Product Configuration
Introduction
After you completed the installation process you then have to do the initial configuration of Financial Services Workbench to get Solution Designer and Solution Hub up and running. Be aware, that even if all necessary pods are running without this configuration you are not able to work with neither one of the components.
All of the configurations mentioned in this chapter are related to Solution Designer and Solution Hub. This chapter is not about the configurations related to deployed solutions. You can find this information under Run Time Configuration.
The initial configuration of Financial Services Workbench is done via a REST API called K5 Configurator Controller API. This API provides a Swagger UI for ease-of-use but you can use the tool of your choice for calling APIs (e.g. cURL, Postman).
<https://k5-configurator>.<domain>The exact URL can be found within the route named k5-configuration-management. It can be easily retrieved by executing
oc get route k5-configurator -n <namespace>, whereby <namespace> points to the namespace, where the Solution Hub is installed.
For a new installation at least, the following configuration must be provided:
IAM: Configures the properties to access the Identity and Access Management system (IAM), respectively Keycloak
Master Key: Configures the master key, needed to have encryption at rest for some sensitive user data, like Git tokens or API keys
MongoDB: Configures the connection to the Mongo database, which is used by the Solution Designer
S3Storage:Configures properties to access an S3-Storage, which is used as a persistence layer for the k5-marketplace
Truststore: Updates the truststore, which holds a bunch of certificates, that should be trusted within FSW
IAM
These configurations are required to connect to the IAM Provider.
Use PUT method Update properties for accessing iamof the Swagger UI or
curl -X PUT "{your-hostname}/api/k5-configurator/v1/configs/iam" -H "accept: application/json;charset=UTF-8" -H "Authorization: Bearer {BearerToken}" -d '{}'With the following request body (schema):
{
"adminUsername": "string",
"adminPassword": "string",
"hostname": "string",
"realm": "string"
}Request Parameters:
| Parameter | Description |
|---|---|
| adminUsername | The IAM admin’s username |
| adminPassword | The IAM admin’s password |
| hostname | The hostname of the IAM provider |
| realm | The default realm name |
An OpenShift bearer token with following permissions must be provided to perform this action:
secrets: get, create, update
k5client: list, update
k5realm: list, update
Master Key
This configuration is necessary for the encryption.
Use PUT method Update properties for the master key in the Swagger UI or
curl -X PUT "{your-hostname}/api/k5-configurator/v1/configs/masterkey" -H "accept: application/json;charset=UTF-8" -H "Authorization: Bearer {BearerToken}" -d '{}'With the following request body (schema):
{
"key": "string"
}Request Parameters:
| Parameter | Description |
|---|---|
| key | The master key. It is not allowed to use empty values for this, as it would cause security risks. Data (especially user tokens) would not be encrypted and hence stored in plaintext in the database, which must not happen. |
An OpenShift bearer token with following permissions must be provided to perform this action:
secrets: get, create, update
This information needs to be provided by the customer. There are no further restrictions on the key but it is recommended to provide a master key that matches the common AES rules.
In the initial state the value is empty, which is why the encryption is failing. Only due to that it is safe in respect of data loss in the initial state.
MongoDB
This configuration is necessary to connect to the Mongo database.
Use PUT method Update properties for accessing solution designer mongodb in the Swagger UI or
curl -X PUT "{your-hostname}/api/k5-configurator/v1/configs/mongodb" -H "accept: application/json;charset=UTF-8" -H "Authorization: Bearer {BearerToken}" -d '{}'With the following request body (schema):
{
"connectionString": "string"
}Request Parameters:
| Parameter | Description |
|---|---|
| connectionString | The mongoDB connectionString for the Solution Designer. |
An OpenShift bearer token with following permissions must be provided to perform this action:
secrets: get, create, update
S3 Storage
Configures properties to access an S3-Storage, which is used as a persistence layer for the K5 Marketplace
Use PUT method Update properties for accessing s3 storage in the Swagger UI or
curl -X PUT "{your-hostname}/api/k5-configurator/v1/configs/s3storage" -H "accept: application/json;charset=UTF-8" -H "Authorization: Bearer {BearerToken}" -d '{}'With the following request body (schema):
{
"accesskey": "string",
"secretkey": "string"
}Request Parameters:
| Parameter | Description |
|---|---|
| accesskey | Access key of the S3 storage with a restriction of a minimum key length of 3 characters. It is not allowed to use an empty value for this, as it would cause security risks. The S3 Storage would allow anonymous access without that. |
| secretkey | Secret key of the S3 storage with a restriction of a minimum key length of 8 characters. It is not allowed to use an empty value for this, as it would cause security risks. The S3 Storage would allow anonymous access without that. The S3 Storage would allow anonymous access without that. |
An OpenShift bearer token with following permissions must be provided to perform this action:
secrets: get, create, update
In the initial state the s3 storage is not working, because no access- and secretkey was set. Only due to that it is safe in respect of data loss in the initial state.
Truststore
Updates the truststore, which holds a bunch of certificates, that should be trusted within Financial Services Workbench.
Use PUT method Update entries within the truststore in the Swagger UI or
curl -X PUT "{your-hostname}/api/k5-configurator/v1/configs/truststore" -H "accept: application/json;charset=UTF-8" -H "Authorization: Bearer {BearerToken}" -d '{}'With the following request body (schema):
{
"empty": true,
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
}Request Parameters:
| Parameter | Description |
|---|---|
| data | Body parameter (JSON). The value for the key (required) |
Configuration Parameters (body parameters)
The body parameters contain key-value pairs. It is possible to provide the value of each entry as a base64 string, e.g.:
{
"identity": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSS4uLndVQQpNRW8uLi5RUUQKRXhwLi4udzB5Ck1ERS4uLjJsegpMbU4uLi5sMncvbwpqQkMuLi40b0sKUWMxLi4uPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJLi4uQU1UCkRrUi4uLmxvdwpTakVMLi4uQU1UCkdreC4uLmc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t"
}As an alternative you can provide the PEM certificates as plain text but line breaks have to be replaced with "\n" for the Swagger UI or "" for cURL operations.
An OpenShift token with following permissions must be provided:
secrets: get, create, update
Config Maps Configuration
The config-maps-controller in the K5 Configurator Controller API allows configuration of all config maps that are provided through the Financial Services Workbench. Config maps allow a very detailed level of control for the components. Any adjustments to the initial values, might have unwanted side-effects.
Configuration changes within the config map section is not mandatory. Nevertheless, the most important options are listed below:
GET List all available config maps: Lists all config maps that can be configured by the k5-configurator API. Includes the names of the config maps and their contents to proceed with different APIs.
PUT Update an existing config map: Updates the content of a config map.
DELETE Reset a config map to the initial values of the installation: Resets a config map to the initial values.
PUT Update a key-value pair in the config map: Updates an existing entry within a config map.
POST Create a new key-value pair in the config map: Creates a not-existing entry within a config map.
DELETE Delete a key-value pair in the config map: Removes an entry from a config map.
List all available config maps
Use GET method List all available config maps in the Swagger UI or
curl -X GET "{your-hostname}/api/k5-configurator/v1/configs/configmaps" -H "accept: application/json;charset=UTF-8" -H "Authorization: Bearer {BearerToken}"for getting all config maps that can be configured by the K5 Configurator Controller API.
An OpenShift token with following permissions must be provided:
configmaps: list
Update an existing config map
Use PUT method Update an existing config map in the Swagger UI or
curl -X PUT "{your-hostname}/api/k5-configurator/v1/configs/configmaps/{config-map-name}" -H "accept: application/json;charset=UTF-8" -H "Authorization: Bearer {BearerToken}" -d '{}'Request Parameters:
| Parameter | Type | Description |
|---|---|---|
| config-map-name | Path parameter | Name of the config map |
| data | Body parameter (JSON) | The new data the config map should contain (body parameters contain key-value pairs) |
An OpenShift token with following permissions must be provided:
configmaps: get, update
Reset a config map
Use DELETE method Reset a config map to the initial values of the installation in the Swagger UI or
curl -X DELETE "{your-hostname}/api/k5-configurator/v1/configs/configmaps/{config-map-name}" -H "accept: application/json;charset=UTF-8" -H "Authorization: Bearer {BearerToken}"for resetting a config map to its initial values.
Request Parameters:
| Parameter | Type | Description |
|---|---|---|
| config-map-name | Path parameter | Name of the config map |
An OpenShift token with following permissions must be provided:
configmaps: get, update
Update a key-value pair
Use PUT method Update a key-value pair in the config map in the Swagger UI or
curl -X PUT "{your-hostname}/api/k5-configurator/v1/configs/configmaps/{config-map-name}/{key}" -H "accept: application/json;charset=UTF-8" -H "Authorization: Bearer {BearerToken}" -d '{}'Request Parameters:
| Parameter | Type | Description |
|---|---|---|
| config-map-name | Path parameter | Name of the config map |
| key | Path parameter | Name of the key |
| data | Body parameter (JSON) | The new value for the key (required) |
Configuration Parameters (content of the body parameter):
| Parameter | Description |
|---|---|
| value | Path parameter |
An OpenShift token with following permissions must be provided:
configmaps: get, update
Create a new key-value pair
Use POST method Create a new key-value pair in the config map in the Swagger UI or
curl -X POST "{your-hostname}/api/k5-configurator/v1/configs/configmaps/{config-map-name}" -H "accept: application/json;charset=UTF-8" -H "Authorization: Bearer {BearerToken}" -d '{}'for creating new key-value pairs within a config map.
Request Parameters:
| Parameter | Type | Description |
|---|---|---|
| config-map-name | Path parameter | Name of the config map |
| key | Path parameter | Name of the key |
| data | Body parameter (JSON) | The new value for the key (required) |
Configuration Parameters (content of the body parameter):
| Parameter | Description |
|---|---|
| value | Path parameter |
An OpenShift token with following permissions must be provided:
configmaps: get, update
Delete a key-value pair
Use DELETE method Delete a key-value pair in the config map in the Swagger UI or
curl -X DELETE "{your-hostname}/api/k5-configurator/v1/configs/configmaps/{config-map-name}" -H "accept: application/json;charset=UTF-8" -H "Authorization: Bearer {BearerToken}"Request Parameters:
| Parameter | Type | Description |
|---|---|---|
| config-map-name | Path parameter | Name of the config map |
| key | Path parameter | Name of the key |
An OpenShift token with following permissions must be provided:
configmaps: get, update