diff --git a/provider/indexer-gcp/README.md b/provider/indexer-gcp/README.md
index 702ee72d8c365ae2aca410f98ff4cf7389b0fcd0..c7593de2753b57138443b03c4fd1042dc399e4cf 100644
--- a/provider/indexer-gcp/README.md
+++ b/provider/indexer-gcp/README.md
@@ -14,6 +14,14 @@ os-indexer-gcp is a [Spring Boot](https://spring.io/projects/spring-boot) servic
## Getting Started
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.
+# Configuration
+
+## Service Configuration
+### Anthos:
+[Anthos service configuration ](docs/anthos/README.md)
+### GCP:
+[Gcp service configuration ](docs/gcp/README.md)
+
## Mappers
This is a universal solution created using EPAM OQM mappers technology. It allows you to work with various
diff --git a/provider/indexer-gcp/docs/anthos/README.md b/provider/indexer-gcp/docs/anthos/README.md
index 9cffb88ebe038d536a29636ad7a9c7bdea69a93e..880cce5011fff28c9737475189f3f96b8b6d17e3 100644
--- a/provider/indexer-gcp/docs/anthos/README.md
+++ b/provider/indexer-gcp/docs/anthos/README.md
@@ -12,6 +12,8 @@ Must have:
| `OPENID_PROVIDER_CLIENT_ID` | `*****` | Client id that represents this service and serves to request tokens, example `workload-identity-legal` |yes| - |
| `OPENID_PROVIDER_CLIENT_SECRET` | `*****` | This client secret that serves to request tokens| yes | - |
| `OPENID_PROVIDER_URL` | `https://keycloack.com/auth/realms/master` | URL of OpenID Connect provider, it will be used as `<OpenID URL> + /.well-known/openid-configuration` to auto configure endpoint for token request | no | - |
+| `<ELASTICSEARCH_USER_ENV_VARIABLE_NAME>` | ex `user` | Elasticsearch user, name of that variable not defined at the service level, the name will be received through partition service. Each tenant can have it's own ENV name value, and it must be present in ENV of Indexer service, see [Partition properties set](#Properties-set-in-Partition-service) | yes | - |
+| `<ELASTICSEARCH_PASSWORD_ENV_VARIABLE_NAME>` | ex `password` | Elasticsearch password, name of that variable not defined at the service level, the name will be received through partition service. Each tenant can have it's own ENV name value, and it must be present in ENV of Indexer service, see [Partition properties set](#Properties-set-in-Partition-service) | false | - |
Defined in default application property file but possible to override:
@@ -39,10 +41,26 @@ Usage of spring profiles is preferred.
| `OQMDRIVER` | `rabbitmq` or `pubsub` | Oqm driver mode that defines which message broker will be used | no | - |
| `SERVICE_TOKEN_PROVIDER` | `GCP` or `OPENID` |Service account token provider, `GCP` means use Google service account `OPEIND` means use OpenId provider like `Keycloak` | no | - |
-## Elasticsearch configuration
-
### Properties set in Partition service:
+Note that properties can be set in Partition as `sensitive` in that case in property `value` should be present not value itself, but ENV variable name.
+This variable should be present in environment of service that need that variable.
+
+Example:
+```
+ "elasticsearch.port": {
+ "sensitive": false, <- value not sensitive
+ "value": "9243" <- will be used as is.
+ },
+ "elasticsearch.password": {
+ "sensitive": true, <- value is sensitive
+ "value": "ELASTIC_SEARCH_PASSWORD_OSDU" <- service consumer should have env variable ELASTIC_SEARCH_PASSWORD_OSDU with elastic search password
+ }
+```
+
+
+## Elasticsearch configuration
+
**prefix:** `elasticsearch`
It can be overridden by:
@@ -56,7 +74,8 @@ It can be overridden by:
| --- | --- |
| elasticsearch.host | server URL |
| elasticsearch.port | server port |
-| elasticsearch.configuration | username and password |
+| elasticsearch.user | username |
+| elasticsearch.password | password |
<details><summary>Example of a definition for a single tenant</summary></details>
@@ -72,9 +91,13 @@ curl -L -X PATCH 'http://partition.com/api/partition/v1/partitions/opendes' -H '
"sensitive": false,
"value": "9243"
},
- "elasticsearch.configuration": {
+ "elasticsearch.user": {
+ "sensitive": true,
+ "value": "<ELASTICSEARCH_USER_ENV_VARIABLE_NAME>" <- (Not actual value, just name of env variable)
+ },
+ "elasticsearch.password": {
"sensitive": true,
- "value": "elasticuser:elasticpassword"
+ "value": "<ELASTICSEARCH_PASSWORD_ENV_VARIABLE_NAME>" <- (Not actual value, just name of env variable)
}
}
}'
diff --git a/provider/indexer-gcp/docs/gcp/README.md b/provider/indexer-gcp/docs/gcp/README.md
index 54e948b320b8053bb9d289f836e041c7814fab4b..d583f831a53e5738cdf913fb0b0669974b8f26a8 100644
--- a/provider/indexer-gcp/docs/gcp/README.md
+++ b/provider/indexer-gcp/docs/gcp/README.md
@@ -10,6 +10,8 @@ Must have:
| --- | --- | --- | --- | --- |
| `GOOGLE_AUDIENCES` | ex `*****.apps.googleusercontent.com` | Client ID for getting access to cloud resources | yes | https://console.cloud.google.com/apis/credentials |
| `SPRING_PROFILES_ACTIVE` | ex `gcp` | Spring profile that activate default configuration for GCP environment | false | - |
+| `<ELASTICSEARCH_USER_ENV_VARIABLE_NAME>` | ex `user` | Elasticsearch user, name of that variable not defined at the service level, the name will be received through partition service. Each tenant can have it's own ENV name value, and it must be present in ENV of Indexer service, see [Partition properties set](#Properties-set-in-Partition-service) | yes | - |
+| `<ELASTICSEARCH_PASSWORD_ENV_VARIABLE_NAME>` | ex `password` | Elasticsearch password, name of that variable not defined at the service level, the name will be received through partition service. Each tenant can have it's own ENV name value, and it must be present in ENV of Indexer service, see [Partition properties set](#Properties-set-in-Partition-service) | false | - |
Defined in default application property file but possible to override:
@@ -44,10 +46,27 @@ At Pubsub should be created topic with name:
**name:** `indexing-progress`
-## Elasticsearch configuration
-
### Properties set in Partition service:
+Note that properties can be set in Partition as `sensitive` in that case in property `value` should be present not value itself, but ENV variable name.
+This variable should be present in environment of service that need that variable.
+
+Example:
+```
+ "elasticsearch.port": {
+ "sensitive": false, <- value not sensitive
+ "value": "9243" <- will be used as is.
+ },
+ "elasticsearch.password": {
+ "sensitive": true, <- value is sensitive
+ "value": "ELASTIC_SEARCH_PASSWORD_OSDU" <- service consumer should have env variable ELASTIC_SEARCH_PASSWORD_OSDU with elastic search password
+ }
+```
+
+There is no hardcode in services, all behaviour defined by sensitivity of property.
+
+## Elasticsearch configuration
+
**prefix:** `elasticsearch`
It can be overridden by:
@@ -61,7 +80,8 @@ It can be overridden by:
| --- | --- |
| elasticsearch.host | server URL |
| elasticsearch.port | server port |
-| elasticsearch.configuration | username and password |
+| elasticsearch.user | username |
+| elasticsearch.password | password |
<details><summary>Example of a definition for a single tenant</summary></details>
@@ -77,9 +97,13 @@ curl -L -X PATCH 'http://partition.com/api/partition/v1/partitions/opendes' -H '
"sensitive": false,
"value": "9243"
},
- "elasticsearch.configuration": {
+ "elasticsearch.user": {
+ "sensitive": true,
+ "value": "<USER_ENV_VARIABLE_NAME>" <- (Not actual value, just name of env variable)
+ },
+ "elasticsearch.password": {
"sensitive": true,
- "value": "elasticuser:elasticpassword"
+ "value": "<PASSWORD_ENV_VARIABLE_NAME>" <- (Not actual value, just name of env variable)
}
}
}'
diff --git a/provider/indexer-gcp/pom.xml b/provider/indexer-gcp/pom.xml
index 3f7bb4987478522f50a8d113ae6094c2997c4583..311aa52ab24e9f07619c5db489bf3d1d2a78785f 100644
--- a/provider/indexer-gcp/pom.xml
+++ b/provider/indexer-gcp/pom.xml
@@ -19,7 +19,7 @@
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>core-lib-gcp</artifactId>
- <version>0.14.0-rc1</version>
+ <version>0.14.0-rc2</version>
</dependency>
<dependency>
<groupId>org.opengroup.osdu.indexer</groupId>
diff --git a/provider/indexer-gcp/src/main/java/org/opengroup/osdu/indexer/di/ElasticSearchConfig.java b/provider/indexer-gcp/src/main/java/org/opengroup/osdu/indexer/di/ElasticSearchConfig.java
index 72cb1f6a3a1cedfc3f408853d99d10a9c80cca74..0f9cc1f4d3ea4319c729af434fd5710203b30141 100644
--- a/provider/indexer-gcp/src/main/java/org/opengroup/osdu/indexer/di/ElasticSearchConfig.java
+++ b/provider/indexer-gcp/src/main/java/org/opengroup/osdu/indexer/di/ElasticSearchConfig.java
@@ -20,6 +20,7 @@ package org.opengroup.osdu.indexer.di;
import org.opengroup.osdu.core.common.partition.IPartitionProvider;
import org.opengroup.osdu.core.common.provider.interfaces.IElasticRepository;
import org.opengroup.osdu.core.destination.elastic.ElasticSearchDestinationResolver;
+import org.opengroup.osdu.core.destination.util.IPartitionPropertyResolver;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@@ -27,7 +28,8 @@ import org.springframework.context.annotation.Configuration;
public class ElasticSearchConfig {
@Bean
- public IElasticRepository elasticRepository(ElasticSearchConfigurationProperties properties, IPartitionProvider partitionProvider) {
- return new ElasticSearchDestinationResolver(properties.getElasticsearchPropertiesPrefix(), partitionProvider);
+ public IElasticRepository elasticRepository(ElasticSearchConfigurationProperties properties,
+ IPartitionProvider partitionProvider, IPartitionPropertyResolver propertyResolver) {
+ return new ElasticSearchDestinationResolver(properties.getElasticsearchPropertiesPrefix(), partitionProvider, propertyResolver);
}
}