Alli Marketplace
This is the developer documentation for the Alli Marketplace If interested in becoming an Alli partner, please visit the marketplace landing page and submit the form.
If you are already an Alli partner, this documentation is intended to guide you through integrating your product into marketplace.
Core Concepts
Alli itself is a platform. We integrate partners via apps.
Within alli we have multiple tenants, these are -- generally -- PMG's clients. Assume your apps will need to support multiple tenants, and the entire app manifest system supports that as well.
A partner is some third party to Alli and PMG. This is you! Your Alli rep can set you up with an Alli login to allow you to manage your own apps and users.
Partners have one or more apps that are integrated into Alli via the Marketplace.
Each app has versions. Each version defines the integration points and configuration within Alli via the app manifest. Versions allow partners to evolve their apps over time and provide key information about breaking changes via semantic versioning.
Each app version defines a set of SKUs that can be used to track usage for the app. This is to facilitate consumption based pricing. A partner can track usage via API integrations or by posting usage data to Alli via the partner usage API. Usage provides visibility to our clients on how much they are using your apps as well as facilities Alli billing them to get partners paid for that usage. Consumption based pricing is not required -- a monthly subscription is also an option. Partners should work on discovering pricing models with their Alli representative.
Note: there is no reason to track whether an app is installed, Alli will do that for you.
App Distribution
Partner apps are distributed via OCI Repositories -- specifically using the OCI repository as an artifact store rather than a container image store. ORAS is a great tool to bundle and publish these artifacts.
Partners may choose to publish their extensions in the open or in private registries.
The only real required piece of the artifact is the app manifest,
which should have the media type application/vnd.alli-marketplace.manifest.v1+json.
Additionally, the artifact type should be specified as
application/vnd.alli-marketplace.app+type. This helps ensure broad support
across OCI registries -- in particular Amazons ECR will require this.
oras push https://example.com/partner-app-repository-here \
--artifact-type application/vnd.alli-marketplace.app+type \
--config manifest.json:application/vnd.alli-marketplace.manifest.v1+json
Allow Alli to Access Your OCI Repository
AWS Elastic Container Registry (ECR)
Allow the IAM Role role arn:aws:iam::687667915635:role/app-provisioner@alli-marketplace-prod
to access the ECR repository via the ECR repository policy.
Reference: AWS docs.
resource "aws_ecr_repository_policy" "example" {
repository = "changeme"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Principal = {
AWS = "arn:aws:iam::687667915635:role/app-provisioner@alli-marketplace-prod"
}
Action = [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
]
}
]
})
}
Working on Alli Staging? Use arn:aws:iam::257291790444:role/app-provisioner@alli-marketplace-staging as the
role ARN.
Google Cloud (GCloud) Artifact Registry
Allow the service account app-provisioner@alli-marketplace-466316.iam.gserviceaccount.com
read only access to your artifact registry.
Reference: GCloud docs.
resource "google_artifact_registry_repository_iam_member" "repo-iam" {
provider = google-beta
location = google_artifact_registry_repository.changeme.location
repository = google_artifact_registry_repository.changeme.name
role = "roles/artifactregistry.reader"
member = "serviceAccount:app-provisioner@alli-marketplace-466316.iam.gserviceaccount.com"
}
Working on Alli Staging? Use app-provisioner@alli-marketplace-staging.iam.gserviceaccount.com
as the service account.