onecx-iam-bff
Configuration
Configuration property fixed at build time - All other configuration properties are overridable at runtime
Configuration property |
Type |
Default |
|---|---|---|
Url of the iam rest client. Environment variable: |
string |
required |
Set to true to share the HTTP client between REST clients. Environment variable: |
boolean |
|
The size of the rest client connection pool. Environment variable: |
int |
|
Default properties
src/main/resources/application.properties
quarkus.http.auth.permission.health.paths=/q/*
quarkus.http.auth.permission.health.policy=permit
quarkus.http.auth.permission.default.paths=/*
quarkus.http.auth.permission.default.policy=authenticated
onecx.permissions.application-id=${quarkus.application.name}
org.eclipse.microprofile.rest.client.propagateHeaders=apm-principal-token
%prod.quarkus.rest-client.onecx_iam_svc.url=http://onecx-iam-svc:8080
quarkus.openapi-generator.codegen.input-base-dir=target/tmp/openapi
quarkus.openapi-generator.codegen.spec.onecx_iam_svc_yaml.config-key=onecx_iam_svc
quarkus.openapi-generator.codegen.spec.onecx_iam_svc_yaml.base-package=gen.org.tkit.onecx.iam.client
quarkus.openapi-generator.codegen.spec.onecx_iam_svc_yaml.return-response=true
quarkus.openapi-generator.codegen.spec.onecx_iam_svc_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders
quarkus.openapi-generator.codegen.spec.onecx_iam_svc_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
quarkus.openapi-generator.codegen.spec.onecx_iam_svc_yaml.enable-security-generation=false
%prod.quarkus.rest-client.onecx_iam_svc.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
%prod.quarkus.oidc-client.client-id=${ONECX_OIDC_CLIENT_CLIENT_ID:${quarkus.application.name}}Extensions
Extensions |
Documentation |
Configuration |
Version |
|---|---|---|---|
quarkus-rest |
3.20.1 |
||
quarkus-smallrye-openapi |
3.20.1 |
||
quarkus-rest-jackson |
3.20.1 |
||
quarkus-smallrye-health |
3.20.1 |
||
quarkus-opentelemetry |
3.20.1 |
||
quarkus-micrometer-registry-prometheus |
3.20.1 |
||
quarkus-openapi-generator |
2.10.0-lts |
||
quarkus-rest-client-jackson |
3.20.1 |
||
tkit-quarkus-log-cdi |
3.3.0 |
||
tkit-quarkus-log-rs |
3.3.0 |
||
tkit-quarkus-log-json |
3.3.0 |
||
tkit-quarkus-rest |
3.3.0 |
||
tkit-quarkus-rest-context |
3.3.0 |
||
quarkus-cache |
3.20.1 |
||
quarkus-hibernate-validator |
3.20.1 |
||
onecx-permissions |
1.3.0 |
||
quarkus-oidc |
3.20.1 |
||
tkit-quarkus-security |
3.3.0 |
||
onecx-core |
1.3.0 |
||
quarkus-arc |
3.20.1 |
||
quarkus-container-image-docker |
3.20.1 |
||
quarkus-rest-client-oidc-filter |
3.20.1 |
||
=== |
tkit-quarkus-oidc-health |
Helm
Default values
app:
name: bff
template:
oidc_client_id: "ONECX_OIDC_CLIENT_CLIENT_ID"
image:
repository: "onecx/onecx-iam-bff"
operator:
# Permission
permission:
enabled: true
spec:
permissions:
user:
admin-read: permission on all GET requests and POST search for admin operations
admin-write: permission on all POST and PUT requests for admin operations
role:
admin-read: permission on all GET requests and POST search for admin operations
admin-write: permission on all POST and PUT requests for admin operations
provider:
admin-read: permission on all GET requests and POST search for admin operations
read: permission on all GET requests and POST search for user operations
password:
write: permission on PUT, POST, PATCH requests, where objects are saved or updated
keycloak:
client:
enabled: true
spec:
kcConfig:
defaultClientScopes: [ ocx-ia:all, ocx-pm:read ]