|
6 | 6 |
|
7 | 7 | For self-service of APIs, a set of microservices are used to coordinate updates by the providers of APIs. |
8 | 8 |
|
9 | | -* `Gateway` : Provides a way for API Owners to update their Kong configuration (and internally the OCP Edge Router) |
10 | | -* `Authz` : Provides a way for API Owners to update Keycloak for access to functionality on the API Services Portal |
11 | | -* `Catalog` : Provides a way for API Owners to update the API details in the BC Data Catalog |
| 9 | +- `Gateway` : Provides a way for API Owners to update their Kong configuration (and internally the OCP Edge Router) |
| 10 | +- `Authz` : Provides a way for API Owners to update Keycloak for access to functionality on the API Services Portal |
| 11 | +- `Catalog` : Provides a way for API Owners to update the API details in the BC Data Catalog |
12 | 12 |
|
13 | 13 | All APIs are protected by an OIDC JWT Token with the following claims: |
14 | 14 |
|
15 | | -* `aud` : `gwa` |
16 | | -* `namespace` : Identifies the namespace that the APIs belong to, used to scope what changes are allowed |
| 15 | +- `aud` : `gwa` |
| 16 | +- `namespace` : Identifies the namespace that the APIs belong to, used to scope what changes are allowed |
17 | 17 |
|
18 | 18 | **Configuration:** |
19 | 19 |
|
20 | | -| Variable | Description | Example | |
21 | | -| -------- | ----------- | ------- | |
22 | | -| `PORT` | Port | `2000` | |
23 | | -| `LOG_LEVEL` | Log level for the application | `INFO` | |
24 | | -| `ENVIRONMENT` | Indicates what environment config to use (development|test|production) | `production` | |
25 | | -| `CONFIG_PATH` | Location of the config | `/tmp/production.json` | |
26 | | -| `OIDC_BASE_URL` | External base url used by the Swagger console for an externally available Auth endpoint. | `https://keycloak.domain/auth/realms/abc` |
27 | | -| `TOKEN_MATCH_AUD` | The `audience` that the token must match. | `gwa` |
28 | | -| `WORKING_FOLDER` | Temporary working folder that only exists for the duration of the POD. | `/tmp` |
29 | | -| `KONG_ADMIN_URL` | The Kong Admin endpoint. | `http://kong-admin-api:8001` |
30 | | -| `KC_SERVER_URL` | Keycloak access for administrative rights to manage groups for namespaces and for OIDC Discovery for getting the `jwks_uri` for the list of supported keys | `https://auth.domain/auth` |
31 | | -| `KC_REALM` | Keycloak access for administrative rights to manage groups for namespaces | `aps` |
32 | | -| `KC_CLIENT_ID` | Keycloak access for administrative rights to manage groups for namespaces | `admin-cli` |
33 | | -| `KC_CLIENT_SECRET`| Keycloak access for administrative rights to manage groups for namespaces | `` |
34 | | -| `KC_USER_REALM` | Keycloak access for administrative rights to manage groups for namespaces | `master` |
35 | | -| `KC_USERNAME` | Keycloak access for administrative rights to manage groups for namespaces | `kcadmin` |
36 | | -| `KC_PASSWORD` | Keycloak access for administrative rights to manage groups for namespaces | `xxx` |
37 | | -| `HOST_TRANSFORM_ENABLED` | For Dev and Test a way to transform the host for working in these environments | `false` |
38 | | -| `HOST_TRANSFORM_BASE_URL` | For Dev and Test a way to transform the host for working in these environments | |
39 | | -| `PLUGINS_RATELIMITING_REDIS_PASSWORD` | The Redis credential added to the rate-limiting Kong plugin during publish | |
| 20 | +| Variable | Description | Example | |
| 21 | +| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------- | |
| 22 | +| `PORT` | Port | `2000` | |
| 23 | +| `LOG_LEVEL` | Log level for the application | `INFO` | |
| 24 | +| `ENVIRONMENT` | Indicates what environment config to use (development , test, production) | `production` | |
| 25 | +| `CONFIG_PATH` | Location of the config | `/tmp/production.json` | |
| 26 | +| `OIDC_BASE_URL` | External base url used by the Swagger console for an externally available Auth endpoint. | `https://keycloak.domain/auth/realms/abc` | |
| 27 | +| `TOKEN_MATCH_AUD` | The `audience` that the token must match. | `gwa` | |
| 28 | +| `WORKING_FOLDER` | Temporary working folder that only exists for the duration of the POD. | `/tmp` | |
| 29 | +| `KONG_ADMIN_URL` | The Kong Admin endpoint. | `http://kong-admin-api:8001` | |
| 30 | +| `KC_SERVER_URL` | Keycloak access for administrative rights to manage groups for namespaces and for OIDC Discovery for getting the `jwks_uri` for the list of supported keys | `https://auth.domain/auth` | |
| 31 | +| `KC_REALM` | Keycloak access for administrative rights to manage groups for namespaces | `aps` | |
| 32 | +| `KC_CLIENT_ID` | Keycloak access for administrative rights to manage groups for namespaces | `admin-cli` | |
| 33 | +| `KC_CLIENT_SECRET` | Keycloak access for administrative rights to manage groups for namespaces | `` | |
| 34 | +| `KC_USER_REALM` | Keycloak access for administrative rights to manage groups for namespaces | `master` | |
| 35 | +| `KC_USERNAME` | Keycloak access for administrative rights to manage groups for namespaces | `kcadmin` | |
| 36 | +| `KC_PASSWORD` | Keycloak access for administrative rights to manage groups for namespaces | `xxx` | |
| 37 | +| `HOST_TRANSFORM_ENABLED` | For Dev and Test a way to transform the host for working in these environments | `false` | |
| 38 | +| `HOST_TRANSFORM_BASE_URL` | For Dev and Test a way to transform the host for working in these environments | |
| 39 | +| `PLUGINS_RATELIMITING_REDIS_PASSWORD` | The Redis credential added to the rate-limiting Kong plugin during publish | |
40 | 40 |
|
41 | 41 | # API Provider Flow |
42 | 42 |
|
43 | | -[See Details](USER-JOURNEY.md) |
| 43 | +[See Details](https://bcgov.github.io/aps-infra-platform/guides/owner-journey) |
0 commit comments