You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| `endpoint` | The HTTP/HTTPS path to the endpoint API <br><br>If this is not defined, nothing will be attempted to be written to this endpoint | | `https://vpms3testsystem.westeurope.cloudapp.azure.com:19081/Authentication/Core`<br>or<br>`http://dv-ndr-plat4.s4m.de:31060`
73
-
| `auth` | Defines how to authenticate at the given endpoint<br><br>Has one of following keys:<br>`basic`<br>`token` |
73
+
| `auth` | Defines how to authenticate at the given endpoint<br><br>Has one of following keys:<br>`basic`<br>`token`<br>`session` |
74
74
| `auth.basic` | Defines basic authentication for connecting to API | | `env:`<br>  `username:` `VIDICORE_ADMIN_USERNAME`<br>  `password:` `VIDICORE_ADMIN_PASSWORD`
75
-
| `auth.basic.env.username` | Defines the environment variable that holds the username for basic auth.<br><br>Note:<br>A secret must be mounted to the container which populates the `username` environment variable
76
-
| `auth.basic.env.password` | Defines the environment variable that holds the password for basic auth.<br><br>Note:<br>A secret must be mounted to the container which populates the `password` environment variable
77
-
| `auth.token` | Defines token authentication for connecting to API | | `authenticationServiceEndpoint:` `"https://vpms3testsystem.westeurope.cloudapp.azure.com:19081/Authentication/Core"`<br>`env:`<br>  `clientId:` `AUTHSERVICE_TOKEN_PRODUCT_CLIENT_ID`<br>  `clientSecret:` `AUTHSERVICE_TOKEN_PRODUCT_CLIENT_SECRET`<br>`grantType:` `"client_credentials"`<br>`scopes:`<br>`- 'configportalscope'`<br>`- 'identityscope'`
78
-
| `auth.token.authenticationServiceEndpoint` | Endpoint of AuthenticationService to get token from |
79
-
| `auth.token.env.clientId` | Defines the environment variable that holds the clientId for token auth.<br><br>Note:<br>A secret must be mounted to the container which populates the `clientId` environment variable
80
-
| `auth.token.env.clientSecret` | Defines the environment variable that holds the clientSecret for token auth.<br><br>Note:<br>A secret must be mounted to the container which populates the `clientSecret` environment variable
81
-
| `auth.token.grantType` | Defines the grantType for the token
82
-
| `auth.token.scopes` | Defines the scopes for the token | `[]`
75
+
| `auth.basic.env.username` | Defines the environment variable that holds the username for basic auth.<br><br>Note:<br>If the `username` to be used is not contained in the automatically created `auth` or pod specific secret, the secret holding the `username` must be mounted to the container to populate the `username` environment variable
76
+
| `auth.basic.env.password` | Defines the environment variable that holds the password for basic auth.<br><br>Note:<br>If the `password` to be used is not contained in the automatically created `auth` or pod specific secret, the secret holding the `password` must be mounted to the container to populate the `password` environment variable
77
+
| `auth.token` | Defines token authentication parameters for connecting to an API. Up to this point this is always the authentication service but may be a changed to a different service providing tokens. | |`endpoint:`<br>  `baseUri:` `_HT/hull.vidispine.addon.library.get.endpoint.uri.info:ENDPOINT:"authservice":URI:"api"`<br>  `healthCheckSubpath:` `"/v1/HealthCheck?showDetail=false"`<br>  `requestSubpath:` `"/connect/token"`<br>`request:`<br>  `body:`<br>    `client_id:` `$env:CLIENT_AUTHSERVICE_INSTALLATION_ID`<br>    `client_secret:` `$env:CLIENT_AUTHSERVICE_INSTALLATION_SECRET`<br>    `grant_type:` `client_credentials`<br>    `scope:` `identityscope`<br>  `headers:`<br>    `Content-Type:` `"application/x-www-form-urlencoded"`<br>    `Accept:` `"application/json"`<br>`response:`<br>  `tokenField:` `"access_token"`
78
+
| `auth.token.endpoint` | Endpoint specification of service to get token from | | `baseUri:` `_HT/hull.vidispine.addon.library.get.endpoint.uri.info:ENDPOINT:"authservice":URI:"api"`<br>`healthCheckSubpath:` `"/v1/HealthCheck?showDetail=false"`<br>`requestSubpath:` `"/connect/token"`
79
+
| `auth.token.endpoint.baseUri` | Base Uri of authentication service endpoint to which path suffixes are appended to. | | `baseUri:` `_HT/hull.vidispine.addon.library.get.endpoint.uri.info:ENDPOINT:"authservice":URI:"api"`
80
+
| `auth.token.endpoint.healthCheckSubpath` | If set to a non empty value, a healthcheck is performed before obtaining a token from the endpoint | | `healthCheckSubpath:` `"/v1/HealthCheck?showDetail=false"`
81
+
| `auth.token.endpoint.requestSubpath` | An optional suffix which is appended to `auth. | | `requestSubpath:` `"/connect/token"`
82
+
| `auth.token.request` | Specifics of the request that is being sent to the token authentication service to obtain a token | | `body:`<br>  `client_id:` `$env:CLIENT_AUTHSERVICE_INSTALLATION_ID`<br>  `client_secret:` `$env:CLIENT_AUTHSERVICE_INSTALLATION_SECRET`<br>  `grant_type:` `client_credentials`<br>  `scope:` `identityscope`<br>`headers:`<br>  `Content-Type:` `"application/x-www-form-urlencoded"`<br>  `Accept:` `"application/json"`
83
+
| `auth.token.request.body` | The body of the request as a dictionary. It will be formatted appropriately matching the `Content-Type` header before sending, eg. to JSON for `Content-Type: application/json`<br><br> To fill in values that are supplied as environment variables, use the syntax `$env:<ENVIRONMENT_VARIABLE_NAME>` where `<ENVIRONMENT_VARIABLE_NAME>` is the name of the environment variable you want to be substituted in place.| | `client_id:` `$env:CLIENT_AUTHSERVICE_INSTALLATION_ID`<br>`client_secret:` `$env:CLIENT_AUTHSERVICE_INSTALLATION_SECRET`<br>`grant_type:` `client_credentials`<br>`scope:` `identityscope`
84
+
| `auth.token.request.headers` | The headers of the authentication token request as a dictionary. | | `Content-Type:` `"application/x-www-form-urlencoded"`<br>`Accept:` `"application/json"`
85
+
| `auth.token.response` | Information on how to treat the response of a token request to the token authentication service | | `tokenField:` `"access_token"`
86
+
| `auth.token.response.tokenField` | The optional key in the response JSON which holds the authentication token. The token is stored internally and sent with further requests to the endpoint | | `tokenField:` `"access_token"`
87
+
| `auth.session` | Defines session authentication parameters for connecting to an API | |`endpoint:`<br>  `baseUri:` `_HT*hull.config.general.data.endpoints.opensearch.uri.dashboards`<br>  `healthCheckSubpath:` `""`<br>  `requestSubpath:` `"/auth/login"`<br>`request:`<br>  `body:`<br>    `username:` `$env:AUTH_BASIC_OPENSEARCH_USERNAME`<br>    `password:` `$env:AUTH_BASIC_OPENSEARCH_PASSWORD`<br>    `grant_type:` `client_credentials`<br>    `scope:` `identityscope`<br>  `headers:`<br>    `Content-Type:` `"application/json"`<br>    `osd-xsrf:` `"true"`
88
+
| `auth.session.endpoint` | Endpoint specification of service to get session from | | `baseUri:` `_HT*hull.config.general.data.endpoints.opensearch.uri.dashboards"`<br>`healthCheckSubpath:` `""`<br>`requestSubpath:` `"/auth/login"`
89
+
| `auth.session.endpoint.baseUri` | Base Uri of authentication service endpoint to which path suffixes are appended to. | | `baseUri:` `_HT*hull.config.general.data.endpoints.opensearch.uri.dashboards"`
90
+
| `auth.session.endpoint.healthCheckSubpath` | If set to a non empty value, a healthcheck is performed before obtaining a token from the endpoint | | `healthCheckSubpath:` `""`
91
+
| `auth.session.endpoint.requestSubpath` | An optional suffix which is appended to `auth. | | `requestSubpath:` `"/auth/login"`
92
+
| `auth.session.request` | Specifics of the request that is being sent to the session authentication service to obtain session cookies | | `body:`<br>  `username:` `$env:AUTH_BASIC_OPENSEARCH_USERNAME`<br>  `password:` `$env:AUTH_BASIC_OPENSEARCH_PASSWORD`<br>`headers:`<br>  `Content-Type:` `"application/json"`<br>  `osd-xsrf:` `"true"`
93
+
| `auth.session.request.body` | The body of the request as a dictionary. It will be formatted appropriately matching the `Content-Type` header before sending, eg. to JSON for `Content-Type: application/json`<br><br> To fill in values that are supplied as environment variables, use the syntax `$env:<ENVIRONMENT_VARIABLE_NAME>` where `<ENVIRONMENT_VARIABLE_NAME>` is the name of the environment variable you want to be substituted in place.| | `username:` `$env:AUTH_BASIC_OPENSEARCH_USERNAME`<br>`password:` `$env:AUTH_BASIC_OPENSEARCH_PASSWORD`
94
+
| `auth.session.request.headers` | The headers of the authentication token request as a dictionary. | | `Content-Type:` `"application/json"`<br>`osd-xsrf:` `"true"`
83
95
| `stage` | Global stage where the defined `subresources` are processed. Can be overwritten at `subresource` level individually. <br>All subresources are by default processed during execution of the `hull-install` job by setting stage `pre-install` before installation of the main product of the parent Helm Chart. If you for example need to communicate to the API of a product you just installed within the parents Helm chart, set the `stage` to `post-install` and the processing takes places within the `hull-configure` job after the main product installation is done. | `pre-install` | `post-install`
84
96
| `extraHeaders` | Globally added extra headers to HTTP calls. Header keys defined on the `endpoint` level will be set for all entities with the headers value when sending HTTP requests. However header values can be overwritten or added individually on the `entity` level via the local `extraHeaders` dictionary. | `` | `extraHeaders:`<br>  `added_header_1:` `header_value`<br>  `added_header_2:` `another_header_value`
85
97
| `subresources` | Dictionary of individual API routes to communicate with.<br><br>Key: <br>Key for entry in dictionary `subresources`<br><br>Value: <br>The subresource definition in form of a `<subresourceSpec>`
@@ -132,21 +144,7 @@ By default the `hull-install` job is enabled but already pre-configured so that
132
144
133
145
- the container needed to run the job is defined so that it
134
146
- automatically loads the configuration section from `hull.config.general.data.installation`
135
-
- mounts sensitive data as environment variables from secrets (which by default are created with the respective keys but without values). If you use the `hull-install` job in product installation you need to set the appropriate values in the secrets:
136
-
- from `vidicore-secret` the `data` keys
137
-
- `adminUsername`to env var `VIDICORE_ADMIN_USERNAME`
138
-
- `adminPassword`to env var `VIDICORE_ADMIN_PASSWORD`
139
-
140
-
if communication with VidiCore is required.
141
-
142
-
- from `authservice-token-secret` the `data` keys
143
-
- `installerClientId`to env var `AUTHSERVICE_TOKEN_INSTALLER_CLIENT_ID`
144
-
- `installerClientSecret`to env var `AUTHSERVICE_TOKEN_INSTALLER_CLIENT_SECRET`
145
-
- `productClientId`to env var `AUTHSERVICE_TOKEN_PRODUCT_CLIENT_ID`
146
-
- `productClientSecret`to env var `AUTHSERVICE_TOKEN_PRODUCT_CLIENT_SECRET`
147
-
148
-
if communication with AuthService (`installerClientId`/`installerClientSecret`) and ConfigPortal (`productClientId`/`productClientSecret`) is required.
149
-
147
+
- loads all certificates provided under `hull.config.general.data.installation.config.customCaCertificates`
150
148
- typical endpoints and subresources are predefined so that only entities need to be specified. The predefined subresources for the endpoints are skipped in case the endpoint is not defined.
151
149
- endpoint with key `10_vidicore` is set up to do basic authentication on the vidispine endpoint defined in `hull.config.general.data.endpoints.vidicore.uri.api` using the `admin` credentials from secret `vidicore-secret`
152
150
- subresources are configured so that creating specific entities works out of the box for them
@@ -823,13 +821,18 @@ the following _ENDPOINT_ and _URI_ combinations yield:
823
821
Parameters:
824
822
825
823
_PARENT_CONTEXT_: The Helm charts global context
824
+
826
825
_ENDPOINT_: The key denoting the endpoint which may contain the _URI_
826
+
827
827
_URI_: The particular uri to get
828
+
829
+
_IGNORE_INTERNAL_: Ignore any endpoint with name of _URI_ and suffix `Internal`
830
+
828
831
_INFO_: The kind of information to get. Allowed values: uri|host|hostname|netloc|path|scheme|port|base
829
832
830
833
Usage:
831
834
832
-
This function works with `hull.config.general.data.endpoints` section to return a particular aspect of an _URI_ which is defined for a given endpoint named with _ENDPOINT_. The function furthermore checks for whether the _URI_ is defined with a suffix of `Internal` or without it. If an `Internal` suffixes _URI_ exists it has precedence over an _URI_ without the suffix for the evaluation of _INFO_.
835
+
This function works with `hull.config.general.data.endpoints` section to return a particular aspect of an _URI_ which is defined for a given endpoint named with _ENDPOINT_. The function furthermore checks for whether the _URI_ is defined with a suffix of `Internal` or without it. If an `Internal` suffixes _URI_ exists it has precedence over an _URI_ without the suffix for the evaluation of _INFO_, however if the _IGNORE_EXTERNAL_ parameter is set to true any endpoint with an `Internal` suffix is explicitly ignored.
833
836
834
837
Allowed values for _INFO_:
835
838
- `uri`: return the complete URI as it is configured
0 commit comments