IBM Cloud Docs
Code Engine

Code Engine

IBM Cloud® Code Engine is a fully managed, serverless platform that runs your containerized workloads, including web apps, micro-services, event-driven functions, or batch jobs. Code Engine represents a service destination, where an incoming notification can be consumed programmatically. For example, an incoming notification about an event can trigger a Code Engine destination to a backend microservice to act based on the content of the incoming notification.

Configuring a Code Engine destination

Before you configure Code Engine as a destination for run type Job, make sure that you have a Code Engine project created and job configured in the same account as your Event Notifications instance.

In case of run type Job, if you are using Event Notifications CLI or API to configure Code Engine job as a destination, ensure that you have enabled authorization to grant access between services. For more information, see Using authorizations to grant access between services.

To configure a Code Engine destination, do the following steps:

  1. From your Event Notifications instance dashboard, click Destinations.

  2. Click Add + to add new destination.

  3. In the Add a destination side panel, provide the following details.

    • Name - Enter a name for your destination.
    • Description - Optionally, enter a description for your destination.
    • Type - Under Destination, for the Type, select Code Engine from the list as your destination type.
    • Run Type - Select one of the run type Code Engine job or Code Engine application.

    If selected run type is job then provide the following details:

    • Project name - Select the Code Engine project name from the list, if you already have a Code Engine project. Otherwise, click the Create new project link, to create an Code Engine project.

      When you select a Code Engine project, the authorization between the services will be created internally between the two service instances, if the authorization between the services doesn't exist.

    • Job name - Select the job name from the list.

    If selected run type is application then provide the following details:

    • URL - Enter Code Engine application secured URL (only HTTPS).
    • Verb - Select the Verb to be called (GET or POST).
    • Headers - Optionally, enter a list of headers to be passed to Code Engine application.

  4. Click Add.

Using authorizations to grant access between services

Use IBM Cloud® Identity and Access Management (IAM) to create or remove an authorization that grants one service access to another service.

Creating an authorization in the console

  1. In the IBM Cloud console, click Manage > Access (IAM), and select Authorizations.

  2. Click Create.

  3. Select a source account.

    • If the source service that needs access to the target service is in this account, select This account.

  4. Select a Source service as Event Notifications.

  5. Specify whether you want the authorization to be for all resources or Resources based on selected attributes. If you have chosen Resources based on selected attributes, then specify the Add attributes: only source resource group or only source service instance.

  6. Select a Target service as Code Engine.

  7. For the target service, specify whether you want the authorization to be for all projects, only to a specific project in the account, or projects only in a certain resource group.

  8. Select both the roles (Viewer and Writer) to assign access to the source service that accesses the target service.

    If you have selected only one of these two roles (Reader or Writer) during the service to service authorization, you may endup with not able to tirgger a job or configure destination. You will get an error for service to service authorization failure in these cases. Make sure to recreate an authorization between the services with both the roles selected.

  9. Click Authorize.

Creating an authorization by using the CLI

To authorize a source service to access a target service, run the ibmcloud iam authorization-policy-create command.

For more information about all of the parameters that are available for this command, see ibmcloud iam authorization-policy-create.

Accessing event payload in Code Engine job

The event payload has been transmitted to Code Engine job using an environment variable, which can be retrieved by utilizing the ibmendata environment variable.

Testing a Code Engine destination configuration

You can test a Code Engine destination in the options menu provided againts the destination. You can effortlessly test a destination, whether the provided configuration is correct or not with a single click.

For more information on testing a destination, see here.

Code Engine retry policy

When calling Code Engine, issues such as network errors and application glitches can cause the requests to fail. A retry is used to provide resiliency to external requests. Attempt to retry the requests in such situations by using the following values:

  • Limit = 60 seconds: total time that the service retries.
  • Step = 5 seconds: after each failure, the service waits 5 seconds before retrying. This delay prevents bombarding of the external services (Code Engine).

In addition, the following timeout conditions cause the Code Engine call to fail:

  • A connection timeout of 10 seconds
  • A response timeout of 60 seconds

If a call to the URL fails even after retry attempts, the notification is lost.