Configuration
Last updated
Last updated
All content on this page by eGov Foundation is licensed under a Creative Commons Attribution 4.0 International License.
On this page, you will find a set of standard configuration steps that should be applied consistently across all services. Please adhere to these steps within the context of each service, making necessary replacements only as instructed by the respective service's guidelines.
Steps:
Deploying a service encompasses three key aspects:
Service Image Deployment: This entails deploying a published Docker image of the service within the DIGIT environment.
Helm Charts Requirement: Helm charts play a crucial role in service deployment as they configure environment variables tailored to the specific Kubernetes cluster. You can deploy a service either through CI/CD pipelines or directly by utilizing Helm commands from your system. All helm charts for PQM services are available in this repository.
Service Configuration: To ensure the service functions seamlessly, it is essential to configure it correctly. This includes setting up MDMS, IDGen, Workflow, and other masters as necessary, all of which can be done on GitHub.
In summary, deploying a service involves these three fundamental steps, each contributing to the successful deployment and operation of the service within the DIGIT environment.
Click here to find detailed information on MDMS configuration.
All modules expose certain actions (APIs), roles (actors) and role-action mappings (who can access which resource). Role-action mappings are used for access control.
Each service documentation has a role-action table that identifies the actors that can access the resource. Follow the outline below replacing specific actions/roles for each module.
Actions, roles and role-action mapping are defined within a master tenant in folders. The folders have the same name as the module name for easy identification.
Example:
In the above image, "pg" is the state level tenant. The three folders highlighted in orange contain the masters for actions, roleactions and roles respectively.
Folder structures are only for categorisation and easy navigation of master files. The MDMS service retrieves data only through module and master names. Make sure that these are correct.
Add all the APIs exposed by the service (refer to service for actual APIs) to the actions.json
file in MDMS.
Keep appending new entries to the bottom of the file.
Make sure the id
field is unique. Best practice is to increment the id by one when adding a new entry. This id field will be used in the role-action mapping.
Module name: ACCESSCONTROL-ACTIONS-TEST
Master name: actions-test
In case 403s are encountered despite configuration, double check the actions.json file to make sure the API in question has a unique ID. In case of duplicate IDs, a 403 will be thrown by Zuul.
A sample entry given below:
Configure roles based on the roles column (refer to service documentation) in the roles.json file. Make sure the role does not exist already. Append new roles to the bottom of the file.
Module name: ACCESSCONTROL-ROLES
Master name: roles
A sample entry is given below:
Role-action mapping should be configured as per the role-action table defined. Add new entries to the bottom of the roleactions.json file.
Identify the action id (from the actions.json file) and map roles to that id. If multiple roles are mapped to an API, then each of them becomes a unique entry in the roleactions.json file.
Module name: ACCESSCONTROL-ROLEACTIONS
Master name: roleactions.json
A sample set of role-action entries is shown below. Each of the actionid
fields needs to match a corresponding API from the actions.json file.
In the example below the ESTIMATE_CREATOR
is given access to API actionid 9. This maps to the estimate create API in our repository.
Note that the actionid
and tenantId
might differ from implementation to implementation.
Each service has a persister.yaml file which needs to be stored in the configs repository. The actual file will be mentioned in the service documentation.
Please add that yaml file under the configs repository if not present already.
Make sure to restart MDMS and the persister service after adding the file at the above location.
Each service has a indexer.yaml file which needs to be stored in the configs repository. The actual file will be mentioned in the service documentation.
Please add that yaml file under the configs repository if not present already.
Make sure to restart MDMS and the persister service after adding the file at the above location.