forked from eclipse-tractusx/bpdm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapplication.yml
213 lines (206 loc) · 9.53 KB
/
application.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
################################################################################
# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0.
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
################################################################################
# BPDM application specific configuration
bpdm:
# Name of this application (shown in Swagger) (on default set by maven resource filtering)
name: '@project.name@'
# Version of this application (shown in Swagger) (on default set by maven resource filtering)
version: '@project.version@'
# Description of this application (shown in Swagger) (on default set by maven resource filtering)
description: '@project.description@'
# The url from which this API is reachable
# Will appear as server item in the OpenAPI document
# Will also be used by Swagger as base-url to perform requests against
# If empty Swagger will generate the OpenAPI server url when accessing the Swagger page
url:
bpn:
# Specify the BPNL of the owner of this Gate here
# If set, the BPNL will be attached to business partner data a sharing member claim as their own
# This way the golden record process knows who claims the business partner
# Additionally, if set and security is enabled all incoming tokens need to have a "BPN" claim with the matching BPNL or otherwise they will not be authorized
owner-bpn-l:
api:
# The maximum amount of business partner entries a sharing member can upsert per request
upsert-limit: 100
tasks:
creation:
fromSharingMember:
# If true, new business partner input data will be directly ready to be shared
# If false, new business partner input data need to be manually set to ready
starts-as-ready: true
# When and how often the Gate checks for new business partner data to be shared
cron: '*/30 * * * * *'
# Up to how many golden record tasks can be created when checking
batchSize: 100
fromPool:
# Up to how many golden record tasks can be created when checking
batchSize: 100
# When and how often the Gate checks for golden record updates from the Pool
cron: '*/30 * * * * *'
check:
batchSize: 100
cron: '*/30 * * * * *'
# Connection to the pool and orchestrator
client:
orchestrator:
# The base-url of the Orchestrator-API
base-url: http://localhost:8085
# Whether to enable oauth2 authentication when connecting to the Orchestrator
security-enabled: true
provider:
# Create an oauth2 provider for the orchestrator connection and infer token issuing uri from the security properties
issuer-uri: ${bpdm.security.auth-server-url:http://localhost:8180}/realms/${bpdm.security.realm:master}
registration:
# The orchestrator client should use client credentials mechanism to request a token from the provider
authorization-grant-type: client_credentials
# Use a default client id for the client credentials request
client-id: GATE-ORCHESTRATOR-TASK_CREATOR
# Please provide secret here
client-secret: ${BPDM_GATE_ORCH_CLIENT_SECRET}
pool:
# The base-url of the Pool-API
base-url: http://localhost:8080
# Whether to enable oauth2 authentication when connecting to the Pool
security-enabled: true
provider:
# Create an oauth2 provider for the pool connection and infer token issuing uri from the security properties
issuer-uri: ${bpdm.security.auth-server-url:http://localhost:8180}/realms/${bpdm.security.realm:master}
registration:
# The pool client should use client credentials mechanism to request a token from the provider
authorization-grant-type: client_credentials
# Use a default client id for the client credentials request
client-id: GATE-POOL-SHARING_MEMBER
# No secret on default (please update credentials for production)
client-secret: ${BPDM_GATE_POOL_CLIENT_SECRET}
security:
# Allowed origins for CORS
cors-origins: '*'
# Whether endpoints should be authenticated/authorized
enabled: true
# Base-URL including protocol of the Keycloak server
auth-server-url: http://localhost:8180
# URL to the auth endpoint of the Keycloak server
auth-url: ${bpdm.security.auth-server-url}/realms/${bpdm.security.realm}/protocol/openid-connect/auth
# This application's resource or client. Used for finding permissions in the given Bearer token
client-id: BPDM-GATE
# The keycloak realm to consider
realm: CX-Central
# URL to the token refresh endpoint of the Keycloak server
refresh-url: ${bpdm.security.token-url}
# URL to the token validation endpoint of the Keycloak server
token-url: ${bpdm.security.auth-server-url}/realms/${bpdm.security.realm}/protocol/openid-connect/token
permissions:
# Name of the permission to read business partner input data
readInputPartner: read_input_partner
# Name of the permission to upsert input business partner input data
writeInputPartner: write_input_partner
# Name of the permission to read business partner output data
readOutputPartner: read_output_partner
# Name of the permission to read changelog entries for business partner input data
readInputChangelog: read_input_changelog
# Name of the permission to read changelog entries for business partner output data
readOutputChangelog: read_output_changelog
# Name of the permission to read business partner sharing states
readSharingState: read_sharing_state
# Name of the permission to change business partner sharing states
writeSharingState: write_sharing_state
# Name of the permission to read business partner statistics
read_stats: read_stats
datasource:
# Host name of the used datasource
host: localhost
# The database schema to use for this application
schema: bpdmgate
#
# From here on are framework and dependency configuration
# More information about those properties can be taken from the respective documentation of Spring or the dependency
#
server:
# Change default port to avoid clash with other BPDM applications
port: 8081
logging:
pattern:
# Use BPDM custom log pattern
console: "%d{yyyy-MM-dd HH:mm:ss.SSS} %highlight(%-5level) %green([%-10.10X{user:-System}]) %magenta([%-10.10X{request:-No Request}]) %yellow([%-15.15t]) %cyan(%-40.40logger{39}) : %m%n%wEx"
level:
# On default show only logs from INFO and above
root: INFO
# Logs from this application's package should be DEBUG and above
org.eclipse.tractusx.bpdm.gate: DEBUG
management:
endpoint:
health:
probes:
# Enable actuator health endpoints for probing
enabled: true
health:
livenessState:
# Include liveness state in health response (responsive at all)
enabled: true
readinessState:
# Include readiness state in health response (ready to accept traffic)
enabled: true
spring:
security:
oauth2:
resourceserver:
# Infer the uris for token validation from the application's security properties
jwt:
issuer-uri: ${bpdm.security.auth-server-url}/realms/${bpdm.security.realm}
jwk-set-uri: ${bpdm.security.auth-server-url}/realms/${bpdm.security.realm}/protocol/openid-connect/certs
datasource:
# We use postgres as datasource
driverClassName: org.postgresql.Driver
# No password on default (Change for production)
password: ''
# Connect to postgres database over jdbc protocol
url: jdbc:postgresql://${bpdm.datasource.host}:5432/bpdm
# Default username for BPDM applications
username: bpdm
flyway:
# Activate flyway for automatic database migration
enabled: true
# Apply migrations to this application's default schema
schemas: ${bpdm.datasource.schema}
jpa:
# JPA should speak Postgresql
database-platform: org.hibernate.dialect.PostgreSQLDialect
properties:
# We use hibernate as JPA implementation
hibernate:
# Hibernate should assume the default schema of this application on default
default_schema: ${bpdm.datasource.schema}
# Send updates and inserts out in batches to decrease network connections to the database
jdbc:
batch_size: 16
order_inserts: true
order_updates: true
springdoc:
api-docs:
# Generate Open-API document
enabled: true
# Set custom path for the document
path: /docs/api-docs
swagger-ui:
# Swagger UI should not be available at its default URL (instead on location defined in path)
disable-swagger-default-url: true
# Override default Swagger UI location
path: /ui/swagger-ui
# Show validation specific information for properties (pattern, minimum, maximum, etc...)
show-common-extensions: true