fixes #407 complete the client.yml parameterization (#408)

networknt · Jan 3, 2020 · 353a343 · 353a343
1 parent 24efb5b
commit 353a343
Show file tree

Hide file tree

Showing 4 changed files with 266 additions and 183 deletions.
diff --git a/light-graphql-4j/src/main/resources/templates/graphql/clientYml.rocker.raw b/light-graphql-4j/src/main/resources/templates/graphql/clientYml.rocker.raw
@@ -4,148 +4,150 @@
 tls:
   # if the server is using self-signed certificate, this need to be false. If true, you have to use CA signed certificate
   # or load truststore that contains the self-signed cretificate.
-  verifyHostname: true
+  verifyHostname: ${client.verifyHostname:true}
   # The default trustedNames group used to created default SSL context. This is used to create Http2Client.SSL if set.
-  defaultGroupKey: trustedNames.local
+  defaultGroupKey: ${client.defaultGroupKey:trustedNames.local}
   # trusted hostnames, service names, service Ids, and so on.
   # Note: localhost and 127.0.0.1 are not trustable hostname/ip in general. So, these values should not be used as trusted names in production.
   trustedNames: 
     local: localhost
     negativeTest: invalidhost 
     empty:
   # trust store contains certifictes that server needs. Enable if tls is used.
-  loadTrustStore: true
+  loadTrustStore: ${client.loadTrustStore:true}
   # trust store location can be specified here or system properties javax.net.ssl.trustStore and password javax.net.ssl.trustStorePassword
-  trustStore: client.truststore
+  trustStore: ${client.trustStore:client.truststore}
   # trust store password
-  trustStorePass: password
+  trustStorePass: ${client.trustStorePass:password}
   # key store contains client key and it should be loaded if two-way ssl is uesed.
-  loadKeyStore: false
+  loadKeyStore: ${client.loadKeyStore:false}
   # key store location
-  keyStore: client.keystore
+  keyStore: ${client.keyStore:client.keystore}
   # key store password
-  keyStorePass: password
+  keyStorePass: ${client.keyStorePass:password}
   # private key password
-  keyPass: password
+  keyPass: ${client.keyPass:password}
 # settings for OAuth2 server communication
 oauth:
   # OAuth 2.0 token endpoint configuration
   token:
     cache:
       #capacity of caching TOKENs
-      capacity: 200
+      capacity: ${client.tokenCacheCapacity:200}
     # The scope token will be renewed automatically 1 minutes before expiry
-    tokenRenewBeforeExpired: 60000
+    tokenRenewBeforeExpired: ${client.tokenRenewBeforeExpired:60000}
     # if scope token is expired, we need short delay so that we can retry faster.
-    expiredRefreshRetryDelay: 2000
+    expiredRefreshRetryDelay: ${client.expiredRefreshRetryDelay:2000}
     # if scope token is not expired but in renew windown, we need slow retry delay.
-    earlyRefreshRetryDelay: 4000
+    earlyRefreshRetryDelay: ${client.earlyRefreshRetryDelay:4000}
     # token server url. The default port number for token service is 6882.
-    server_url: https://localhost:6882
+    server_url: ${client.tokenServerUrl:https://localhost:6882}
     # token service unique id for OAuth 2.0 provider
-    serviceId: com.networknt.oauth2-token-1.0.0
+    serviceId: ${client.tokenServiceId:com.networknt.oauth2-token-1.0.0}
     # set to true if the oauth2 provider supports HTTP/2
-    enableHttp2: true
+    enableHttp2: ${client.tokenEnableHttp2:true}
     # the following section defines uri and parameters for authorization code grant type
     authorization_code:
       # token endpoint for authorization code grant
-      uri: "/oauth2/token"
+      uri: ${client.tokenAcUri:"/oauth2/token"}
       # client_id for authorization code grant flow.
-      client_id: f7d42348-c647-4efb-a52d-4c5787421e72
+      client_id: ${client.tokenAcClientId:f7d42348-c647-4efb-a52d-4c5787421e72}
       # client_secret for authorization code grant flow.
-      client_secret: f6h1FTI8Q3-7UScPZDzfXA
+      client_secret: ${client.tokenAcClientSecret:f6h1FTI8Q3-7UScPZDzfXA}
       # the web server uri that will receive the redirected authorization code
-      redirect_uri: https://localhost:8080/authorization_code
+      redirect_uri: ${client.tokenAcRedirectUri:https://localhost:8080/authorization_code}
       # optional scope, default scope in the client registration will be used if not defined.
       scope:
       - petstore.r
       - petstore.w
     # the following section defines uri and parameters for client credentials grant type
     client_credentials:
       # token endpoint for client credentials grant
-      uri: "/oauth2/token"
+      uri: ${client.tokenCcUri:"/oauth2/token"}
       # client_id for client credentials grant flow. client_secret is in secret.yml
-      client_id: f7d42348-c647-4efb-a52d-4c5787421e72
+      client_id: ${client.tokenCcClientId:f7d42348-c647-4efb-a52d-4c5787421e72}
       # client_secret for client credentials grant flow.
-      client_secret: f6h1FTI8Q3-7UScPZDzfXA
+      client_secret: ${client.tokenCcClientSecret:f6h1FTI8Q3-7UScPZDzfXA}
       # optional scope, default scope in the client registration will be used if not defined.
       scope:
       - petstore.r
       - petstore.w
     refresh_token:
       # token endpoint for refresh token grant
-      uri: "/oauth2/token"
+      uri: ${client.tokenRtUri:"/oauth2/token"}
       # client_id for refresh token grant flow. client_secret is in secret.yml
-      client_id: f7d42348-c647-4efb-a52d-4c5787421e72
+      client_id: ${client.tokenRtClientId:f7d42348-c647-4efb-a52d-4c5787421e72}
       # client_secret for refresh token
-      client_secret: f6h1FTI8Q3-7UScPZDzfXA
+      client_secret: ${client.tokenRtClientSecret:f6h1FTI8Q3-7UScPZDzfXA}
       # optional scope, default scope in the client registration will be used if not defined.
       scope:
       - petstore.r
       - petstore.w
     # light-oauth2 key distribution endpoint configuration for token verification
     key:
       # key distribution server url for token verification. It will be used if it is configured.
-      server_url: https://localhost:6886
+      server_url: ${client.tokenKeyServerUrl:https://localhost:6886}
       # key serviceId for key distribution service, it will be used if above server_url is not configured.
-      serviceId: com.networknt.oauth2-key-1.0.0
+      serviceId: ${client.tokenKeyServiceId:com.networknt.oauth2-key-1.0.0}
       # the path for the key distribution endpoint
-      uri: "/oauth2/key"
+      uri: ${client.tokenKeyUri:"/oauth2/key"}
       # client_id used to access key distribution service. It can be the same client_id with token service or not.
-      client_id: f7d42348-c647-4efb-a52d-4c5787421e72
+      client_id: ${client.tokenKeyClientId:f7d42348-c647-4efb-a52d-4c5787421e72}
       # client secret used to access the key distribution service.
-      client_secret: f6h1FTI8Q3-7UScPZDzfXA
+      client_secret: ${client.tokenKeyClientSecret:f6h1FTI8Q3-7UScPZDzfXA}
       # set to true if the oauth2 provider supports HTTP/2
-      enableHttp2: true
+      enableHttp2: ${client.tokenKeyEnableHttp2:true}
   # sign endpoint configuration
   sign:
     # token server url. The default port number for token service is 6882. If this url exists, it will be used.
-    server_url: https://localhost:6882
+    server_url: ${client.signServerUrl:https://localhost:6882}
     # token serviceId. If server_url doesn't exist, the serviceId will be used to lookup the token service.
-    serviceId: com.networknt.oauth2-token-1.0.0
+    serviceId: ${client.signServiceId:com.networknt.oauth2-token-1.0.0}
     # signing endpoint for the sign request
-    uri: "/oauth2/token"
+    uri: ${client.signUri:"/oauth2/token"}
     # timeout in milliseconds
-    timeout: 2000
+    timeout: ${client.signTimeout:2000}
     # set to true if the oauth2 provider supports HTTP/2
-    enableHttp2: true
+    enableHttp2: ${client.signEnableHttp2:true}
     # client_id for client authentication
-    client_id: f7d42348-c647-4efb-a52d-4c5787421e72
+    client_id: ${client.signClientId:f7d42348-c647-4efb-a52d-4c5787421e72}
     # client secret for client authentication and it can be encrypted here.
-    client_secret: f6h1FTI8Q3-7UScPZDzfXA
+    client_secret: ${client.signClientSecret:f6h1FTI8Q3-7UScPZDzfXA}
     # the key distribution sever config for sign. It can be different then token key distribution server.
     key:
       # key distribution server url. It will be used to establish connection if it exists.
-      server_url: https://localhost:6886
+      server_url: ${client.signKeyServerUrl:https://localhost:6886}
       # the unique service id for key distribution service, it will be used to lookup key service if above url doesn't exist.
-      serviceId: com.networknt.oauth2-key-1.0.0
+      serviceId: ${client.signKeyServiceId:com.networknt.oauth2-key-1.0.0}
       # the path for the key distribution endpoint
-      uri: "/oauth2/key"
+      uri: ${client.signKeyUri:"/oauth2/key"}
       # client_id used to access key distribution service. It can be the same client_id with token service or not.
-      client_id: f7d42348-c647-4efb-a52d-4c5787421e72
+      client_id: ${client.signKeyClientId:f7d42348-c647-4efb-a52d-4c5787421e72}
       # client secret used to access the key distribution service.
-      client_secret: f6h1FTI8Q3-7UScPZDzfXA
+      client_secret: ${client.signKeyClientSecret:f6h1FTI8Q3-7UScPZDzfXA}
       # set to true if the oauth2 provider supports HTTP/2
-      enableHttp2: true
+      enableHttp2: ${client.signKeyEnableHttp2:true}
   # de-ref by reference token to JWT token. It is separate service as it might be the external OAuth 2.0 provider.
   deref:
     # Token service server url, this might be different than the above token server url. The static url will be used if it is configured.
-    server_url: https://localhost:6882
+    server_url: ${client.derefServerUrl:https://localhost:6882}
     # token service unique id for OAuth 2.0 provider. Need for service lookup/discovery. It will be used if above server_url is not configured.
-    serviceId: com.networknt.oauth2-token-1.0.0
+    serviceId: ${client.derefServiceId:com.networknt.oauth2-token-1.0.0}
     # set to true if the oauth2 provider supports HTTP/2
-    enableHttp2: true
+    enableHttp2: ${client.derefEnableHttp2:true}
     # the path for the key distribution endpoint
-    uri: "/oauth2/deref"
+    uri: ${client.derefUri:"/oauth2/deref"}
     # client_id used to access key distribution service. It can be the same client_id with token service or not.
-    client_id: f7d42348-c647-4efb-a52d-4c5787421e72
+    client_id: ${client.derefClientId:f7d42348-c647-4efb-a52d-4c5787421e72}
     # client_secret for deref
-    client_secret: f6h1FTI8Q3-7UScPZDzfXA
+    client_secret: ${client.derefClientSecret:f6h1FTI8Q3-7UScPZDzfXA}
 # circuit breaker configuration for the client
 request:
   # number of timeouts/errors to break the circuit
-  errorThreshold: 2
+  errorThreshold: ${client.errorThreshold:2}
   # timeout in millisecond to indicate a client error.
-  timeout: 3000
+  timeout: ${client.timeout:3000}
   # reset the circuit after this timeout in millisecond
-  resetTimeout: 7000
+  resetTimeout: ${client.resetTimeout:7000}
+  # if open tracing is enable. traceability, correlation and metrics should not be in the chain if opentracing is used.
+  injectOpenTracing: ${client.injectOpenTracing:false}