AI Matching Configuration

ataccama_one_aimatching_computationprocess_captureoutput

Boolean

True

Forwards stdout and stderr streams of the computation process to the respective stdout and stderr streams of the wrapping service for debugging purposes.

ataccama_one_aimatching_computationprocess_enabledjobtypes

String

/

List of job types the service can run in a separate process. Allowed values are: initialization, training_pair_computation, model_quality_estimation, proposals_generation, rules_extraction.

ataccama_one_aimatching_computationprocess_managepylocation

String

./lib/manage.py

The path to the manage.py file, which is used to start computation process of AI Matching.

ataccama_one_aimatching_computationprocess_pollperiod

Number

1

Defines how often the service runs its background processing thread to check if it should run available job in a process. Expressed in seconds.

ataccama_one_aimatching_computationprocess_shutdowntimeout

Number

10

Defines the amount of time the wrapping service waits for its job subprocess to shutdown gracefully. Kills the subprocess otherwise. Expressed in seconds.

ataccama_one_aimatching_computationthread_enabledjobtypes

String

/

List of job types the service can run in a separate thread. Allowed values are: initialization, training_pair_computation, model_quality_estimation, proposals_generation, rules_extraction.

ataccama_one_aimatching_computationthread_pollperiod

Number

1

Defines how often the service runs its background processing thread to check if it should run available job in a thread. Expressed in seconds.

ataccama_one_aimatching_http_server_api_enabled

Boolean

False

Flag used to enable /api HTTP endpoints serving AI Matching business API.

ataccama_one_aimatching_job_clustering_decisionthreshold

Number

0.5

The dedupe clustering decision threshold that functions as a compromise between precision and recall. The value needs to be between 0 and 1. Increasing the value means a higher precision and lower recall, that is, fewer MERGE proposals and more SPLIT proposals. Inversely, decreasing the value results in a lower level of precision and higher recall.

ataccama_one_aimatching_job_initialization_samplesize

Number

1000000

The number of records that are uniformly sampled from all the records fetched from MDM. Those records are the only ones used for initializing and training the AI Matching model.

ataccama_one_aimatching_job_initialization_trainingsamplesize

Number

40000

The number of records that the AI Matching selects out of the records covered by the property ai-matching.job.initialization.sample-size for the actual training of the AI model. A higher value means that the model performs better, but the training takes more time.

ataccama_one_aimatching_job_rulesextraction_maxcolumns

Number

5

The maximum number of columns in one extracted rule. A higher number means that the extracted rules can be more complex, that is, use more columns, but the rule extraction might take significantly longer.

ataccama_one_aimatching_job_rulesextraction_maxnegativepairs

Number

10000

The maximum number of confident negative pairs to be considered for rule extraction. A higher number means that the extraction of rules is significantly slower but the results could be more precise.

ataccama_one_aimatching_job_rulesextraction_maxpositivepairs

Number

10000

The maximum number of confident positive pairs to be considered for rule extraction. A higher number means that the extraction of rules is significantly slower but the results could be more precise.

ataccama_one_apyc_authentication_grpc_basic_enable

Boolean

True

Enables basic authentication on the grpc server. If enabled, Keycloak becomes a mandatory dependency - needs to be running before the microservice starts.

ataccama_one_apyc_authentication_grpc_bearer_enable

Boolean

True

Enables bearer authentication on the grpc server. If enabled, Keycloak becomes a mandatory dependency - needs to be running before the microservice starts.

ataccama_one_apyc_authentication_grpc_internaljwt_enable

Boolean

True

Enables internal JWT token authentication on the grpc server.

ataccama_one_apyc_authentication_http_basic_enable

Boolean

`True

Enables basic authentication on the http server. If enabled, Keycloak becomes a mandatory dependency - needs to be running before the microservice starts.

ataccama_one_apyc_authentication_http_bearer_enable

Boolean

True

Enables bearer authentication on the http server. If enabled, Keycloak becomes a mandatory dependency - needs to be running before the microservice starts.

ataccama_one_apyc_authentication_http_internaljwt_enable

Boolean

True

Enables internal JWT token authentication on the http server.

ataccama_one_apyc_authentication_internaljwt_generator_key

String

/

The private key of the microservice used to generate tokens for internal JWT authentication.

ataccama_one_apyc_authentication_internaljwt_generator_tokenexpiration

Number

900

Defines the amount of time after which the token generated by the internal JWT generator expires. Expressed in seconds.

ataccama_one_apyc_authentication_internaljwt_impersonationrole

String

IMPERSONATION

Role used for validating that service sending request to the microservice can impersonate a user.

ataccama_one_apyc_authentication_keycloak_realm

String

/

The name of the Keycloak realm. Used when requesting an access token during authorization.

ataccama_one_apyc_authentication_keycloak_token_audience

String

None

The expected recipients of the Keycloak token. Used to validate the access (bearer) token obtained from Keycloak. If the value is null, the audience is not verified.

ataccama_one_apyc_authentication_keycloak_token_clientid

String

/

The client token identifier of the microservice. Used when requesting an access token during authorization.

ataccama_one_apyc_authentication_keycloak_token_expectedalgorithm

String

RS256

The expected algorithm that was used to sign the access (bearer) token obtained from Keycloak.

ataccama_one_apyc_authentication_keycloak_token_issuer

String

{url}/realms/{realm}

The issuer of the Keycloak token. Used to validate the access (bearer) token obtained from Keycloak. If the value is null, the issuer is not verified.

ataccama_one_apyc_authentication_keycloak_token_keycachemintimebetweenrequest

Number

5

Defines the minimum amount of time between two consecutive requests for Keycloak certificates during which Keycloak is not asked for new certificates. This acts as a prevention against DDoS attacks with an unknown key. Expressed in seconds.

ataccama_one_apyc_authentication_keycloak_token_keycachettl

Number

300

Defines how long the public certificates from Keycloak are cached on the microservice side. If this time is exceeded, new certificates are fetched from Keycloak before the microservice makes an attempt to authenticate. If this time is not exceeded, but the public certificate for the key parsed from the authentication attempt was not found in the cache, new certificates are fetched from Keycloak and authentication is attempted again. Expressed in seconds.

ataccama_one_apyc_authentication_keycloak_token_secret

String

/

The secret key of the microservice client. Used when requesting an access token during authorization.

ataccama_one_apyc_connection_<connection_name>_grpc_host

String

/

The IP address or the URL of the server where the <connection_name> is running.

ataccama_one_apyc_connection_<connection_name>_grpc_maxmessagesize

Number

1073741824

The maximum size of gRPC message. KB are used if no unit is specified.

ataccama_one_apyc_connection_<connection_name>_grpc_port

Number

/

The gRPC port of the server where the <connection_name> is running.

ataccama_one_apyc_connection_<connection_name>_grpc_tls_cabundle

String

None

Points to the .crt file with all the trusted PEM-encoded certification authorities (CAs) used in grpc TLS communication. Used only when tls.trust-all is disabled. For example, ./etc/ca.crt.

ataccama_one_apyc_connection_<connection_name>_grpc_tls_enabled

Boolean

False

Defines whether the grpc client should use TLS when communicating with the server.

ataccama_one_apyc_connection_<connection_name>_grpc_tls_trustall

Boolean

False

Defines whether the grpc client should verify the certificate of the server with which it communicates.

ataccama_one_apyc_connection_<connection_name>_http_basepath

String

None

Base path to which the` <connection_name>` HTTP client sends requests.

ataccama_one_apyc_connection_<connection_name>_http_connectiontimeout

Number

5

Defines after which amount of time the HTTP call is ended if the socket does not receive any bytes. Expressed in seconds.

ataccama_one_apyc_connection_<connection_name>_http_host

String

/

The IP address or the URL of the server where the <connection_name> is running.

ataccama_one_apyc_connection_<connection_name>_http_port

Number

None

The HTTP port of the server where the <connection_name> is running.

ataccama_one_apyc_connection_<connection_name>_http_tls_cabundle

String

None

Points to the .crt file with all the trusted PEM-encoded certification authorities (CAs) used in http TLS communication. Used only when tls.trust-all is disabled. For example, ./etc/ca.crt.

ataccama_one_apyc_connection_<connection_name>_http_tls_enabled

Boolean

False

Defines whether the http client should use TLS when communicating with the server.

ataccama_one_apyc_connection_<connection_name>_http_tls_trustall

Boolean

False

Defines whether the http client should verify the certificate of the server with which it communicates.

ataccama_one_apyc_connection_keycloak_http_basepath

String

None

Base path to which the keycloak HTTP client sends requests.

ataccama_one_apyc_connection_keycloak_http_connectiontimeout

Number

5

Defines after which amount of time the HTTP call is ended if the socket does not receive any bytes. Expressed in seconds.

ataccama_one_apyc_connection_keycloak_http_host

String

/

The IP address or the URL of the server where the keycloak is running.

ataccama_one_apyc_connection_keycloak_http_port

Number

None

The HTTP port of the server where the keycloak is running.

ataccama_one_apyc_connection_keycloak_http_tls_cabundle

String

None

Points to the .crt file with all the trusted PEM-encoded certification authorities (CAs) used in http TLS communication. Used only when tls.trust-all is disabled. For example, ./etc/ca.crt.

ataccama_one_apyc_connection_keycloak_http_tls_enabled

Boolean

False

Defines whether the http client should use TLS when communicating with the server.

ataccama_one_apyc_connection_keycloak_http_tls_trustall

Boolean

False

Defines whether the http client should verify the certificate of the server with which it communicates.

ataccama_one_apyc_database_connection_host

String

/

The host for the microservice database.

ataccama_one_apyc_database_connection_password

String

/

The password for the microservice database.

ataccama_one_apyc_database_connection_username

String

/

The username for the microservice database.

ataccama_one_apyc_database_enginekwargs

String

{'max_identifier_length': 128}

Sets the SQLAlchemy engine options, such as the maximum length of identifiers used in the database. For more information, see the official SQLAlchemy documentation: Engine Configuration, section Engine Creation API, Parameters.

ataccama_one_apyc_database_migrationspath

String

./lib/migrations

The location of the migrations folder of the microservice.

ataccama_one_apyc_database_pollperiod

Number

1

Defines how often the database is polled for changes. Used by the Term Suggestions microservice. Expressed in seconds.

ataccama_one_apyc_grpc_server_listenaddress

String

0.0.0.0

The network address to which the service gRPC server should bind.

ataccama_one_apyc_grpc_server_maxmessagesize

Number

1073741824

The maximum size of gRPC message. KB are used if no unit is specified.

ataccama_one_apyc_grpc_server_port

Number

/

The port where the service gRPC server is running.

ataccama_one_apyc_http_server_listenaddress

String

0.0.0.0

The network address to which the service http server should bind.

ataccama_one_apyc_http_server_port

Number

/

The port where the service http server is running.

ataccama_one_apyc_logging_compression

String

zip

A compression or archive format to which log files should be converted when they are closed.

ataccama_one_apyc_logging_filename

String

./log/{microservice_id.module_name}_
{microservice_id.microservice_name}.log

The name of the file used by the file appender.

ataccama_one_apyc_logging_jsonconsoleappender

Boolean

False

Enables JSON console appender. Only one console appender can be enabled at a time.

ataccama_one_apyc_logging_jsonfileappender

Boolean

False

Enables JSON file appender. Only one file appender can be enabled at a time.

ataccama_one_apyc_logging_plaintextconsoleappender

Boolean

True

Enables plain text console appender. Only one console appender can be enabled at a time.

ataccama_one_apyc_logging_plaintextfileappender

Boolean

False

Enables plain text file appender. Only one file appender can be enabled at a time.

ataccama_one_apyc_logging_rootlevel

String

INFO

The minimum severity level starting from which logged messages are sent to the sink.

ataccama_one_apyc_logging_rotation

String

4 days

Indicates how often the current log file should be closed and a new one started.

ataccama_one_apyc_parallelism_blas

Number

None

An alternative way of overriding the number of parallel threads spawned by low-level calculations that are used by machine learning algorithms. If the value is set to 0, all CPU cores run without hyper-threads. If the value is not set (null), other properties are not overridden. Relies on the static OpenBLAS API and might be ignored depending on the compilation options for the OpenBLAS library. When this property is set, OpenBLAS gives it higher priority compared to ataccama.one.apyc.parallelism.omp. This is intended only for exceptional cases and should not be used otherwise.

ataccama_one_apyc_parallelism_jobs

Number

1

The number of parallel threads or processes spawned by high-level machine learning algorithms with explicit job management. If the value is set to 0, all CPU cores run without hyper-threads. If the value is not set (null), the library default settings are applied. Use this option together with ataccama.one.apyc.parallelism.omp. For more information, see the Sizing Guidelines.

ataccama_one_apyc_parallelism_omp

Number

1

The number of parallel threads spawned by low-level calculations that are used by high-level machine learning algorithms. If the value is set to 0, all CPU cores run without hyper-threads. If the value is not set (null), the library default settings are applied. The property relies on the static OpenBLAS API and OpenMP API, which have a lower overhead than the dynamic API used by the property ataccama.one.apyc.parallelism.threads. When this property is set, the OpenBLAS library gives it lower priority compared to ataccama.one.apyc.parallelism.blas. Several low-level libraries other than OpenBLAS and LAPACK, as well as libraries that use OpenMP, respect this option as well. Use this option together with ataccama.one.apyc.parallelism.jobs. For more information, see the Sizing Guidelines.

ataccama_one_apyc_parallelism_threads

Number

None

An alternative way of setting the number of parallel threads spawned by low-level calculations that are used by machine learning algorithms. If the value is set to 0, all CPU cores run without hyper-threads. If the value is not set (null), the dynamic API is not used. Relies on the dynamic OpenBLAS API, which has a higher overhead than the static API used by ataccama.one.apyc.parallelism.omp. When this property is set, OpenBLAS gives it higher priority compared to ataccama.one.apyc.parallelism.omp and ataccama.one.apyc.parallelism.blas. The dynamic API is intended only for exceptional cases and should not be used otherwise.

ataccama_one_apyc_platformdeployments_<deployment>_module

String

/

The module (component) name that the deployment belongs to (for example mmm). Used only in Service Identity representation (as a module field).

ataccama_one_apyc_platformdeployments_<deployment>_security_jwtkeys_<key>_content

String

/

The public part of the JWT key that is used decode and verify the payload.

ataccama_one_apyc_platformdeployments_<deployment>_security_jwtkeys_<key>_fingerprint

String

/

The key id (kid part of the key), that is used to find public JWT key for incoming request.

ataccama_one_apyc_platformdeployments_<deployment>_security_jwtkeys_<key>_isrevoked

Boolean

False

If true, the key isn’t used for authentication. Can be used when the key was compromised.

ataccama_one_apyc_platformdeployments_<deployment>_security_roles

String

[]

The list of roles that the deployment has (for example, ["IMPERSONATION"]). If a service corresponding to this deployment tries to impersonate user while sending a request to this service, one of the roles should be the ataccama.one.apyc.authentication.internal-jwt.impersonation-role. Used also in Service Identity representation (as a roles field).

ataccama_one_apyc_platformdeployments_<deployment>_uri

String

/

The URI where the deployment runs (for example mmm-service). Used only in Service Identity representation - as an id field.

ataccama_one_apyc_retrying_stop_kwargs

String

{'max_attempt_number': 6}

Controls retrying of gRPC and graphQL communication attempts. The property determines when retrying stops. By default, retrying stops after 6 attempts in total, out of which 5 are retries.

ataccama_one_apyc_retrying_stop_type

String

stop_after_attempt

Controls retrying of gRPC and graphQL communication attempts. The property determines which approach is used to stop retrying. For more information, see the Tenacity documentation: Tenacity API Reference, section Stop Functions.

ataccama_one_apyc_retrying_wait_kwargs

String

{'multiplier': 0.16, 'exp_base': 2}

Controls retrying of gRPC and graphQL communication attempts. The property is used to calculate the duration of waiting periods between retries. For more information about how waiting periods between unsuccessful attempts are managed, see the Tenacity documentation: Tenacity API Reference, section Wait Functions.

ataccama_one_apyc_retrying_wait_type

String

wait_exponential

Controls retrying of gRPC and graphQL communication attempts. The property determines which approach is used when waiting. For more information about how waiting periods between unsuccessful attempts are managed, see the Tenacity documentation: Tenacity API Reference, section Wait Functions.

internal_encryption_keystorepasswordfile

String

None

The single-line file containing the password for the keystore. When reading the file, UTF-8 encoding is assumed. Used if the keystore is encrypted. If specified, the property overrides the value of internal.encryption.key-store-password.

internal_encryption_keystorepassword

String

None

The password for the keystore. Used if the keystore is encrypted. For empty password, set the option to empty string ("")

internal_encryption_keystore

String

/

Points to the JCEKS keystore containing symmetric key that is used to decrypt properties with internal context. For example, ./etc/key-store.jceks.

property_encryption_keystorepasswordfile

String

None

The single-line file containing the password for the keystore. When reading the file, UTF-8 encoding is assumed. Used if the keystore is encrypted. If specified, the property overrides the value of property.encryption.key-store-password.

property_encryption_keystorepassword

String

None

The password for the keystore. Used if the keystore is encrypted. For empty password, set the option to empty string ("").

property_encryption_keystore

String

/

Points to the JCEKS keystore containing symmetric key that is used to decrypt properties with property context. For example, ./etc/key-store.jceks.

ataccama_one_aimatching_computationprocess_captureoutput

Boolean

True

Forwards stdout and stderr streams of the computation process to the respective stdout and stderr streams of the wrapping service for debugging purposes.

ataccama_one_aimatching_computationprocess_enabledjobtypes

String

/

List of job types the service can run in a separate process. Allowed values are: initialization, training_pair_computation, model_quality_estimation, proposals_generation, rules_extraction.

ataccama_one_aimatching_computationprocess_managepylocation

String

./lib/manage.py

The path to the manage.py file, which is used to start computation process of AI Matching.

ataccama_one_aimatching_computationprocess_pollperiod

Number

1

Defines how often the service runs its background processing thread to check if it should run available job in a process. Expressed in seconds.

ataccama_one_aimatching_computationprocess_shutdowntimeout

Number

10

Defines the amount of time the wrapping service waits for its job subprocess to shutdown gracefully. Kills the subprocess otherwise. Expressed in seconds.

ataccama_one_aimatching_computationthread_enabledjobtypes

String

/

List of job types the service can run in a separate thread. Allowed values are: initialization, training_pair_computation, model_quality_estimation, proposals_generation, rules_extraction.

ataccama_one_aimatching_computationthread_pollperiod

Number

1

Defines how often the service runs its background processing thread to check if it should run available job in a thread. Expressed in seconds.

ataccama_one_aimatching_http_server_api_enabled

Boolean

False

Flag used to enable /api HTTP endpoints serving AI Matching business API.

ataccama_one_aimatching_job_clustering_decisionthreshold

Number

0.5

The dedupe clustering decision threshold that functions as a compromise between precision and recall. The value needs to be between 0 and 1. Increasing the value means a higher precision and lower recall, that is, fewer MERGE proposals and more SPLIT proposals. Inversely, decreasing the value results in a lower level of precision and higher recall.

ataccama_one_aimatching_job_initialization_samplesize

Number

1000000

The number of records that are uniformly sampled from all the records fetched from MDM. Those records are the only ones used for initializing and training the AI Matching model.

ataccama_one_aimatching_job_initialization_trainingsamplesize

Number

40000

The number of records that the AI Matching selects out of the records covered by the property ai-matching.job.initialization.sample-size for the actual training of the AI model. A higher value means that the model performs better, but the training takes more time.

ataccama_one_aimatching_job_rulesextraction_maxcolumns

Number

5

The maximum number of columns in one extracted rule. A higher number means that the extracted rules can be more complex, that is, use more columns, but the rule extraction might take significantly longer.

ataccama_one_aimatching_job_rulesextraction_maxnegativepairs

Number

10000

The maximum number of confident negative pairs to be considered for rule extraction. A higher number means that the extraction of rules is significantly slower but the results could be more precise.

ataccama_one_aimatching_job_rulesextraction_maxpositivepairs

Number

10000

The maximum number of confident positive pairs to be considered for rule extraction. A higher number means that the extraction of rules is significantly slower but the results could be more precise.

ataccama_one_apyc_authentication_grpc_basic_enable

Boolean

True

Enables basic authentication on the grpc server. If enabled, Keycloak becomes a mandatory dependency - needs to be running before the microservice starts.

ataccama_one_apyc_authentication_grpc_bearer_enable

Boolean

True

Enables bearer authentication on the grpc server. If enabled, Keycloak becomes a mandatory dependency - needs to be running before the microservice starts.

ataccama_one_apyc_authentication_grpc_internaljwt_enable

Boolean

True

Enables internal JWT token authentication on the grpc server.

ataccama_one_apyc_authentication_http_basic_enable

Boolean

True

Enables basic authentication on the http server. If enabled, Keycloak becomes a mandatory dependency - needs to be running before the microservice starts.

ataccama_one_apyc_authentication_http_bearer_enable

Boolean

True

Enables bearer authentication on the http server. If enabled, Keycloak becomes a mandatory dependency - needs to be running before the microservice starts.

ataccama_one_apyc_authentication_http_internaljwt_enable

Boolean

True

Enables internal JWT token authentication on the http server.

ataccama_one_apyc_authentication_internaljwt_generator_key

String

/

The private key of the microservice used to generate tokens for internal JWT authentication.

ataccama_one_apyc_authentication_internaljwt_generator_tokenexpiration

Number

900

Defines the amount of time after which the token generated by the internal JWT generator expires. Expressed in seconds.

ataccama_one_apyc_authentication_internaljwt_impersonationrole

String

IMPERSONATION

Role used for validating that service sending request to the microservice can impersonate a user.

ataccama_one_apyc_authentication_keycloak_realm

String

/

The name of the Keycloak realm. Used when requesting an access token during authorization.

ataccama_one_apyc_authentication_keycloak_token_audience

String

None

The expected recipients of the Keycloak token. Used to validate the access (bearer) token obtained from Keycloak. If the value is null, the audience is not verified.

ataccama_one_apyc_authentication_keycloak_token_clientid

String

/

The client token identifier of the microservice. Used when requesting an access token during authorization.

ataccama_one_apyc_authentication_keycloak_token_expectedalgorithm

String

RS256

The expected algorithm that was used to sign the access (bearer) token obtained from Keycloak.

ataccama_one_apyc_authentication_keycloak_token_issuer

String

{url}/realms/{realm}

The issuer of the Keycloak token. Used to validate the access (bearer) token obtained from Keycloak. If the value is null, the issuer is not verified.

ataccama_one_apyc_authentication_keycloak_token_keycachemintimebetweenrequest

Number

5

Defines the minimum amount of time between two consecutive requests for Keycloak certificates during which Keycloak is not asked for new certificates. This acts as a prevention against DDoS attacks with an unknown key. Expressed in seconds.

ataccama_one_apyc_authentication_keycloak_token_keycachettl

Number

300

Defines how long the public certificates from Keycloak are cached on the microservice side. If this time is exceeded, new certificates are fetched from Keycloak before the microservice makes an attempt to authenticate. If this time is not exceeded, but the public certificate for the key parsed from the authentication attempt was not found in the cache, new certificates are fetched from Keycloak and authentication is attempted again. Expressed in seconds.

ataccama_one_apyc_authentication_keycloak_token_secret

String

/

The secret key of the microservice client. Used when requesting an access token during authorization.

ataccama_one_apyc_connection_<connection_name>_grpc_host

String

/

The IP address or the URL of the server where the <connection_name> is running.

ataccama_one_apyc_connection_<connection_name>_grpc_maxmessagesize

Number

1073741824

The maximum size of gRPC message. KB are used if no unit is specified.

ataccama_one_apyc_connection_<connection_name>_grpc_port

Number

/

The gRPC port of the server where the <connection_name> is running.

ataccama_one_apyc_connection_<connection_name>_grpc_tls_cabundle

String

None

Points to the .crt file with all the trusted PEM-encoded certification authorities (CAs) used in grpc TLS communication. Used only when tls.trust-all is disabled. For example, ./etc/ca.crt.

ataccama_one_apyc_connection_<connection_name>_grpc_tls_enabled

Boolean

False

Defines whether the grpc client should use TLS when communicating with the server.

ataccama_one_apyc_connection_<connection_name>_grpc_tls_trustall

Boolean

False

Defines whether the grpc client should verify the certificate of the server with which it communicates.

ataccama_one_apyc_connection_<connection_name>_http_basepath

String

None

Base path to which the <connection_name> HTTP client sends requests.

ataccama_one_apyc_connection_<connection_name>_http_connectiontimeout

Number

5

Defines after which amount of time the HTTP call is ended if the socket does not receive any bytes. Expressed in seconds.

ataccama_one_apyc_connection_<connection_name>_http_host

String

/

The IP address or the URL of the server where the <connection_name> is running.

ataccama_one_apyc_connection_<connection_name>_http_port

Number

None

The HTTP port of the server where the <connection_name> is running.

ataccama_one_apyc_connection_<connection_name>_http_tls_cabundle

String

None

Points to the .crt file with all the trusted PEM-encoded certification authorities (CAs) used in http TLS communication. Used only when tls.trust-all is disabled. For example, ./etc/ca.crt.

ataccama_one_apyc_connection_<connection_name>_http_tls_enabled

Boolean

False

Defines whether the http client should use TLS when communicating with the server.

ataccama_one_apyc_connection_<connection_name>_http_tls_trustall

Boolean

False

Defines whether the http client should verify the certificate of the server with which it communicates.

ataccama_one_apyc_connection_keycloak_http_basepath

String

None

Base path to which the keycloak HTTP client sends requests.

ataccama_one_apyc_connection_keycloak_http_connectiontimeout

Number

5

Defines after which amount of time the HTTP call is ended if the socket does not receive any bytes. Expressed in seconds.

ataccama_one_apyc_connection_keycloak_http_host

String

/

The IP address or the URL of the server where the keycloak is running.

ataccama_one_apyc_connection_keycloak_http_port

Number

None

The HTTP port of the server where the keycloak is running.

ataccama_one_apyc_connection_keycloak_http_tls_cabundle

String

None

Points to the .crt file with all the trusted PEM-encoded certification authorities (CAs) used in http TLS communication. Used only when tls.trust-all is disabled. For example, ./etc/ca.crt.

ataccama_one_apyc_connection_keycloak_http_tls_enabled

Boolean

False

Defines whether the http client should use TLS when communicating with the server.

ataccama_one_apyc_connection_keycloak_http_tls_trustall

Boolean

False

Defines whether the http client should verify the certificate of the server with which it communicates.

ataccama_one_apyc_connection_mdm_grpc_host

String

/

The IP address or the URL of the server where the mdm is running.

ataccama_one_apyc_connection_mdm_grpc_maxmessagesize

Number

1073741824

The maximum size of gRPC message. KB are used if no unit is specified.

ataccama_one_apyc_connection_mdm_grpc_port

Number

/

The gRPC port of the server where the mdm is running.

ataccama_one_apyc_connection_mdm_grpc_tls_cabundle

String

None

Points to the .crt file with all the trusted PEM-encoded certification authorities (CAs) used in grpc TLS communication. Used only when tls.trust-all is disabled. For example, ./etc/ca.crt.

ataccama_one_apyc_connection_mdm_grpc_tls_enabled

Boolean

False

Defines whether the grpc client should use TLS when communicating with the server.

ataccama_one_apyc_connection_mdm_grpc_tls_trustall

Boolean

False

Defines whether the grpc client should verify the certificate of the server with which it communicates.

ataccama_one_apyc_database_connection_host

String

/

The host for the microservice database.

ataccama_one_apyc_database_connection_password

String

/

The password for the microservice database.

ataccama_one_apyc_database_connection_username

String

/

The username for the microservice database.

ataccama_one_apyc_database_enginekwargs

String

{'max_identifier_length': 128}

Sets the SQLAlchemy engine options, such as the maximum length of identifiers used in the database. For more information, see the SQLAlchemy documentation: Engine Configuration, section Engine Creation API, Parameters.

ataccama_one_apyc_database_migrationspath

String

./lib/migrations

The location of the migrations folder of the microservice.

ataccama_one_apyc_database_pollperiod

Number

1

Defines how often the database is polled for changes. Used by the Term Suggestions microservice. Expressed in seconds.

ataccama_one_apyc_grpc_server_listenaddress

String

0.0.0.0

The network address to which the service gRPC server should bind.

ataccama_one_apyc_grpc_server_maxmessagesize

Number

1073741824

The maximum size of gRPC message. KB are used if no unit is specified.

ataccama_one_apyc_grpc_server_port

Number

/

The port where the service gRPC server is running.

ataccama_one_apyc_http_server_listenaddress

String

0.0.0.0

The network address to which the service http server should bind.

ataccama_one_apyc_http_server_port

Number

/

The port where the service http server is running.

ataccama_one_apyc_logging_compression

String

zip

A compression or archive format to which log files should be converted when they are closed.

ataccama_one_apyc_logging_filename

String

./log/{microservice_id.module_name}_
{microservice_id.microservice_name}.log

The name of the file used by the file appender.

ataccama_one_apyc_logging_jsonconsoleappender

Boolean

False

Enables JSON console appender. Only one console appender can be enabled at a time.

ataccama_one_apyc_logging_jsonfileappender

Boolean

False

Enables JSON file appender. Only one file appender can be enabled at a time.

ataccama_one_apyc_logging_plaintextconsoleappender

Boolean

True

Enables plain text console appender. Only one console appender can be enabled at a time.

ataccama_one_apyc_logging_plaintextfileappender

Boolean

False

Enables plain text file appender. Only one file appender can be enabled at a time.

ataccama_one_apyc_logging_rootlevel

String

INFO

The minimum severity level starting from which logged messages are sent to the sink.

ataccama_one_apyc_logging_rotation

String

4 days

Indicates how often the current log file should be closed and a new one started.

ataccama_one_apyc_parallelism_blas

Number

None

An alternative way of overriding the number of parallel threads spawned by low-level calculations that are used by machine learning algorithms. If the value is set to 0, all CPU cores run without hyper-threads. If the value is not set (null), other properties are not overridden. Relies on the static OpenBLAS API and might be ignored depending on the compilation options for the OpenBLAS library. When this property is set, OpenBLAS gives it higher priority compared to ataccama.one.apyc.parallelism.omp. This is intended only for exceptional cases and should not be used otherwise.

ataccama_one_apyc_parallelism_jobs

Number

1

The number of parallel threads or processes spawned by high-level machine learning algorithms with explicit job management. If the value is set to 0, all CPU cores run without hyper-threads. If the value is not set (null), the library default settings are applied. Use this option together with ataccama.one.apyc.parallelism.omp. For more information, see the Sizing Guidelines.

ataccama_one_apyc_parallelism_omp

Number

1

The number of parallel threads spawned by low-level calculations that are used by high-level machine learning algorithms. If the value is set to 0, all CPU cores run without hyper-threads. If the value is not set (null), the library default settings are applied. The property relies on the static OpenBLAS API and OpenMP API, which have a lower overhead than the dynamic API used by the property ataccama.one.apyc.parallelism.threads. When this property is set, the OpenBLAS library gives it lower priority compared to ataccama.one.apyc.parallelism.blas. Several low-level libraries other than OpenBLAS and LAPACK, as well as libraries that use OpenMP, respect this option as well. Use this option together with ataccama.one.apyc.parallelism.jobs. For more information, see the Sizing Guidelines.

ataccama_one_apyc_parallelism_threads

Number

None

An alternative way of setting the number of parallel threads spawned by low-level calculations that are used by machine learning algorithms. If the value is set to 0, all CPU cores run without hyper-threads. If the value is not set (null), the dynamic API is not used. Relies on the dynamic OpenBLAS API, which has a higher overhead than the static API used by ataccama.one.apyc.parallelism.omp. When this property is set, OpenBLAS gives it higher priority compared to ataccama.one.apyc.parallelism.omp and ataccama.one.apyc.parallelism.blas. The dynamic API is intended only for exceptional cases and should not be used otherwise.

ataccama_one_apyc_platformdeployments_<deployment>_module

String

/

The module (component) name that the deployment belongs to (for example mmm). Used only in Service Identity representation (as a module field).

ataccama_one_apyc_platformdeployments_<deployment>_security_jwtkeys_<key>_content

String

/

The public part of the JWT key that is used decode and verify the payload.

ataccama_one_apyc_platformdeployments_<deployment>_security_jwtkeys_<key>_fingerprint

String

/

The key id (kid part of the key), that is used to find public JWT key for incoming request.

ataccama_one_apyc_platformdeployments_<deployment>_security_jwtkeys_<key>_isrevoked

Boolean

False

If true, the key isn’t used for authentication. Can be used when the key was compromised.

ataccama_one_apyc_platformdeployments_<deployment>_security_roles

String

[]

The list of roles that the deployment has (for example ["IMPERSONATION"]). If a service corresponding to this deployment tries to impersonate user while sending a request to this service, one of the roles should be the ataccama.one.apyc.authentication.internal-jwt.impersonation-role. Used also in Service Identity representation (as a roles field).

ataccama_one_apyc_platformdeployments_<deployment>_uri

String

/

The URI where the deployment runs (for example mmm-service). Used only in Service Identity representation - as an id field.

ataccama_one_apyc_retrying_stop_kwargs

String

{'max_attempt_number': 6}

Controls retrying of gRPC and graphQL communication attempts. The property determines when retrying stops. By default, retrying stops after 6 attempts in total, out of which 5 are retries.

ataccama_one_apyc_retrying_stop_type

String

stop_after_attempt

Controls retrying of gRPC and graphQL communication attempts. The property determines which approach is used to stop retrying. For more information, see the Tenacity documentation: Tenacity API Reference, section Stop Functions.

ataccama_one_apyc_retrying_wait_kwargs

String

{'multiplier': 0.16, 'exp_base': 2}

Controls retrying of gRPC and graphQL communication attempts. The property is used to calculate the duration of waiting periods between retries. For more information about how waiting periods between unsuccessful attempts are managed, see the Tenacity documentation: Tenacity API Reference, section Wait Functions.

ataccama_one_apyc_retrying_wait_type

String

wait_exponential

Controls retrying of gRPC and graphQL communication attempts. The property determines which approach is used when waiting. For more information about how waiting periods between unsuccessful attempts are managed, see the Tenacity documentation: Tenacity API Reference, section Wait Functions.

internal_encryption_keystorepasswordfile

String

None

The single-line file containing the password for the keystore. When reading the file, UTF-8 encoding is assumed. Used if the keystore is encrypted. If specified, the property overrides the value of internal.encryption.key-store-password.

internal_encryption_keystorepassword

String

None

The password for the keystore. Used if the keystore is encrypted. For empty password, set the option to empty string ("")

internal_encryption_keystore

String

/

Points to the JCEKS keystore containing symmetric key that is used to decrypt properties with internal context. For example, ./etc/key-store.jceks.

property_encryption_keystorepasswordfile

String

None

The single-line file containing the password for the keystore. When reading the file, UTF-8 encoding is assumed. Used if the keystore is encrypted. If specified, the property overrides the value of property.encryption.key-store-password.

property_encryption_keystorepassword

String

None

The password for the keystore. Used if the keystore is encrypted. For empty password, set the option to empty string ("")

property_encryption_keystore

String

/

Points to the JCEKS keystore containing symmetric key that is used to decrypt properties with property context. For example, ./etc/key-store.jceks.