before deliver it to the customer? E.g. configure endpoint of 3rd party backend, technical user account?
2. How request between backend service hosted at Pantaris and 3rd party multitenant backend might be authorised (like requests from app backend to Pantaris API is authorised automatically)? Can I use Panataris IAM (https://p2.authz.bosch.com/) to get token for app instance?

3. It looks like I don´t have access to the K8S dashboard of customer project, if I don´t have access to their project. Logically it is ok, but question who is responsible for maintaining their instance and how to configure it during selling process with custom settings.

Hi,

we don’t offer a combination of those two app types yet.

3. It looks like I don´t have access to the K8S dashboard of customer project, if I don´t have access to their project. Logically it is ok, but question who is responsible for maintaining their instance and how to configure it during selling process with custom settings.

You only can access the dashboards of projects, where you are a member as the data belongs to the project. Find details about responsibilities in the documentation: Documentation | PANTARIS

Hi,

How in such case intended to support customer in case of problem? As I understand customer won’t be able to access dashboard as well due to application access rules.

In case of required support, the customer can add you to the project (“grant access”). On the long term, there is an idea to add a dedicated flow for this use case to the platform to make this easier and more powerful (e.g. not person based etc).

And please clarify first two point as well

I’m not sure that customers would be happy to grant access to the project due to confidential aspect

Exactly. That’s why service providers don’t have access by default.

I’m considering how to integrate app runtime hosted application with 3rd party hosted multitenant backend. Could you please share workflow intended by Pantaris architecture?

1. Does runtime/marketplace have possibility to configure app instance before deliver it to the customer? E.g. configure endpoint of 3rd party backend, technical user account?
2. How request between backend service hosted at Pantaris and 3rd party multitenant backend might be authorised (like requests from app backend to Pantaris API is authorised automatically)? Can I use Panataris IAM (https://p2.authz.bosch.com/) to get token for app instance?

Could you please answer on that part of questions?

I already did it ealier:

to be more detailed:

1. only for third party hosted apps: Documentation | PANTARIS
2. I guess the authoriatzion depends on your “3rd party multitenant backend”. There is nothing offered from us unless you stick to 1 app type. Depending on the app type, the authorization is different: See Documentation | PANTARIS

1. Does it mean that we couldn’t configure customer instance for placing special secrets for accessing 3rd party backend?
2. Responsibility is clear. But what the suggested approach to distinguish access from customers instances? If we have same configurations for all instances(couldn’t separate access by credentials) and only able to rely on project id send by customer app explicitly, it isn’t clear how to achieve security aspect here.

1. We don’t offer instance based configuration for standard apps. You could generate a secret based on the context/root certificate or provide a setup screen to the customer to enter a secret, which you provide along the contract or other approaches within the app-containers itself
2. See 1) or choose alternative approaches. Security managers of your product or company can assist you in defining a secure architecture for your usecase

Might be worth to stick to one app type and not combining two hostings, if you want to make things easier.