Configuration of Solution Designer and Solution Hub

Configuration of the Installation

Attention: All given configurations are only effective for Solution Hub or Solution Designer and not for deployed solutions.

In order to configure the installed components, the k5-configurator API must be used. With the help of this API, you can specify the environment specific values for this installation.

The k5-configurator API provides REST services for reading and updating configurations for the Solution Hub and the Solution Designer. The k5-configurator API is part of the Solution Hub installation and its Helm chart.

Note: For using the k5-configurator API, a valid OpenShift token is needed. An OpenShift token can be retrieved through login at the OpenShift WebConsole --> Copy login command. The required permissions are depending on the used API call and can be found within this documentation.

The configurations can be done easily with the provided Swagger UI or any other tool for calling APIs (like cURL, Postman).

Tip: As long as not configured otherwise, the default URL where you can find the k5-configurator Swagger UI is built like this: 
https://k5-configurator.<domain>
The exact URL can be found within the route named k5-configurator. It can be easily retrieved by executing 
oc get route k5-configurator -n <namespace>
, whereby <namespace> points to the namespace, where the Solution Hub is installed.

Configuration of Financial Services Workbench

For a new installation at least, the following configuration must be provided:

  • Iam: Configures the properties to access the Identity and Access Management system (IAM), respectively Keycloak

  • Master key: Configures the master key, needed to have encryption at rest for some sensitive user data, like Git tokens or API keys

  • MongoDb: Configures the connection to the Mongo database, which is used by the Solution Designer

  • S3Storage:Configures properties to access an S3-Storage, which is used as a persistence layer for the k5-marketplace

  • Truststore: Updates the truststore, which holds a bunch of certificates, that should be trusted within FSW

Attention: Even though the request parameters of the k5-configurator API are not necessary at installation time, all values must be configured in the end to get Financial Services Workbench working.

IAM

  • Use PUT method Update properties for accessing iam for updating the IAM configurations

Request Parameters

Parameter Type Description
data Body parameter (JSON) The configuration values (body parameters)

Configuration Parameters (body parameters)

The following table lists the configurable parameters for the IAM.

Parameter Description
adminUsername The IAM admin’s username
adminPassword The IAM admin’s password
hostname The hostname of the IAM provider
realm The default realm name

Authorization

An OpenShift token with following permissions must be provided:

  • secrets: get, create, update
  • k5client: list, update
  • k5realm: list, update

Master key

  • Use PUT method Update properties for the master key for updating the master key

Request Parameters

Parameter Type Description
data Body parameter (JSON) The configuration values (body parameters)

Configuration Parameters (body parameters)

This information needs to be provided by the customer side. There are no further restrictions on the key but it is recommended to provide a master key that matches the common AES rules. The following table lists the configurable parameters for the master key.

Warning: Losing/changing the master key will cause data loss, because user tokens are encrypted with that and can't be decrypted without it!
Parameter Description
key The master key. It is not allowed to use empty values for this, as it would cause security risks. Data (especially user tokens) would not be encrypted and hence stored in plaintext in the database, which must not happen.
Note: In the initial state the value is empty, which is why the encryption is failing. Only due to that it is safe in respect of data loss in the initial state.

Authorization

An OpenShift token with following permissions must be provided:

  • secrets: get, create, update

MongoDB

  • Use PUT method Update properties for accessing solution designer mongodb for updating the mongoDB connection

Request Parameters

Parameter Type Description
data Body parameter (JSON) The configuration values (body parameters)

Configuration Parameters (body parameters)

The following table lists the configurable parameters for the mongoDB connection.

Parameter Description
connectionString The mongoDB connectionString for the Solution Designer

Authorization

An OpenShift token with following permissions must be provided:

  • secrets: get, create, update

S3 Storage

  • Use PUT method Update properties for accessing s3 storage for updating the S3 storage

Request Parameters

Parameter Type Description
data Body parameter (JSON) The configuration values (body parameters)

Configuration Parameters (body parameters)

This information needs to be provided from the customer side. You can only use the default S3 Storage. The following table lists the configurable parameters for the S3 storage.

Warning: Losing/changing accesskey and secretkey will cause S3 Storage data loss, because the whole storage is encrypted with that and can't be decrypted without them!
Parameter Description
accesskey Access key of the S3 storage with a restriction of a minimum key length of 3 characters. It is not allowed to use an empty value for this, as it would cause security risks. The S3 Storage would allow anonymous access without that.
secretkey Secret key of the S3 storage with a restriction of a minimum key length of 8 characters. It is not allowed to use an empty value for this, as it would cause security risks. The S3 Storage would allow anonymous access without that. The S3 Storage would allow anonymous access without that.
Note: In the initial state the s3 storage is not working, because no access- and secretkey was set. Only due to that it is safe in respect of data loss in the initial state.

Authorization

An OpenShift token with following permissions must be provided:

  • secrets: get, create, update

Trust-Store

  • Use PUT method Update entries within the truststore for updating the key-value pairs within the truststore

    Warning: Calling that API overrides the current truststore!

Request Parameters

Parameter Type Description
data Body parameter (JSON) The configuration values (body parameters)

Configuration Parameters (body parameters)

The body parameters contain key-value pairs. It is possible to provide the value of each entry as a base64 string, e.g.:

{"identity":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSS4uLndVQQpNRW8uLi5RUUQKRXhwLi4udz B5Ck1ERS4uLjJsegpMbU4uLi5sMncvbwpqQkMuLi40b0sKUWMxLi4uPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtL S0tLQotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJLi4uQU1UCkRrUi4uLmxvdwpTakVMLi4uQU1UCkdr eC4uLmc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t"}

As an alternative you can provide the PEM certificates as plain text but line breaks have to be replaced with "\n" for the Swagger UI or "\" for cURL operations.
Note: The line length of the certificates must comply with the PEM standard, with each line containing exactly 64 printable characters except the last line and 64 or fewer printable characters in the last line.
Note: To allow the configuration to be changed, the affected Pods must be restarted.

Authorization

An OpenShift token with following permissions must be provided:

  • secrets: get, create, update

Config Maps Configuration

The config-maps-controller in the k5-configurator API allows configuration of all config maps that are provided through the Financial Services Workbench. Config maps allow a very detailed level of control for the components. Any adjustments to the initial values, might have unwanted side-effects.

Configuration changes within the config map section is not mandatory. Nevertheless, the most important options are listed below:

  • GET List all available config maps: Lists all config maps that can be configured by the k5-configurator API. Includes the names of the config maps and their contents to proceed with different APIs.

  • PUT Update an existing config map: Updates the content of a config map.

  • DELETE Reset a config map to the initial values of the installation: Resets a config map to the initial values.

  • PUT Update a key-value pair in the config map: Updates an existing entry within a config map.

  • POST Create a new key-value pair in the config map: Creates a not-existing entry within a config map.

  • DELETE Delete a key-value pair in the config map: Removes an entry from a config map.

GET all config maps

  • Use GET method List all available config maps for getting all config maps that can be configured by the k5-configurator API

Authorization

An OpenShift token with following permissions must be provided:

  • configmaps: list

PUT update config map

  • Use PUT method Update an existing config map for updating a config map

Request Parameters

Parameter Type Description
config-map-name Path parameter Name of the config map
data Body parameter (JSON) The new data the config map should contain (body parameters)

Configuration Parameters (body parameters)

The body parameters contain key-value pairs.
Warning: Calling that API overrides the current data map!

Authorization

An OpenShift token with following permissions must be provided:

  • configmaps: get, update

DELETE reset a config map

  • Use DELETE method Reset a config map to the initial values of the installation for resetting a config map to its initial values

Request Parameters

Parameter Type Description
config-map-name Path parameter Name of the config map

Authorization

An OpenShift token with following permissions must be provided:

  • configmaps: get, update

PUT update an entry in a config map

  • Use PUT method Update a key-value pair in the config map for updating a specific key-value pair within a config map

Request Parameters

Parameter Type Description
config-map-name Path parameter Name of the config map
key Path parameter Name of the key
data Body parameter (JSON) The new value for the key (body parameters)

Configuration Parameters (body parameters)

The body parameters contain one mandatory field:

Parameter Description
value The new value

Authorization

An OpenShift token with following permissions must be provided:

  • configmaps: get, update

POST create an entry in a config map

  • Use POST method Create a new key-value pair in the config map for creating a new key-value pair within a config map

Request Parameters

Parameter Type Description
config-map-name Path parameter Name of the config map
key Path parameter Name of the key
data Body parameter (JSON) The value for the key (body parameters)

Configuration Parameters (body parameters)

The body parameters contain one mandatory field:

Parameter Description
value The new value

Authorization

An OpenShift token with following permissions must be provided:

  • configmaps: get, update

DELETE delete an entry in a config map

  • Use DELETE method Delete a key-value pair in the config map for deleting an existing key-value pair within a config map

Request Parameters

Parameter Type Description
config-map-name Path parameter Name of the config map
key Path parameter Name of the key

Authorization

An OpenShift token with following permissions must be provided:

  • configmaps: get, update