-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
'Updating development release to 72c91f8'
- Loading branch information
Showing
49 changed files
with
9,292 additions
and
1,841 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -32,4 +32,4 @@ Chart.lock | |
**/charts | ||
repo | ||
tmp.yaml | ||
|
||
**/tmpcharts* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
repositories: | ||
- name: codecentrics | ||
url: https://codecentric.github.io/helm-charts | ||
- name: bitnami | ||
url: https://charts.bitnami.com/bitnami | ||
- name: bitnami2 | ||
url: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami | ||
- name: cloudhut | ||
url: https://raw.githubusercontent.com/cloudhut/charts/master/archives | ||
- name: ory | ||
url: https://k8s.ory.sh/helm/charts | ||
- name: mojaloop-charts | ||
url: https://mojaloop.github.io/charts/repo | ||
- name: mojaloop | ||
url: https://mojaloop.io/helm/repo/ | ||
- name: cetic | ||
url: https://cetic.github.io/helm-charts | ||
|
||
releases: | ||
- name: fp-backend | ||
namespace: demo | ||
chart: ../../mojaloop/example-backend | ||
values: | ||
- values-fp-backend-min.yaml | ||
- name: fp | ||
namespace: demo | ||
chart: ../../mojaloop/finance-portal | ||
values: | ||
- values-fp-min.yaml |
31 changes: 31 additions & 0 deletions
31
local-deployment-methods/helmfile/values-fp-backend-min.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
global: | ||
|
||
kafka: | ||
enabled: false | ||
|
||
mysql: | ||
enabled: false | ||
|
||
kowl: | ||
enabled: false | ||
|
||
reporting-events-db: | ||
enabled: true | ||
|
||
keto: | ||
enabled: false | ||
|
||
oathkeeper: | ||
enabled: false | ||
|
||
kratos: | ||
enabled: false | ||
|
||
kratos-db: | ||
enabled: false | ||
|
||
keto-db: | ||
enabled: false | ||
|
||
wso2: | ||
enabled: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
global: | ||
adminApiSvc: | ||
host: "centralledger-service" | ||
port: 80 | ||
settlementSvc: | ||
host: "centralsettlement-service" | ||
port: 80 | ||
keto: | ||
readURL: "http://keto-read:80" | ||
reportingDB: | ||
host: centralledger-mysql | ||
port: 3306 | ||
user: user | ||
database: default | ||
# secret: {} | ||
secret: | ||
name: mysql | ||
key: mysql-password | ||
reportingEventsDB: | ||
host: reporting-events-db | ||
port: 27017 | ||
user: user | ||
database: default | ||
# secret: {} | ||
secret: | ||
name: reporting-events-db | ||
key: mongodb-password | ||
kafka: | ||
host: test1-kafka-headless | ||
port: 9092 | ||
topic: topic-event | ||
rolePermOperator: | ||
apiSvc: {} | ||
keycloak: | ||
url: 'http://keycloak:8080' | ||
user: 'admin' | ||
password: '' | ||
# secret: | ||
# name: 'keycloak-secret' | ||
# key: 'password' | ||
realm: 'master' | ||
|
||
|
||
rbacTests: | ||
enabled: false | ||
|
||
reportTests: | ||
enabled: false | ||
|
||
role-assignment-service: | ||
enabled: false | ||
|
||
reporting-hub-bop-api-svc: | ||
enabled: false | ||
|
||
reporting-legacy-api: | ||
enabled: false | ||
|
||
reporting-events-processor-svc: | ||
enabled: false | ||
|
||
reporting-hub-bop-experience-api-svc: | ||
enabled: false | ||
|
||
reporting-hub-bop-shell: | ||
enabled: false | ||
|
||
reporting-hub-bop-role-ui: | ||
enabled: false | ||
|
||
reporting-hub-bop-trx-ui: | ||
enabled: false | ||
|
||
reporting-hub-bop-positions-ui: | ||
enabled: false | ||
|
||
reporting-hub-bop-settlements-ui: | ||
enabled: false | ||
|
||
reporting-nifi-processor-svc: | ||
enabled: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
apiVersion: v2 | ||
name: reporting-nifi-processor-svc | ||
description: A Helm chart for Kubernetes | ||
|
||
# A chart can be either an 'application' or a 'library' chart. | ||
# | ||
# Application charts are a collection of templates that can be packaged into versioned archives | ||
# to be deployed. | ||
# | ||
# Library charts provide useful utilities or functions for the chart developer. They're included as | ||
# a dependency of application charts to inject those utilities and functions into the rendering | ||
# pipeline. Library charts do not define any templates and therefore cannot be deployed. | ||
type: application | ||
|
||
# This is the chart version. This version number should be incremented each time you make changes | ||
# to the chart and its templates, including the app version. | ||
# Versions are expected to follow Semantic Versioning (https://semver.org/) | ||
version: 0.0.1 | ||
|
||
# This is the version number of the application being deployed. This version number should be | ||
# incremented each time you make changes to the application. Versions are not expected to | ||
# follow Semantic Versioning. They should reflect the version the application is using. | ||
# It is recommended to use it with quotes. | ||
appVersion: "1.2.1" | ||
dependencies: | ||
- name: common | ||
repository: "file://../common" | ||
tags: | ||
- mojaloop | ||
- common | ||
version: 3.1.1 | ||
# - name: zookeeper | ||
# version: 9.2.7 | ||
# repository: https://charts.bitnami.com/bitnami | ||
# condition: zookeeper.enabled |
147 changes: 147 additions & 0 deletions
147
mojaloop/reporting-nifi-processor-svc/configs/authorizers.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,147 @@ | ||
{{- $replicas := int .Values.replicaCount }} | ||
{{- $chart := .Chart.Name }} | ||
{{- $release := .Release.Name }} | ||
{{- $fullname := include "common.names.fullname" . }} | ||
{{- $namespace := .Release.Namespace }} | ||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> | ||
<!-- | ||
Licensed to the Apache Software Foundation (ASF) under one or more | ||
contributor license agreements. See the NOTICE file distributed with | ||
this work for additional information regarding copyright ownership. | ||
The ASF licenses this file to You under the Apache License, Version 2.0 | ||
(the "License"); you may not use this file except in compliance with | ||
the License. You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
--> | ||
<!-- | ||
This file lists the userGroupProviders, accessPolicyProviders, and authorizers to use when running securely. In order | ||
to use a specific authorizer it must be configured here and it's identifier must be specified in the nifi.properties file. | ||
If the authorizer is a managedAuthorizer, it may need to be configured with an accessPolicyProvider and an userGroupProvider. | ||
This file allows for configuration of them, but they must be configured in order: | ||
... | ||
all userGroupProviders | ||
all accessPolicyProviders | ||
all Authorizers | ||
... | ||
--> | ||
<authorizers> | ||
<!-- | ||
The FileUserGroupProvider will provide support for managing users and groups which is backed by a file | ||
on the local file system. | ||
- Users File - The file where the FileUserGroupProvider will store users and groups. | ||
- Legacy Authorized Users File - The full path to an existing authorized-users.xml that will be automatically | ||
be used to load the users and groups into the Users File. | ||
- Initial User Identity [unique key] - The identity of a users and systems to seed the Users File. The name of | ||
each property must be unique, for example: "Initial User Identity A", "Initial User Identity B", | ||
"Initial User Identity C" or "Initial User Identity 1", "Initial User Identity 2", "Initial User Identity 3" | ||
NOTE: Any identity mapping rules specified in nifi.properties will also be applied to the user identities, | ||
so the values should be the unmapped identities (i.e. full DN from a certificate). | ||
--> | ||
<userGroupProvider> | ||
<identifier>file-user-group-provider</identifier> | ||
<class>org.apache.nifi.authorization.FileUserGroupProvider</class> | ||
<property name="Users File">./auth-conf/users.xml</property> | ||
<property name="Legacy Authorized Users File"></property> | ||
{{- range $i := until $replicas }} | ||
<property name="Initial User Identity {{ $i }}">CN={{ $fullname }}-{{ $i }}.{{ $fullname }}-headless.{{ $namespace }}.svc.cluster.local, OU=NIFI</property> | ||
{{- end }} | ||
<property name="Initial User Identity admin">{{ .Values.auth.admin }}</property> | ||
</userGroupProvider> | ||
|
||
<!-- | ||
The CompositeConfigurableUserGroupProvider will provide support for retrieving users and groups from multiple sources. | ||
Additionally, a single configurable user group provider is required. Users from the configurable user group provider | ||
are configurable, however users loaded from one of the User Group Provider [unique key] will not be. | ||
- Configurable User Group Provider - A configurable user group provider. | ||
- User Group Provider [unique key] - The identifier of user group providers to load from. The name of | ||
each property must be unique, for example: "User Group Provider A", "User Group Provider B", | ||
"User Group Provider C" or "User Group Provider 1", "User Group Provider 2", "User Group Provider 3" | ||
NOTE: Any identity mapping rules specified in nifi.properties are not applied in this implementation. This behavior | ||
would need to be applied by the base implementation. | ||
--> | ||
<!-- To enable the composite-configurable-user-group-provider remove 2 lines. This is 1 of 2. | ||
<userGroupProvider> | ||
<identifier>composite-configurable-user-group-provider</identifier> | ||
<class>org.apache.nifi.authorization.CompositeConfigurableUserGroupProvider</class> | ||
<property name="Configurable User Group Provider">file-user-group-provider</property> | ||
<property name="User Group Provider 1"></property> | ||
</userGroupProvider> | ||
To enable the composite-configurable-user-group-provider remove 2 lines. This is 2 of 2. --> | ||
|
||
<!-- | ||
The FileAccessPolicyProvider will provide support for managing access policies which is backed by a file | ||
on the local file system. | ||
- User Group Provider - The identifier for an User Group Provider defined above that will be used to access | ||
users and groups for use in the managed access policies. | ||
- Authorizations File - The file where the FileAccessPolicyProvider will store policies. | ||
- Initial Admin Identity - The identity of an initial admin user that will be granted access to the UI and | ||
given the ability to create additional users, groups, and policies. The value of this property could be | ||
a DN when using certificates or LDAP, or a Kerberos principal. This property will only be used when there | ||
are no other policies defined. If this property is specified then a Legacy Authorized Users File can not be specified. | ||
NOTE: Any identity mapping rules specified in nifi.properties will also be applied to the initial admin identity, | ||
so the value should be the unmapped identity. This identity must be found in the configured User Group Provider. | ||
- Legacy Authorized Users File - The full path to an existing authorized-users.xml that will be automatically | ||
converted to the new authorizations model. If this property is specified then an Initial Admin Identity can | ||
not be specified, and this property will only be used when there are no other users, groups, and policies defined. | ||
NOTE: Any users in the legacy users file must be found in the configured User Group Provider. | ||
- Node Identity [unique key] - The identity of a NiFi cluster node. When clustered, a property for each node | ||
should be defined, so that every node knows about every other node. If not clustered these properties can be ignored. | ||
The name of each property must be unique, for example for a three node cluster: | ||
"Node Identity A", "Node Identity B", "Node Identity C" or "Node Identity 1", "Node Identity 2", "Node Identity 3" | ||
NOTE: Any identity mapping rules specified in nifi.properties will also be applied to the node identities, | ||
so the values should be the unmapped identities (i.e. full DN from a certificate). This identity must be found | ||
in the configured User Group Provider. | ||
--> | ||
<accessPolicyProvider> | ||
<identifier>file-access-policy-provider</identifier> | ||
<class>org.apache.nifi.authorization.FileAccessPolicyProvider</class> | ||
<property name="User Group Provider">file-user-group-provider</property> | ||
<property name="Authorizations File">./auth-conf/authorizations.xml</property> | ||
<property name="Initial Admin Identity">{{ .Values.auth.admin }}</property> | ||
<property name="Legacy Authorized Users File"></property> | ||
{{- range $i := until $replicas }} | ||
<property name="Node Identity {{ $i }}">CN={{ $fullname }}-{{ $i }}.{{ $fullname }}-headless.{{ $namespace }}.svc.cluster.local, OU=NIFI</property> | ||
{{- end }} | ||
<property name="Node Identity"></property> | ||
</accessPolicyProvider> | ||
<!-- | ||
The StandardManagedAuthorizer. This authorizer implementation must be configured with the | ||
Access Policy Provider which it will use to access and manage users, groups, and policies. | ||
These users, groups, and policies will be used to make all access decisions during authorization | ||
requests. | ||
- Access Policy Provider - The identifier for an Access Policy Provider defined above. | ||
--> | ||
<authorizer> | ||
<identifier>managed-authorizer</identifier> | ||
<class>org.apache.nifi.authorization.StandardManagedAuthorizer</class> | ||
<property name="Access Policy Provider">file-access-policy-provider</property> | ||
</authorizer> | ||
<!-- | ||
NOTE: This Authorizer has been replaced with the more granular approach configured above with the Standard | ||
Managed Authorizer. However, it is still available for backwards compatibility reasons. | ||
The FileAuthorizer is NiFi's provided authorizer and has the following properties: | ||
- Authorizations File - The file where the FileAuthorizer will store policies. | ||
- Users File - The file where the FileAuthorizer will store users and groups. | ||
- Initial Admin Identity - The identity of an initial admin user that will be granted access to the UI and | ||
given the ability to create additional users, groups, and policies. The value of this property could be | ||
a DN when using certificates or LDAP, or a Kerberos principal. This property will only be used when there | ||
are no other users, groups, and policies defined. If this property is specified then a Legacy Authorized | ||
Users File can not be specified. | ||
NOTE: Any identity mapping rules specified in nifi.properties will also be applied to the initial admin identity, | ||
so the value should be the unmapped identity. | ||
- Legacy Authorized Users File - The full path to an existing authorized-users.xml that will be automatically | ||
converted to the new authorizations model. If this property is specified then an Initial Admin Identity can | ||
not be specified, and this property will only be used when there are no other users, groups, and policies defined. | ||
- Node Identity [unique key] - The identity of a NiFi cluster node. When clustered, a property for each node | ||
should be defined, so that every node knows about every other node. If not clustered these properties can be ignored. | ||
The name of each property must be unique, for example for a three node cluster: | ||
"Node Identity A", "Node Identity B", "Node Identity C" or "Node Identity 1", "Node Identity 2", "Node Identity 3" | ||
NOTE: Any identity mapping rules specified in nifi.properties will also be applied to the node identities, | ||
so the values should be the unmapped identities (i.e. full DN from a certificate). | ||
--> | ||
</authorizers> |
Oops, something went wrong.