Provisioning Coordinator Configurations
All the Provisioning Coordinator configurations are contained inside the reference.conf
file. This file contains all
the values that are used to make the Provisioning Coordinator more customizable.
Database configurations
The Provisioning Coordinator needs to store all the information about provisioning plans, validation policies, etc. inside a database that is located in the customer server. So for this part the Provisioning Coordinator has to fetch the following information:
Property Name | Default | Type | Meaning |
---|---|---|---|
schema | coordinator | string | The database schema name that will be used. |
username | (none) | string | The username used to access to the database. |
password | (none) | string | The password used to access to the database. |
host | (none) | string | The host in which the database is deployed. |
port | 5432 | string | The port used to locate the database. The host in which the database is deployed. |
url | (none) | string | The url used to access to the database. |
migrate-on-start | true | bool | If true it enables to initialize the database with the content of the migration file. |
repair-on-start | true | bool | If true it overwrites the current database structure with a new one. |
driver | org.postgresql.Driver | string | The driver used to access to the database. |
connect-thread-pool-size | (none) | int | The number of threads that can be reused. |
All these properties must be defined under provisioning-coordinator/db
section.
Template Request Regex
Since the infrastructureTemplateId and the useCaseTemplateId inside the Data Product descriptor are decided by the user, the latter has to define its own RegEx in order to validate the string that is passed inside the Data Product descriptor.
Property Name | Default | Type | Meaning |
---|---|---|---|
use-case-template-id-regex | (none) | string | The Regular Expression used to validate the Use Case Template ID. If this field is empty, the Provisioning Coordinator will return an error. |
infra-template-id-regex | (none) | string | The Regular Expression used to validate the Infrastructure Template ID. If this field is empty, the Provisioning Coordinator will return an error. |
These properties must be defined under provisioning-coordinator/template-request
.
AKKA configurations
Provisioning Coordinator is based on AKKA HTTP, and here you can find the specific section to configure it:
Property Name | Default | Type | Meaning |
---|---|---|---|
logLevel | "OFF" | string | If this value is set to OFF, AKKA will not show any logs. If this is set to ON, AKKA will show them. |
actor.warn-about-java-serializer-usage | on | string | If it is set to on, AKKA will show the warning about the use of Java Serializer. |
actor.allow-java-serialization | off | string | If it is set to on, AKKA will allow the Java serialization. |
coordinated-shutdown.exit-jvm | on | string | If it is set to on, it enables to close any instance of jvm. |
http.server.request-timeout | 30 seconds | seconds | It is the amout of second that a request has to wait before going in timeout. |
http.server.idle-timeout | 60 seconds | seconds | It indicates the maximum inactivity time of a given connection, after that the connection is closed. |
These properties must be defined under akka
.
Scheduler dispatcher configurations
In this section you can define some useful configuration about Scheduler in order to affect the dispatching performance. These are passed to the Scheduler as-is, so you have to define all the following properties:
scheduler-dispatcher {
type = Dispatcher
executor = "thread-pool-executor"
thread-pool-executor {
fixed-pool-size = 32
}
throughput = 32
}
Tokens
The provisioning-coordinator.tokens
configuration section allows for the definition of custom token factories that can be provided to other components and configurations.
All configuration parameters specific to a particular factory are nested under its corresponding token factory key.
Property Name | Type | Required | Meaning |
---|---|---|---|
<token_factory_key>.type | string | Yes | Type of token factory. Allowed values: static , jwt-factory |
<token_factory_key>.static | string | When type is static | Static token factory settings |
<token_factory_key>.jwt-factory | string | When type is jwt-factory | JWT token factory settings |
Static token factory
Configuration: <token_factory_key>.static
A static token factory always provides the same fixed token configured under <token_factory_key>.static.token
.
This type of token factory is useful in scenarios where a constant token value is sufficient for authentication or authorization purposes.
The token remains unchanged and does not depend on any external factors.
JWT token factory
Configuration: <token_factory_key>.jwt-factory
A JWT token factory is responsible for generating JSON Web Tokens (JWTs) according to the provided configuration. This type of token factory offers more flexibility compared to static token factories. It allows for dynamic token generation based on specified rules, such as authorization claims, and token expiration.
It uses the HS256 algorithm to generate the JWT signature.
Property Name | Default | Type | Required | Meaning |
---|---|---|---|---|
<token_factory_key>.jwt-factory.secret | (none)) | string | Yes | Secret used to generate the JWT signature |
<token_factory_key>.jwt-factory.isSecretBase64Encoded | (none) | boolean | Yes | Indicates if the secret is base64 encoded |
<token_factory_key>.jwt-factory.expiration | (none) | string | No | Optional token expiration time. If provided, this will add an "exp" claim to the payload setting the token's expiration time to the specified duration from the time of creation. Example format: "2 hours", "30 minutes", "1 day", etc. |
<token_factory_key>.jwt-factory.payload | (none) | string | Yes | String-encoded JSON payload (e.g., "{\"sub\": \"sub-value\"}" ) |
Marketplace-Compliant Services configurations
A marketplace-compliant service exposes all the API endpoints defined in the Marketplace Plugin API specification.
Each configured marketplace-compliant service, if enabled, is called by the coordinator in the following cases:
- after a deploy operation (
upsert-deployment-unit-endpoint
endpoint, see the table below for its default value): the service will receive the new/updated deployment unit descriptor, enriched with provisioning info (optionalinfo
field, both at deployment unit level and component level, containingpublicInfo
andprivateInfo
map fields) - after an undeploy operation (
remove-deployment-unit-endpoint
endpoint, see the table below for its default value): the service will receive the descriptor of the deployment unit that has been undeployed, enriched with provisioning info - after an update ACL operation (
update-acl-endpoint
endpoint, see the table below for its default value): the service will receive specs and details of an Update ACL request generated on the Builder module
Configurations to be defined under provisioning-coordinator/marketplace-compliant-services
:
Property Name | Default | Type | Meaning |
---|---|---|---|
upsert-deployment-unit-endpoint | v1/insert-provisioning-results | string | Endpoint that is called after a deploy operation |
remove-deployment-unit-endpoint | v1/delete | string | Endpoint that is called after an undeploy operation |
update-acl-endpoint | v1/update-acl | string | Endpoint that is called after an update ACL operation |
services | Witboost Marketplace is enabled by default | list[service-config] | Service-specific configurations |
Properties of a service-config
:
Property Name | Default | Type | Required | Meaning |
---|---|---|---|---|
id | (none) | string | Yes | Unique service id (e.g. my-marketplace-compliant-service-1 ) |
name | (none) | string | Yes | User-friendly display name |
base-url | (none) | string | Yes | Base API endpoint URL without trailing slashes (e.g. https://host.tld:8080 ) |
is-enabled | (none) | boolean | Yes | Whether the service should be called (true ) or not (false ) by the coordinator |
is-blocking | (none) | boolean | Yes | Whether a provisioning plan should fail (true ) or not (false ) on a failed http call (status code different from 2xx ) to the service |
http-auth.bearer-token-key | (none) | string | No | Key for one of the tokens set up under provisioning-coordinator.tokens . When provided, it will be used to generate a bearer token that replaces any existing authorization header that might be forwarded through the [forwardable HTTP headers](#Forwardable HTTP headers) mechanism |
http-auth.additional-authorization-header-name | (none) | string | No | Specifies the header where the authorization header, overridden by the bearer token, will be placed |
Data Product Level Provisioning configurations
Section data-product-level-provisioning
under provisioning-coordinator
collects configuration about provisioning at
Data Product level
data-product-level-provisioning {
is-enabled = true
}
In details:
Property Name | Default | Type | Meaning |
---|---|---|---|
is-enabled | (none) | boolean | When true, this flag enables provisioning at Data Product level. Set it to false if you desire to switch off this functionality. |
Data Catalog Provisioning configurations
Section data-catalog-provisioning
under provisioning-coordinator
defines Data Catalog configurations
Property Name | Default | Type | Meaning |
---|---|---|---|
is-enabled | false | boolean | When true, the Data Catalog service is called by the coordinator after provisioning operations such as deploy, undeploy, update ACL, according to the Data Catalog Plugin API specification |
Forwardable HTTP headers
To fulfill some of the functionalities it exposes through the REST APIs, the Coordinator relies on services provided by
other systems in the witboost ecosystem. For example, the Coordinator handles a provisioning request received through
its /deploy
endpoint by coordinating with multiple specific provisioners to deploy the components included in the
target deployment unit; then it communicates the provisioning results to
the marketplace-compliant services and to
the data catalog.
The following configurations determine which incoming headers can be forwarded from the Coordinator to the provisioning and validation services (specific provisioners, data catalog, marketplace-compliant services) that it invokes during its operations.
Configuration: provisioning-coordinator/forwardable-http-headers
Key | Type | Default (if not defined) | Description |
---|---|---|---|
filters | list[HeaderFilter ] | see Default header filters list below | filters (OR-logic) to select the incoming headers that can be forwarded |
HeaderFilter
Key | Type | Default (if not defined) | Description |
---|---|---|---|
name-regex | string | (none) | regular expression to filter an HTTP header by its name. It will be evaluated as a case insensitive regex |
Default header filters list
[
{
name-regex = "^authorization$" // name is "authorization" (case insensitive)
},
{
name-regex = "^wb-user-" // name starts with "wb-user-" (case insensitive)
}
]
By using these default filters, the Coordinator will forward both authorization headers and headers whose name starts
with wb-user-
. For example, if the Coordinator receives a /deploy
request with the following headers
Authorization: Bearer <token>
wb-user-header-1: value-1
wb-USER-header-2: value-2
each HTTP request from the Coordinator to the provisioning services will include headers
authorization: Bearer <token>
wb-user-header-1: value-1
wb-user-header-2: value-2
HTTP headers are case insensitive
Specific provisioner version prefix
Specific provisioner interface specification has changed, introducing endpoint versions and additional endpoints (like
async validation), to maintain retrocompatibility the coordinator calls version-less endpoint. These endpoints will be
deprecated in future versions though. Setting this configuration specific-provisioner-path-prefix
enables to specify
the specific provisioner endpoint version for the old version-less endpoints.
Property Name | Default | Type | Meaning |
---|---|---|---|
specific-provisioner-path-prefix | string | When empty, the coordinator calls the deprecated specific provisioner endpoint without version. To enable the new endpoint, set the value as v1 |
Computational Governance Platform
Configurations to shape the interaction between the coordinator and the computational governance platform.
Defined under provisioning-coordinator/governance-platform
Key | Type | Default (if not defined) | Description |
---|---|---|---|
provisioning-evaluation-report-label | string | deployment | label to be attached to evaluation reports generated during a provisioning operation. It is used for statistical purposes. |
Events configuration
The provisioning-coordinator.events
section contains all configuration properties needed by the Provisioning Coordinator to send
events to the witboost events plugin.
Property Name | Type | Meaning |
---|---|---|
is-enabled | boolean | If true enables the events generation from the Provisioning Coordinator |
events-backend-base-url | string | It is the base URL of the events backend service that is installed on the witboost events plugin. This is a combination of the UI module base URL and '/api/events' |
Default template metadata
The provisioning-coordinator.template-metadata
section allows the Platform team to define a set of default infrastructure template metadata to register on the Provisioning Coordinator at startup. This configuration is a list of template metadata, where each list item follows the schema of the request body for the /v1/templates
endpoint. By default, the list is empty
Example
template-metadata = [
{
id = "urn:dmb:itm:dataproduct-provisioner:1",
name = "Mock Tech Adapter",
description = "Mock Tech Adapter for components that don't need active provisioning",
version = "1",
url = "http://mock-sp:8093/datamesh.specificprovisioner",
environment = "development"
},
{
id = "urn:dmb:itm:dataproduct-provisioner:1",
name = "Mock Tech Adapter",
description = "Mock Tech Adapter for components that don't need active provisioning",
version = "1",
url = "http://mock-sp:8093/datamesh.specificprovisioner",
environment = "qa"
}
]