FintechOS Service Pipes
Service Pipes are the integration layer of the FintechOS Platform. It uses Apache Camel as routing and mediation engine to integrate the HPFI with external systems. Apache Camel is an integration framework that allows easy implementation of routing and mediation logic using a variety of domain-specific languages (DSLs) .
The FintechOS Service Pipes are built as a docker image and deployed in an Azure AppService.
App Service Configuration
To configure the Service Pipes on your Azure environment, log in to the Azure Portal and navigate to your Service Pipes app service blade. In the Configuration section, set up the following settings:
Setting | Description |
---|---|
app.loglevel.application (optional) |
Minimum severity level for the logged messages for the Service Pipes app. Available values are: DEBUG, ERROR, FATAL, INFO, OFF, TRACE, WARN. Default: INFO |
app.loglevel.root (optional) |
Minimum severity level for the logged messages for all the packages. For the Service Pipes app specifically, the app.loglevel.application setting will take precedence over app.loglevel.root. Available values are: DEBUG, ERROR, FATAL, INFO, OFF, TRACE, WARN. Default: INFO |
app.loglevel.security (optional) |
Minimum severity level for security messages (authentication or authorization). Available values are: DEBUG, ERROR, FATAL, INFO, OFF, TRACE, WARN. Default: INFO |
spring.profiles.active (optional) |
Leave empty to use the FintechOS Identity Provider for authentication. This is the default behavior and it is the recommended setting. Set it to basicAuth if you wish to use the legacy platform credentials for authentication. |
app.context.path (optional) |
The servlet path used for the Service Pipes app service, which is going to be appended to the app service URL. By default, the app will be available at the /services servlet path, for example: https://app-myApp.azurewebsites.net/services/ |
app.vault.url | URL of the Configuration Manager app service or Windows service. |
app.vault.token | Access token for the Configuration Manager. |
app.vault.secrets.engine (optional) |
Secrets engine used by the Configuration Manager. Default: kv |
app.vault.environment | The path where the services pipes folder is found in Vault (e.g. dev). The properties from this secrets path are required for the application startup and runtime. |
app.vault.application | The folder where the application properties are found. It defaults to service-pipes. |
app.vault.refresh.rate | The rate at which Vault properties are refreshed. It defaults to 3600000 (1h). |
Configuration Manager Settings
The settings used to associate the Service Pipes with a FintechOS Portal instance are stored in the Configuration Manager. Currently, a single Service Pipes instance can be associated with a single FintechOS Portal instance. The corresponding secrets are stored in the Configuration Manager at the kv/{environment name}/service-pipes
path.
Configuration for Environments Using the FintechOS Identity Provider
Key | Value | Description |
---|---|---|
openid.config |
Copy
|
|
rbac.config |
Copy
|
Property used for configuring role based access (RBAC) in Service Pipes. "apiMappings" - used for defining RBAC for api endpoints. "applicationMappings" - used for defining RBAC for application managing/configuration URLs (here power-users or administrator roles should be configured). "swaggerMappings" - used for RBAC of API documentation pages. |
portal.url | https://myServer.azurewebsites.net/portal/api/openApiV2/CallAction | URL of the FintechOS Portal instance associated with the Service Pipes. |
openapi.enabled |
true |
Flag used to determine if requests are forwarded to OpenAPI instead of Portal. |
openi.url | https://myServer.azurewebsites.net/ftosapi/automation-processors/actions/ | URL address of the OpenAPI component. |
portal.username |
{username} |
Used by Service Pipes when generating an access token to call the platform. |
portal.password |
{password} |
Used by Service Pipes when generating an access token to call the platform. |
throttle.config |
Copy
|
This property is needed only if Service Pipes application is started with the "throttiling" profile. |
Configuration for Environments Using Legacy Authentication (non-FintechOS Identity Provider)
Key | Value | |
---|---|---|
username | {username}
|
User name used by the associated Portal instance to authenticate when calling the Service Pipes. A matching key-value pair must be set up in the Configuration Manager on the associated Portal environment at kv/<environment>/<portalName>/app-settings . |
password | {password}
|
Password used by the associated Portal instance to authenticate when calling the Service Pipes. A matching key-value pair must be set up in the Configuration Manager on the associated Portal environment at kv/<environment>/<portalName>/app-settings . |
portal.url | https://myServer.azurewebsites.net/myPor tal | URL of the FintechOS Portal instance associated with the Service Pipes. |
ebs.config |
|
|
User Roles
When using the FintechOS Identity Provider for identity and access management, make sure you assign the following user roles accordingly:
- service-pipes-admin - Role needed for users responsible for monitoring the Service Pipes. This will provide them access to the Service Pipes monitoring tool available at the
<Service Pipes URL>/actuator/hawtio
path. E.g.: https://myServer.azurewebsites.net/services/actuator/hawtio - service-pipes-user - Role needed for users who need to authenticate to the Service Pipes, such as user accounts that will run digital journeys that make calls to the Service Pipes server.
For advanced configurations, roles can be further customized using the Configuration Manager.