Our Site Reliability Guardian & Workflows incorporate the Cloud Automation use cases. As Cloud Automation support will be discontinued on December 31, 2024, we recommend a timely Upgrade from Cloud Automation to Site Reliability Guardian. Please contact your account team for additional information and assistance.
Cloud Automation provides its own API. For details, see Keptn API.
To interact with the Dynatrace Cloud Automation API, you can generate an OAuth 2.0 client
(recommended), or use the Cloud Automation API token
.
You can connect third-party integrations to your Cloud Automation instance. To authenticate the integration, the OAuth 2.0 client credentials flow is used.
Make sure that you trust the integration, verify its developers, and check what kind of information the integration is going to access.
To generate an OAuth 2.0 client
cloudautomation:resources:read
cloudautomation:events:read
cloudautomation:events:write
cloudautomation:logs:write
cloudautomation:integrations:read
cloudautomation:integrations:write
cloudautomation:integrations:delete
cloudautomation:secrets:read
The OAuth 2.0 client
cannot have wider permissions than the user who requested the client.
Authenticate with your client ID and client secret obtained above to retrieve the access token.
curl --location --request POST 'https://sso.dynatrace.com/sso/oauth2/token?grant_type=client_credentials&client_id=<YOUR-CLIENT-ID>&client_secret=<YOUR-CLIENT-SECRET>&resource=<YOUR-DYNATRACE-ACCOUNT-URN>&scope=cloudautomation:events:read' \--header 'Content-Type: application/x-www-form-urlencoded'
Copy the retrieved access token.
To request data, run the command below, making sure to replace:
<YOUR-CLOUD-AUTOMATION-URL>
with your Cloud Automation URL.<YOUR-ACCESS-TOKEN>
with the previously retrieved access token.curl --location --request GET 'https://<YOUR-CLOUD-AUTOMATION-URL>/api/controlPlane/v1/event/triggered/sh.keptn.event.approval.triggered' \--header 'Authorization: Bearer <YOUR-ACCESS-TOKEN>'
In the Cloud Automation UI (bridge), go to your user menu in the upper-right corner and copy the API token, which is used for authenticating API calls.
To access the token, the user needs to be assigned the cloudautomation:metadata:read
policy statement. For details about the API, see API.
Token-based authentication is deprecated. Adapt your integrations to use OAuth 2.0-based authentication instead.
If you are sending HTTP requests to communicate with the API, you potentially add the x-token
header to authenticate the request with the provided token. Please adapt your HTTP requests to leverage OAuth 2.0-based authentication.
Create an OAuth 2.0 client.
Replace
curl -X POST "<YOUR-CLOUD-AUTOMATION-URL>/api/v1/event" \--header "accept: application/json" \--header "x-token: <CLOUD_AUTOMATION_API_TOKEN>" \--header "Content-Type: application/json" \-d "<EVENT_PAYLOAD>"
with
API_RESULT=$(curl --location --request POST 'https://sso.dynatrace.com/sso/oauth2/token' \--data 'grant_type=client_credentials&client_id=<YOUR-CLIENT-ID>&client_secret=<YOUR-CLIENT-SECRET>&resource=<YOUR-DYNATRACE-ACCOUNT-URN>&scope=cloudautomation:events:read cloudautomation:events:write' \--header 'Content-Type: application/x-www-form-urlencoded')ACCESS_TOKEN=$(jq -r '.access_token' <<<"$API_RESULT")curl --location --request 'POST' \'https://<YOUR-CLOUD-AUTOMATION-URL>/api/v1/event' \--header 'accept: application/json' \--header 'Content-Type: application/json' \--header "Authorization: Bearer ${ACCESS_TOKEN}" \--data-raw '<EVENT-PAYLOAD>'
These instructions make use of jq
, which is a tool to parse a JSON object for deriving the access token. You can use your preferred JSON parser instead.