- An instance of IBM Cloud Certificate Manager
- Account in Akamai
Note: Before you can work with DNS records in Akamai, make sure to request appropriate access permissions from the account owner.
- Clone the sample code
git clone https://github.com/ibm-cloud-security/certificate-manager-domain-validation-cloud-function-sample
- Enter the
AkamaiSmaple
directory
cd AkamaiSample/
- Install the package
npm install package-lock.json
- Compress the content
zip -r action.zip *
-
Follow this doc to install the CLI and plug-in, https://cloud.ibm.com/docs/openwhisk?topic=openwhisk-cli_install
-
Login IBM cloud
ibmcloud login --sso
- Create a new namespace
ibmcloud fn namespace create DNSCertManagerNS
- Target to the new namespace
ibmcloud fn namespace target DNSCertManagerNS
- Create a cloud function action and upload the sample code
ibmcloud fn action create AkamaiCertManagerAction action.zip --kind nodejs:12
And you can also update the code with this cmd:
ibmcloud fn action update AkamaiCertManagerAction action.zip --kind nodejs:12
Select Parameters from the sidebar, and add the following:
1. `allowedCertificateManagerCRNs` - a JSON Object containing a list of Certificate Manager instances that are allowed to invoke this function.
Apply it in order to protect your cloud function from being invoked by unauthorized clients.
E.g. `{"crn:v1:bluemix:public:cloudcerts:us-south:a....":true,"crn:v1:bluemix:public:cloudcerts:eu-de:a...":true}`
* Find your Certificate Manager instance CRN from the Settings sidebar item
* Or from CLI: `ibmcloud resource service-instance [INSTANCE NAME]`, grab the `ID` value
2. `cmRegion` - your Certificate Manager service instance region value. Can be one of: `us-south`, `eu-gb`, `eu-de`, `jp-tok`
E.g. `"us-south"`
3. `host` - The Akamai API endpoint hostname. (Get from Akamai client credential)
4. `client_token` - The client token for Akamai API calling. (Get from Akamai client credential)
5. `client_secret` - The client secret for Akamai API calling. (Get from Akamai client credential)
6. `access_token` - The access token for Akamai API calling. (Get from Akamai client credential)
* Refer to [this guidance](https://developer.akamai.com/api/getting-started#authsetup) to create the Akamai client credential for API calling.