Skip to main content

Provisioning Coordinator Configurations

All the Provisioning Coordinator configurations are contained inside the reference.conf file. This file contains all the values that are used to make the Provisioning Coordinator more customizable.

Database configurations

The Provisioning Coordinator needs to store all the information about provisioning plans, validation policies, etc. inside a database that is located in the customer server. So for this part the Provisioning Coordinator has to fetch the following information:

Property NameDefaultTypeMeaning
username(none)stringThe username used to access to the database.
password(none)stringThe password used to access to the database.
host(none)stringThe host in which the database is deployed.
port(none)stringThe port used to locate the database.
url(none)stringThe url used to access to the database.
migrate-on-starttrueboolIf true it enables to initialize the database with the content of the migration file.
repair-on-starttrueboolIf true it overwrites the current database structure with a new one.
driver(none)stringThe driver used to access to the database.
connect-thread-pool-size(none)intThe number of threads that can be reused.

All these properties must be defined under provisioning-coordinator/db section.

Template Request Regex

Since the infrastructureTemplateId and the useCaseTemplateId inside the Data Product descriptor are decided by the user, the latter has to define its own RegEx in order to validate the string that is passed inside the Data Product descriptor.

Property NameDefaultTypeMeaning
use-case-template-id-regex(none)stringThe Regular Expression used to validate the Use Case Template ID. If this field is empty, the Provisioning Coordinator will return an error.
infra-template-id-regex(none)stringThe Regular Expression used to validate the Infrastructure Template ID. If this field is empty, the Provisioning Coordinator will return an error.

These properties must be defined under provisioning-coordinator/template-request.

AKKA configurations

Provisioning Coordinator is based on AKKA HTTP, and here you can find the specific section to configure it:

Property NameDefaultTypeMeaning
logLevel"OFF"stringIf this value is set to OFF, AKKA will not show any logs. If this is set to ON, AKKA will show them.
actor.warn-about-java-serializer-usageonstringIf it is set to on, AKKA will show the warning about the use of Java Serializer.
actor.allow-java-serializationoffstringIf it is set to on, AKKA will allow the Java serialization.
coordinated-shutdown.exit-jvmonstringIf it is set to on, it enables to close any instance of jvm.
http.server.request-timeout30 secondssecondsIt is the amout of second that a request has to wait before going in timeout.
http.server.idle-timeout60 secondssecondsIt indicates the maximum inactivity time of a given connection, after that the connection is closed.

These properties must be defined under akka.

Scheduler dispatcher configurations

In this section you can define some useful configuration about Scheduler in order to affect the dispatching performance. These are passed to the Scheduler as-is, so you have to define all the following properties:

scheduler-dispatcher {
type = Dispatcher
executor = "thread-pool-executor"
thread-pool-executor {
fixed-pool-size = 32
}
throughput = 32
}

Tokens

The provisioning-coordinator.tokens configuration section allows for the definition of custom token factories that can be provided to other components and configurations.

All configuration parameters specific to a particular factory are nested under its corresponding token factory key.

Property NameTypeRequiredMeaning
<token_factory_key>.typestringYesType of token factory.

Allowed values: static, jwt-factory
<token_factory_key>.staticstringWhen type is staticStatic token factory settings
<token_factory_key>.jwt-factorystringWhen type is jwt-factoryJWT token factory settings

Static token factory

Configuration: <token_factory_key>.static

A static token factory always provides the same fixed token configured under <token_factory_key>.static.token. This type of token factory is useful in scenarios where a constant token value is sufficient for authentication or authorization purposes. The token remains unchanged and does not depend on any external factors.

JWT token factory

Configuration: <token_factory_key>.jwt-factory

A JWT token factory is responsible for generating JSON Web Tokens (JWTs) according to the provided configuration. This type of token factory offers more flexibility compared to static token factories. It allows for dynamic token generation based on specified rules, such as authorization claims, and token expiration.

It uses the HS256 algorithm to generate the JWT signature.

Property NameDefaultTypeRequiredMeaning
<token_factory_key>.jwt-factory.secret(none))stringYesSecret used to generate the JWT signature
<token_factory_key>.jwt-factory.isSecretBase64Encoded(none)booleanYesIndicates if the secret is base64 encoded
<token_factory_key>.jwt-factory.expiration(none)stringNoOptional token expiration time. If provided, this will add an "exp" claim to the payload setting the token's expiration time to the specified duration from the time of creation. Example format: "2 hours", "30 minutes", "1 day", etc.
<token_factory_key>.jwt-factory.payload(none)stringYesString-encoded JSON payload (e.g., "{\"sub\": \"sub-value\"}")

Marketplace Proxy configurations

caution

Deprecation notice: this configuration has been replaced by Marketplace-Compliant Services configurations

All the configurations of the Marketplace Proxy go in this section.

Property NameDefaultTypeMeaning
marketplace-proxy(none)stringThis indicates the URL of the Marketplace Proxy, if empty the Provisioning Coordinator will skip the Marketplace Proxy tasks.

This property must be defined under provisioning-coordinator/depends-on/marketplace-proxy

Marketplace-Compliant Services configurations

A marketplace-compliant service exposes all the API endpoints defined in the Marketplace Plugin API specification.

Each configured marketplace-compliant service, if enabled, is called by the coordinator in the following cases:

  • after a deploy operation (upsert-deployment-unit-endpoint endpoint, see the table below for its default value): the service will receive the new/updated deployment unit descriptor, enriched with provisioning info (optional info field, both at deployment unit level and component level, containing publicInfo and privateInfo map fields)
  • after an undeploy operation (remove-deployment-unit-endpoint endpoint, see the table below for its default value): the service will receive the descriptor of the deployment unit that has been undeployed, enriched with provisioning info
  • after an update ACL operation (update-acl-endpoint endpoint, see the table below for its default value): the service will receive specs and details of an Update ACL request generated on the Builder module

Configurations to be defined under provisioning-coordinator/marketplace-compliant-services:

Property NameDefaultTypeMeaning
upsert-deployment-unit-endpointv1/insert-provisioning-resultsstringEndpoint that is called after a deploy operation
remove-deployment-unit-endpointv1/deletestringEndpoint that is called after an undeploy operation
update-acl-endpointv1/update-aclstringEndpoint that is called after an update ACL operation
serviceswitboost Marketplace configuration to guarantee back-compatibility with the deprecated marketplace proxy configurationlist[service-config]Service-specific configurations

Properties of a service-config:

Property NameDefaultTypeRequiredMeaning
id(none)stringYesUnique service id (e.g. my-marketplace-compliant-service-1)
name(none)stringYesUser-friendly display name
base-url(none)stringYesBase API endpoint URL without trailing slashes (e.g. https://host.tld:8080). Placeholder ${OLD_MARKETPLACE_URL} points to the value defined on the deprecated configuration provisioning-coordinator.depends-on.marketplace-proxy
is-enabled(none)booleanYesWhether the service should be called (true) or not (false) by the coordinator
is-blocking(none)booleanYesWhether a provisioning plan should fail (true) or not (false) on a failed http call (status code different from 2xx) to the service
http-auth.bearer-token-key(none)stringNoKey for one of the tokens set up under provisioning-coordinator.tokens. When provided, it will be used to generate a bearer token that replaces any existing authorization header that might be forwarded through the [forwardable HTTP headers](#Forwardable HTTP headers) mechanism
http-auth.additional-authorization-header-name(none)stringNoSpecifies the header where the authorization header, overridden by the bearer token, will be placed

Data Product Level Provisioning configurations

Section data-product-level-provisioning under provisioning-coordinator collects configuration about provisioning at Data Product level

data-product-level-provisioning {
is-enabled = true
}

In details:

Property NameDefaultTypeMeaning
is-enabled(none)booleanWhen true, this flag enables provisioning at Data Product level. Set it to false if you desire to switch off this functionality.

Data Catalog Provisioning configurations

Section data-catalog-provisioning under provisioning-coordinator defines Data Catalog configurations

Property NameDefaultTypeMeaning
is-enabledfalsebooleanWhen true, the Data Catalog service is called by the coordinator after provisioning operations such as deploy, undeploy, update ACL, according to the Data Catalog Plugin API specification

Forwardable HTTP headers

To fulfill some of the functionalities it exposes through the REST APIs, the Coordinator relies on services provided by other systems in the witboost ecosystem. For example, the Coordinator handles a provisioning request received through its /deploy endpoint by coordinating with multiple specific provisioners to deploy the components included in the target deployment unit; then it communicates the provisioning results to the marketplace-compliant services and to the data catalog.

The following configurations determine which incoming headers can be forwarded from the Coordinator to the provisioning and validation services (specific provisioners, data catalog, marketplace-compliant services) that it invokes during its operations.

Configuration: provisioning-coordinator/forwardable-http-headers

KeyTypeDefault (if not defined)Description
filterslist[HeaderFilter]see Default header filters list belowfilters (OR-logic) to select the incoming headers that can be forwarded

HeaderFilter

KeyTypeDefault (if not defined)Description
name-regexstring(none)regular expression to filter an HTTP header by its name. It will be evaluated as a case insensitive regex

Default header filters list

[
{
name-regex = "^authorization$" // name is "authorization" (case insensitive)
},
{
name-regex = "^wb-user-" // name starts with "wb-user-" (case insensitive)
}
]

By using these default filters, the Coordinator will forward both authorization headers and headers whose name starts with wb-user-. For example, if the Coordinator receives a /deploy request with the following headers

  • Authorization: Bearer <token>
  • wb-user-header-1: value-1
  • wb-USER-header-2: value-2

each HTTP request from the Coordinator to the provisioning services will include headers

  • authorization: Bearer <token>
  • wb-user-header-1: value-1
  • wb-user-header-2: value-2
note

HTTP headers are case insensitive

Specific provisioner version prefix

Specific provisioner interface specification has changed, introducing endpoint versions and additional endpoints (like async validation), to maintain retrocompatibility the coordinator calls version-less endpoint. These endpoints will be deprecated in future versions though. Setting this configuration specific-provisioner-path-prefix enables to specify the specific provisioner endpoint version for the old version-less endpoints.

Property NameDefaultTypeMeaning
specific-provisioner-path-prefixstringWhen empty, the coordinator calls the deprecated specific provisioner endpoint without version. To enable the new endpoint, set the value as v1

Computational Governance Platform

Configurations to shape the interaction between the coordinator and the computational governance platform.

Defined under provisioning-coordinator/governance-platform

KeyTypeDefault (if not defined)Description
provisioning-evaluation-report-labelstringdeploymentlabel to be attached to evaluation reports generated during a provisioning operation. It is used for statistical purposes.

Events configuration

The provisioning-coordinator.events section contains all configuration properties needed by the Provisioning Coordinator to send events to the witboost events plugin.

Property NameTypeMeaning
is-enabledbooleanIf true enables the events generation from the Provisioning Coordinator
events-backend-base-urlstringIt is the base URL of the events backend service that is installed on the witboost events plugin. This is a combination of the UI module base URL and '/api/events'

Other configurations

Here some other useful configurations for TLS, HTTP request timeout, URLs e so on.

Property NameDefaultTypeMeaning
http-port8088intThe port of the Provisioning Coordinator.
functions-invocation-timeout10 minutesminutesMaximum execution time for an execution plan task
microservices-invocation-timeout120 secondssecondsThe time that the HTTP request for the Marketplace Proxy has to await before going in timeout
scheduler-execution-timeout30 minutesminutesMaximum execution time for an operation running on the scheduler (i.e. deploy, undeploy, reverse provisioning, etc) before it is aborted
terminate-dangling-plans-at-startuptrueboolWhether to transition all the dangling plans to the TERMINATED status when starting the application. Dangling plans are execution plans that are no longer handled by any running scheduler instance (hence, they can be considered as aborted); this situation could be caused by application crashes or forced shutdowns
provisioning-plan-repository-class(none)stringThe name of the Scala class used to communicate with the provisioning_task table
validator-repository-class(none)stringThe name of the Scala class used to communicate with 'validation_policies' table
synchronous-validation-timeout120 secondssecondsMaximum time a provisioning operation can wait for synchronous validation results before throwing an error
validator-cue-path(none)stringThe path of the folder where the Provisioning Coordinator can find the CUE files
provisioner-registry-class(none)stringThe Scala class used to obtain the Specific Provisioner URL given a component ID
template-metadata-class(none)stringThe class used as repository for template_metadata table
data-product-descriptor-validator-class(none)stringThe class used as validator for a Data Product descriptor
supported-kinds(none)list[string]List of supported deployment unit kinds (kind property in the descriptor). If not provided, all kinds are supported
default-taxonomyvalue: urn:dmb:data-mesh-taxonomyobjectAn object representing the default taxonomy to save in the database when a deploy is triggered. This value is inserted only if the descriptor has no taxonomy inside of it.
client-certificate-path(none)stringThe path to the file that contains the client SSL certificate
client-certificate-password(none)stringThe client SSL password
client-server-certificate-no-checkfalseboolIf false, it skip the check for SSL client
server-certificate-path(none)stringThe path to the file that contains the SSL certificate server-side
server-certificate-password(none)stringThe password of SSL server certificate
server-tls-on(none)stringIf false it doesn't allow TLS on Provisioning Coordinator start

All these properties must be defined under provisioning-coordinator.