If you can't find the product or version you're looking for, visit support.ataccama.com/downloads

Configuration Service Configuration

This article provides information about how to connect the Configuration Service to other modules and how to configure the Configuration Service itself.

Configuration Service client configuration

When using the Configuration Service to manage the configuration of modules, the Configuration Service and the module are connected by specifying the following properties in the etc/application.properties configuration file of the module.

These properties need to be set in the corresponding etc/application.properties file of the module as local configuration files have higher priority compared to the settings defined through the Configuration Service. To change this and assign higher priority to the Configuration Service instead, add this property to your deployment configuration in the Configuration Service:

ataccama.config-service.override-local=true

The property cannot be overridden by the local configuration file.

Property Data type Description

Property	Data type	Description
`ataccama.config-service.runtime`	String	Enables using the Configuration Service. Valid values: `off`, `optional`, `mandatory`. If set to `mandatory`, the module fails when there is an error connecting to the Configuration Service.
`ataccama.client.connection.configservice.host`	String	The IP address or the hostname of the server where the Configuration Service is running. Default value: `localhost`.
`ataccama.client.connection.configservice.grpc.port`	Number	The gRPC port of the Configuration Service. Default value: `8511`.
`ataccama.authentication.internal.jwt.generator.key`	String	The private key used for communication between the Configuration Service and the client, as well as between the connected modules, for example, DPM and DPE, MMM and DPM, MMM and AI Core. When a module receives a request from another module, it can obtain the sender’s public key from the Configuration Service and use it to verify the validity of the signature with which the received data was signed. The signature itself is signed with the private key of the module that made the initial request. The key can be generated through the Configuration Service. See Security Configuration.

ataccama.config-service.runtime

String

Enables using the Configuration Service.

Valid values: off, optional, mandatory. If set to mandatory, the module fails when there is an error connecting to the Configuration Service.

ataccama.client.connection.configservice.host

String

The IP address or the hostname of the server where the Configuration Service is running.

Default value: localhost.

ataccama.client.connection.configservice.grpc.port

Number

The gRPC port of the Configuration Service.

Default value: 8511.

ataccama.authentication.internal.jwt.generator.key

String

The private key used for communication between the Configuration Service and the client, as well as between the connected modules, for example, DPM and DPE, MMM and DPM, MMM and AI Core. When a module receives a request from another module, it can obtain the sender’s public key from the Configuration Service and use it to verify the validity of the signature with which the received data was signed. The signature itself is signed with the private key of the module that made the initial request.

The key can be generated through the Configuration Service. See Security Configuration.

Configuration Service server configuration

The following properties are defined in the etc/application.properties file of the Configuration Service module.

gRPC server

TLS/mTLS configuration

Property Data type Description

Property	Data type	Description
`ataccama.server.grpc.tls.enabled`	Boolean	Enables TLS authentication on the gRPC server. Default value: `false`.
`ataccama.server.grpc.tls.mTls`	String	Defines whether mutual TLS authentication is needed. Valid values: `NONE`, `OPTIONAL`, `REQUIRED`. When set to `OPTIONAL`, if the server receives an mTLS request, it attempts to authenticate the request using mTLS. Disabled by default.
`ataccama.server.grpc.tls.allow-generate`	Boolean	If set to `true`, a self-signed certificate is generated for the Configuration Service. Enabling this option is not recommended for production environments. Default value: `false`.
`ataccama.server.grpc.tls.cert-chain`	String	The full path to the TLS certificate, for example, `file:${ataccama.path.etc}/server.crt`.
`ataccama.server.grpc.tls.private-key`	String	The full path to the private key of the certificate, for example, `file:${ataccama.path.etc}/server.key`.
`ataccama.server.grpc.tls.trust-cert-collection`	String	The full path to the public certificate of the root certificate authority, for example, `file:${ataccama.path.etc}/rootCA.crt`.

ataccama.server.grpc.tls.enabled

Boolean

Enables TLS authentication on the gRPC server.

Default value: false.

ataccama.server.grpc.tls.mTls

String

Defines whether mutual TLS authentication is needed.

Valid values: NONE, OPTIONAL, REQUIRED. When set to OPTIONAL, if the server receives an mTLS request, it attempts to authenticate the request using mTLS.

Disabled by default.

ataccama.server.grpc.tls.allow-generate

Boolean

If set to true, a self-signed certificate is generated for the Configuration Service. Enabling this option is not recommended for production environments.

Default value: false.

ataccama.server.grpc.tls.cert-chain

String

The full path to the TLS certificate, for example, file:${ataccama.path.etc}/server.crt.

ataccama.server.grpc.tls.private-key

String

The full path to the private key of the certificate, for example, file:${ataccama.path.etc}/server.key.

ataccama.server.grpc.tls.trust-cert-collection

String

The full path to the public certificate of the root certificate authority, for example, file:${ataccama.path.etc}/rootCA.crt.

Keycloak authentication

Property Data type Description

Property	Data type	Description
`ataccama.authentication.keycloak.realm`	String	The name of the Keycloak realm. Default value: `ataccamaone`.
`ataccama.authentication.keycloak.base-url`	String	The base URL of the server where Keycloak is running. Default value: `https://keycloak-dev.atc.services`.
`ataccama.authentication.keycloak.admin.enable`	Boolean	Default value: `false`.
`ataccama.authentication.keycloak.server-url`	String	The authentication URL of the server where Keycloak is running. Default value: `${ataccama.authentication.keycloak.base-url}/auth`.
`ataccama.authentication.keycloak.token.client-id`	String	The client identifier. Used to verify a user’s authorization token and to log in a user. Default value: `cs-token-client`.
`ataccama.authentication.keycloak.token.secret`	String	The secret key of the client. Secret keys can be generated using Keycloak. Used when the HTTP basic authentication is enabled. Default value: `cs-token-client-s3cret`.
`ataccama.authentication.keycloak.token.issuer`	String	Specifies the issuer of the JWT token. Typically, Keycloak uses the URL of the realm as the token issuer. Default value: `${ataccama.authentication.keycloak.server-url}/realms/${ataccama.authentication.keycloak.realm}`.
`ataccama.authentication.http.basic.enable`	Boolean	Enables HTTP basic authentication for the Configuration Service. Default value: `false`.

ataccama.authentication.keycloak.realm

String

The name of the Keycloak realm.

Default value: ataccamaone.

ataccama.authentication.keycloak.base-url

String

The base URL of the server where Keycloak is running.

Default value: https://keycloak-dev.atc.services.

ataccama.authentication.keycloak.admin.enable

Boolean

Default value: false.

ataccama.authentication.keycloak.server-url

String

The authentication URL of the server where Keycloak is running.

Default value: ${ataccama.authentication.keycloak.base-url}/auth.

ataccama.authentication.keycloak.token.client-id

String

The client identifier. Used to verify a user’s authorization token and to log in a user.

Default value: cs-token-client.

ataccama.authentication.keycloak.token.secret

String

The secret key of the client. Secret keys can be generated using Keycloak. Used when the HTTP basic authentication is enabled.

Default value: cs-token-client-s3cret.

ataccama.authentication.keycloak.token.issuer

String

Specifies the issuer of the JWT token. Typically, Keycloak uses the URL of the realm as the token issuer.

Default value: ${ataccama.authentication.keycloak.server-url}/realms/${ataccama.authentication.keycloak.realm}.

ataccama.authentication.http.basic.enable

Boolean

Enables HTTP basic authentication for the Configuration Service.

Default value: false.

Single sign-on configuration

Property Data type Description

Property	Data type	Description
`ataccama.one.webserver.sso.realm`	String	The name of the Keycloak realm used for SSO. Default value: `${ataccama.authentication.keycloak.realm}`.
`ataccama.one.webserver.sso.base-url`	String	The base URL where Keycloak is available. Used as a prefix for other SSO URLs. Default value: `${ataccama.authentication.keycloak.server-url}`.
`ataccama.one.webserver.sso.auth-url`	String	The URL where users are redirected to provide authentication credentials. Default value: `${ataccama.one.webserver.sso.base-url}/realms/${ataccama.one.webserver.sso.realm}/protocol/openid-connect/auth`.
`ataccama.one.webserver.sso.token-url`	String	The URL used to obtain authentication tokens from Keycloak. Default value: `${ataccama.one.webserver.sso.base-url}/realms/${ataccama.one.webserver.sso.realm}/protocol/openid-connect/token`.
`ataccama.one.webserver.sso.logout-url`	String	The URL used for logging users out. Default value: `${ataccama.one.webserver.sso.base-url}/realms/${ataccama.one.webserver.sso.realm}/protocol/openid-connect/logout`.
`ataccama.one.webserver.sso.client-id`	String	The client identifier used for verifying user authorization tokens and for logging in. Default value: `cs-webapp-public-client`.

ataccama.one.webserver.sso.realm

String

The name of the Keycloak realm used for SSO.

Default value: ${ataccama.authentication.keycloak.realm}.

ataccama.one.webserver.sso.base-url

String

The base URL where Keycloak is available. Used as a prefix for other SSO URLs.

Default value: ${ataccama.authentication.keycloak.server-url}.

ataccama.one.webserver.sso.auth-url

String

The URL where users are redirected to provide authentication credentials.

Default value: ${ataccama.one.webserver.sso.base-url}/realms/${ataccama.one.webserver.sso.realm}/protocol/openid-connect/auth.

ataccama.one.webserver.sso.token-url

String

The URL used to obtain authentication tokens from Keycloak.

Default value: ${ataccama.one.webserver.sso.base-url}/realms/${ataccama.one.webserver.sso.realm}/protocol/openid-connect/token.

ataccama.one.webserver.sso.logout-url

String

The URL used for logging users out.

Default value: ${ataccama.one.webserver.sso.base-url}/realms/${ataccama.one.webserver.sso.realm}/protocol/openid-connect/logout.

ataccama.one.webserver.sso.client-id

String

The client identifier used for verifying user authorization tokens and for logging in.

Default value: cs-webapp-public-client.

GraphQl configuration

Property Data type Description

Property	Data type	Description
`ataccama.one.config-service.server.api-url`	String	The URL of the GraphQL endpoint that is used by the Configuration Service for the user interface. Default value: `http://localhost:8011/graphql`.
`ataccama.one.webserver.gql.allowed-roles`	String	Limits access to the Configuration Service based on the user role. Default value: `admin,CS_admin`.

ataccama.one.config-service.server.api-url

String

The URL of the GraphQL endpoint that is used by the Configuration Service for the user interface.

Default value: http://localhost:8011/graphql.

ataccama.one.webserver.gql.allowed-roles

String

Limits access to the Configuration Service based on the user role.

Default value: admin,CS_admin.

Configuration Service database configuration

Property Data type Description

Property	Data type	Description
`spring.datasource.url`	String	A JDBC connection string pointing to the Configuration Service database. Default value: `jdbc:h2:file:${ataccama.path.storage}/onecfg`.

spring.datasource.url

String

A JDBC connection string pointing to the Configuration Service database.

Default value: jdbc:h2:file:${ataccama.path.storage}/onecfg.

In case you do not want to use the embedded H2 database that is configured by default, add the following properties to your configuration and replace the values accordingly:

spring.datasource.url=jdbc:postgresql://localhost:5432/cs
spring.datasource.driverClassName=org.postgresql.Driver
spring.datasource.username=one
spring.datasource.password=one

Was this page useful?