From a8fbd4668fefc795a0e96413a88682f86f3e460b Mon Sep 17 00:00:00 2001 From: Jenkins Date: Fri, 17 Dec 2021 12:12:00 +0530 Subject: [PATCH 001/195] Template configurations are updated for 4.4.1 release --- ansible/inventory/env/group_vars/all.yml | 217 +- ansible/roles/kong-api/defaults/main.yml | 4135 ++++++------- .../content-service_application.conf | 82 +- .../templates/sunbird_learner-service.env | 10 +- .../templates/sunbird_lms-service.env | 16 +- .../core/nginx-public-ingress/values.j2 | 5164 ++++++++++++++++- 6 files changed, 6977 insertions(+), 2647 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index e2ebe2edfd..61bccb9ff2 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -16,7 +16,11 @@ sunbird_instance: "{{env}}" env_short_name: "{{env}}" sunbird_env: "{{env}}" #Ekstep environment to connect to. Use `qa` for non-prod deployments, and `prod` for prod deployment. sunbird_app_name: "{{env}}" -env_prefix: "{{env}}" + +#artifact upload + + +#plugins # Keycloak keycloak_api_management_user_first_name: "admin" @@ -26,7 +30,6 @@ keycloak_api_management_username: "{{core_vault_sunbird_sso_username}}" keycloak_api_management_user_password: "{{core_vault_sunbird_sso_password}}" keycloak_management_user: "admin" keycloak_management_password: "{{core_vault_keycloak_password}}" -tenant_name: sunbird ## Learner service sunbird_url_shortner_access_token: "{{vault_core_url_shortner_access_token}}" @@ -38,6 +41,17 @@ sunbird_es_port: 9300 mail_server_port: 587 upstream_url: "{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}" +## Mailing list +# !! Override for specific alert groups; Default will be alerts_mailing_list +# Enable below override below variables in common.yml for team specific alerts + +# monitor_alerts_slack_channel: "" +# app_alerts_mailing_list: "" +# devops_alerts_mailing_list: "" +# site_alerts_mailing_list: "" +# keycloak_alerts_mailing_list: "" +# api_manager_alerts_mailing_list: "" + # Learner sunbird_user_profile_field_default_visibility: private @@ -49,24 +63,31 @@ sunbird_portal_user_upload_ref_link: http://www.sunbird.org/features-documentati content_service_whitelisted_channels: "" content_service_blacklisted_channels: "" +# Badger +badger_url: http://azureaccountname.blob.core.windows.net/ # Is it a dummy var? +badger_file_storage: storages.backends.azure_storage.AzureStorage +badger_admin_email: + ## Below passwords are used by DB install scripts when creating databases. Please use strong passwords. sunbird_pg_user: "{{core_vault_postgres_username}}" application_postgres_user: "{{core_vault_postgres_username}}" application_postgres_password: "{{core_vault_postgres_password}}" keycloak_postgres_user: "{{core_vault_postgres_username}}" keycloak_postgres_password: "{{core_vault_postgres_password}}" +badger_postgres_password: "{{core_vault_postgres_password}}" kong_postgres_user: "{{core_vault_postgres_username}}" kong_postgres_password: "{{core_vault_postgres_password}}" enc_postgres_user: "{{core_vault_postgres_username}}" -uci_postgres_user: "{{core_vault_postgres_username}}" -uci_postgres_password: "{{core_vault_postgres_password}}" +badger_postgres_user: "{{core_vault_postgres_username}}" user_org_service_postgres_user: "{{core_vault_postgres_username}}" ansible_vault_password: "{{ core_vault_ansible_vault_password }}" jenkins_admin_username: "{{core_vault_jenkins_admin_username}}" jenkins_admin_password: "{{core_vault_jenkins_admin_password}}" +vault_badging_authorization_key: "{{core_vault_badging_authorization_key}}" vault_postgres_exporter_password: "{{core_vault_postgres_password}}" ## Postgres configuration +swarm_address_space: "{{groups['swarm-manager'][0].split(\".\")[0]}}.0.0.0/8" #Application server address space (e.g. 10.3.0.0/24), also the agentpublicSubnet if using Azure scripts provided keycloak_address_space: "{{groups['keycloak'][0].split(\".\")[0]}}.0.0.0/8" postgres_address_space: "{{groups['postgresql-master'][0].split(\".\")[0]}}.0.0.0/8" @@ -82,9 +103,9 @@ kong_host: kong application_postgres_host: "{{groups['postgres'][0]}}" #Private IP of Postgres server enc_postgres_host: "{{groups['postgres'][0]}}" #Private IP of Postgres server user_org_service_postgres_host: "{{groups['postgres'][0]}}" #Private IP of Postgres server +badger_postgres_host: "{{groups['postgres'][0]}}" #Private IP of Postgres server keycloak_postgres_host: "{{groups['postgres'][0]}}" #Private IP of Postgres server kong_postgres_host: "{{groups['postgres'][0]}}" #Private IP of Postgres server -uci_postgres_host: "{{groups['postgres'][0]}}" #Private IP of Postgres server sunbird_cassandra_host: "{{groups['cassandra']|join(',')}}" #Private IP of Cassandra server sunbird_es_host: "{{groups['es']| join(',')}}" @@ -113,8 +134,8 @@ sunbird_auth_version: 1.0v ## Content Repo configuration sunbird_api_auth_token: "{{ core_vault_sunbird_api_auth_token }}" #Authorization key (JWT) to access Sunbird APIs. This will be in the output of deploy-apis.sh script, extracting it out is documented in the deployment wiki. -sunbird_ekstep_api_key: "{{ core_vault_sunbird_api_auth_token }}" -sunbird_plugin_repo_api_key: "{{ core_vault_sunbird_api_auth_token }}" +sunbird_ekstep_api_key: "{{ core_vault_sunbird_ekstep_api_key }}" #Authorization key (JWT) to access Ekstep APIs. Steps to generate this are documented on {{proto}}://github.com/project-sunbird/sunbird-commons/wiki/Obtaining-API-token-for-accessing-ekstep-APIs +sunbird_plugin_repo_api_key: "{{ core_vault_sunbird_ekstep_api_key }}" sunbird_trampoline_secret: "{{ core_vault_sunbird_trampoline_secret }}" # ADVANCED CONFIGURATIONS @@ -129,10 +150,11 @@ cassandra_root_dir: '/etc/cassandra' cassandra_version: '3.9' cassandra_port: 9042 cassandra_rpc_address: 0.0.0.0 -cassandra_restore_dir: "/home/{{ ansible_ssh_user }}/" +cassandra_restore_dir: /home/deployer/ cassandra_backup_azure_container_name: cassandra-backup cassandra_backup_dir: /data/cassandra/backup + keycloak_realm: sunbird sunbird_content_player_url: "http://kong:8000/" sunbird_learner_player_url: "http://kong:8000/" @@ -155,6 +177,7 @@ sunbird_keycloak_public: true sunbird_cache_store: "memory" sunbird_portal_title_name: "{{sunbird_app_name}}" sunbird_sso_publickey: "{{core_vault_sunbird_sso_publickey}}" +sunbird_fcm_account_key: "{{core_vault_sunbird_fcm_account_key}}" sunbird_msg_91_auth: "{{core_vault_msg_91_auth_key}}" sunbird_telemetry_pdata_id: "{{env}}.sunbird.learning.service" sunbird_encryption_key: "{{ core_vault_sunbird_encryption_key }}" @@ -167,16 +190,16 @@ keycloak_password: "{{core_vault_keycloak_password}}" #Content Service Vars sunbird_content_repo_api_base_url: "http://{{learningservice_ip}}:8080/learning-service" -sunbird_content_repo_api_key: "{{ core_vault_sunbird_api_auth_token }}" -sunbird_search_service_api_key: "{{ core_vault_sunbird_api_auth_token }}" -sunbird_dial_repo_api_key: "{{ core_vault_sunbird_api_auth_token }}" +sunbird_content_repo_api_key: "{{ core_vault_sunbird_ekstep_api_key }}" +sunbird_search_service_api_key: "{{ core_vault_sunbird_ekstep_api_key }}" +sunbird_dial_repo_api_base_url: "{{sunbird_ekstep_api_base_url}}" +sunbird_dial_repo_api_key: "{{ core_vault_sunbird_ekstep_api_key }}" sunbird_plugin_repo_api_base_url: "{{ sunbird_search_service_api_base_url }}" sunbird_data_service_api_base_url: "{{sunbird_ekstep_api_base_url}}" -sunbird_data_service_api_key: "{{ core_vault_sunbird_api_auth_token }}" -sunbird_content_service_api_base_url: "http://content-service.{{namespace}}.svc.cluster.local:9000" -sunbird_user_service_api_base_url: "http://learner-service.{{namespace}}.svc.cluster.local:9000" +sunbird_data_service_api_key: "{{ core_vault_sunbird_ekstep_api_key }}" +sunbird_content_service_api_base_url: "http:///content-service.{{namespace}}.svc.cluster.local:9000" +sunbird_user_service_api_base_url: "http:///learner-service.{{namespace}}.svc.cluster.local:9000" sunbird_group_service_api_base_url: "http://groups-service:9000" -plugin_media_base_url: "{{proto}}://{{domain_name}}" #API Manager kong_postgres_port: 5432 @@ -194,14 +217,17 @@ jenkins_replicas: 2 postgres_replication_user_name: "{{ core_vault_postgres_username }}" postgres_password: "{{ core_vault_postgres_password }}" + postgresql_hba_entries: - { type: local, database: all, user: postgres, auth_method: peer } - { type: local, database: all, user: all, auth_method: peer } - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 } - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 } + - { type: host, database: all, user: "{{ postgres_exporter_user }}", address: '{{ swarm_address_space }}', auth_method: md5 } - { type: host, database: replication, user: "{{ postgres_replication_user_name }}", address: '{{ postgres_address_space }}', auth_method: md5 } + - { type: host, database: all, user: all, address: '{{ swarm_address_space }}', auth_method: md5 } - { type: host, database: all, user: all, address: '{{ keycloak_address_space }}', auth_method: md5 } - - { type: host, database: all, user: all, address: '0.0.0.0/0', auth_method: md5 } + proxy_prometheus_admin_creds: "{{ core_vault_proxy_prometheus_admin_creds }}" vault_docker_registry_url: "{{core_vault_docker_registry_url}}" @@ -214,8 +240,9 @@ prometheus_data_dir: /var/dockerdata/prometheus/data logger_es_host: "{{ groups['log-es'][0] }}" logger_es_port: 9200 +#kibana_image: kibana:5.4.3 -oauth2_proxy_redirect_url: "{{proto}}://{{proxy_server_name}}/oauth2/callback" +kibana_oauth_redirect_url: "{{proto}}://{{proxy_server_name}}/oauth2/callback" keycloak: True api__host: "{{proxy_server_name}}" @@ -247,16 +274,16 @@ monitor_alerts_mail_server_port: "{{ mail_server_port }}" monitor_alerts_mail_server_username: "{{ mail_server_username }}" monitor_alerts_mail_server_password: "{{ core_vault_mail_server_password }}" +#badger +badger_admin_password: "{{core_vault_badger_admin_password}}" +badger_postgres_database: badger +badger_host: "{{ groups['postgresql-master'][0]}}" +badger_container: badgr +sunbird_http_orgin: "{{proto}}://{{proxy_server_name}}/badging" + #enc-service enc_postgres_database: "{{env}}-keys" -#uci service variables -# postgres dbs -uci_bot_postgres_database: "uci-botdb" -uci_forms_postgres_database: "uci-formsdb" -uci_odk_postgres_database: "uci-odk-aggregate" -uci_fusionauth_postgres_database: "uci-fusionauth" - #kafka vars zk_hosts: "127.0.0.1:2181" kafka_conf_dir: /etc/kafka @@ -296,7 +323,7 @@ sunbird_open_saber_bridge_enable: 'false' # --- Content service specific ENV vars --- # sunbird_content_service_enable_logging: 'true' -sunbird_language_service_api_key: "{{core_vault_sunbird_api_auth_token}}" +sunbird_language_service_api_key: "{{core_vault_sunbird_ekstep_api_key}}" sunbird_installation_display_name: "{{sunbird_app_name}} {{env}}" sunbird_ekstep_proxy_base_url: "https://{{ekstep_s3_env}}.ekstep.in" #Base URL of the Ekstep environment. Use `https://qa.ekstep.in/` for non-prod deployments, and `https://community.ekstep.in/` for prod deployment. sunbird_ekstep_api_base_url: "{{sunbird_ekstep_proxy_base_url}}/api" #API base URL of the Ekstep environment. Use `https://qa.ekstep.in/api` for non-prod deployments, and use `https://api.ekstep.in/` for prod deployment. @@ -307,9 +334,10 @@ kong_version: 1.5.0-gold # Data pipeline vars learning_analytics_service_url: 'http://{{learningservice_ip}}:9000' + #encryption Service sunbird_allowed_login: -sunbird_course_batch_notification_enabled: 'true' +sunbird_course_batch_notification_enabled: 'False' sunbird_device_register_api: "{{proto}}://{{api_proxy_name}}/v3/device/register/" sunbird_course_batch_notification_signature: sunbird @@ -321,6 +349,7 @@ sunbird_qrimage_topic: "{{env}}.qrimage.request" sunbird_azure_report_container_name: reports + sunbird_google_captcha_site_key: "{{core_vault_sunbird_google_captcha_site_key_portal}}" sunbird_google_oauth_clientId: "{{core_vault_sunbird_google_oauth_clientId_portal}}" sunbird_google_oauth_clientSecret: "{{core_vault_sunbird_google_oauth_clientSecret_portal}}" @@ -333,15 +362,98 @@ grafana_admin_password: "{{core_vault_grafana_admin_password}}" grafana_editor_password: "{{core_vault_grafana_editor_password}}" grafana_dashboards_git_repo_url_with_credentails: "{{core_vault_grafana_dashboards_git_repo_url_with_credentails}}" monitor_alerts_slack_url: "{{core_vault_monitor_alerts_slack_url}}" -kong__test_jwt: "{{ core_vault_sunbird_api_auth_token }}" +kong__test_jwt: "{{core_vault_kong__test_jwt}}" + +############# Postgres users and databases ############### +postgresql_users: + - name: "{{kong_postgres_user}}" + login_host: "{{kong_postgres_host}}" + login_password: "{{kong_postgres_password}}" + password: "{{postgres_password}}" + db: "{{kong_postgres_database}}" + login_user: "{{kong_postgres_user}}" + priv: "ALL" + - name: "{{keycloak_postgres_user}}" + login_host: "{{keycloak_postgres_host}}" + login_password: "{{keycloak_postgres_password}}" + password: "{{postgres_password}}" + db: "{{keycloak_postgres_database}}" + login_user: "{{keycloak_postgres_user}}" + priv: "ALL" + - name: "{{application_postgres_user}}" + login_host: "{{application_postgres_host}}" + login_password: "{{application_postgres_password}}" + password: "{{postgres_password}}" + db: "{{application_postgres_database}}" + login_user: "{{application_postgres_user}}" + priv: "ALL" + - name: "{{badger_postgres_user}}" + login_host: "{{badger_postgres_host}}" + login_password: "{{badger_postgres_password}}" + password: "{{postgres_password}}" + login_user: "{{badger_postgres_user}}" + db: "{{badger_postgres_database}}" + priv: "ALL" + - name: "{{user_org_service_postgres_user}}" + login_host: "{{user_org_service_postgres_host}}" + login_password: "{{user_org_service_postgres_password}}" + password: "{{user_org_service_postgres_password}}" + db: "{{user_org_service_postgres_database}}" + login_user: "{{user_org_service_postgres_user}}" + priv: "ALL" + - name: "{{enc_postgres_user}}" + login_host: "{{enc_postgres_host}}" + login_password: "{{enc_postgres_password}}" + password: "{{enc_postgres_password}}" + db: "{{enc_postgres_database}}" + login_user: "{{enc_postgres_user}}" + priv: "ALL" + + +postgresql_databases: + - name: "{{kong_postgres_database}}" + login_host: "{{kong_postgres_host}}" + login_password: "{{kong_postgres_password}}" + owner: "{{kong_postgres_user}}" + login_user: "{{kong_postgres_user}}" + - name: "{{keycloak_postgres_database}}" + login_host: "{{keycloak_postgres_host}}" + login_password: "{{keycloak_postgres_password}}" + owner: "{{keycloak_postgres_user}}" + login_user: "{{keycloak_postgres_user}}" + - name: "{{application_postgres_database}}" + login_host: "{{application_postgres_host}}" + login_password: "{{application_postgres_password}}" + owner: "{{application_postgres_user}}" + login_user: "{{application_postgres_user}}" + - name: "{{badger_postgres_database}}" + login_host: "{{badger_postgres_host}}" + login_password: "{{badger_postgres_password}}" + owner: "{{badger_postgres_user}}" + login_user: "{{badger_postgres_user}}" + - name: "{{user_org_service_postgres_database}}" + login_host: "{{user_org_service_postgres_host}}" + login_password: "{{user_org_service_postgres_password}}" + owner: "{{user_org_service_postgres_user}}" + login_user: "{{user_org_service_postgres_user}}" + - name: "{{enc_postgres_database}}" + login_host: "{{enc_postgres_host}}" + login_password: "{{enc_postgres_password}}" + owner: "{{enc_postgres_user}}" + login_user: "{{enc_postgres_user}}" + +########################################################## ####### App ES ######## + + app_es_etc_cluster_name: "{{env}}" app_es_etc_discovery_zen_minimum_master_nodes: "{{groups['es']| length | int}}" app_es_snapshot_host: "{{ groups['es'][0] }}" app_es_restore_host: "{{ groups['es'][0] }}" app_es_snapshot_base_path: application + #######Log Es log_es_etc_cluster_name: "{{env}}-log" log_es_snapshot_host: "{{ groups['log-es'][0] }}" @@ -365,6 +477,7 @@ sunbird_cloud_storage_urls: 'https://s3.ap-south-1.amazonaws.com/ekstep-public-{ sunbird_email_max_recipients_limit: 100 sunbird_cassandra_consistency_level: one sunbird_cassandra_replication_strategy: '{"class":"SimpleStrategy","replication_factor":"1"}' +medium_rate_limit_per_hour: 5000 sunbird_lock_expiry_time: 3600 app_es_heap_size: 1500m log_es_heap_size: 1500m @@ -383,6 +496,9 @@ vault_sms_method_type: "{{core_vault_sms_method_type}}" # telemetry default_channel_id: "in.ekstep" +## + +trampoline_secret: "{{core_vault_trampoline_secret}}" es_api_host: "{{inventory_hostname}}" sunbird_linked_content_base_url: "{{proto}}://{{proxy_server_name}}/play/content/" enc_postgres_password: "{{core_vault_postgres_password}}" @@ -393,6 +509,10 @@ config_refresh_interval: 10 config_service_enabled: false config_cache_ttl: 600 +#### backup storage secret +#backup_azure_storage_access_key: "{{core_vault_sunbird_azure_storage_key}}" +#backup_azure_storage_account_name: "{{azure_account_name}}" + #es-backup app_es_snapshot_host: "{{ groups['es'][0] }}" app_snapshot_base_path: applicationelasticsearch @@ -426,15 +546,21 @@ kafka_brokers: "{{groups['processing-cluster-kafka']|join(':9092,')}}:9092" __lms_host__: "http://{{private_ingressgateway_ip}}/learner" sunbird_redis_host: "{{ groups['lp-redis'][0] }}" + ### Release 2.1.0 ### sunbird_portal_offline_tenant: "" -sunbird_portal_offline_supported_languages: "English, Assamese, Bengali, Gujarati, Hindi, Kannada, Malayalam, Marathi, Oriya, Punjabi, Tamil, Telugu, Urdu" +sunbird_portal_offline_supported_languages: "English" sunbird_portal_offline_app_release_date: "17/3/2020" sunbird_portal_offline_app_version: "1.2.0" sunbird_portal_offline_app_download_url: "" sunbird_portal_log_level: "debug" ### Release 2.2.0 ### +sunbird_google_android_keycloak_client_id: '' +sunbird_google_android_keycloak_secret: '' +sunbird_trampoline_android_keycloak_client_id: '' +sunbird_trampoline_android_keycloak_secret: '' +sunbird_android_keycloak_client_id: '' sunbird_user_org_api_base_url: http://{{sunbird_swarm_manager_lb_ip}}:9000 ### Release-2.3.0 ### @@ -446,7 +572,6 @@ kafka_topics_instruction: "{{env_name}}.coursebatch.job.request" kafka_urls: "{{groups['processing-cluster-kafka']|join(':9092,')}}:9092" kafka_topics_certificate_instruction: "{{env_name}}.issue.certificate.request" kafka_topics_contentstate_invalid: "{{env_name}}.contentstate.invalid" -kafka_enrolment_sync_topic: "{{env_name}}.batch.enrolment.sync.request" cert_service_container_name: "{{env}}-e-credentials" cert_service_cloud_storage_type: "{{cert_service_cloud_storage_type}}" @@ -483,6 +608,7 @@ language_read_elb_url: bolt://{{ groups['learning-neo4j-node1'][0] }}:8687 language_write_elb_url: bolt://{{ groups['learning-neo4j-node1'][0] }}:8687 mw_shard_id: 1 sunbird_lp_redis_host: "{{groups['lp-redis-ps'][0]}}" +#lp_azure_account_name: "{{azure_account_name}}" #Druid Proxy APi service druid_proxy_replicas: 1 @@ -496,6 +622,10 @@ lp_kafka_url: "{{sunbird_processing_kafka_host}}" content_import_required_props: '["name","code","mimeType","primaryCategory","artifactUrl","framework"]' content_import_remove_props: '["downloadUrl","variants","previewUrl","streamingUrl","itemSets","level1Name","level1Concept","level2Name","level2Concept","level3Name","level3Concept","me_totalPlaySessionCount","me_totalTimeSpentInSec","me_totalSessionsCount","me_totalTimespent","me_totalInteractions","me_creationSessions","me_creationTimespent","me_averageInteractionsPerMin","me_averageSessionsPerDevice","me_totalDevices","me_averageTimespentPerSession","me_averageRating","me_totalDownloads","me_totalSideloads","me_totalRatings","me_totalComments","me_totalDialcode","me_totalDialcodeLinkedToContent","me_totalDialcodeAttached","me_hierarchyLevel","origin","originData","contentPolicyCheck","questions"]' +# Print Service +#kp_sunbird_account_name: "{{azure_account_name}}" +#kp_sunbird_account_key: "{{core_vault_sunbird_azure_storage_key}}" + #Sunbird-Portal release-2.6.5 # sunbird_portal_updateLoginTimeEnabled: false @@ -509,6 +639,10 @@ search_index_host: "{{ groups['composite-search-cluster']|join(':9200,')}}:9200" compositesearch_index_name: "compositesearch" sunbird_report_service_url: "http://kong:8000/data/v1/report-service" + +# Datapipeline +dp_play_http_secret_key: "mysecretdpplaysecretkey" + # LMS Service vars group_activity_agg_cache_ttl: 3600 group_activity_agg_cache_enable: false @@ -516,32 +650,11 @@ group_activity_agg_cache_enable: false # nodebb variables mongo_nodebb_host: "{{ groups['mongo'] | join(',')}}" sunbird_nodebb_storage_key: "{{ core_vault_sunbird_nodebb_storage_key }}" -kibana_service: "kibana.logging.svc.cluster.local:5601" +kibana_service: "http://kibana.logging.svc.cluster.local:5601" +sunbird_dial_repo_api_base_url: "http://{{dialservice_ip}}:9001" #report service dp_postgres_host: "{{ groups['postgres'][0] }}" dp_postgres_db: analytics dp_postgres_password: "{{ core_vault_dp_pgdb_password }}" dp_postgres_username: analytics - -# Will enable cassandra cluster if number of cassandra nodes > 1 -cassandra_cluster_size: "{{ groups['cassandra'] | length }}" - -# Azure sendgrid mail server apitoken username -# This value is constant for sendgrid api authentication. -# If you're using any other mail server provider, override this value in common.yaml. -mail_server_username: "apikey" -bootstrap_namespace: "{{ env }},flink-{{ env }},flink-kp-{{ env }}" - -# Graylog vars shared across multiple roles -graylog_open_to_public: false -send_logs_to_graylog: false -graylog_open_to_private: false - -# Keycloak related variables -sunbird_google_android_keycloak_client_id: google-auth-android -sunbird_android_keycloak_client_id: android -sunbird_desktop_keycloak_client_id: desktop -sunbird_google_desktop_keycloak_client_id: google-auth-desktop -sunbird_trampoline_android_keycloak_client_id: trampoline-android -sunbird_trampoline_desktop_keycloak_client_id: trampoline-desktop diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 7a77c8a5fe..f657106165 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -16,7 +16,7 @@ statsd_pulgin: config.port: "{{ statsd_port }}" # Default Rate limits -small_rate_limit_per_hour: 100 +small_rate_limit_per_hour: 1000 medium_rate_limit_per_hour: 5000 x_medium_rate_limit_per_hour: 5000 large_rate_limit_per_hour: 10000 @@ -31,6 +31,7 @@ premium_consumer_large_rate_limit_per_hour: 100000 small_request_size_limit: 1 medium_request_size_limit: 10 large_request_size_limit: 100 +x_large_request_size_limit: 400 # External URL's freshDesk_url: "http://dummy.freshDesk.url" @@ -51,6 +52,7 @@ echo_service_prefix: /echo composite_service_prefix: /composite api_manager_perfix: /api-manager meta_service_prefix: /meta +dashboard_service_prefix: /dashboard announcement_service_prefix: /announcement dialcode_service_prefix: /dialcode channel_service_prefix: /channel @@ -75,24 +77,14 @@ object_category_definition_prefix: /object/category/definition dataset_service_prefix: /dataset asset_prefix: /asset collection_prefix: /collection -discussions_prefix: /discussion question_prefix: /question questionset_prefix: /questionset -integration_app_prefix: /app -users_service_prefix: /users -solutions_service_prefix: /solutions -entities_service_prefix: /entities -cloud_service_prefix: /cloud-services -userProjects_service_prefix: /userProjects -reports_service_prefix: /reports -project_service_prefix: /project -observations_service_prefix: /observations -observationSubmissions_service_prefix: /observationSubmissions -surveys_service_prefix: /surveys -surveySubmissions_service_prefix: /surveySubmissions -user_extension_prefix: /user-extension -uci_admin_prefix: /uci +event_prefix: /event notification_service_prefix: /notification +content_validation_service_prefix: /contentValidation +scoring_engine_service_prefix: /scoring +hub_graph_service_prefix: /connections +workflow_handler_service_prefix: /workflow # Service URLs knowledge_mw_service_url: "http://knowledge-mw-service:5000" @@ -111,18 +103,17 @@ report_service_url: "http://report-service:3030" group_service_url: "http://groups-service:9000" analytics_api_service_url: "http://analytics-service:9000" taxonomy_service_url: "http://taxonomy-service:9000" -discussions_mw_service_url: "http://discussionsmw-service:3002/discussion" assessment_service_url: "http://assessment-service:9000" -ml_reports_service_url: "http://ml-reports-service:3000" -ml_survey_service_url: "http://ml-survey-service:3000" -ml_project_service_url: "http://ml-projects-service:3000" -ml_core_service_url: "http://ml-core-service:3000" -uci_inbound_service_url: "http://inbound-service:8085" -uci_transformer_service_url: "http://trasnformer-service:9091" -uci_gql_service_url: "http://gql-service:8080" -uci_registry_service_url: "http://fusionauth-service:9011" -uci_admin_service_url: "http://uci-service:9999" notification_service_url: "http://notification-service:9000" +sb_cb_ext_service_url: "http://sb-cb-ext-service:7001" +content_validation_service_url: "http://content-validation-service:6590" +scoring_engine_service_url: "http://scoring-engine-service:7014" +hub_graph_service_url: "http://hub-graph-service:4013" +workflow_handler_service_url: "http://workflow-handler-service:5099" +discussions_mw_url: "http://discussionsmw-service:3002" +nodebb_url: "http://nodebb-service:4567/discussions" +analytics_url: "http://pm-analytics-service:8091" + premium_consumer_rate_limits: - api: createContent @@ -194,6 +185,24 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: addMember + uris: "{{ org_service_prefix }}/v1/member/add" + upstream_url: "{{ learning_service_url }}/v1/org/member/add" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'orgAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: addSystemSettings uris: "{{ data_service_prefix }}/v1/system/settings/set" upstream_url: "{{ learning_service_url }}/v1/system/settings/set" @@ -212,23 +221,27 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: assemblePage - uris: "{{ data_service_prefix }}/v1/page/assemble" - upstream_url: "{{ lms_service_url }}/v1/page/assemble" + - name: addUserSkill + uris: "{{ user_service_prefix }}/v1/skill/add" + upstream_url: "{{ learning_service_url }}/v1/user/skill/add" strip_uri: true plugins: + - name: jwt - name: cors - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userCreate ' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip + config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: assignRole - uris: "{{ user_service_prefix }}/v1/role/assign" - upstream_url: "{{ learning_service_url }}/v1/user/assign/role" + - name: addUserSkillEndorsement + uris: "{{ user_service_prefix }}/v1/skill/endorse/add" + upstream_url: "{{ learning_service_url }}/v1/user/skill/endorse/add" strip_uri: true plugins: - name: jwt @@ -236,7 +249,25 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'userCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: addUserToBatch + uris: "{{ course_service_prefix }}/v1/batch/user/add" + upstream_url: "{{ lms_service_url }}/v1/course/batch/users/add" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'courseCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -244,9 +275,23 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: assignRoleV2 - uris: "{{ user_service_prefix }}/v2/role/assign" - upstream_url: "{{ learning_service_url }}/v2/user/assign/role" + - name: assemblePage + uris: "{{ data_service_prefix }}/v1/page/assemble" + upstream_url: "{{ lms_service_url }}/v1/page/assemble" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: assignRole + uris: "{{ user_service_prefix }}/v1/role/assign" + upstream_url: "{{ learning_service_url }}/v1/user/assign/role" strip_uri: true plugins: - name: jwt @@ -349,25 +394,7 @@ kong_apis: - 'contentTempAccess' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: compositePrivateSearch - uris: "{{ composite_service_prefix }}/v1/private/search" - upstream_url: "{{ knowledge_mw_service_url }}/v3/private/search" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'contentAdmin' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ premium_consumer_large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" @@ -534,6 +561,42 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: createAssertion + uris: "{{ badge_service_prefix }}/v1/issuer/badge/assertion/create" + upstream_url: "{{ learning_service_url }}/v1/issuer/badge/assertion/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'badgeCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: createBadgeClass + uris: "{{ badge_service_prefix }}/v1/issuer/badge/create" + upstream_url: "{{ learning_service_url }}/v1/issuer/badge/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'badgeCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: createBatch uris: "{{ course_service_prefix }}/v1/batch/create" upstream_url: "{{ lms_service_url }}/v1/course/batch/create" @@ -624,6 +687,24 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: createData + uris: "{{ data_service_prefix }}/v1/object/create" + upstream_url: "{{ learning_service_url }}/v1/object/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'objectCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ large_request_size_limit }}" + - name: createForm uris: "{{ data_service_prefix }}/v1/form/create" upstream_url: "{{ player_service_url }}/plugin/v1/form/create" @@ -696,6 +777,42 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: createissuer + uris: "{{ badge_service_prefix }}/v1/issuer/create" + upstream_url: "{{ learning_service_url }}/v1/issuer/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'badgeCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: createLocation + uris: "{{ org_service_prefix }}/v1/location/create" + upstream_url: "{{ learning_service_url }}/v1/notification/location/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'locationCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: createLock uris: "{{ lock_service_prefix }}/v1/create" upstream_url: "{{ knowledge_mw_service_url }}/v1/lock/create" @@ -750,6 +867,24 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: createOrgType + uris: "{{ org_service_prefix }}/v1/type/create" + upstream_url: "{{ learning_service_url }}/v1/org/type/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'orgCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: createPage uris: "{{ data_service_prefix }}/v1/page/create" upstream_url: "{{ lms_service_url }}/v1/page/create" @@ -912,6 +1047,78 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: deleteBadgeClass + uris: "{{ badge_service_prefix }}/v1/issuer/badge/delete" + upstream_url: "{{ learning_service_url }}/v1/issuer/badge/delete" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'badgeAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: deleteData + uris: "{{ data_service_prefix }}/v1/object/delete" + upstream_url: "{{ learning_service_url }}/v1/object/delete" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'objectAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: deleteIssuer + uris: "{{ badge_service_prefix }}/v1/issuer/delete" + upstream_url: "{{ learning_service_url }}/v1/issuer/delete" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'badgeAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: deleteLocation + uris: "{{ org_service_prefix }}/v1/location/delete" + upstream_url: "{{ learning_service_url }}/v1/notification/location/delete" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'locationAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: deleteNote uris: "{{ notes_service_prefix }}/v1/delete" upstream_url: "{{ learning_service_url }}/v1/note/delete" @@ -1026,7 +1233,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'anonymousContentAccess' + - 'contentAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1170,7 +1377,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'anonymousUserAccess' + - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1178,9 +1385,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getBatch - uris: "{{ course_service_prefix }}/v1/batch/read" - upstream_url: "{{ lms_service_url }}/v1/course/batch/read" + - name: getAllData + uris: "{{ data_service_prefix }}/v1/object/read/list" + upstream_url: "{{ learning_service_url }}/v1/object/read/list" strip_uri: true plugins: - name: jwt @@ -1188,17 +1395,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'courseAccess' + - 'objectAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: collectionSummaryAgg - uris: "/v1/collection/summary" - upstream_url: "{{ lms_service_url }}/v1/collection/summary" + - name: getAllIssuer + uris: "{{ badge_service_prefix }}/v1/issuer/list" + upstream_url: "{{ learning_service_url }}/v1/issuer/list" strip_uri: true plugins: - name: jwt @@ -1206,17 +1413,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'courseAdmin' + - 'badgeAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: getContentUploadUrl - uris: "{{ content_prefix }}/v1/upload/url/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/upload/url" + - name: getAssertion + uris: "{{ badge_service_prefix }}/v1/issuer/badge/assertion/read" + upstream_url: "{{ learning_service_url }}/v1/issuer/badge/assertion/read" strip_uri: true plugins: - name: jwt @@ -1224,31 +1431,35 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentUpdate' + - 'badgeAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: getCourseHierarchy - uris: "{{ course_service_prefix }}/v1/hierarchy" - upstream_url: "{{ knowledge_mw_service_url }}/v1/course/hierarchy" + - name: getAssertionList + uris: "{{ badge_service_prefix }}/v1/issuer/badge/assertion/search" + upstream_url: "{{ learning_service_url }}/v1/issuer/badge/assertion/search" strip_uri: true plugins: + - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: rate-limiting - config.policy: local + - name: acl + config.whitelist: + - 'badgeAccess' + - name: rate-limiting + config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip + config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: getPageSettings - uris: "{{ data_service_prefix }}/v1/page/read" - upstream_url: "{{ lms_service_url }}/v1/page/read" + - name: getAudienceCount + uris: "{{ data_service_prefix }}/v1/notification/audience" + upstream_url: "{{ learning_service_url }}/v1/notification/audience" strip_uri: true plugins: - name: jwt @@ -1256,7 +1467,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'pageAccess' + - 'announcementAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1264,9 +1475,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getParticipants - uris: "{{ course_service_prefix }}/v1/batch/participants/list" - upstream_url: "{{ lms_service_url }}/v1/batch/participants/list" + - name: getBadgeClass + uris: "{{ badge_service_prefix }}/v1/issuer/badge/read" + upstream_url: "{{ learning_service_url }}/v1/issuer/badge/read" strip_uri: true plugins: - name: jwt @@ -1274,17 +1485,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'courseCreate' + - 'badgeAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: getSystemSettings - uris: "{{ data_service_prefix }}/v1/system/settings/get" - upstream_url: "{{ learning_service_url }}/v1/system/settings/get" + - name: getBatch + uris: "{{ course_service_prefix }}/v1/batch/read" + upstream_url: "{{ lms_service_url }}/v1/course/batch/read" strip_uri: true plugins: - name: jwt @@ -1292,7 +1503,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'anonymousAppAccess' + - 'courseAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1300,9 +1511,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getTenantInfo - uris: "{{ org_service_prefix }}/v1/tenant/info" - upstream_url: "{{ player_service_url }}/v1/tenant/info" + - name: collectionSummaryAgg + uris: "/v1/collection/summary" + upstream_url: "{{ lms_service_url }}/v1/collection/summary" strip_uri: true plugins: - name: jwt @@ -1310,17 +1521,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'anonymousOrgAccess' + - 'courseAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getUserByKey - uris: "{{ user_service_prefix }}/v1/get" - upstream_url: "{{ learning_service_url }}/v1/user/get" + - name: getContentUploadUrl + uris: "{{ content_prefix }}/v1/upload/url/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/upload/url" strip_uri: true plugins: - name: jwt @@ -1328,7 +1539,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'anonymousUserAccess' + - 'contentUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1336,27 +1547,23 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getUserProfile - uris: "{{ user_service_prefix }}/v1/read" - upstream_url: "{{ learning_service_url }}/v1/user/read" + - name: getCourseHierarchy + uris: "{{ course_service_prefix }}/v1/hierarchy" + upstream_url: "{{ knowledge_mw_service_url }}/v1/course/hierarchy" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential + config.limit_by: ip - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getUserProfileV2 - uris: "{{ user_service_prefix }}/v2/read" - upstream_url: "{{ learning_service_url }}/v2/user/read" + - name: getData + uris: "{{ data_service_prefix }}/v1/object/read" + upstream_url: "{{ learning_service_url }}/v1/object/read" strip_uri: true plugins: - name: jwt @@ -1364,36 +1571,35 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAccess' + - 'objectAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: indexSync - uris: "{{ data_service_prefix }}/v1/index/sync" - upstream_url: "{{ learning_service_url }}/v1/data/sync" + - name: getIssuerDetails + uris: "{{ badge_service_prefix }}/v1/issuer/read" + upstream_url: "{{ learning_service_url }}/v1/issuer/read" strip_uri: true plugins: - name: jwt - name: cors - "{{ statsd_pulgin }}" - name: acl - config.whitelist: - - 'userAdmin' - - 'orgAdmin' + config.whitelist: + - 'badgeAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: ItemSetAPIs - uris: "{{ itemset_prefix }}/v1" - upstream_url: "{{ knowledge_mw_service_url }}/itemset/v1" + - name: getLocation + uris: "{{ org_service_prefix }}/v1/location/read" + upstream_url: "{{ learning_service_url }}/v1/notification/location/read" strip_uri: true plugins: - name: jwt @@ -1401,7 +1607,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'itemSetAdmin' + - 'locationAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1409,9 +1615,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: KongConsumerApi - uris: "{{ api_manager_perfix }}/v1/consumer" - upstream_url: "{{ am_util_url }}/v1/consumer" + - name: getMediaTypes + uris: "{{ user_service_prefix }}/v1/mediatype/list" + upstream_url: "{{ learning_service_url }}/v1/user/mediatype/list" strip_uri: true plugins: - name: jwt @@ -1419,17 +1625,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'kongConsumerAdmin' + - 'userAccess' - name: rate-limiting config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: LicenseAPI - uris: "{{ license_api_prefix }}/v3" - upstream_url: "{{ content_service_url }}/license/v3" + - name: getPageSettings + uris: "{{ data_service_prefix }}/v1/page/read" + upstream_url: "{{ lms_service_url }}/v1/page/read" strip_uri: true plugins: - name: jwt @@ -1437,7 +1643,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'appAdmin' + - 'pageAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1445,9 +1651,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: linkDialcodeContent - uris: "{{ dialcode_service_prefix }}/v1/content/link" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/content/link" + - name: getParticipants + uris: "{{ course_service_prefix }}/v1/batch/participants/list" + upstream_url: "{{ lms_service_url }}/v1/batch/participants/list" strip_uri: true plugins: - name: jwt @@ -1455,7 +1661,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'dialcodeCreate' + - 'courseCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1463,9 +1669,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: listAllBadges - uris: "{{ org_service_prefix }}/v1/badges/list" - upstream_url: "{{ learning_service_url }}/v1/badges/list" + - name: getSkills + uris: "{{ data_service_prefix }}/v1/skills" + upstream_url: "{{ learning_service_url }}/v1/skills" strip_uri: true plugins: - name: jwt @@ -1473,7 +1679,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'badgeAccess' + - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1481,9 +1687,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: listChannel - uris: "{{ channel_service_prefix }}/v1/list" - upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/list" + - name: getSystemSettings + uris: "{{ data_service_prefix }}/v1/system/settings/get" + upstream_url: "{{ learning_service_url }}/v1/system/settings/get" strip_uri: true plugins: - name: jwt @@ -1491,7 +1697,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'channelAccess' + - 'appAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1499,9 +1705,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: searchCourseBatches - uris: "{{ course_service_prefix }}/v1/batch/list" - upstream_url: "{{ lms_service_url }}/v1/course/batch/search" + - name: getTenantInfo + uris: "{{ org_service_prefix }}/v1/tenant/info" + upstream_url: "{{ player_service_url }}/v1/tenant/info" strip_uri: true plugins: - name: jwt @@ -1509,7 +1715,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'anonymousCourseAccess' + - 'orgAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1517,17 +1723,18 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: listCourseEnrollments - uris: "{{ course_service_prefix }}/v1/user/enrollment/list" - upstream_url: "{{ lms_service_url }}/v1/user/courses/list" + - name: getUploadJobStatusLink + uris: "{{ data_service_prefix }}/v1/upload/statusDownloadLink" + upstream_url: "{{ learning_service_url }}/v1/upload/statusDownloadLink" strip_uri: true plugins: - name: jwt - name: cors - "{{ statsd_pulgin }}" - name: acl - config.whitelist: - - 'anonymousCourseAccess' + config.whitelist: + - 'orgSuperAdmin' + - 'userSuperAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1535,9 +1742,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: privateListCourseEnrollments - uris: "{{ course_service_prefix }}/private/v1/user/enrollment/list" - upstream_url: "{{ lms_service_url }}/private/v1/user/courses/list" + - name: getUserByKey + uris: "{{ user_service_prefix }}/v1/get" + upstream_url: "{{ learning_service_url }}/v1/user/get" strip_uri: true plugins: - name: jwt @@ -1545,7 +1752,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'courseAccess' + - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1553,9 +1760,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: listUserCourseEnrollments - uris: "{{ course_service_prefix }}/v2/user/enrollment/list" - upstream_url: "{{ lms_service_url }}/v2/user/courses/list" + - name: getUserConsumptionDasbhoard + uris: "{{ dashboard_service_prefix }}/v1/consumption/user" + upstream_url: "{{ learning_service_url }}/v1/dashboard/consumption/user" strip_uri: true plugins: - name: jwt @@ -1563,7 +1770,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'anonymousCourseAccess' + - 'userAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1571,9 +1778,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: privateListUserCourseEnrollments - uris: "{{ course_service_prefix }}/private/v2/user/enrollment/list" - upstream_url: "{{ lms_service_url }}/private/v2/user/courses/list" + - name: getUserProfile + uris: "{{ user_service_prefix }}/v1/read" + upstream_url: "{{ learning_service_url }}/v1/user/read" strip_uri: true plugins: - name: jwt @@ -1581,7 +1788,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'privateCourseAccess' + - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1589,10 +1796,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: listDialcodes - uris: "{{ dialcode_service_prefix }}/v1/list" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/list" + - name: getUserProfileV2 + uris: "{{ user_service_prefix }}/v2/read" + upstream_url: "{{ learning_service_url }}/v2/user/read" strip_uri: true plugins: - name: jwt @@ -1600,7 +1806,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'dialcodeAccess' + - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1608,9 +1814,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: listFramework - uris: "{{ framework_service_prefix }}/v1/list" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/list" + - name: getUserSkill + uris: "{{ user_service_prefix }}/v1/skill/read" + upstream_url: "{{ learning_service_url }}/v1/user/skill/read" strip_uri: true plugins: - name: jwt @@ -1618,17 +1824,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'frameworkAccess' + - 'userAccess' - name: rate-limiting config.policy: local - config.hour: "{{ x_medium_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: listLock - uris: "{{ lock_service_prefix }}/v1/list" - upstream_url: "{{ knowledge_mw_service_url }}/v1/lock/list" + - name: getUserType + uris: "{{ user_service_prefix }}/v1/type/list" + upstream_url: "{{ learning_service_url }}/v1/user/type/list" strip_uri: true plugins: - name: jwt @@ -1636,7 +1842,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentCreate' + - 'userAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1644,17 +1850,18 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: listOrdinals - uris: "{{ meta_service_prefix }}/v1/ordinals/list" - upstream_url: "{{ knowledge_mw_service_url }}/v1/ordinals/list" + - name: indexSync + uris: "{{ data_service_prefix }}/v1/index/sync" + upstream_url: "{{ learning_service_url }}/v1/data/sync" strip_uri: true plugins: - name: jwt - name: cors - "{{ statsd_pulgin }}" - name: acl - config.whitelist: - - 'appAccess' + config.whitelist: + - 'userAdmin' + - 'orgAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1662,9 +1869,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: listPageSections - uris: "{{ data_service_prefix }}/v1/page/section/list" - upstream_url: "{{ lms_service_url }}/v1/page/section/list" + - name: ItemSetAPIs + uris: "{{ itemset_prefix }}/v1" + upstream_url: "{{ knowledge_mw_service_url }}/itemset/v1" strip_uri: true plugins: - name: jwt @@ -1672,7 +1879,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'pageAccess' + - 'itemSetAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1680,9 +1887,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: listResourceBundles - uris: "{{ meta_service_prefix }}/v1/resourcebundles/list" - upstream_url: "{{ knowledge_mw_service_url }}/v1/resourcebundles/list" + - name: KongConsumerApi + uris: "{{ api_manager_perfix }}/v1/consumer" + upstream_url: "{{ am_util_url }}/v1/consumer" strip_uri: true plugins: - name: jwt @@ -1690,17 +1897,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'anonymousAppAccess' + - 'kongConsumerAdmin' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ small_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: listSystemSettings - uris: "{{ data_service_prefix }}/v1/system/settings/list" - upstream_url: "{{ learning_service_url }}/v1/system/settings/list" + - name: LicenseAPI + uris: "{{ license_api_prefix }}/v3" + upstream_url: "{{ content_service_url }}/license/v3" strip_uri: true plugins: - name: jwt @@ -1708,7 +1915,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'appAccess' + - 'appAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1716,9 +1923,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: listTerms - uris: "{{ meta_service_prefix }}/v1/terms/list" - upstream_url: "{{ knowledge_mw_service_url }}/v1/terms/list" + - name: linkDialcodeContent + uris: "{{ dialcode_service_prefix }}/v1/content/link" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/content/link" strip_uri: true plugins: - name: jwt @@ -1726,7 +1933,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'frameworkAccess' + - 'dialcodeCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1734,9 +1941,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: masterLocationCreate - uris: "{{ data_service_prefix }}/v1/location/create" - upstream_url: "{{ learning_service_url }}/v1/location/create" + - name: listAllBadges + uris: "{{ org_service_prefix }}/v1/badges/list" + upstream_url: "{{ learning_service_url }}/v1/badges/list" strip_uri: true plugins: - name: jwt @@ -1744,7 +1951,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'locationCreate' + - 'badgeAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1752,9 +1959,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: masterLocationDelete - uris: "{{ data_service_prefix }}/v1/location/delete" - upstream_url: "{{ learning_service_url }}/v1/location/delete" + - name: listChannel + uris: "{{ channel_service_prefix }}/v1/list" + upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/list" strip_uri: true plugins: - name: jwt @@ -1762,7 +1969,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'locationAdmin' + - 'channelAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1770,9 +1977,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: masterLocationSearch - uris: "{{ data_service_prefix }}/v1/location/search" - upstream_url: "{{ learning_service_url }}/v1/location/search" + - name: searchCourseBatches + uris: "{{ course_service_prefix }}/v1/batch/list" + upstream_url: "{{ lms_service_url }}/v1/course/batch/search" strip_uri: true plugins: - name: jwt @@ -1780,17 +1987,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'locationAccess' + - 'courseAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: masterLocationUpdate - uris: "{{ data_service_prefix }}/v1/location/update" - upstream_url: "{{ learning_service_url }}/v1/location/update" + - name: listCourseEnrollments + uris: "{{ course_service_prefix }}/v1/user/enrollment/list" + upstream_url: "{{ lms_service_url }}/v1/user/courses/list" strip_uri: true plugins: - name: jwt @@ -1798,17 +2005,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'locationUpdate' + - 'courseAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: masterLocationUpload - uris: "{{ data_service_prefix }}/v1/bulk/location/upload" - upstream_url: "{{ learning_service_url }}/v1/bulk/location/upload" + - name: listUserCourseEnrollments + uris: "{{ course_service_prefix }}/v2/user/enrollment/list" + upstream_url: "{{ lms_service_url }}/v2/user/courses/list" strip_uri: true plugins: - name: jwt @@ -1816,17 +2023,18 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'locationSuperAdmin' + - 'courseAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: mergeUserAccounts - uris: "{{ user_service_prefix }}/v1/account/merge" - upstream_url: "{{ learning_service_url }}/private/user/v1/account/merge" + + - name: listDialcodes + uris: "{{ dialcode_service_prefix }}/v1/list" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/list" strip_uri: true plugins: - name: jwt @@ -1834,7 +2042,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userUpdate' + - 'dialcodeAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1842,9 +2050,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: orgAssignKeys - uris: "{{ org_service_prefix }}/v1/assign/key" - upstream_url: "{{ learning_service_url }}/v1/org/assign/key" + - name: listFramework + uris: "{{ framework_service_prefix }}/v1/list" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/list" strip_uri: true plugins: - name: jwt @@ -1852,17 +2060,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'orgAdmin' + - 'frameworkAccess' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ x_medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: orgBulkUpload - uris: "{{ org_service_prefix }}/v1/upload" - upstream_url: "{{ learning_service_url }}/v1/org/upload" + - name: listLock + uris: "{{ lock_service_prefix }}/v1/list" + upstream_url: "{{ knowledge_mw_service_url }}/v1/lock/list" strip_uri: true plugins: - name: jwt @@ -1870,17 +2078,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'orgSuperAdmin' + - 'contentCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: pluginSearch - uris: "{{ plugin_service_prefix }}/v1/search" - upstream_url: "{{ knowledge_mw_service_url }}/v1/plugins/search" + - name: listOrdinals + uris: "{{ meta_service_prefix }}/v1/ordinals/list" + upstream_url: "{{ knowledge_mw_service_url }}/v1/ordinals/list" strip_uri: true plugins: - name: jwt @@ -1888,7 +2096,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'pluginAccess' + - 'appAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1896,9 +2104,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: PrivateContentCreateAPIs - uris: "{{ private_content_prefix }}/v3/create" - upstream_url: "{{ content_service_url }}/content/v3/create" + - name: listOrgTypes + uris: "{{ org_service_prefix }}/v1/type/list" + upstream_url: "{{ learning_service_url }}/v1/org/type/list" strip_uri: true plugins: - name: jwt @@ -1906,7 +2114,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentSuperAdmin' + - 'orgAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1914,9 +2122,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: PrivateContentReadAPIs - uris: "{{ private_content_prefix }}/v3/read" - upstream_url: "{{ content_service_url }}/content/v3/read" + - name: listPageSections + uris: "{{ data_service_prefix }}/v1/page/section/list" + upstream_url: "{{ lms_service_url }}/v1/page/section/list" strip_uri: true plugins: - name: jwt @@ -1924,7 +2132,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentSuperAdmin' + - 'pageAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1932,9 +2140,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: PrivateContentUpdateAPIs - uris: "{{ private_content_prefix }}/v3/update" - upstream_url: "{{ content_service_url }}/content/v3/update" + - name: listResourceBundles + uris: "{{ meta_service_prefix }}/v1/resourcebundles/list" + upstream_url: "{{ knowledge_mw_service_url }}/v1/resourcebundles/list" strip_uri: true plugins: - name: jwt @@ -1942,7 +2150,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentSuperAdmin' + - 'appAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1950,9 +2158,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: PrivateContentRetireAPI - uris: "{{ private_content_prefix }}/v3/retire" - upstream_url: "{{ vm_learning_service_url }}/content/v3/retire" + - name: listSystemSettings + uris: "{{ data_service_prefix }}/v1/system/settings/list" + upstream_url: "{{ learning_service_url }}/v1/system/settings/list" strip_uri: true plugins: - name: jwt @@ -1960,7 +2168,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentSuperAdmin' + - 'appAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1968,9 +2176,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: PrivateContentUploadAPI - uris: "{{ private_content_prefix }}/v3/upload" - upstream_url: "{{ content_service_url }}/content/v3/upload" + - name: listTerms + uris: "{{ meta_service_prefix }}/v1/terms/list" + upstream_url: "{{ knowledge_mw_service_url }}/v1/terms/list" strip_uri: true plugins: - name: jwt @@ -1978,7 +2186,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentSuperAdmin' + - 'frameworkAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1986,9 +2194,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: PrivateContentReviewAPI - uris: "{{ private_content_prefix }}/v3/review" - upstream_url: "{{ vm_learning_service_url }}/content/v3/review" + - name: masterLocationCreate + uris: "{{ data_service_prefix }}/v1/location/create" + upstream_url: "{{ learning_service_url }}/v1/location/create" strip_uri: true plugins: - name: jwt @@ -1996,17 +2204,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentSuperAdmin' + - 'locationCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: PrivateContentPublishAPI - uris: "{{ private_content_prefix }}/v3/publish" - upstream_url: "{{ vm_learning_service_url }}/content/v3/publish" + - name: masterLocationDelete + uris: "{{ data_service_prefix }}/v1/location/delete" + upstream_url: "{{ learning_service_url }}/v1/location/delete" strip_uri: true plugins: - name: jwt @@ -2014,7 +2222,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentSuperAdmin' + - 'locationAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2022,9 +2230,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: PrivateContentRejectAPI - uris: "{{ private_content_prefix }}/v3/reject" - upstream_url: "{{ vm_learning_service_url }}/content/v3/reject" + - name: masterLocationSearch + uris: "{{ data_service_prefix }}/v1/location/search" + upstream_url: "{{ learning_service_url }}/v1/location/search" strip_uri: true plugins: - name: jwt @@ -2032,17 +2240,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentSuperAdmin' + - 'locationAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: PrivateContentHierarchyAPI - uris: "{{ private_content_prefix }}/v3/hierarchy" - upstream_url: "{{ content_service_url }}/content/v3/hierarchy" + - name: masterLocationUpdate + uris: "{{ data_service_prefix }}/v1/location/update" + upstream_url: "{{ learning_service_url }}/v1/location/update" strip_uri: true plugins: - name: jwt @@ -2050,17 +2258,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentSuperAdmin' + - 'locationUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: privateUserAssignRole - uris: "{{ user_service_prefix }}/private/v1/assign/role" - upstream_url: "{{ learning_service_url }}/private/user/v1/assign/role" + - name: masterLocationUpload + uris: "{{ data_service_prefix }}/v1/bulk/location/upload" + upstream_url: "{{ learning_service_url }}/v1/bulk/location/upload" strip_uri: true plugins: - name: jwt @@ -2068,17 +2276,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userSuperAdmin' + - 'locationSuperAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: privateUserRead - uris: "{{ user_service_prefix }}/private/v1/read" - upstream_url: "{{ learning_service_url }}/private/user/v1/read" + - name: mergeUserAccounts + uris: "{{ user_service_prefix }}/v1/account/merge" + upstream_url: "{{ learning_service_url }}/private/user/v1/account/merge" strip_uri: true plugins: - name: jwt @@ -2086,7 +2294,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userSuperAccess' + - 'userUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2094,9 +2302,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: publishContent - uris: "{{ content_prefix }}/v1/publish" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/publish" + - name: metricsSearchData + uris: "{{ data_service_prefix }}/v1/object/metrics" + upstream_url: "{{ learning_service_url }}/v1/object/metrics" strip_uri: true plugins: - name: jwt @@ -2104,17 +2312,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentAdmin' + - 'objectAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: publishCourse - uris: "{{ course_service_prefix }}/v1/publish" - upstream_url: "{{ knowledge_mw_service_url }}/v1/course/publish" + - name: orgAssignKeys + uris: "{{ org_service_prefix }}/v1/assign/key" + upstream_url: "{{ learning_service_url }}/v1/org/assign/key" strip_uri: true plugins: - name: jwt @@ -2122,7 +2330,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'courseAdmin' + - 'orgAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2130,9 +2338,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: publishDialcode - uris: "{{ dialcode_service_prefix }}/v1/publish" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/publish" + - name: orgBulkUpload + uris: "{{ org_service_prefix }}/v1/upload" + upstream_url: "{{ learning_service_url }}/v1/org/upload" strip_uri: true plugins: - name: jwt @@ -2140,17 +2348,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'dialcodeAdmin' + - 'orgSuperAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: publishFramework - uris: "{{ framework_service_prefix }}/v1/publish" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/publish" + - name: pluginSearch + uris: "{{ plugin_service_prefix }}/v1/search" + upstream_url: "{{ knowledge_mw_service_url }}/v1/plugins/search" strip_uri: true plugins: - name: jwt @@ -2158,17 +2366,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'frameworkAdmin' + - 'pluginAccess' - name: rate-limiting config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: qrCodeBatchProcessRetry - uris: "{{ dialcode_service_prefix }}/v1/process/retry" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/process/retry" + - name: PrivateContentCreateAPIs + uris: "{{ private_content_prefix }}/v3/create" + upstream_url: "{{ content_service_url }}/content/v3/create" strip_uri: true plugins: - name: jwt @@ -2176,17 +2384,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'dialcodeUpdate' + - 'contentSuperAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: qrCodeBatchProcessStatus - uris: "{{ dialcode_service_prefix }}/v1/process/status" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/process/status" + - name: PrivateContentReadAPIs + uris: "{{ private_content_prefix }}/v3/read" + upstream_url: "{{ content_service_url }}/content/v3/read" strip_uri: true plugins: - name: jwt @@ -2194,7 +2402,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'dialcodeAccess' + - 'contentSuperAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2202,9 +2410,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: qrCodeDownload - uris: "{{ course_service_prefix }}/v1/qrcode/download" - upstream_url: "{{ lms_service_url }}/v1/course/qrcode/download" + - name: PrivateContentUpdateAPIs + uris: "{{ private_content_prefix }}/v3/update" + upstream_url: "{{ content_service_url }}/content/v3/update" strip_uri: true plugins: - name: jwt @@ -2212,17 +2420,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'dialcodeAccess' + - 'contentSuperAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ x_large_request_size_limit }}" - - name: readCertTemplate - uris: "{{ cert_service_prefix }}/v1/template/read" - upstream_url: "{{ cert_service_url }}/cert/v1/template/read" + - name: PrivateContentRetireAPI + uris: "{{ private_content_prefix }}/v3/retire" + upstream_url: "{{ vm_learning_service_url }}/content/v3/retire" strip_uri: true plugins: - name: jwt @@ -2230,45 +2438,53 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'certificateAccess' + - 'contentSuperAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readChannel - uris: "{{ channel_service_prefix }}/v1/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/read" + - name: PrivateContentUploadAPI + uris: "{{ private_content_prefix }}/v3/upload" + upstream_url: "{{ content_service_url }}/content/v3/upload" strip_uri: true plugins: + - name: jwt - name: cors - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentSuperAdmin' - name: rate-limiting config.policy: local - config.hour: "{{ x_large_rate_limit_per_hour }}" - config.limit_by: ip + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ x_large_request_size_limit }}" - - name: readContent - uris: "{{ content_prefix }}/v1/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/read" + - name: PrivateContentReviewAPI + uris: "{{ private_content_prefix }}/v3/review" + upstream_url: "{{ vm_learning_service_url }}/content/v3/review" strip_uri: true plugins: + - name: jwt - name: cors - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentSuperAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip + config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: contentPrivateRead - uris: "{{ content_prefix }}/v1/private/read" - upstream_url: "{{ content_service_url }}/content/v4/private/read" + - name: PrivateContentPublishAPI + uris: "{{ private_content_prefix }}/v3/publish" + upstream_url: "{{ vm_learning_service_url }}/content/v3/publish" strip_uri: true plugins: - name: jwt @@ -2276,7 +2492,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentAccess' + - 'contentSuperAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2284,9 +2500,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readContentState - uris: "{{ course_service_prefix }}/v1/content/state/read" - upstream_url: "{{ lms_service_url }}/v1/content/state/read" + - name: PrivateContentRejectAPI + uris: "{{ private_content_prefix }}/v3/reject" + upstream_url: "{{ vm_learning_service_url }}/content/v3/reject" strip_uri: true plugins: - name: jwt @@ -2294,17 +2510,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'courseAccess' + - 'contentSuperAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: privateReadContentState - uris: "{{ course_service_prefix }}/private/v1/content/state/read" - upstream_url: "{{ lms_service_url }}/private/v1/content/state/read" + + - name: PrivateContentHierarchyAPI + uris: "{{ private_content_prefix }}/v3/hierarchy" + upstream_url: "{{ content_service_url }}/content/v3/hierarchy" strip_uri: true plugins: - name: jwt @@ -2312,7 +2528,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'privateCourseAccess' + - 'contentAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2320,9 +2536,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readCourse - uris: "{{ course_service_prefix }}/v1/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/course/read" + - name: privateUserAssignRole + uris: "{{ user_service_prefix }}/private/v1/assign/role" + upstream_url: "{{ learning_service_url }}/private/user/v1/assign/role" strip_uri: true plugins: - name: jwt @@ -2330,7 +2546,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'courseAccess' + - 'userSuperAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2338,9 +2554,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readCourseEnrollment - uris: "{{ course_service_prefix }}/v1/user/enrollment/read" - upstream_url: "{{ lms_service_url }}/v1/user/courses/read" + - name: privateUserRead + uris: "{{ user_service_prefix }}/private/v1/read" + upstream_url: "{{ learning_service_url }}/private/user/v1/read" strip_uri: true plugins: - name: jwt @@ -2348,7 +2564,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'courseAccess' + - 'userSuperAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2356,9 +2572,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readDialcode - uris: "{{ dialcode_service_prefix }}/v1/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/read" + - name: privateUserUpdate + uris: "{{ user_service_prefix }}/private/v1/update" + upstream_url: "{{ learning_service_url }}/private/user/v1/update" strip_uri: true plugins: - name: jwt @@ -2366,7 +2582,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'dialcodeAccess' + - 'dataCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2374,37 +2590,45 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readForm - uris: "{{ data_service_prefix }}/v1/form/read" - upstream_url: "{{ player_service_url }}/plugin/v1/form/read" + - name: profileVisibility + uris: "{{ user_service_prefix }}/v1/profile/visibility" + upstream_url: "{{ learning_service_url }}/v1/user/profile/visibility" strip_uri: true plugins: + - name: jwt - name: cors - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip + config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readFramework - uris: "{{ framework_service_prefix }}/v1/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/read" + - name: publishContent + uris: "{{ content_prefix }}/v1/publish" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/publish" strip_uri: true plugins: + - name: jwt - name: cors - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentAdmin' - name: rate-limiting config.policy: local - config.hour: "{{ premium_consumer_large_rate_limit_per_hour }}" - config.limit_by: ip + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readFrameworkCategory - uris: "{{ framework_service_prefix }}/v1/category/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/category/read" + - name: publishCourse + uris: "{{ course_service_prefix }}/v1/publish" + upstream_url: "{{ knowledge_mw_service_url }}/v1/course/publish" strip_uri: true plugins: - name: jwt @@ -2412,17 +2636,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'frameworkAccess' + - 'courseAdmin' - name: rate-limiting config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readFrameworkTerm - uris: "{{ framework_service_prefix }}/v1/term/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/term/read" + - name: publishDialcode + uris: "{{ dialcode_service_prefix }}/v1/publish" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/publish" strip_uri: true plugins: - name: jwt @@ -2430,17 +2654,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'frameworkAccess' + - 'dialcodeAdmin' - name: rate-limiting config.policy: local - config.hour: "{{ x_large_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readNote - uris: "{{ notes_service_prefix }}/v1/read" - upstream_url: "{{ learning_service_url }}/v1/note/read" + - name: publishFramework + uris: "{{ framework_service_prefix }}/v1/publish" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/publish" strip_uri: true plugins: - name: jwt @@ -2448,17 +2672,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'noteAccess' + - 'frameworkAdmin' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readOrg - uris: "{{ org_service_prefix }}/v1/read" - upstream_url: "{{ learning_service_url }}/v1/org/read" + - name: qrCodeBatchProcessRetry + uris: "{{ dialcode_service_prefix }}/v1/process/retry" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/process/retry" strip_uri: true plugins: - name: jwt @@ -2466,7 +2690,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'anonymousOrgAccess' + - 'dialcodeUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2474,9 +2698,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readPageSection - uris: "{{ data_service_prefix }}/v1/page/section/read" - upstream_url: "{{ lms_service_url }}/v1/page/section/read" + - name: qrCodeBatchProcessStatus + uris: "{{ dialcode_service_prefix }}/v1/process/status" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/process/status" strip_uri: true plugins: - name: jwt @@ -2484,7 +2708,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'pageAccess' + - 'dialcodeAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2492,9 +2716,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readPublisher - uris: "{{ dialcode_service_prefix }}/v1/publisher/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/publisher/read" + - name: qrCodeDownload + uris: "{{ course_service_prefix }}/v1/qrcode/download" + upstream_url: "{{ lms_service_url }}/v1/course/qrcode/download" strip_uri: true plugins: - name: jwt @@ -2502,7 +2726,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'dialcodeCreate' + - 'dialcodeAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2510,9 +2734,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readRoleMapping - uris: "{{ data_service_prefix }}/v1/role/read" - upstream_url: "{{ learning_service_url }}/v1/role/read" + - name: readCertTemplate + uris: "{{ cert_service_prefix }}/v1/template/read" + upstream_url: "{{ cert_service_url }}/cert/v1/template/read" strip_uri: true plugins: - name: jwt @@ -2520,53 +2744,45 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAccess' + - 'certificateAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: readUserProfile - uris: "{{ user_service_prefix }}/v1/profile/read" - upstream_url: "{{ learning_service_url }}/v1/user/getuser" + - name: readChannel + uris: "{{ channel_service_prefix }}/v1/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/read" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'userAccess' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential + config.hour: "{{ x_large_rate_limit_per_hour }}" + config.limit_by: ip - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: registerDesktopApp - uris: "{{ api_manager_perfix }}/v1/consumer/desktop_app/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/desktop_app/credential/register" + - name: readContent + uris: "{{ content_prefix }}/v1/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/read" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'desktopSuperAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential + config.limit_by: ip - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: registerDesktopDevice - uris: "{{ api_manager_perfix }}/v1/consumer/desktop_device/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/desktop_device/credential/register" + - name: readContentState + uris: "{{ course_service_prefix }}/v1/content/state/read" + upstream_url: "{{ lms_service_url }}/v1/content/state/read" strip_uri: true plugins: - name: jwt @@ -2574,7 +2790,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'desktopAdmin' + - 'courseAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2582,9 +2798,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: registerDesktopDevicev2 - uris: "{{ api_manager_perfix }}/v2/consumer/desktop_device/credential/register" - upstream_url: "{{ am_util_url }}/v2/consumer/desktop_device/credential/register" + - name: readCourse + uris: "{{ course_service_prefix }}/v1/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/course/read" strip_uri: true plugins: - name: jwt @@ -2592,7 +2808,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'desktopAdmin' + - 'courseAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2600,9 +2816,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: refreshLock - uris: "{{ lock_service_prefix }}/v1/refresh" - upstream_url: "{{ knowledge_mw_service_url }}/v1/lock/refresh" + - name: readCourseEnrollment + uris: "{{ course_service_prefix }}/v1/user/enrollment/read" + upstream_url: "{{ lms_service_url }}/v1/user/courses/read" strip_uri: true plugins: - name: jwt @@ -2610,7 +2826,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentUpdate' + - 'courseAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2618,9 +2834,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: refreshToken - uris: "{{ auth_service_prefix }}/v1/refresh/token" - upstream_url: "{{ am_util_url }}/v1/auth/refresh/token" + - name: readDialcode + uris: "{{ dialcode_service_prefix }}/v1/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/read" strip_uri: true plugins: - name: jwt @@ -2628,53 +2844,45 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'refreshTokenCreate' + - 'dialcodeAccess' - name: rate-limiting config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: registerMobileApp - uris: "{{ api_manager_perfix }}/v1/consumer/mobile_app/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/mobile_app/credential/register" + - name: readForm + uris: "{{ data_service_prefix }}/v1/form/read" + upstream_url: "{{ player_service_url }}/plugin/v1/form/read" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'mobileSuperAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential + config.limit_by: ip - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: registerMobileAppOpenRAP - uris: "{{ api_manager_perfix }}/v1/consumer/mobile_app_openrap/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/mobile_app_openrap/credential/register" + - name: readFramework + uris: "{{ framework_service_prefix }}/v1/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/read" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'mobileOpenRAPSuperAdmin' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential + config.hour: "{{ premium_consumer_large_rate_limit_per_hour }}" + config.limit_by: ip - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: registerMobileAppTeacherAid - uris: "{{ api_manager_perfix }}/v1/consumer/mobile_app_teacheraid/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/mobile_app_teacheraid/credential/register" + - name: readFrameworkCategory + uris: "{{ framework_service_prefix }}/v1/category/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/category/read" strip_uri: true plugins: - name: jwt @@ -2682,17 +2890,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'mobileTeacherAidSuperAdmin' + - 'frameworkAccess' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: registerMobileDevice - uris: "{{ api_manager_perfix }}/v1/consumer/mobile_device/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/mobile_device/credential/register" + - name: readFrameworkTerm + uris: "{{ framework_service_prefix }}/v1/term/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/term/read" strip_uri: true plugins: - name: jwt @@ -2700,17 +2908,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'mobileAdmin' + - 'frameworkAccess' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ x_large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: registerMobileDevicev2 - uris: "{{ api_manager_perfix }}/v2/consumer/mobile_device/credential/register" - upstream_url: "{{ am_util_url }}/v2/consumer/mobile_device/credential/register" + - name: readNote + uris: "{{ notes_service_prefix }}/v1/read" + upstream_url: "{{ learning_service_url }}/v1/note/read" strip_uri: true plugins: - name: jwt @@ -2718,7 +2926,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'mobileAdmin' + - 'noteAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2726,9 +2934,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: registerPortalAnonymous - uris: "{{ api_manager_perfix }}/v2/consumer/portal_anonymous/credential/register" - upstream_url: "{{ am_util_url }}/v2/consumer/portal_anonymous/credential/register" + - name: readOrg + uris: "{{ org_service_prefix }}/v1/read" + upstream_url: "{{ learning_service_url }}/v1/org/read" strip_uri: true plugins: - name: jwt @@ -2736,7 +2944,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'portalAnonymous' + - 'orgAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2744,9 +2952,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: registerPortalLoggedin - uris: "{{ api_manager_perfix }}/v2/consumer/portal_loggedin/credential/register" - upstream_url: "{{ am_util_url }}/v2/consumer/portal_loggedin/credential/register" + - name: readPageSection + uris: "{{ data_service_prefix }}/v1/page/section/read" + upstream_url: "{{ lms_service_url }}/v1/page/section/read" strip_uri: true plugins: - name: jwt @@ -2754,7 +2962,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'portalLoggedin' + - 'pageAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2762,9 +2970,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: registerMobileDeviceOpenRAP - uris: "{{ api_manager_perfix }}/v1/consumer/mobile_device_openrap/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/mobile_device_openrap/credential/register" + - name: readPublisher + uris: "{{ dialcode_service_prefix }}/v1/publisher/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/publisher/read" strip_uri: true plugins: - name: jwt @@ -2772,7 +2980,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'mobileOpenRAPAdmin' + - 'dialcodeCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2780,9 +2988,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: registerMobileDeviceTeacherAid - uris: "{{ api_manager_perfix }}/v1/consumer/mobile_device_teacheraid/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/mobile_device_teacheraid/credential/register" + - name: readRoleMapping + uris: "{{ data_service_prefix }}/v1/role/read" + upstream_url: "{{ learning_service_url }}/v1/role/read" strip_uri: true plugins: - name: jwt @@ -2790,7 +2998,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'mobileTeacherAidAdmin' + - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2798,9 +3006,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: rejectContent - uris: "{{ content_prefix }}/v1/reject" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/reject" + - name: readUserProfile + uris: "{{ user_service_prefix }}/v1/profile/read" + upstream_url: "{{ learning_service_url }}/v1/user/getuser" strip_uri: true plugins: - name: jwt @@ -2808,7 +3016,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentAdmin' + - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2816,9 +3024,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: rejectContentFlag - uris: "{{ content_prefix }}/v1/flag/reject" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/flag/reject" + - name: registerDesktopApp + uris: "{{ api_manager_perfix }}/v1/consumer/desktop_app/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/desktop_app/credential/register" strip_uri: true plugins: - name: jwt @@ -2826,7 +3034,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentAdmin' + - 'desktopSuperAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2834,9 +3042,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: releaseDialcode - uris: "{{ dialcode_service_prefix }}/v1/release" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/release" + - name: registerDesktopDevice + uris: "{{ api_manager_perfix }}/v1/consumer/desktop_device/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/desktop_device/credential/register" strip_uri: true plugins: - name: jwt @@ -2844,7 +3052,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'dialcodeAdmin' + - 'desktopAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2852,9 +3060,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: reserveDialcode - uris: "{{ dialcode_service_prefix }}/v1/reserve" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/reserve" + - name: registerDesktopDevicev2 + uris: "{{ api_manager_perfix }}/v2/consumer/desktop_device/credential/register" + upstream_url: "{{ am_util_url }}/v2/consumer/desktop_device/credential/register" strip_uri: true plugins: - name: jwt @@ -2862,7 +3070,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'dialcodeAdmin' + - 'desktopAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2870,9 +3078,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: retireContent - uris: "{{ content_prefix }}/v1/retire" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/retire" + - name: refreshLock + uris: "{{ lock_service_prefix }}/v1/refresh" + upstream_url: "{{ knowledge_mw_service_url }}/v1/lock/refresh" strip_uri: true plugins: - name: jwt @@ -2880,7 +3088,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentAdmin' + - 'contentUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2888,9 +3096,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: retireCourse - uris: "{{ course_service_prefix }}/v1/retire" - upstream_url: "{{ knowledge_mw_service_url }}/v1/course/retire" + - name: refreshToken + uris: "{{ auth_service_prefix }}/v1/refresh/token" + upstream_url: "{{ am_util_url }}/v1/auth/refresh/token" strip_uri: true plugins: - name: jwt @@ -2898,17 +3106,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'courseAdmin' + - 'refreshTokenCreate' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ small_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: retireLock - uris: "{{ lock_service_prefix }}/v1/retire" - upstream_url: "{{ knowledge_mw_service_url }}/v1/lock/retire" + - name: registerMobileApp + uris: "{{ api_manager_perfix }}/v1/consumer/mobile_app/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/mobile_app/credential/register" strip_uri: true plugins: - name: jwt @@ -2916,7 +3124,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentAdmin' + - 'mobileSuperAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2924,9 +3132,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: searchChannel - uris: "{{ channel_service_prefix }}/v1/search" - upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/search" + - name: registerMobileAppOpenRAP + uris: "{{ api_manager_perfix }}/v1/consumer/mobile_app_openrap/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/mobile_app_openrap/credential/register" strip_uri: true plugins: - name: jwt @@ -2934,7 +3142,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'channelAdmin' + - 'mobileOpenRAPSuperAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2942,23 +3150,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: searchContent - uris: "{{ content_prefix }}/v1/search" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/search" - strip_uri: true - plugins: - - name: cors - - "{{ statsd_pulgin }}" - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: searchCourse - uris: "{{ course_service_prefix }}/v1/search" - upstream_url: "{{ knowledge_mw_service_url }}/v1/course/search" + - name: registerMobileAppTeacherAid + uris: "{{ api_manager_perfix }}/v1/consumer/mobile_app_teacheraid/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/mobile_app_teacheraid/credential/register" strip_uri: true plugins: - name: jwt @@ -2966,7 +3160,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'courseAccess' + - 'mobileTeacherAidSuperAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2974,9 +3168,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: searchDialcodes - uris: "{{ dialcode_service_prefix }}/v1/search" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/search" + - name: registerMobileDevice + uris: "{{ api_manager_perfix }}/v1/consumer/mobile_device/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/mobile_device/credential/register" strip_uri: true plugins: - name: jwt @@ -2984,7 +3178,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'dialcodeAccess' + - 'mobileAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2992,9 +3186,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: searchFrameworkCategory - uris: "{{ framework_service_prefix }}/v1/category/search" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/category/search" + - name: registerMobileDevicev2 + uris: "{{ api_manager_perfix }}/v2/consumer/mobile_device/credential/register" + upstream_url: "{{ am_util_url }}/v2/consumer/mobile_device/credential/register" strip_uri: true plugins: - name: jwt @@ -3002,17 +3196,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'frameworkAccess' + - 'mobileAdmin' - name: rate-limiting config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: searchFrameworkTerm - uris: "{{ framework_service_prefix }}/v1/term/search" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/term/search" + - name: registerMobileDeviceOpenRAP + uris: "{{ api_manager_perfix }}/v1/consumer/mobile_device_openrap/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/mobile_device_openrap/credential/register" strip_uri: true plugins: - name: jwt @@ -3020,17 +3214,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'frameworkAccess' + - 'mobileOpenRAPAdmin' - name: rate-limiting config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: searchNotes - uris: "{{ notes_service_prefix }}/v1/search" - upstream_url: "{{ learning_service_url }}/v1/note/search" + - name: registerMobileDeviceTeacherAid + uris: "{{ api_manager_perfix }}/v1/consumer/mobile_device_teacheraid/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/mobile_device_teacheraid/credential/register" strip_uri: true plugins: - name: jwt @@ -3038,7 +3232,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'noteAccess' + - 'mobileTeacherAidAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3046,37 +3240,45 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: searchOrgExtended - uris: "{{ org_service_prefix }}/v1/ext/search" - upstream_url: "{{ learning_service_url }}/v1/org/search" + - name: rejectContent + uris: "{{ content_prefix }}/v1/reject" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/reject" strip_uri: true plugins: + - name: jwt - name: cors - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip + config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: searchOrg - uris: "{{ org_service_prefix }}/v1/search" - upstream_url: "{{ learning_service_url }}/v1/org/search" + - name: rejectContentFlag + uris: "{{ content_prefix }}/v1/flag/reject" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/flag/reject" strip_uri: true plugins: + - name: jwt - name: cors - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip + config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: searchUser - uris: "{{ user_service_prefix }}/v1/search" - upstream_url: "{{ learning_service_url }}/v1/user/search" + - name: releaseDialcode + uris: "{{ dialcode_service_prefix }}/v1/release" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/release" strip_uri: true plugins: - name: jwt @@ -3084,7 +3286,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userTempAdmin' + - 'dialcodeAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3092,9 +3294,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: sendEmailNotification - uris: "{{ user_service_prefix }}/v1/notification/email" - upstream_url: "{{ learning_service_url }}/v1/notification/email" + - name: removeMember + uris: "{{ org_service_prefix }}/v1/member/remove" + upstream_url: "{{ learning_service_url }}/v1/org/member/remove" strip_uri: true plugins: - name: jwt @@ -3102,17 +3304,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'appUpdate' + - 'orgAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: submitContentForReview - uris: "{{ content_prefix }}/v1/review" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/review" + - name: removeUserFromBatch + uris: "{{ course_service_prefix }}/v1/batch/user/remove" + upstream_url: "{{ lms_service_url }}/v1/course/batch/users/remove" strip_uri: true plugins: - name: jwt @@ -3120,7 +3322,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentAdmin' + - 'courseAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3128,9 +3330,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: submitCourseForReview - uris: "{{ course_service_prefix }}/v1/review" - upstream_url: "{{ knowledge_mw_service_url }}/v1/course/review" + - name: reserveDialcode + uris: "{{ dialcode_service_prefix }}/v1/reserve" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/reserve" strip_uri: true plugins: - name: jwt @@ -3138,7 +3340,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'courseAdmin' + - 'dialcodeAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3146,9 +3348,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: telemetry - uris: "{{ data_service_prefix }}/v1/telemetry" - upstream_url: "{{ telemetry_service_url }}/v1/telemetry" + - name: retireContent + uris: "{{ content_prefix }}/v1/retire" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/retire" strip_uri: true plugins: - name: jwt @@ -3156,17 +3358,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'telemetryCreate' + - 'contentAdmin' - name: rate-limiting config.policy: local - config.hour: "{{ premium_consumer_large_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: telemetryErrorLogging - uris: "{{ data_service_prefix }}/v1/client/logs" - upstream_url: "{{ analytics_api_service_url }}/data/v1/client/logs" + - name: retireCourse + uris: "{{ course_service_prefix }}/v1/retire" + upstream_url: "{{ knowledge_mw_service_url }}/v1/course/retire" strip_uri: true plugins: - name: jwt @@ -3174,7 +3376,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'telemetryCreate' + - 'courseAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3182,9 +3384,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: unblockUser - uris: "{{ user_service_prefix }}/v1/unblock" - upstream_url: "{{ learning_service_url }}/v1/user/unblock" + - name: retireLock + uris: "{{ lock_service_prefix }}/v1/retire" + upstream_url: "{{ knowledge_mw_service_url }}/v1/lock/retire" strip_uri: true plugins: - name: jwt @@ -3192,7 +3394,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'contentAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3200,9 +3402,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateBatch - uris: "{{ course_service_prefix }}/v1/batch/update" - upstream_url: "{{ lms_service_url }}/v1/course/batch/update" + - name: revokeAssertion + uris: "{{ badge_service_prefix }}/v1/issuer/badge/assertion/delete" + upstream_url: "{{ learning_service_url }}/v1/issuer/badge/assertion/delete" strip_uri: true plugins: - name: jwt @@ -3210,17 +3412,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'courseUpdate' + - 'badgeAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: updateCertTemplate - uris: "{{ cert_service_prefix }}/v1/template/update" - upstream_url: "{{ cert_service_url }}/cert/v1/template/update" + - name: searchBadgeClass + uris: "{{ badge_service_prefix }}/v1/issuer/badge/search" + upstream_url: "{{ learning_service_url }}/v1/issuer/badge/search" strip_uri: true plugins: - name: jwt @@ -3228,7 +3430,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'certificateUpdate' + - 'badgeAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3236,9 +3438,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: updateChannel - uris: "{{ channel_service_prefix }}/v1/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/update" + - name: searchChannel + uris: "{{ channel_service_prefix }}/v1/search" + upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/search" strip_uri: true plugins: - name: jwt @@ -3246,7 +3448,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'channelUpdate' + - 'channelAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3254,27 +3456,23 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateCollaborators - uris: "{{ content_prefix }}/v1/collaborator/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/collaborator/update" + - name: searchContent + uris: "{{ content_prefix }}/v1/search" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/search" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'contentUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential + config.limit_by: ip - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateContent - uris: "{{ content_prefix }}/v1/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/update" + - name: searchCourse + uris: "{{ course_service_prefix }}/v1/search" + upstream_url: "{{ knowledge_mw_service_url }}/v1/course/search" strip_uri: true plugins: - name: jwt @@ -3282,7 +3480,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentUpdate' + - 'courseAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3290,9 +3488,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateContentState - uris: "{{ course_service_prefix }}/v1/content/state/update" - upstream_url: "{{ lms_service_url }}/v1/content/state/update" + - name: searchData + uris: "{{ data_service_prefix }}/v1/object/search" + upstream_url: "{{ learning_service_url }}/v1/object/search" strip_uri: true plugins: - name: jwt @@ -3300,17 +3498,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'courseAccess' + - 'objectAdmin' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: updateCourse - uris: "{{ course_service_prefix }}/v1/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/course/update" + - name: searchDialcodes + uris: "{{ dialcode_service_prefix }}/v1/search" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/search" strip_uri: true plugins: - name: jwt @@ -3318,7 +3516,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'courseUpdate' + - 'dialcodeAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3326,9 +3524,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateCourseHierarchy - uris: "{{ course_service_prefix }}/v1/hierarchy/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/course/hierarchy/update" + - name: searchFrameworkCategory + uris: "{{ framework_service_prefix }}/v1/category/search" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/category/search" strip_uri: true plugins: - name: jwt @@ -3336,17 +3534,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'courseUpdate' + - 'frameworkAccess' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateDesktopApp - uris: "{{ desktop_app_prefix }}/v1/update" - upstream_url: "{{ player_service_url }}/v1/desktop/update" + - name: searchFrameworkTerm + uris: "{{ framework_service_prefix }}/v1/term/search" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/term/search" strip_uri: true plugins: - name: jwt @@ -3354,7 +3552,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'anonymousAppAccess' + - 'frameworkAccess' - name: rate-limiting config.policy: local config.hour: "{{ large_rate_limit_per_hour }}" @@ -3362,9 +3560,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateDialcode - uris: "{{ dialcode_service_prefix }}/v1/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/update" + - name: searchNotes + uris: "{{ notes_service_prefix }}/v1/search" + upstream_url: "{{ learning_service_url }}/v1/note/search" strip_uri: true plugins: - name: jwt @@ -3372,7 +3570,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'dialcodeUpdate' + - 'noteAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3380,45 +3578,36 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateForm - uris: "{{ data_service_prefix }}/v1/form/update" - upstream_url: "{{ player_service_url }}/plugin/v1/form/update" + - name: searchOrgExtended + uris: "{{ org_service_prefix }}/v1/ext/search" + upstream_url: "{{ learning_service_url }}/v1/org/search" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'formUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential + config.limit_by: ip - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - - name: updateFramework - uris: "{{ framework_service_prefix }}/v1/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/update" + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: searchOrg + uris: "{{ org_service_prefix }}/v1/search" + upstream_url: "{{ learning_service_url }}/v1/org/search" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'frameworkUpdate' - name: rate-limiting config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" - config.limit_by: credential + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateFrameworkCategory - uris: "{{ framework_service_prefix }}/v1/category/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/category/update" + - name: searchUser + uris: "{{ user_service_prefix }}/v1/search" + upstream_url: "{{ learning_service_url }}/v1/user/search" strip_uri: true plugins: - name: jwt @@ -3426,17 +3615,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'frameworkUpdate' + - 'userTempAdmin' - name: rate-limiting config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateFrameworkTerm - uris: "{{ framework_service_prefix }}/v1/term/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/term/update" + - name: sendEmailNotification + uris: "{{ user_service_prefix }}/v1/notification/email" + upstream_url: "{{ learning_service_url }}/v1/notification/email" strip_uri: true plugins: - name: jwt @@ -3444,17 +3633,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'frameworkUpdate' + - 'appUpdate' - name: rate-limiting config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: updateNote - uris: "{{ notes_service_prefix }}/v1/update" - upstream_url: "{{ learning_service_url }}/v1/note/update" + - name: sendNotification + uris: "{{ data_service_prefix }}/v1/notification/send" + upstream_url: "{{ learning_service_url }}/v1/notification/send" strip_uri: true plugins: - name: jwt @@ -3462,7 +3651,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'noteUpdate' + - 'appAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3470,9 +3659,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateOrg - uris: "{{ org_service_prefix }}/v1/update" - upstream_url: "{{ learning_service_url }}/v1/org/update" + - name: submitContentForReview + uris: "{{ content_prefix }}/v1/review" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/review" strip_uri: true plugins: - name: jwt @@ -3480,7 +3669,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'orgUpdate' + - 'contentAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3488,9 +3677,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateOrgStatus - uris: "{{ org_service_prefix }}/v1/status/update" - upstream_url: "{{ learning_service_url }}/v1/org/status/update" + - name: submitCourseForReview + uris: "{{ course_service_prefix }}/v1/review" + upstream_url: "{{ knowledge_mw_service_url }}/v1/course/review" strip_uri: true plugins: - name: jwt @@ -3498,7 +3687,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'orgUpdate' + - 'courseAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3506,9 +3695,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updatePage - uris: "{{ data_service_prefix }}/v1/page/update" - upstream_url: "{{ lms_service_url }}/v1/page/update" + - name: telemetry + uris: "{{ data_service_prefix }}/v1/telemetry" + upstream_url: "{{ telemetry_service_url }}/v1/telemetry" strip_uri: true plugins: - name: jwt @@ -3516,17 +3705,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'pageUpdate' + - 'telemetryCreate' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ premium_consumer_large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updatePageSection - uris: "{{ data_service_prefix }}/v1/page/section/update" - upstream_url: "{{ lms_service_url }}/v1/page/section/update" + - name: telemetryErrorLogging + uris: "{{ data_service_prefix }}/v1/client/logs" + upstream_url: "{{ analytics_api_service_url }}/data/v1/client/logs" strip_uri: true plugins: - name: jwt @@ -3534,7 +3723,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'pageUpdate' + - 'telemetryCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3542,9 +3731,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updatePublisher - uris: "{{ dialcode_service_prefix }}/v1/publisher/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/publisher/update" + - name: unblockUser + uris: "{{ user_service_prefix }}/v1/unblock" + upstream_url: "{{ learning_service_url }}/v1/user/unblock" strip_uri: true plugins: - name: jwt @@ -3552,7 +3741,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'dialcodeUpdate' + - 'userAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3560,9 +3749,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateUser - uris: "{{ user_service_prefix }}/v1/update" - upstream_url: "{{ learning_service_url }}/v1/user/update" + - name: updateBatch + uris: "{{ course_service_prefix }}/v1/batch/update" + upstream_url: "{{ lms_service_url }}/v1/course/batch/update" strip_uri: true plugins: - name: jwt @@ -3570,17 +3759,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userUpdate' + - 'courseUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: uploadContent - uris: "{{ content_prefix }}/v1/upload" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/upload" + - name: updateCertTemplate + uris: "{{ cert_service_prefix }}/v1/template/update" + upstream_url: "{{ cert_service_url }}/cert/v1/template/update" strip_uri: true plugins: - name: jwt @@ -3588,17 +3777,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentCreate' + - 'certificateUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ large_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: uploadCrashLogs - uris: "{{ desktop_app_prefix }}/v1/upload-crash-logs" - upstream_url: "{{ player_service_url }}/v1/desktop/upload-crash-logs" + - name: updateChannel + uris: "{{ channel_service_prefix }}/v1/update" + upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/update" strip_uri: true plugins: - name: jwt @@ -3606,17 +3795,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'telemetryCreate' + - 'channelUpdate' - name: rate-limiting config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: uploadTOC - uris: "{{ textbook_service_prefix }}/v1/toc/upload" - upstream_url: "{{ lms_service_url }}/v1/textbook/toc/upload" + - name: updateCollaborators + uris: "{{ content_prefix }}/v1/collaborator/update" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/collaborator/update" strip_uri: true plugins: - name: jwt @@ -3624,17 +3813,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentCreate' + - 'contentUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: userBulkUpload - uris: "{{ user_service_prefix }}/v1/upload" - upstream_url: "{{ learning_service_url }}/v1/user/upload" + - name: updateContent + uris: "{{ content_prefix }}/v1/update" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/update" strip_uri: true plugins: - name: jwt @@ -3642,17 +3831,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'contentUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: userExistenceApi - uris: "{{ user_service_prefix }}/v1/exists" - upstream_url: "{{ learning_service_url }}/v1/user/exists" + - name: updateContentState + uris: "{{ course_service_prefix }}/v1/content/state/update" + upstream_url: "{{ lms_service_url }}/v1/content/state/update" strip_uri: true plugins: - name: jwt @@ -3660,7 +3849,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'anonymousUserAccess' + - 'courseAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3668,9 +3857,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: userExistenceApiV2 - uris: "{{ user_service_prefix }}/v2/exists" - upstream_url: "{{ learning_service_url }}/v2/user/exists" + - name: updateCourse + uris: "{{ course_service_prefix }}/v1/update" + upstream_url: "{{ knowledge_mw_service_url }}/v1/course/update" strip_uri: true plugins: - name: jwt @@ -3678,7 +3867,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAccess' + - 'courseUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3686,9 +3875,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: userFeed - uris: "{{ user_service_prefix }}/v1/feed" - upstream_url: "{{ learning_service_url }}/v1/user/feed" + - name: updateCourseHierarchy + uris: "{{ course_service_prefix }}/v1/hierarchy/update" + upstream_url: "{{ knowledge_mw_service_url }}/v1/course/hierarchy/update" strip_uri: true plugins: - name: jwt @@ -3696,7 +3885,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAccess' + - 'courseUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3704,9 +3893,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: userFeedCreate - uris: "{{ user_service_prefix }}/feed/v1/create" - upstream_url: "{{ learning_service_url }}/v1/user/feed/create" + - name: updateData + uris: "{{ data_service_prefix }}/v1/object/update" + upstream_url: "{{ learning_service_url }}/v1/object/update" strip_uri: true plugins: - name: jwt @@ -3714,17 +3903,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAccess' + - 'objectUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: userFeedDelete - uris: "{{ user_service_prefix }}/feed/v1/delete" - upstream_url: "{{ learning_service_url }}/v1/user/feed/delete" + - name: updateDesktopApp + uris: "{{ desktop_app_prefix }}/v1/update" + upstream_url: "{{ player_service_url }}/v1/desktop/update" strip_uri: true plugins: - name: jwt @@ -3732,17 +3921,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAccess' + - 'appAccess' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: userFeedUpdate - uris: "{{ user_service_prefix }}/feed/v1/update" - upstream_url: "{{ learning_service_url }}/v1/user/feed/update" + + - name: updateDialcode + uris: "{{ dialcode_service_prefix }}/v1/update" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/update" strip_uri: true plugins: - name: jwt @@ -3750,7 +3939,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAccess' + - 'dialcodeUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3758,9 +3947,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: userMigrate - uris: "{{ user_service_prefix }}/v1/migrate" - upstream_url: "{{ learning_service_url }}/v1/user/migrate" + - name: updateForm + uris: "{{ data_service_prefix }}/v1/form/update" + upstream_url: "{{ player_service_url }}/plugin/v1/form/update" strip_uri: true plugins: - name: jwt @@ -3768,17 +3957,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userUpdate' + - 'formUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: validateRegCertificate - uris: "{{ cert_registry_service_prefix }}/v1/certs/validate" - upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/validate" + - name: updateFramework + uris: "{{ framework_service_prefix }}/v1/update" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/update" strip_uri: true plugins: - name: jwt @@ -3786,17 +3975,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'anonymousCertificateAccess' + - 'frameworkUpdate' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: verifyOtp - uris: "{{ otp_service_prefix }}/v1/verify" - upstream_url: "{{ learning_service_url }}/v1/otp/verify" + - name: updateFrameworkCategory + uris: "{{ framework_service_prefix }}/v1/category/update" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/category/update" strip_uri: true plugins: - name: jwt @@ -3804,17 +3993,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'anonymousUserAccess' + - 'frameworkUpdate' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: verifyRegCertificate - uris: "{{ cert_registry_service_prefix }}/v1/certs/verify" - upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/verify" + - name: updateFrameworkTerm + uris: "{{ framework_service_prefix }}/v1/term/update" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/term/update" strip_uri: true plugins: - name: jwt @@ -3822,17 +4011,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'certificateAccess' + - 'frameworkUpdate' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: registerIgotApp - uris: "{{ api_manager_perfix }}/v1/consumer/igot_app/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/igot_app/credential/register" + - name: updateLocation + uris: "{{ org_service_prefix }}/v1/location/update" + upstream_url: "{{ learning_service_url }}/v1/notification/location/update" strip_uri: true plugins: - name: jwt @@ -3840,7 +4029,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'igotAdmin' + - 'locationUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3848,9 +4037,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: registerIgotDevice - uris: "{{ api_manager_perfix }}/v1/consumer/igot_device/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/igot_device/credential/register" + - name: updateNote + uris: "{{ notes_service_prefix }}/v1/update" + upstream_url: "{{ learning_service_url }}/v1/note/update" strip_uri: true plugins: - name: jwt @@ -3858,17 +4047,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'igotApp' + - 'noteUpdate' - name: rate-limiting config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: listReports - uris: "{{ report_service_prefix }}/report/list" - upstream_url: "{{ report_service_url }}/report/list" + - name: updateOrg + uris: "{{ org_service_prefix }}/v1/update" + upstream_url: "{{ learning_service_url }}/v1/org/update" strip_uri: true plugins: - name: jwt @@ -3876,7 +4065,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'reportsAdmin' + - 'orgUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3884,9 +4073,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getReport - uris: "{{ report_service_prefix }}/report/get" - upstream_url: "{{ report_service_url }}/report/get" + - name: updateOrgStatus + uris: "{{ org_service_prefix }}/v1/status/update" + upstream_url: "{{ learning_service_url }}/v1/org/status/update" strip_uri: true plugins: - name: jwt @@ -3894,7 +4083,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'reportsAccess' + - 'orgUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3902,9 +4091,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateReport - uris: "{{ report_service_prefix }}/report/update" - upstream_url: "{{ report_service_url }}/report/update" + - name: updateOrgType + uris: "{{ org_service_prefix }}/v1/type/update" + upstream_url: "{{ learning_service_url }}/v1/org/type/update" strip_uri: true plugins: - name: jwt @@ -3912,17 +4101,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'reportsUpdate' + - 'orgUpdate' - name: rate-limiting config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: deleteReport - uris: "{{ report_service_prefix }}/report/delete" - upstream_url: "{{ report_service_url }}/report/delete" + - name: updatePage + uris: "{{ data_service_prefix }}/v1/page/update" + upstream_url: "{{ lms_service_url }}/v1/page/update" strip_uri: true plugins: - name: jwt @@ -3930,17 +4119,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'reportsAdmin' + - 'pageUpdate' - name: rate-limiting config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: createReport - uris: "{{ report_service_prefix }}/report/create" - upstream_url: "{{ report_service_url }}/report/create" + - name: updatePageSection + uris: "{{ data_service_prefix }}/v1/page/section/update" + upstream_url: "{{ lms_service_url }}/v1/page/section/update" strip_uri: true plugins: - name: jwt @@ -3948,7 +4137,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'reportsCreate' + - 'pageUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3956,9 +4145,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: createReportSummary - uris: "{{ report_service_prefix }}/report/summary/create" - upstream_url: "{{ report_service_url }}/report/summary/create" + - name: updatePublisher + uris: "{{ dialcode_service_prefix }}/v1/publisher/update" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/publisher/update" strip_uri: true plugins: - name: jwt @@ -3966,7 +4155,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'reportsCreate' + - 'dialcodeUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -3974,9 +4163,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getReportSummary - uris: "{{ report_service_prefix }}/report/summary" - upstream_url: "{{ report_service_url }}/report/summary" + - name: updateUser + uris: "{{ user_service_prefix }}/v1/update" + upstream_url: "{{ learning_service_url }}/v1/user/update" strip_uri: true plugins: - name: jwt @@ -3984,17 +4173,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'reportsAccess' + - 'userUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: listReportSummary - uris: "{{ report_service_prefix }}/report/summary/list" - upstream_url: "{{ report_service_url }}/report/summary/list" + - name: updateUserloginTime + uris: "{{ user_service_prefix }}/v1/update/logintime" + upstream_url: "{{ learning_service_url }}/v1/user/update/logintime" strip_uri: true plugins: - name: jwt @@ -4002,17 +4191,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'reportsAdmin' + - 'userUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: searchRegCertificate - uris: "{{ cert_registry_service_prefix }}/v1/certs/search" - upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/search" + - name: updateUserSkill + uris: "{{ user_service_prefix }}/v1/skill/update" + upstream_url: "{{ learning_service_url }}/v1/user/skill/update" strip_uri: true plugins: - name: jwt @@ -4020,7 +4209,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'certificateAccess' + - 'userUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4028,9 +4217,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readRegCertificate - uris: "{{ cert_registry_service_prefix }}/v1/certs/read" - upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/read" + - name: uploadContent + uris: "{{ content_prefix }}/v1/upload" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/upload" strip_uri: true plugins: - name: jwt @@ -4038,17 +4227,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'certificateAccess' + - 'contentCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ large_request_size_limit }}" - - name: forgotPassword - uris: "{{ learner_private_route_prefix }}/user/v1/password/reset" - upstream_url: "{{ learning_service_url }}/private/user/v1/password/reset" + - name: uploadCrashLogs + uris: "{{ desktop_app_prefix }}/v1/upload-crash-logs" + upstream_url: "{{ player_service_url }}/v1/desktop/upload-crash-logs" strip_uri: true plugins: - name: jwt @@ -4056,7 +4245,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'anonymousUserAccess' + - 'telemetryCreate' - name: rate-limiting config.policy: local config.hour: "{{ small_rate_limit_per_hour }}" @@ -4064,9 +4253,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: publishReport - uris: "{{ report_service_prefix }}/report/publish" - upstream_url: "{{ report_service_url }}/report/publish" + - name: uploadTOC + uris: "{{ textbook_service_prefix }}/v1/toc/upload" + upstream_url: "{{ lms_service_url }}/v1/textbook/toc/upload" strip_uri: true plugins: - name: jwt @@ -4074,17 +4263,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'reportsAdmin' + - 'contentCreate' - name: rate-limiting config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: retireReport - uris: "{{ report_service_prefix }}/report/retire" - upstream_url: "{{ report_service_url }}/report/retire" + - name: userBulkUpload + uris: "{{ user_service_prefix }}/v1/upload" + upstream_url: "{{ learning_service_url }}/v1/user/upload" strip_uri: true plugins: - name: jwt @@ -4092,17 +4281,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'reportsAdmin' + - 'userAdmin' - name: rate-limiting config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: searchManagedUser - uris: "{{ user_service_prefix }}/v1/managed" - upstream_url: "{{ learning_service_url }}/v1/user/managed" + - name: UserBulkUploadv2 + uris: "{{ user_service_prefix }}/v2/bulk/upload" + upstream_url: "{{ learning_service_url }}/v2/bulk/user/upload" strip_uri: true plugins: - name: jwt @@ -4110,17 +4299,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'anonymousUserAccess' + - 'userAdmin' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ small_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: createGroup - uris: "{{ group_service_prefix }}/v1/create" - upstream_url: "{{ group_service_url }}/v1/group/create" + - name: userExistenceApi + uris: "{{ user_service_prefix }}/v1/exists" + upstream_url: "{{ learning_service_url }}/v1/user/exists" strip_uri: true plugins: - name: jwt @@ -4128,7 +4317,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'groupCreate' + - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4136,9 +4325,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateGroup - uris: "{{ group_service_prefix }}/v1/update" - upstream_url: "{{ group_service_url }}/v1/group/update" + - name: userExistenceApiV2 + uris: "{{ user_service_prefix }}/v2/exists" + upstream_url: "{{ learning_service_url }}/v2/user/exists" strip_uri: true plugins: - name: jwt @@ -4146,17 +4335,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'groupUpdate' + - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: listGroup - uris: "{{ group_service_prefix }}/v1/list" - upstream_url: "{{ group_service_url }}/v1/group/list" + - name: userFeed + uris: "{{ user_service_prefix }}/v1/feed" + upstream_url: "{{ learning_service_url }}/v1/user/feed" strip_uri: true plugins: - name: jwt @@ -4164,17 +4353,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'groupAccess' + - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readGroup - uris: "{{ group_service_prefix }}/v1/read" - upstream_url: "{{ group_service_url }}/v1/group/read" + - name: userFeedCreate + uris: "{{ user_service_prefix }}/feed/v1/create" + upstream_url: "{{ learning_service_url }}/v1/user/feed/create" strip_uri: true plugins: - name: jwt @@ -4182,7 +4371,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'groupAccess' + - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4190,45 +4379,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: deleteGroup - uris: "{{ group_service_prefix }}/v1/delete" - upstream_url: "{{ group_service_url }}/v1/group/delete" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'groupAdmin' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: updateGroupMembership - uris: "{{ group_service_prefix }}/membership/v1/update" - upstream_url: "{{ group_service_url }}/v1/group/membership/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'groupUpdate' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: groupActivityAgg - uris: "{{ data_service_prefix }}/v1/group/activity/agg" - upstream_url: "{{ lms_service_url }}/v1/group/activity/agg" + - name: userFeedDelete + uris: "{{ user_service_prefix }}/feed/v1/delete" + upstream_url: "{{ learning_service_url }}/v1/user/feed/delete" strip_uri: true plugins: - name: jwt @@ -4236,17 +4389,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'groupAccess' + - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: listForm - uris: "{{ data_service_prefix }}/v1/form/list" - upstream_url: "{{ player_service_url }}/plugin/v1/form/list" + + - name: userFeedUpdate + uris: "{{ user_service_prefix }}/feed/v1/update" + upstream_url: "{{ learning_service_url }}/v1/user/feed/update" strip_uri: true plugins: - name: jwt @@ -4254,17 +4407,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'appAdmin' + - 'userAccess' - name: rate-limiting config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getUserProfileV3 - uris: "{{ user_service_prefix }}/v3/read" - upstream_url: "{{ learning_service_url }}/v3/user/read" + - name: userMigrate + uris: "{{ user_service_prefix }}/v1/migrate" + upstream_url: "{{ learning_service_url }}/v1/user/migrate" strip_uri: true plugins: - name: jwt @@ -4272,7 +4425,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAccess' + - 'userUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4280,9 +4433,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateUserDeclarations - uris: "{{ user_service_prefix }}/v1/declarations" - upstream_url: "{{ learning_service_url }}/v1/user/declarations" + - name: validateRegCertificate + uris: "{{ cert_registry_service_prefix }}/v1/certs/validate" + upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/validate" strip_uri: true plugins: - name: jwt @@ -4290,17 +4443,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userUpdate' + - 'certificateAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateUserConsent - uris: "{{ user_service_prefix }}/v1/consent/update" - upstream_url: "{{ learning_service_url }}/v1/user/consent/update" + - name: verifyOtp + uris: "{{ otp_service_prefix }}/v1/verify" + upstream_url: "{{ learning_service_url }}/v1/otp/verify" strip_uri: true plugins: - name: jwt @@ -4308,17 +4461,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userUpdate' + - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readUserConsent - uris: "{{ user_service_prefix }}/v1/consent/read" - upstream_url: "{{ learning_service_url }}/v1/user/consent/read" + - name: verifyRegCertificate + uris: "{{ cert_registry_service_prefix }}/v1/certs/verify" + upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/verify" strip_uri: true plugins: - name: jwt @@ -4326,139 +4479,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAccess' + - 'certificateAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - - name: "channelSpecificTelemetryExhaust" - uris: "{{ data_service_prefix }}/v3/dataset/get" - upstream_url: "{{ analytics_api_service_url }}/dataset/get" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: "publicDataExhaust" - uris: "{{ dataset_service_prefix }}/get" - upstream_url: "{{ analytics_api_service_url }}/public/dataset/get" - strip_uri: true - plugins: - - name: cors - - "{{ statsd_pulgin }}" - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: "submitDataExhaustRequest" - uris: "{{ dataset_service_prefix }}/v1/request/submit" - upstream_url: "{{ analytics_api_service_url }}/request/submit" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataCreate' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: "getDataExhaustRequest" - uris: "{{ dataset_service_prefix }}/v1/request/read" - upstream_url: "{{ analytics_api_service_url }}/request/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: "listDataExhaustRequest" - uris: "{{ dataset_service_prefix }}/v1/request/list" - upstream_url: "{{ analytics_api_service_url }}/request/list" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: "addDataset" - uris: "{{ dataset_service_prefix }}/v1/add" - upstream_url: "{{ analytics_api_service_url }}/dataset/add" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataCreate' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: "listDataset" - uris: "{{ dataset_service_prefix }}/v1/list" - upstream_url: "{{ analytics_api_service_url }}/dataset/list" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: createTenantPreferences - uris: "{{ org_service_prefix }}/v2/preferences/create" - upstream_url: "{{ learning_service_url }}/v2/org/preferences/create" + - name: registerIgotApp + uris: "{{ api_manager_perfix }}/v1/consumer/igot_app/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/igot_app/credential/register" strip_uri: true plugins: - name: jwt @@ -4466,7 +4497,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'orgUpdate' + - 'igotAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4474,9 +4505,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateTenantPreferences - uris: "{{ org_service_prefix }}/v2/preferences/update" - upstream_url: "{{ learning_service_url }}/v2/org/preferences/update" + - name: registerIgotDevice + uris: "{{ api_manager_perfix }}/v1/consumer/igot_device/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/igot_device/credential/register" strip_uri: true plugins: - name: jwt @@ -4484,17 +4515,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'orgUpdate' + - 'igotApp' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readTenantPreferencess - uris: "{{ org_service_prefix }}/v2/preferences/read" - upstream_url: "{{ learning_service_url }}/v2/org/preferences/read" + - name: listReports + uris: "{{ report_service_prefix }}/report/list" + upstream_url: "{{ report_service_url }}/report/list" strip_uri: true plugins: - name: jwt @@ -4502,17 +4533,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'orgAccess' + - 'reportsAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: generateCertificateV2 - uris: "{{ cert_service_prefix }}/v2/certs/generate" - upstream_url: "{{ cert_service_url }}/v2/certs/generate" + - name: getReport + uris: "{{ report_service_prefix }}/report/get" + upstream_url: "{{ report_service_url }}/report/get" strip_uri: true plugins: - name: jwt @@ -4520,17 +4551,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'certificateCreate' + - 'reportsAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: addRegCertificateV2 - uris: "{{ cert_registry_service_prefix }}/v2/certs/add" - upstream_url: "{{ cert_registry_service_url }}/certs/v2/registry/add" + - name: updateReport + uris: "{{ report_service_prefix }}/report/update" + upstream_url: "{{ report_service_url }}/report/update" strip_uri: true plugins: - name: jwt @@ -4538,17 +4569,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'certificateCreate' + - 'reportsUpdate' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ small_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: downloadRegCertificateV2 - uris: "{{ cert_registry_service_prefix }}/v2/certs/download" - upstream_url: "{{ cert_registry_service_url }}/certs/v2/registry/download" + - name: deleteReport + uris: "{{ report_service_prefix }}/report/delete" + upstream_url: "{{ report_service_url }}/report/delete" strip_uri: true plugins: - name: jwt @@ -4556,17 +4587,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'certificateAccess' + - 'reportsAdmin' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ small_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: contentImportAPI - uris: "{{ content_prefix }}/v1/import" - upstream_url: "{{ content_service_url }}/content/v3/import" + + - name: createReport + uris: "{{ report_service_prefix }}/report/create" + upstream_url: "{{ report_service_url }}/report/create" strip_uri: true plugins: - name: jwt @@ -4574,17 +4605,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentCreate' + - 'reportsCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: druidGetUpdateListReport - uris: "{{ data_service_prefix }}/v1{{ analytics_report_service_prefix }}" - upstream_url: "{{ analytics_api_service_url }}{{ analytics_report_service_prefix }}" + - name: createReportSummary + uris: "{{ report_service_prefix }}/report/summary/create" + upstream_url: "{{ report_service_url }}/report/summary/create" strip_uri: true plugins: - name: jwt @@ -4592,17 +4623,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'druidReportAdmin' + - 'reportsCreate' - name: rate-limiting config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: druidDeactivateReport - uris: "{{ data_service_prefix }}/v1{{ analytics_report_service_prefix }}/deactivate" - upstream_url: "{{ analytics_api_service_url }}{{ analytics_report_service_prefix }}/deactivate" + - name: getReportSummary + uris: "{{ report_service_prefix }}/report/summary" + upstream_url: "{{ report_service_url }}/report/summary" strip_uri: true plugins: - name: jwt @@ -4610,17 +4641,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'druidReportAdmin' + - 'reportsAccess' - name: rate-limiting config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: druidCreateReport - uris: "{{ data_service_prefix }}/v1{{ analytics_report_service_prefix }}/submit" - upstream_url: "{{ analytics_api_service_url }}{{ analytics_report_service_prefix }}/submit" + - name: listReportSummary + uris: "{{ report_service_prefix }}/report/summary/list" + upstream_url: "{{ report_service_url }}/report/summary/list" strip_uri: true plugins: - name: jwt @@ -4628,17 +4659,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'druidReportCreate' + - 'reportsAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: addRegCertificate - uris: "{{ cert_registry_service_prefix }}/v1/certs/add" - upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/add" + - name: searchRegCertificate + uris: "{{ cert_registry_service_prefix }}/v1/certs/search" + upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/search" strip_uri: true plugins: - name: jwt @@ -4646,7 +4677,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'certificateCreate' + - 'certificateAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4654,9 +4685,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: generateCertificate - uris: "{{ cert_service_prefix }}/v1/certs/generate" - upstream_url: "{{ cert_service_url }}/v1/certs/generate" + - name: readRegCertificate + uris: "{{ cert_registry_service_prefix }}/v1/certs/read" + upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/read" strip_uri: true plugins: - name: jwt @@ -4664,17 +4695,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'certificateCreate' + - 'certificateAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: createObjectCategory - uris: "{{ object_category_prefix }}/v1/create" - upstream_url: "{{ taxonomy_service_url }}/object/category/v4/create" + - name: forgotPassword + uris: "{{ learner_private_route_prefix }}/user/v1/password/reset" + upstream_url: "{{ learning_service_url }}/private/user/v1/password/reset" strip_uri: true plugins: - name: jwt @@ -4682,7 +4713,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'frameworkCreate' + - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ small_rate_limit_per_hour }}" @@ -4690,9 +4721,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readObjectCategory - uris: "{{ object_category_prefix }}/v1/read" - upstream_url: "{{ taxonomy_service_url }}/object/category/v4/read" + - name: publishReport + uris: "{{ report_service_prefix }}/report/publish" + upstream_url: "{{ report_service_url }}/report/publish" strip_uri: true plugins: - name: jwt @@ -4700,17 +4731,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'frameworkAccess' + - 'reportsAdmin' - name: rate-limiting config.policy: local - config.hour: "{{ x_medium_rate_limit_per_hour }}" + config.hour: "{{ small_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateObjectCategory - uris: "{{ object_category_prefix }}/v1/update" - upstream_url: "{{ taxonomy_service_url }}/object/category/v4/update" + - name: retireReport + uris: "{{ report_service_prefix }}/report/retire" + upstream_url: "{{ report_service_url }}/report/retire" strip_uri: true plugins: - name: jwt @@ -4718,7 +4749,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'frameworkUpdate' + - 'reportsAdmin' - name: rate-limiting config.policy: local config.hour: "{{ small_rate_limit_per_hour }}" @@ -4726,9 +4757,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: createObjectCategoryDefinition - uris: "{{ object_category_definition_prefix }}/v1/create" - upstream_url: "{{ taxonomy_service_url }}/object/category/definition/v4/create" + - name: searchManagedUser + uris: "{{ user_service_prefix }}/v1/managed" + upstream_url: "{{ learning_service_url }}/v1/user/managed" strip_uri: true plugins: - name: jwt @@ -4736,17 +4767,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'frameworkCreate' + - 'userAccess' - name: rate-limiting config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readObjectCategoryDefinition - uris: "{{ object_category_definition_prefix }}/v1/read" - upstream_url: "{{ taxonomy_service_url }}/object/category/definition/v4/read" + - name: createGroup + uris: "{{ group_service_prefix }}/v1/create" + upstream_url: "{{ group_service_url }}/v1/group/create" strip_uri: true plugins: - name: jwt @@ -4754,17 +4785,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'frameworkAccess' + - 'groupCreate' - name: rate-limiting config.policy: local - config.hour: "{{ x_medium_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateObjectCategoryDefinition - uris: "{{ object_category_definition_prefix }}/v1/update" - upstream_url: "{{ taxonomy_service_url }}/object/category/definition/v4/update" + - name: updateGroup + uris: "{{ group_service_prefix }}/v1/update" + upstream_url: "{{ group_service_url }}/v1/group/update" strip_uri: true plugins: - name: jwt @@ -4772,17 +4803,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'frameworkUpdate' + - 'groupUpdate' - name: rate-limiting config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: createAsset - uris: "{{ asset_prefix }}/v1/create" - upstream_url: "{{ content_service_url }}/asset/v4/create" + - name: listGroup + uris: "{{ group_service_prefix }}/v1/list" + upstream_url: "{{ group_service_url }}/v1/group/list" strip_uri: true plugins: - name: jwt @@ -4790,17 +4821,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentCreate' + - 'groupAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateAsset - uris: "{{ asset_prefix }}/v1/update" - upstream_url: "{{ content_service_url }}/asset/v4/update" + - name: readGroup + uris: "{{ group_service_prefix }}/v1/read" + upstream_url: "{{ group_service_url }}/v1/group/read" strip_uri: true plugins: - name: jwt @@ -4808,17 +4839,53 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentUpdate' + - 'groupAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: readAsset - uris: "{{ asset_prefix }}/v1/read" - upstream_url: "{{ content_service_url }}/asset/v4/read" + - name: deleteGroup + uris: "{{ group_service_prefix }}/v1/delete" + upstream_url: "{{ group_service_url }}/v1/group/delete" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'groupAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: updateGroupMembership + uris: "{{ group_service_prefix }}/membership/v1/update" + upstream_url: "{{ group_service_url }}/v1/group/membership/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'groupUpdate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: groupActivityAgg + uris: "{{ data_service_prefix }}/v1/group/activity/agg" + upstream_url: "{{ lms_service_url }}/v1/group/activity/agg" strip_uri: true plugins: - name: jwt @@ -4826,17 +4893,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'anonymousContentAccess' + - 'groupAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: uploadAsset - uris: "{{ asset_prefix }}/v1/upload" - upstream_url: "{{ content_service_url }}/asset/v4/upload" + - name: listForm + uris: "{{ data_service_prefix }}/v1/form/list" + upstream_url: "{{ player_service_url }}/plugin/v1/form/list" strip_uri: true plugins: - name: jwt @@ -4844,17 +4911,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentCreate' + - 'appAdmin' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ small_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: uploadUrlAsset - uris: "{{ asset_prefix }}/v1/upload/url" - upstream_url: "{{ content_service_url }}/asset/v4/upload/url" + - name: getUserProfileV3 + uris: "{{ user_service_prefix }}/v3/read" + upstream_url: "{{ learning_service_url }}/v3/user/read" strip_uri: true plugins: - name: jwt @@ -4862,17 +4929,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentCreate' + - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: retireAsset - uris: "{{ asset_prefix }}/v1/retire" - upstream_url: "{{ content_service_url }}/asset/v4/retire" + - name: updateUserDeclarations + uris: "{{ user_service_prefix }}/v1/declarations" + upstream_url: "{{ learning_service_url }}/v1/user/declarations" strip_uri: true plugins: - name: jwt @@ -4880,7 +4947,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentAdmin' + - 'userUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4888,9 +4955,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: collectionCreate - uris: "{{ collection_prefix }}/v1/create" - upstream_url: "{{ content_service_url }}/collection/v4/create" + - name: updateUserConsent + uris: "{{ user_service_prefix }}/v1/consent/update" + upstream_url: "{{ learning_service_url }}/v1/user/consent/update" strip_uri: true plugins: - name: jwt @@ -4898,7 +4965,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentCreate' + - 'userUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4906,9 +4973,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: collectionRead - uris: "{{ collection_prefix }}/v1/read" - upstream_url: "{{ content_service_url }}/collection/v4/read" + - name: readUserConsent + uris: "{{ user_service_prefix }}/v1/consent/read" + upstream_url: "{{ learning_service_url }}/v1/user/consent/read" strip_uri: true plugins: - name: jwt @@ -4916,7 +4983,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'anonymousContentAccess' + - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4924,9 +4991,81 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: collectionPrivateRead - uris: "{{ collection_prefix }}/v1/private/read" - upstream_url: "{{ content_service_url }}/collection/v4/private/read" + - name: "channelSpecificTelemetryExhaust" + uris: "{{ data_service_prefix }}/v3/dataset/get" + upstream_url: "{{ analytics_api_service_url }}/dataset/get" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: "submitDataExhaustRequest" + uris: "{{ dataset_service_prefix }}/v1/request/submit" + upstream_url: "{{ analytics_api_service_url }}/request/submit" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: "getDataExhaustRequest" + uris: "{{ dataset_service_prefix }}/v1/request/read" + upstream_url: "{{ analytics_api_service_url }}/request/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: "listDataExhaustRequest" + uris: "{{ dataset_service_prefix }}/v1/request/list" + upstream_url: "{{ analytics_api_service_url }}/request/list" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: createTenantPreferences + uris: "{{ org_service_prefix }}/v2/preferences/create" + upstream_url: "{{ learning_service_url }}/v2/org/preferences/create" strip_uri: true plugins: - name: jwt @@ -4934,17 +5073,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentAccess' + - 'orgUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: collectionUpdate - uris: "{{ collection_prefix }}/v1/update" - upstream_url: "{{ content_service_url }}/collection/v4/update" + - name: updateTenantPreferences + uris: "{{ org_service_prefix }}/v2/preferences/update" + upstream_url: "{{ learning_service_url }}/v2/org/preferences/update" strip_uri: true plugins: - name: jwt @@ -4952,17 +5091,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentUpdate' + - 'orgUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: collectionFlag - uris: "{{ collection_prefix }}/v1/flag" - upstream_url: "{{ content_service_url }}/collection/v4/flag" + - name: readTenantPreferencess + uris: "{{ org_service_prefix }}/v2/preferences/read" + upstream_url: "{{ learning_service_url }}/v2/org/preferences/read" strip_uri: true plugins: - name: jwt @@ -4970,17 +5109,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentAdmin' + - 'orgAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: collectionDiscard - uris: "{{ collection_prefix }}/v1/discard" - upstream_url: "{{ content_service_url }}/collection/v4/discard" + - name: generateCertificateV2 + uris: "{{ cert_service_prefix }}/v2/certs/generate" + upstream_url: "{{ cert_service_url }}/v2/certs/generate" strip_uri: true plugins: - name: jwt @@ -4988,17 +5127,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentAdmin' + - 'certificateCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: collectionRetire - uris: "{{ collection_prefix }}/v1/retire" - upstream_url: "{{ content_service_url }}/collection/v4/retire" + - name: addRegCertificateV2 + uris: "{{ cert_registry_service_prefix }}/v2/certs/add" + upstream_url: "{{ cert_registry_service_url }}/certs/v2/registry/add" strip_uri: true plugins: - name: jwt @@ -5006,17 +5145,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentAdmin' + - 'certificateCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: collectionHierarchyAdd - uris: "{{ collection_prefix }}/v1/hierarchy/add" - upstream_url: "{{ content_service_url }}/collection/v4/hierarchy/add" + - name: downloadRegCertificateV2 + uris: "{{ cert_registry_service_prefix }}/v2/certs/download" + upstream_url: "{{ cert_registry_service_url }}/certs/v2/registry/download" strip_uri: true plugins: - name: jwt @@ -5024,17 +5163,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentUpdate' + - 'certificateAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - - name: collectionHierarchyRemove - uris: "{{ collection_prefix }}/v1/hierarchy/remove" - upstream_url: "{{ content_service_url }}/collection/v4/hierarchy/remove" + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: contentImportAPI + uris: "{{ content_prefix }}/v1/import" + upstream_url: "{{ content_service_url }}/content/v3/import" strip_uri: true plugins: - name: jwt @@ -5042,7 +5181,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentUpdate' + - 'contentCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5050,9 +5189,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: collectionHierarchyUpdate - uris: "{{ collection_prefix }}/v1/hierarchy/update" - upstream_url: "{{ content_service_url }}/collection/v4/hierarchy/update" + - name: druidGetUpdateListReport + uris: "{{ data_service_prefix }}/v1{{ analytics_report_service_prefix }}" + upstream_url: "{{ analytics_api_service_url }}{{ analytics_report_service_prefix }}" strip_uri: true plugins: - name: jwt @@ -5060,17 +5199,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentUpdate' + - 'druidReportAdmin' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ small_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: collectionHierarchyRead - uris: "{{ collection_prefix }}/v1/hierarchy" - upstream_url: "{{ content_service_url }}/collection/v4/hierarchy" + - name: druidDeactivateReport + uris: "{{ data_service_prefix }}/v1{{ analytics_report_service_prefix }}/deactivate" + upstream_url: "{{ analytics_api_service_url }}{{ analytics_report_service_prefix }}/deactivate" strip_uri: true plugins: - name: jwt @@ -5078,18 +5217,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'anonymousContentAccess' + - 'druidReportAdmin' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ small_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: collectionDialcodeLink - uris: "{{ collection_prefix }}/v1/dialcode/link" - upstream_url: "{{ content_service_url }}/collection/v4/dialcode/link" + - name: druidCreateReport + uris: "{{ data_service_prefix }}/v1{{ analytics_report_service_prefix }}/submit" + upstream_url: "{{ analytics_api_service_url }}{{ analytics_report_service_prefix }}/submit" strip_uri: true plugins: - name: jwt @@ -5097,7 +5235,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentUpdate' + - 'druidReportCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5105,9 +5243,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: collectionCopy - uris: "{{ collection_prefix }}/v1/copy" - upstream_url: "{{ content_service_url }}/collection/v4/copy" + - name: addRegCertificate + uris: "{{ cert_registry_service_prefix }}/v1/certs/add" + upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/add" strip_uri: true plugins: - name: jwt @@ -5115,17 +5253,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentCreate' + - 'certificateCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: collectionImport - uris: "{{ collection_prefix }}/v1/import" - upstream_url: "{{ content_service_url }}/collection/v4/import" + - name: generateCertificate + uris: "{{ cert_service_prefix }}/v1/certs/generate" + upstream_url: "{{ cert_service_url }}/v1/certs/generate" strip_uri: true plugins: - name: jwt @@ -5133,7 +5271,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentCreate' + - 'certificateCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5141,27 +5279,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: collectionExport - uris: "{{ collection_prefix }}/v1/export" - upstream_url: "{{ content_service_url }}/collection/v4/export" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'contentAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - - name: getDiscussionTagsList - uris: "{{ discussions_prefix }}/tags" - upstream_url: "{{ discussions_mw_service_url }}/tags" + - name: createObjectCategory + uris: "{{ object_category_prefix }}/v1/create" + upstream_url: "{{ taxonomy_service_url }}/object/category/v4/create" strip_uri: true plugins: - name: jwt @@ -5169,17 +5289,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionAccess' + - 'frameworkCreate' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ small_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getDiscussionCategories - uris: "{{ discussions_prefix }}/categories" - upstream_url: "{{ discussions_mw_service_url }}/categories" + - name: readObjectCategory + uris: "{{ object_category_prefix }}/v1/read" + upstream_url: "{{ taxonomy_service_url }}/object/category/v4/read" strip_uri: true plugins: - name: jwt @@ -5187,17 +5307,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionAccess' + - 'frameworkAccess' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ x_medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getDiscussionNotificationsList - uris: "{{ discussions_prefix }}/notifications" - upstream_url: "{{ discussions_mw_service_url }}/notifications" + - name: updateObjectCategory + uris: "{{ object_category_prefix }}/v1/update" + upstream_url: "{{ taxonomy_service_url }}/object/category/v4/update" strip_uri: true plugins: - name: jwt @@ -5205,17 +5325,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionAccess' + - 'frameworkUpdate' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ small_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getUserDetailsOfDiscussion - uris: "{{ discussions_prefix }}/user" - upstream_url: "{{ discussions_mw_service_url }}/user" + - name: createObjectCategoryDefinition + uris: "{{ object_category_definition_prefix }}/v1/create" + upstream_url: "{{ taxonomy_service_url }}/object/category/definition/v4/create" strip_uri: true plugins: - name: jwt @@ -5223,17 +5343,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionAccess' + - 'frameworkCreate' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ small_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getCategoryDetailsOfDiscussion - uris: "{{ discussions_prefix }}/category" - upstream_url: "{{ discussions_mw_service_url }}/category" + - name: readObjectCategoryDefinition + uris: "{{ object_category_definition_prefix }}/v1/read" + upstream_url: "{{ taxonomy_service_url }}/object/category/definition/v4/read" strip_uri: true plugins: - name: jwt @@ -5241,17 +5361,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionAccess' + - 'frameworkAccess' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ x_medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getUnreadTopicsOfDiscussion - uris: "{{ discussions_prefix }}/unread" - upstream_url: "{{ discussions_mw_service_url }}/unread" + - name: updateObjectCategoryDefinition + uris: "{{ object_category_definition_prefix }}/v1/update" + upstream_url: "{{ taxonomy_service_url }}/object/category/definition/v4/update" strip_uri: true plugins: - name: jwt @@ -5259,17 +5379,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionAccess' + - 'frameworkUpdate' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ small_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getRecentTopicsOfDiscussion - uris: "{{ discussions_prefix }}/recent" - upstream_url: "{{ discussions_mw_service_url }}/recent" + - name: createAsset + uris: "{{ asset_prefix }}/v1/create" + upstream_url: "{{ content_service_url }}/asset/v4/create" strip_uri: true plugins: - name: jwt @@ -5277,7 +5397,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionAccess' + - 'contentCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5285,9 +5405,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: getPopularTopicsOfDiscussion - uris: "{{ discussions_prefix }}/popular" - upstream_url: "{{ discussions_mw_service_url }}/popular" + - name: updateAsset + uris: "{{ asset_prefix }}/v1/update" + upstream_url: "{{ content_service_url }}/asset/v4/update" strip_uri: true plugins: - name: jwt @@ -5295,7 +5415,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionAccess' + - 'contentUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5303,9 +5423,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: getTopTopicsOfDiscussion - uris: "{{ discussions_prefix }}/top" - upstream_url: "{{ discussions_mw_service_url }}/top" + - name: readAsset + uris: "{{ asset_prefix }}/v1/read" + upstream_url: "{{ content_service_url }}/asset/v4/read" strip_uri: true plugins: - name: jwt @@ -5313,7 +5433,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionAccess' + - 'contentAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5321,9 +5441,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: getTopicsOfDiscussionById - uris: "{{ discussions_prefix }}/topic" - upstream_url: "{{ discussions_mw_service_url }}/topic" + - name: uploadAsset + uris: "{{ asset_prefix }}/v1/upload" + upstream_url: "{{ content_service_url }}/asset/v4/upload" strip_uri: true plugins: - name: jwt @@ -5331,7 +5451,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionAccess' + - 'contentCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5339,9 +5459,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: getTotalUnreadTopicsOfDiscussion - uris: "{{ discussions_prefix }}/unread/total" - upstream_url: "{{ discussions_mw_service_url }}/unread/total" + - name: uploadUrlAsset + uris: "{{ asset_prefix }}/v1/upload/url" + upstream_url: "{{ content_service_url }}/asset/v4/upload/url" strip_uri: true plugins: - name: jwt @@ -5349,7 +5469,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionAccess' + - 'contentCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5357,9 +5477,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: getTopicsOfDiscussionByTeaserId - uris: "{{ discussions_prefix }}/topic/teaser" - upstream_url: "{{ discussions_mw_service_url }}/topic/teaser" + - name: retireAsset + uris: "{{ asset_prefix }}/v1/retire" + upstream_url: "{{ content_service_url }}/asset/v4/retire" strip_uri: true plugins: - name: jwt @@ -5367,7 +5487,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionAccess' + - 'contentAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5375,9 +5495,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: getTopicsPaginationByIdOfDiscussion - uris: "{{ discussions_prefix }}/topic/pagination" - upstream_url: "{{ discussions_mw_service_url }}/topic/pagination" + - name: collectionCreate + uris: "{{ collection_prefix }}/v1/create" + upstream_url: "{{ content_service_url }}/collection/v4/create" strip_uri: true plugins: - name: jwt @@ -5385,7 +5505,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionAccess' + - 'contentCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5393,9 +5513,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: getGroupsListOfDiscussion - uris: "{{ discussions_prefix }}/groups" - upstream_url: "{{ discussions_mw_service_url }}/groups" + - name: collectionRead + uris: "{{ collection_prefix }}/v1/read" + upstream_url: "{{ content_service_url }}/collection/v4/read" strip_uri: true plugins: - name: jwt @@ -5403,7 +5523,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionAccess' + - 'contentAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5411,9 +5531,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: getRecentPostsByDateOfDiscussions - uris: "{{ discussions_prefix }}/recent/posts" - upstream_url: "{{ discussions_mw_service_url }}/recent/posts" + - name: collectionUpdate + uris: "{{ collection_prefix }}/v1/update" + upstream_url: "{{ content_service_url }}/collection/v4/update" strip_uri: true plugins: - name: jwt @@ -5421,7 +5541,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionAccess' + - 'contentUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5429,9 +5549,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: createTopicOfDiscussions - uris: "{{ discussions_prefix }}/v2/topics" - upstream_url: "{{ discussions_mw_service_url }}/v2/topics" + - name: collectionFlag + uris: "{{ collection_prefix }}/v1/flag" + upstream_url: "{{ content_service_url }}/collection/v4/flag" strip_uri: true plugins: - name: jwt @@ -5439,7 +5559,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionCreate' + - 'contentAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5447,9 +5567,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: createCategoryOfDiscussion - uris: "{{ discussions_prefix }}/v2/categories" - upstream_url: "{{ discussions_mw_service_url }}/v2/categories" + - name: collectionDiscard + uris: "{{ collection_prefix }}/v1/discard" + upstream_url: "{{ content_service_url }}/collection/v4/discard" strip_uri: true plugins: - name: jwt @@ -5457,7 +5577,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionCreate' + - 'contentAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5465,9 +5585,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: createGroupsOfDiscussion - uris: "{{ discussions_prefix }}/v2/groups" - upstream_url: "{{ discussions_mw_service_url }}/v2/groups" + - name: collectionRetire + uris: "{{ collection_prefix }}/v1/retire" + upstream_url: "{{ content_service_url }}/collection/v4/retire" strip_uri: true plugins: - name: jwt @@ -5475,7 +5595,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionCreate' + - 'contentAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5483,9 +5603,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: createNewPostOfDiscussion - uris: "{{ discussions_prefix }}/v2/posts" - upstream_url: "{{ discussions_mw_service_url }}/v2/posts" + - name: collectionHierarchyAdd + uris: "{{ collection_prefix }}/v1/hierarchy/add" + upstream_url: "{{ content_service_url }}/collection/v4/hierarchy/add" strip_uri: true plugins: - name: jwt @@ -5493,7 +5613,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionCreate' + - 'contentUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5501,9 +5621,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: createNewUserOfDiscussion - uris: "{{ discussions_prefix }}/v2/users" - upstream_url: "{{ discussions_mw_service_url }}/v2/users" + - name: collectionHierarchyRemove + uris: "{{ collection_prefix }}/v1/hierarchy/remove" + upstream_url: "{{ content_service_url }}/collection/v4/hierarchy/remove" strip_uri: true plugins: - name: jwt @@ -5511,7 +5631,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionCreate' + - 'contentUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5519,9 +5639,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: getUserDetailsByUsername - uris: "{{ discussions_prefix }}/user/username" - upstream_url: "{{ discussions_mw_service_url }}/user/username" + - name: collectionHierarchyUpdate + uris: "{{ collection_prefix }}/v1/hierarchy/update" + upstream_url: "{{ content_service_url }}/collection/v4/hierarchy/update" strip_uri: true plugins: - name: jwt @@ -5529,7 +5649,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionAccess' + - 'contentUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5537,9 +5657,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: getForumIdOfDiscussion - uris: "{{ discussions_prefix }}/forumId" - upstream_url: "{{ discussions_mw_service_url }}/forumId" + - name: collectionHierarchyRead + uris: "{{ collection_prefix }}/v1/hierarchy" + upstream_url: "{{ content_service_url }}/collection/v4/hierarchy" strip_uri: true plugins: - name: jwt @@ -5547,7 +5667,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionAccess' + - 'contentAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5555,9 +5675,10 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: addForumOfDiscussion - uris: "{{ discussions_prefix }}/forum" - upstream_url: "{{ discussions_mw_service_url }}/forum" + + - name: collectionDialcodeLink + uris: "{{ collection_prefix }}/v1/dialcode/link" + upstream_url: "{{ content_service_url }}/collection/v4/dialcode/link" strip_uri: true plugins: - name: jwt @@ -5565,7 +5686,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionCreate' + - 'contentUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5573,9 +5694,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: copyPrivilegesFromParentCategory - uris: "{{ discussions_prefix }}/privileges/v2/copy" - upstream_url: "{{ discussions_mw_service_url }}/privileges/v2/copy" + - name: collectionCopy + uris: "{{ collection_prefix }}/v1/copy" + upstream_url: "{{ content_service_url }}/collection/v4/copy" strip_uri: true plugins: - name: jwt @@ -5583,7 +5704,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'discussionCreate' + - 'contentCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5613,20 +5734,6 @@ kong_apis: uris: "{{ question_prefix }}/v1/read" upstream_url: "{{ assessment_service_url }}/question/v4/read" strip_uri: true - plugins: - - name: cors - - "{{ statsd_pulgin }}" - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - - name: questionPrivateRead - uris: "{{ question_prefix }}/v1/private/read" - upstream_url: "{{ assessment_service_url }}/question/v4/private/read" - strip_uri: true plugins: - name: jwt - name: cors @@ -5713,36 +5820,6 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: questionList - uris: "{{ question_prefix }}/v1/list" - upstream_url: "{{ assessment_service_url }}/question/v4/list" - strip_uri: true - plugins: - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - - name: questionReject - uris: "{{ question_prefix }}/v1/reject" - upstream_url: "{{ assessment_service_url }}/question/v4/reject" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'contentAdmin' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: questionSetCreate uris: "{{ questionset_prefix }}/v1/create" upstream_url: "{{ assessment_service_url }}/questionset/v4/create" @@ -5765,20 +5842,6 @@ kong_apis: uris: "{{ questionset_prefix }}/v1/read" upstream_url: "{{ assessment_service_url }}/questionset/v4/read" strip_uri: true - plugins: - - name: cors - - "{{ statsd_pulgin }}" - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - - name: questionSetPrivateRead - uris: "{{ questionset_prefix }}/v1/private/read" - upstream_url: "{{ assessment_service_url }}/questionset/v4/private/read" - strip_uri: true plugins: - name: jwt - name: cors @@ -5893,498 +5956,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'anonymousContentAccess' + - 'contentAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - - name: questionSetReject - uris: "{{ questionset_prefix }}/v1/reject" - upstream_url: "{{ assessment_service_url }}/questionset/v4/reject" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'contentAdmin' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - - name: updateUserV2 - uris: "{{ user_service_prefix }}/v2/update" - upstream_url: "{{ learning_service_url }}/v2/user/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'userUpdate' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: questionImportAPI - uris: "{{ question_prefix }}/v1/import" - upstream_url: "{{ assessment_service_url }}/question/v4/import" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'contentCreate' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - - name: managedUserV1Create - uris: "{{ user_service_prefix }}/v1/managed/create" - upstream_url: "{{ learning_service_url }}/v1/manageduser/create" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'userAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - - name: ssoUserV1Create - uris: "{{ user_service_prefix }}/v1/sso/create" - upstream_url: "{{ learning_service_url }}/v1/ssouser/create" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'anonymousUserCreate' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - - name: ssoUserV2Create - uris: "{{ user_service_prefix }}/v2/signup" - upstream_url: "{{ learning_service_url }}/v2/user/signup" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'anonymousUserCreate' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - - name: getUserProfileV4 - uris: "{{ user_service_prefix }}/v4/read" - upstream_url: "{{ learning_service_url }}/v4/user/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'userAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getUserProfileV5 - uris: "{{ user_service_prefix }}/v5/read" - upstream_url: "{{ learning_service_url }}/v5/user/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'userAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: searchUserV2 - uris: "{{ user_service_prefix }}/v2/search" - upstream_url: "{{ learning_service_url }}/v2/user/search" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'userTempAdmin' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: searchUserV3 - uris: "{{ user_service_prefix }}/v3/search" - upstream_url: "{{ learning_service_url }}/v3/user/search" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'userTempAdmin' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: searchOrgV2 - uris: "{{ org_service_prefix }}/v2/search" - upstream_url: "{{ learning_service_url }}/v2/org/search" - strip_uri: true - plugins: - - name: cors - - "{{ statsd_pulgin }}" - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: integrationAppRead - uris: "{{ integration_app_prefix }}/v1/read" - upstream_url: "{{ content_service_url }}/app/v4/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'contentAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ small_request_size_limit }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: questionsetImportAPI - uris: "{{ questionset_prefix }}/v1/import" - upstream_url: "{{ assessment_service_url }}/questionset/v4/import" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'contentCreate' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - - name: getUsersPrograms - uris: "{{ users_service_prefix }}/mlcore/v1/programs" - upstream_url: "{{ ml_core_service_url }}/v1/users/programs" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'programAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getUsersSolutions - uris: "{{ users_service_prefix }}/mlcore/v1/solutions" - upstream_url: "{{ ml_core_service_url }}/v1/users/solutions" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'solutionAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getTargetedSolutions - uris: "{{ solutions_service_prefix }}/mlcore/v1/targetedSolutions" - upstream_url: "{{ ml_core_service_url }}/v1/solutions/targetedSolutions" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'solutionAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: userLocationScope - uris: "{{ entities_service_prefix }}/mlcore/v1/subEntityListBasedOnRoleAndLocation" - upstream_url: "{{ ml_core_service_url }}/v1/entities/subEntityListBasedOnRoleAndLocation" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'registryAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: mandatoryUserProfileFields - uris: "{{ entities_service_prefix }}/mlcore/v1/entityTypesByLocationAndRole" - upstream_url: "{{ ml_core_service_url }}/v1/users/entityTypesByLocationAndRole" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'registryAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: observationListEvidences - uris: "{{ observations_service_prefix }}/mlreports/v1/listAllEvidences" - upstream_url: "{{ ml_reports_service_url }}/v1/observations/listAllEvidences" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'observationAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: locationListing - uris: "{{ entities_service_prefix }}/mlcore/v1/subEntityList" - upstream_url: "{{ ml_core_service_url }}/v1/entities/subEntityList" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'locationAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getTargetedEntity - uris: "{{ users_service_prefix }}/mlcore/v1/targetedEntity" - upstream_url: "{{ ml_core_service_url }}/v1/users/targetedEntity" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'registryAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getProjectDetails - uris: "{{ userProjects_service_prefix }}/mlprojects/v1/details" - upstream_url: "{{ ml_project_service_url }}/v1/userProjects/details" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'projectAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getProjectEntities - uris: "{{ reports_service_prefix }}/mlprojects/v1/entity" - upstream_url: "{{ ml_project_service_url }}/v1/reports/entity" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'projectAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getProjectDetailReport - uris: "{{ reports_service_prefix }}/mlprojects/v1/detailView" - upstream_url: "{{ ml_project_service_url }}/v1/reports/detailView" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'projectAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getProjectPrograms - uris: "{{ reports_service_prefix }}/mlprojects/v1/getProgramsByEntity" - upstream_url: "{{ ml_project_service_url }}/v1/reports/getProgramsByEntity" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'projectAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: updateProject - uris: "{{ userProjects_service_prefix }}/mlprojects/v1/sync" - upstream_url: "{{ ml_project_service_url }}/v1/userProjects/sync" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'projectUpdate' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: createProject - uris: "{{ userProjects_service_prefix }}/mlprojects/v1/add" - upstream_url: "{{ ml_project_service_url }}/v1/userProjects/add" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'projectCreate' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getProjectSolutionDetails - uris: "{{ userProjects_service_prefix }}/mlprojects/v1/solutionDetails" - upstream_url: "{{ ml_project_service_url }}/v1/userProjects/solutionDetails" + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: createEvent + uris: "{{ event_prefix }}/v4/create" + upstream_url: "{{ content_service_url }}/event/v4/create" strip_uri: true plugins: - name: jwt @@ -6392,17 +5974,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'projectAccess' + - 'contentCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getProjectStatus - uris: "{{ userProjects_service_prefix }}/mlprojects/v1/tasksStatus" - upstream_url: "{{ ml_project_service_url }}/v1/userProjects/tasksStatus" + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: readEvent + uris: "{{ event_prefix }}/v4/read" + upstream_url: "{{ content_service_url }}/event/v4/read" strip_uri: true plugins: - name: jwt @@ -6410,17 +5992,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'projectAccess' + - 'contentAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: shareProject - uris: "{{ userProjects_service_prefix }}/mlprojects/v1/share" - upstream_url: "{{ ml_project_service_url }}/v1/userProjects/share" + - name: updateEvent + uris: "{{ event_prefix }}/v4/update" + upstream_url: "{{ content_service_url }}/event/v4/update" strip_uri: true plugins: - name: jwt @@ -6428,17 +6010,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'projectAccess' + - 'contentUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getProjectTemplatesDetails - uris: "{{ project_service_prefix }}/mlprojects/v1/templates/details" - upstream_url: "{{ ml_project_service_url }}/v1/project/templates/details" + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: publishEvent + uris: "{{ event_prefix }}/v4/publish" + upstream_url: "{{ content_service_url }}/event/v4/publish" strip_uri: true plugins: - name: jwt @@ -6446,17 +6028,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'solutionAccess' + - 'courseAdmin' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: listObservationEntities - uris: "{{ observations_service_prefix }}/mlsurvey/v1/entities" - upstream_url: "{{ ml_survey_service_url }}/v1/observations/entities" + - name: sendEmailNotificationSer + uris: "{{ notification_service_prefix }}/v1/notification/send/sync" + upstream_url: "{{ notification_service_url }}/v1/notification/send/sync" strip_uri: true plugins: - name: jwt @@ -6464,17 +6046,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'observationAccess' + - 'appUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: observationSubmissionsList - uris: "{{ observationSubmissions_service_prefix }}/mlsurvey/v1/list" - upstream_url: "{{ ml_survey_service_url }}/v1/observationSubmissions/list" + - name: getmandatoryContentStatus + uris: "/v1/check/mandatoryContentStatus" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/check/mandatoryContentStatus" strip_uri: true plugins: - name: jwt @@ -6482,17 +6064,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'observationAccess' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: observationQuestionList - uris: "{{ observations_service_prefix }}/mlsurvey/v1/assessment" - upstream_url: "{{ ml_survey_service_url }}/v1/observations/assessment" + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: assessmentSubmit + uris: "/v2/user/assessment/submit" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/user/assessment/submit" strip_uri: true plugins: - name: jwt @@ -6500,17 +6082,18 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'observationAccess' + - 'dataCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - - name: updateObservationSubmission - uris: "{{ observationSubmissions_service_prefix }}/mlsurvey/v1/update" - upstream_url: "{{ ml_survey_service_url }}/v1/observationSubmissions/update" + - name: getTopPerformersForCourse + uris: "/v2/resources/user/cohorts/top-performers" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/resources/user/cohorts/top-performers" strip_uri: true plugins: - name: jwt @@ -6518,17 +6101,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'observationUpdate' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: createObservationSubmission - uris: "{{ observationSubmissions_service_prefix }}/mlsurvey/v1/create" - upstream_url: "{{ ml_survey_service_url }}/v1/observationSubmissions/create" + - name: getActiveUsersForCourse + uris: "/v2/resources/user/cohorts/activeusers" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/resources/user/cohorts/activeusers" strip_uri: true plugins: - name: jwt @@ -6536,17 +6119,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'observationCreate' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: searchLocationEntities - uris: "{{ observations_service_prefix }}/mlsurvey/v1/searchEntities" - upstream_url: "{{ ml_survey_service_url }}/v1/observations/searchEntities" + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: courseAutoenrollment + uris: "/v1/autoenrollment" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/autoenrollment" strip_uri: true plugins: - name: jwt @@ -6554,17 +6137,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'registryAccess' + - 'dataCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: addObservationEntity - uris: "{{ observations_service_prefix }}/mlsurvey/v1/updateEntities" - upstream_url: "{{ ml_survey_service_url }}/v1/observations/updateEntities" + - name: getCatalog + uris: "/v1/catalog/" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/catalog/" strip_uri: true plugins: - name: jwt @@ -6572,17 +6155,18 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'observationCreate' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - - name: observationSolutionList - uris: "{{ observationSubmissions_service_prefix }}/mlsurvey/v1/solutionList" - upstream_url: "{{ ml_survey_service_url }}/v1/observationSubmissions/solutionList" + - name: addWorkAllocation + uris: "/v2/workallocation/add" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/add" strip_uri: true plugins: - name: jwt @@ -6590,17 +6174,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'observationAccess' + - 'dataCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: surveyQuestionList - uris: "{{ surveys_service_prefix }}/mlsurvey/v1/details" - upstream_url: "{{ ml_survey_service_url }}/v1/surveys/details" + - name: updateWorkAllocation + uris: "/v2/workallocation/update" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/update" strip_uri: true plugins: - name: jwt @@ -6608,17 +6192,18 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'surveyAccess' + - 'dataCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - - name: solutionsVerifyLink - uris: "{{ solutions_service_prefix }}/mlsurvey/v1/verifyLink" - upstream_url: "{{ ml_survey_service_url }}/v1/solutions/verifyLink" + - name: addWorkOrder + uris: "/v2/workallocation/add/workorder" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/add/workorder" strip_uri: true plugins: - name: jwt @@ -6626,17 +6211,18 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'solutionAccess' + - 'dataCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: updateSurveySubmission - uris: "{{ surveySubmissions_service_prefix }}/mlsurvey/v1/update" - upstream_url: "{{ ml_survey_service_url }}/v1/surveySubmissions/update" + + - name: updateWorkOrder + uris: "/v2/workallocation/update/workorder" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/update/workorder" strip_uri: true plugins: - name: jwt @@ -6644,17 +6230,18 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'surveyUpdate' + - 'dataCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - - name: observationReports - uris: "{{ reports_service_prefix }}/mlreports/v1/fetch" - upstream_url: "{{ ml_reports_service_url }}/v1/reports/fetch" + - name: getWorkOrders + uris: "/v2/workallocation/getWorkOrders" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/getWorkOrders" strip_uri: true plugins: - name: jwt @@ -6662,7 +6249,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'observationAccess' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6670,9 +6257,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: surveyListEvidences - uris: "{{ surveys_service_prefix }}/mlreports/v1/listAllEvidences" - upstream_url: "{{ ml_reports_service_url }}/v1/surveys/listAllEvidences" + - name: getWorkOrderById + uris: "/v2/workallocation/getWorkOrderById" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/getWorkOrderById" strip_uri: true plugins: - name: jwt @@ -6680,7 +6267,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'surveyAccess' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6688,9 +6275,10 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: surveyReport - uris: "{{ surveys_service_prefix }}/mlreports/v1/getAllResponsesOfQuestion" - upstream_url: "{{ ml_reports_service_url }}/v1/surveys/getAllResponsesOfQuestion" + + - name: getWorkAllocationById + uris: "/v2/workallocation/getWorkAllocationById" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/getWorkAllocationById" strip_uri: true plugins: - name: jwt @@ -6698,7 +6286,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'surveyAccess' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6706,9 +6294,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: observationSubmissionCount - uris: "{{ observations_service_prefix }}/mlreports/v1/submissionsCount" - upstream_url: "{{ ml_reports_service_url }}/v1/observations/submissionsCount" + - name: copyWorkOrder + uris: "/v2/workallocation/copy/workOrder" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/copy/workOrder" strip_uri: true plugins: - name: jwt @@ -6716,17 +6304,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'observationAccess' + - 'dataCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: getFileUploadUrls - uris: "{{ cloud_service_prefix }}/mlcore/v1/files/preSignedUrls" - upstream_url: "{{ ml_core_service_url }}/v1/cloud-services/files/preSignedUrls" + - name: getUserBasicDetails + uris: "/v2/workallocation/user/basicInfo" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/user/basicInfo" strip_uri: true plugins: - name: jwt @@ -6734,17 +6322,18 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'cloudUrlsCreate' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" + - - name: listPlatformPrograms - uris: "{{ user_extension_prefix }}/mlcore/v1/programsByPlatformRoles" - upstream_url: "{{ ml_core_service_url }}/v1/user-extension/programsByPlatformRoles" + - name: watAutoComplete + uris: "/v1/workallocation/users/autocomplete" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/workallocation/users/autocomplete" strip_uri: true plugins: - name: jwt @@ -6752,17 +6341,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'programAccess' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: listPlatformSolutions - uris: "{{ user_extension_prefix }}/mlcore/v1/solutions" - upstream_url: "{{ ml_core_service_url }}/v1/user-extension/solutions" + - name: getWOPdf + uris: "/getWOPdf" + upstream_url: "{{ sb_cb_ext_service_url }}/getWOPdf" strip_uri: true plugins: - name: jwt @@ -6770,19 +6359,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'solutionAccess' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - -# UCI Related - - name: getUserSegmentsUCI - uris: "{{ uci_admin_prefix }}/admin/v1/userSegment/get" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/userSegment/get" + + - name: getUserCompentenciesDetails + uris: "/v2/workallocation/user/competencies" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/user/competencies" strip_uri: true plugins: - name: jwt @@ -6790,17 +6377,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: createUserSegmentsUCI - uris: "{{ uci_admin_prefix }}/admin/v1/userSegment/create" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/userSegment/create" + + - name: startPdfProfanity + uris: "{{ content_validation_service_prefix }}/v1/startPdfProfanity" + upstream_url: "{{ content_validation_service_url }}/v1/startPdfProfanity" strip_uri: true plugins: - name: jwt @@ -6808,17 +6395,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: updateUserSegmentsUCI - uris: "{{ uci_admin_prefix }}/admin/v1/userSegment/update" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/userSegment/update" + + - name: getPdfProfanity + uris: "{{ content_validation_service_prefix }}/v1/getPdfProfanity" + upstream_url: "{{ content_validation_service_url }}/v1/getPdfProfanity" strip_uri: true plugins: - name: jwt @@ -6826,17 +6413,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: deleteUserSegmentsUCI - uris: "{{ uci_admin_prefix }}/admin/v1/userSegment/delete" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/userSegment/delete" + + - name: getPdfProfanityForContent + uris: "{{ content_validation_service_prefix }}/v1/getPdfProfanityForContent" + upstream_url: "{{ content_validation_service_url }}/v1/read/contentPdfProfanity" strip_uri: true plugins: - name: jwt @@ -6844,17 +6431,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: userSegmentsQueryBuilderUCI - uris: "{{ uci_admin_prefix }}/admin/v1/userSegment/queryBuilder" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/userSegment/queryBuilder" + + - name: calculateScore + uris: "{{ scoring_engine_service_prefix }}/v1/add" + upstream_url: "{{ scoring_engine_service_url }}/v1/add" strip_uri: true plugins: - name: jwt @@ -6862,17 +6449,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: searchUserSegmentsUCI - uris: "{{ uci_admin_prefix }}/admin/v1/userSegment/search" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/userSegment/search" + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: fetchScore + uris: "{{ scoring_engine_service_prefix }}/v1/fetch" + upstream_url: "{{ scoring_engine_service_url }}/v1/fetch" strip_uri: true plugins: - name: jwt @@ -6880,17 +6467,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: createAdapterUCI - uris: "{{ uci_admin_prefix }}/admin/v1/adapter/create" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/adapter/create" + + - name: getScoringTemplate + uris: "{{ scoring_engine_service_prefix }}/v1/getTemplate" + upstream_url: "{{ scoring_engine_service_url }}/v1/getTemplate" strip_uri: true plugins: - name: jwt @@ -6898,17 +6485,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getAllAdapterUCI - uris: "{{ uci_admin_prefix }}/admin/v1/adapter/all" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/adapter/all" + + - name: findRecommendedConnection + uris: "{{ hub_graph_service_prefix }}/profile/find/recommended" + upstream_url: "{{ hub_graph_service_url }}/connections/profile/find/recommended" strip_uri: true plugins: - name: jwt @@ -6916,7 +6503,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6924,9 +6511,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getAdapterUCI - uris: "{{ uci_admin_prefix }}/admin/v1/adapter/get" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/adapter/get" + - name: findSuggestedConnection + uris: "{{ hub_graph_service_prefix }}/profile/find/suggests" + upstream_url: "{{ hub_graph_service_url }}/connections/profile/find/suggests" strip_uri: true plugins: - name: jwt @@ -6934,7 +6521,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6942,9 +6529,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: deleteAdapterUCI - uris: "{{ uci_admin_prefix }}/admin/v1/adapter/delete" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/adapter/delete" + - name: fetchRequestedConnection + uris: "{{ hub_graph_service_prefix }}/profile/fetch/requested" + upstream_url: "{{ hub_graph_service_url }}/connections/profile/fetch/requested" strip_uri: true plugins: - name: jwt @@ -6952,7 +6539,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6960,27 +6547,10 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateAdapterUCI - uris: "{{ uci_admin_prefix }}/admin/v1/adapter/update" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/adapter/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'userAdmin' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getAllTransformerUCI - uris: "{{ uci_admin_prefix }}/admin/v1/transformer/all" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/transformer/all" + - name: fetchRequestedReceivedConnection + uris: "{{ hub_graph_service_prefix }}/profile/fetch/requests/received" + upstream_url: "{{ hub_graph_service_url }}/connections/profile/fetch/requests/received" strip_uri: true plugins: - name: jwt @@ -6988,7 +6558,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6996,9 +6566,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: createTransformerUCI - uris: "{{ uci_admin_prefix }}/admin/v1/transformer/create" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/transformer/create" + - name: fetchEstablishedConnection + uris: "{{ hub_graph_service_prefix }}/profile/fetch/established" + upstream_url: "{{ hub_graph_service_url }}/connections/profile/fetch/established" strip_uri: true plugins: - name: jwt @@ -7006,7 +6576,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7014,9 +6584,10 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getTransformerUCI - uris: "{{ uci_admin_prefix }}/admin/v1/transformer/get" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/transformer/get" + + - name: addConnection + uris: "{{ hub_graph_service_prefix }}/add" + upstream_url: "{{ hub_graph_service_url }}/connections/add" strip_uri: true plugins: - name: jwt @@ -7024,7 +6595,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7032,9 +6603,10 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateTransformerUCI - uris: "{{ uci_admin_prefix }}/admin/v1/transformer/update" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/transformer/update" + + - name: updateConnection + uris: "{{ hub_graph_service_prefix }}/update" + upstream_url: "{{ hub_graph_service_url }}/connections/update" strip_uri: true plugins: - name: jwt @@ -7042,17 +6614,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getFormsTransformerUCI - uris: "{{ uci_admin_prefix }}/admin/v1/transformer/getForms" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/transformer/getForms" + + - name: userAutoComplete + uris: "{{ user_service_prefix }}/v1/autocomplete" + upstream_url: "{{ learning_service_url }}/v1/user/autocomplete" strip_uri: true plugins: - name: jwt @@ -7060,17 +6632,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: uploadFormsTransformerUCI - uris: "{{ uci_admin_prefix }}/admin/v1/forms/upload" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/forms/upload" + + - name: userNetworkAutoComplete + uris: "/v1/user/autocomplete" + upstream_url: "{{ hub_graph_service_url }}/v1/user/autocomplete" strip_uri: true plugins: - name: jwt @@ -7078,17 +6650,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: createConversationLogicUCI - uris: "{{ uci_admin_prefix }}/admin/v1/conversationLogic/create" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/conversationLogic/create" + + - name: workflowTransition + uris: "{{ workflow_handler_service_prefix }}/transition" + upstream_url: "{{ workflow_handler_service_url }}/v1/workflow/transition" strip_uri: true plugins: - name: jwt @@ -7096,7 +6668,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7104,9 +6676,10 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getAllConversationLogicUCI - uris: "{{ uci_admin_prefix }}/admin/v1/conversationLogic/all" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/conversationLogic/all" + + - name: workflowApplicationsSearch + uris: "{{ workflow_handler_service_prefix }}/applications/search" + upstream_url: "{{ workflow_handler_service_url }}/v1/workflow/applications/search" strip_uri: true plugins: - name: jwt @@ -7114,7 +6687,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7122,9 +6695,10 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getConversationLogicUCI - uris: "{{ uci_admin_prefix }}/admin/v1/conversationLogic/get" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/conversationLogic/get" + + - name: workflowNextAction + uris: "{{ workflow_handler_service_prefix }}/nextAction" + upstream_url: "{{ workflow_handler_service_url }}/v1/workflow/nextAction" strip_uri: true plugins: - name: jwt @@ -7132,7 +6706,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7140,9 +6714,10 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: deleteConversationLogicUCI - uris: "{{ uci_admin_prefix }}/admin/v1/conversationLogic/delete" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/conversationLogic/delete" + + - name: workflowProcess + uris: "{{ workflow_handler_service_prefix }}/workflowProcess" + upstream_url: "{{ workflow_handler_service_url }}/v1/workflow/workflowProcess" strip_uri: true plugins: - name: jwt @@ -7150,7 +6725,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7158,9 +6733,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateConversationLogicUCI - uris: "{{ uci_admin_prefix }}/admin/v1/conversationLogic/update" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/conversationLogic/update" + - name: workflowUpdateUserProfileWf + uris: "{{ workflow_handler_service_prefix }}/updateUserProfileWF" + upstream_url: "{{ workflow_handler_service_url }}/v1/workflow/updateUserProfileWF" strip_uri: true plugins: - name: jwt @@ -7168,7 +6743,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7176,9 +6751,10 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: createBotUCI - uris: "{{ uci_admin_prefix }}/admin/v1/bot/create" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/create" + + - name: workflowGetUserWF + uris: "{{ workflow_handler_service_prefix }}/getUserWF" + upstream_url: "{{ workflow_handler_service_url }}/v1/workflow/getUserWF" strip_uri: true plugins: - name: jwt @@ -7186,7 +6762,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7194,9 +6770,10 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getAllBotUCI - uris: "{{ uci_admin_prefix }}/admin/v1/bot/all" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/all" + + - name: workflowGetUserWFApplicationFields + uris: "{{ workflow_handler_service_prefix }}/getUserWFApplicationFields" + upstream_url: "{{ workflow_handler_service_url }}/v1/workflow/getUserWFApplicationFields" strip_uri: true plugins: - name: jwt @@ -7204,17 +6781,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getBotUCI - uris: "{{ uci_admin_prefix }}/admin/v1/bot/get" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/get" + + - name: ContentUpdateReviewStatus + uris: "/action/content/v3/updateReviewStatus" + upstream_url: "{{ content_service_url }}/content/v3/update" strip_uri: true plugins: - name: jwt @@ -7222,17 +6799,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'contentUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: startBotUCI - uris: "{{ uci_admin_prefix }}/admin/v1/bot/start" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/start" + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: privateSendEmailNotification + uris: "{{ learner_private_route_prefix }}/user/v1/notification/email" + upstream_url: "{{ learning_service_url }}/private/user/v1/notification/email" strip_uri: true plugins: - name: jwt @@ -7240,17 +6817,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'appUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: pauseBotUCI - uris: "{{ uci_admin_prefix }}/admin/v1/bot/pause" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/pause" + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: ContenthierarchyUpdate + uris: "/action/content/v3/hierarchyUpdate" + upstream_url: "{{ content_service_url }}/content/v3/hierarchy/update" strip_uri: true plugins: - name: jwt @@ -7258,17 +6835,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'contentUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: searchBotUCI - uris: "{{ uci_admin_prefix }}/admin/v1/bot/search" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/search" + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: privateUserMigrate + uris: "{{ user_service_prefix }}/private/v1/migrate" + upstream_url: "{{ learning_service_url }}/private/user/v1/migrate" strip_uri: true plugins: - name: jwt @@ -7276,17 +6853,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'userUpdate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: deleteBotUCI - uris: "{{ uci_admin_prefix }}/admin/v1/bot/delete" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/delete" + + - name: discussionHubAPIs + uris: "/discussion" + upstream_url: "{{ discussions_mw_url }}/discussion" strip_uri: true plugins: - name: jwt @@ -7294,17 +6871,22 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: updateBotUCI - uris: "{{ uci_admin_prefix }}/admin/v1/bot/update" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/update" + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: request-transformer + config: + rename: + headers: + - nodebb_authorization_token:Authorization + + - name: nodebbauthAPIs + uris: "/nodebb/auth/api" + upstream_url: "{{ nodebb_url }}/api" strip_uri: true plugins: - name: jwt @@ -7312,17 +6894,18 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getAllUserForBotUCI - uris: "{{ uci_admin_prefix }}/admin/v1/bot/getAllUsers" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/getAllUsers" + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + + - name: nodebbAPIs + uris: "/nodebb/api" + upstream_url: "{{ nodebb_url }}/api" strip_uri: true plugins: - name: jwt @@ -7330,70 +6913,71 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userAdmin' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: searchBotByStartingMessage - uris: "{{ uci_admin_prefix }}/admin/v1/bot/getByParam" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/getByParam" + - name: "analyticsGetDashboardsForProfile" + uris: "{{ dashboard_service_prefix }}/analytics/getDashboardsForProfile/Karmayogi" + upstream_url: "{{ analytics_url }}/dashboard/analytics/getDashboardsForProfile/Karmayogi" strip_uri: true plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'userAdmin' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: gqlUCI - uris: "{{ uci_admin_prefix }}/uci-api/gql" - upstream_url: "{{ uci_admin_service_url }}/v1/graphql" + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: "analyticsGetChartVisualization" + uris: "{{ dashboard_service_prefix }}/analytics/getChartV2/Karmayogi" + upstream_url: "{{ analytics_url }}/dashboard/analytics/getChartV2/Karmayogi" strip_uri: true plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'userAdmin' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: sendNotification - uris: "{{ notification_service_prefix }}/v2/send" - upstream_url: "{{ notification_service_url }}/v2/notification/send" + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: "analyticsGetDashboardConfiguration" + uris: "{{ dashboard_service_prefix }}/analytics/getDashboardConfig/Karmayogi" + upstream_url: "{{ analytics_url }}/dashboard/analytics/getDashboardConfig/Karmayogi" strip_uri: true plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'sendNotification' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: readNotificationFeed - uris: "{{ notification_service_prefix }}/v1/feed/read" - upstream_url: "{{ notification_service_url }}/v1/notification/feed/read" + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getBrowseByCompetency + uris: "/searchBy/competency" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/browseByCompetency" strip_uri: true plugins: - name: jwt @@ -7401,7 +6985,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'readNotificationFeed' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7409,9 +6993,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: updateNotificationFeed - uris: "{{ notification_service_prefix }}/v1/feed/update" - upstream_url: "{{ notification_service_url }}/v1/notification/feed/update" + - name: getBrowseByProvider + uris: "/searchBy/provider" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/browseByProvider" strip_uri: true plugins: - name: jwt @@ -7419,35 +7003,22 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'updateNotificationFeed' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: deleteNotificationFeed - uris: "{{ notification_service_prefix }}/v1/feed/delete" - upstream_url: "{{ notification_service_url }}/v1/notification/feed/delete" + + - name: staffOperation + uris: "/staff/position" + upstream_url: "{{ sb_cb_ext_service_url }}/staff/position" strip_uri: true plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'deleteNotificationFeed' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: netcoreWhatsappInbound - uris: "{{ uci_admin_prefix }}/inbound/netcore/whatsApp" - upstream_url: "{{ uci_inbound_service_url }}/netcore/whatsApp" + - n- name: staffOperation + uris: "/staff/position" + upstream_url: "{{ sb_cb_ext_service_url }}/staff/position" strip_uri: true plugins: - name: jwt @@ -7455,17 +7026,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'externalmessagingAccess' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: VerifyLink - uris: "{{ solutions_service_prefix }}/mlcore/v1/verifyLink" - upstream_url: "{{ ml_core_service_url }}/v1/solutions/verifyLink" + + - name: budgetOperation + uris: "/budget/scheme" + upstream_url: "{{ sb_cb_ext_service_url }}/budget/scheme" strip_uri: true plugins: - name: jwt @@ -7473,7 +7044,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'solutionAccess' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7481,9 +7052,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: GetTemplateOrQuestions - uris: "{{ solutions_service_prefix }}/mlcore/v1/details" - upstream_url: "{{ ml_core_service_url }}/v1/solutions/details" + - name: orgHistoryOperation + uris: "/orghistory" + upstream_url: "{{ sb_cb_ext_service_url }}/orghistory" strip_uri: true plugins: - name: jwt @@ -7491,7 +7062,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'solutionAccess' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7499,9 +7070,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: CreateProjectFromTemplate - uris: "{{ userProjects_service_prefix }}/mlprojects/v1/importFromLibrary" - upstream_url: "{{ ml_project_service_url }}/v1/userProjects/importFromLibrary" + - name: storageUploadDoc + uris: "/storage/upload" + upstream_url: "{{ sb_cb_ext_service_url }}/storage/upload" strip_uri: true plugins: - name: jwt @@ -7509,17 +7080,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'projectUpdate' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ x_large_request_size_limit }}" - - name: updateUserV3 - uris: "{{ user_service_prefix }}/v3/update" - upstream_url: "{{ learning_service_url }}/v3/user/update" + - name: storageDeleteDoc + uris: "/storage/delete" + upstream_url: "{{ sb_cb_ext_service_url }}/storage/delete" strip_uri: true plugins: - name: jwt @@ -7527,10 +7098,10 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userUpdate' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" diff --git a/ansible/roles/stack-sunbird/templates/content-service_application.conf b/ansible/roles/stack-sunbird/templates/content-service_application.conf index d4a99dc787..061e9a748f 100644 --- a/ansible/roles/stack-sunbird/templates/content-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/content-service_application.conf @@ -14,6 +14,7 @@ # And if an environment variable exists when there is no other substitution, then # HOCON will fall back to substituting environment variable: #mykey = ${JAVA_HOME} +indexHtmlValidation.env=false ## Akka # https://www.playframework.com/documentation/latest/ScalaAkka#Configuration @@ -211,8 +212,8 @@ play.http { } play.server.http.idleTimeout = 60s -play.http.parser.maxDiskBuffer = 100MB -parsers.anyContent.maxLength = 100MB +play.http.parser.maxDiskBuffer = 400MB +parsers.anyContent.maxLength = 400MB ## Netty Provider # https://www.playframework.com/documentation/latest/SettingsNetty @@ -339,8 +340,8 @@ play.filters { } } -play.http.parser.maxMemoryBuffer = 50MB -akka.http.parsing.max-content-length = 50MB +play.http.parser.maxMemoryBuffer = 400MB +akka.http.parsing.max-content-length = 400MB schema.base_path="{{kp_schema_base_path | default('/home/sunbird/content-service-1.0-SNAPSHOT/schemas')}}" # Cassandra Configuration @@ -353,9 +354,6 @@ cassandra { } } -# Consistency Level for Multi Node Cassandra cluster -cassandra.lp.consistency.level=QUORUM - collection { keyspace: "{{ lp_cassandra_keyspace_prefix }}_hierarchy_store" cache.enable: true @@ -384,7 +382,7 @@ content { copy { invalid_statusList: ["Flagged","FlaggedDraft","FraggedReview","Retired", "Processing"] origin_data: ["name", "author", "license", "organisation"] - props_to_remove: ["downloadUrl", "artifactUrl", "variants", "createdOn", "collections", "children", "lastUpdatedOn", "SYS_INTERNAL_LAST_UPDATED_ON", "versionKey", "s3Key", "status", "pkgVersion", "toc_url", "mimeTypesCount", "contentTypesCount", "leafNodesCount", "childNodes", "prevState", "lastPublishedOn", "flagReasons", "compatibilityLevel", "size", "publishChecklist", "publishComment", "LastPublishedBy", "rejectReasons", "rejectComment", "gradeLevel", "subject", "medium", "board", "topic", "purpose", "subtopic", "contentCredits", "owner", "collaborators", "creators", "contributors", "badgeAssertions", "dialcodes", "concepts", "keywords", "reservedDialcodes", "dialcodeRequired", "leafNodes", "sYS_INTERNAL_LAST_UPDATED_ON", "prevStatus", "lastPublishedBy", "streamingUrl", "boardIds", "gradeLevelIds", "subjectIds", "mediumIds", "topicsIds", "targetFWIds", "targetBoardIds", "targetGradeLevelIds", "targetSubjectIds", "targetMediumIds", "targetTopicIds", "se_boards", "se_subjects", "se_mediums", "se_gradeLevels", "se_topics", "se_FWIds", "se_boardIds", "se_subjectIds", "se_mediumIds", "se_gradeLevelIds", "se_topicIds"] + props_to_remove: ["downloadUrl", "artifactUrl", "variants", "createdOn", "collections", "children", "lastUpdatedOn", "SYS_INTERNAL_LAST_UPDATED_ON", "versionKey", "s3Key", "status", "pkgVersion", "toc_url", "mimeTypesCount", "contentTypesCount", "leafNodesCount", "childNodes", "prevState", "lastPublishedOn", "flagReasons", "compatibilityLevel", "size", "publishChecklist", "publishComment", "LastPublishedBy", "rejectReasons", "rejectComment", "gradeLevel", "subject", "medium", "board", "topic", "purpose", "subtopic", "contentCredits", "owner", "collaborators", "creators", "contributors", "badgeAssertions", "dialcodes", "concepts", "keywords", "reservedDialcodes", "dialcodeRequired", "leafNodes", "sYS_INTERNAL_LAST_UPDATED_ON", "prevStatus", "lastPublishedBy", "streamingUrl"] } media { base_url: "{{content_media_base_url | default(proto + '://' + domain_name)}}" @@ -400,10 +398,10 @@ redis { #--Maximum Content Package File Size Limit in Bytes (50 MB) -MAX_CONTENT_PACKAGE_FILE_SIZE_LIMIT=157286400 +MAX_CONTENT_PACKAGE_FILE_SIZE_LIMIT=400000000 #--Maximum Asset File Size Limit in Bytes (50 MB) -MAX_ASSET_FILE_SIZE_LIMIT=157286400 +MAX_ASSET_FILE_SIZE_LIMIT=400000000 #--No of Retry While File Download Fails RETRY_ASSET_DOWNLOAD_COUNT=1 @@ -482,9 +480,6 @@ azure_storage_key: "{{ sunbird_public_storage_account_name }}" azure_storage_secret: "{{ sunbird_public_storage_account_key }}" azure_storage_container: "{{ sunbird_content_azure_storage_container }}" -# Google Drive APIKEY -learning_content_drive_apiKey = "{{ learning_content_drive_apiKey }}" - kafka { urls : "{{ kafka_urls }}" topic.send.enable : true @@ -494,7 +489,7 @@ kafka { # DIAL Link Config dial_service { api { - base_url : "http://dial-service.{{namespace}}.svc.cluster.local:9000" + base_url : "{{ sunbird_dial_repo_api_base_url }}" auth_key : "{{ sunbird_dial_repo_api_key }}" } } @@ -502,12 +497,10 @@ content.link_dialcode.validation=true content.link_dialcode.max_limit=10 # Content Import API Config -import { - request_size_limit : 1000 - output_topic_name : "{{ env_name }}.auto.creation.job.request" - required_props : {{ content_import_required_props }} - remove_props : {{ content_import_remove_props }} -} +content.import.request_size_limit=1000 +content.import.required_props={{ content_import_required_props }} +content.import.topic_name="{{ env_name }}.auto.creation.job.request" +content.import.remove_props={{ content_import_remove_props }} contentTypeToPrimaryCategory { ClassroomTeachingVideo: "Explanation Content" @@ -543,6 +536,7 @@ contentTypeToPrimaryCategory { CourseUnit: "Course Unit" TextBookUnit: "Textbook Unit" Asset: "Certificate Template" + Program: "Program" } resourceTypeToPrimaryCategory { @@ -573,55 +567,15 @@ objectcategorydefinition.keyspace="{{ lp_cassandra_keyspace_prefix }}_category_s #Default objectCategory mapping for channel channel { content{ - primarycategories=["Course Assessment", "eTextbook", "Explanation Content", "Learning Resource", "Practice Question Set", "Teacher Resource", "Exam Question"] - additionalcategories= {{ content_additional_categories | default('["Classroom Teaching Video", "Concept Map", "Curiosity Question Set", "Experiential Resource", "Explanation Video", "Focus Spot", "Learning Outcome Definition", "Lesson Plan", "Marking Scheme Rubric", "Pedagogy Flow", "Previous Board Exam Papers", "TV Lesson", "Textbook"]')}} + primarycategories=["Course Assessment", "eTextbook", "Explanation Content", "Learning Resource", "Practice Question Set", "Teacher Resource"] + additionalcategories=["Classroom Teaching Video", "Concept Map", "Curiosity Question Set", "Experiential Resource", "Explanation Video", "Focus Spot", "Learning Outcome Definition", "Lesson Plan", "Marking Scheme Rubric", "Pedagogy Flow", "Previous Board Exam Papers", "TV Lesson", "Textbook"] } collection { - primarycategories=["Content Playlist", "Course", "Digital Textbook", "Question paper"] - additionalcategories={{ collection_additional_categories | default('["Textbook", "Lesson Plan"]')}} + primarycategories=["Content Playlist", "Course", "Digital Textbook"] + additionalcategories=["Textbook", "Lesson Plan"] } asset { primarycategories=["Asset", "CertAsset", "Certificate Template"] additionalcategories=[] } } -master.category.validation.enabled="{{ master_category_validation_enabled }}" - -#Collection CSV -sunbird_dialcode_search_api="http://dial-service.{{namespace}}.svc.cluster.local:9000/dialcode/v3/list" -framework_read_api_url="{{ sunbird_content_repo_api_base_url }}/framework/v3/read" -sunbird_link_dial_code_api="{{ sunbird_content_repo_api_base_url }}/collection/v3/dialcode/link" - - -collection { - csv { - maxRows = 6500 - allowedContentTypes = ["TextBook","Collection","Course"] - maxFirstLevelUnits=30 - ttl = 86400 - maxUnitFieldLength=120 - maxDescFieldLength=1500 - contentTypeToUnitType = {"TextBook": "TextBookUnit", "Course": "CourseUnit", "Collection":"Collection"} - headers { - folderIdentifier = ["Folder Identifier"] - hierarchy = ["Level 1 Folder","Level 2 Folder","Level 3 Folder","Level 4 Folder"] - QR = ["QR Code Required?","QR Code"] - topics = ["Mapped Topics"] - collectionName = ["Collection Name"] - linkedContents = ["Linked Content 1","Linked Content 2","Linked Content 3","Linked Content 4","Linked Content 5","Linked Content 6","Linked Content 7","Linked Content 8","Linked Content 9","Linked Content 10","Linked Content 11","Linked Content 12","Linked Content 13","Linked Content 14","Linked Content 15","Linked Content 16","Linked Content 17","Linked Content 18","Linked Content 19","Linked Content 20","Linked Content 21","Linked Content 22","Linked Content 23","Linked Content 24","Linked Content 25","Linked Content 26","Linked Content 27","Linked Content 28","Linked Content 29","Linked Content 30"] - output = ["Collection Name","Folder Identifier","Level 1 Folder","Level 2 Folder","Level 3 Folder","Level 4 Folder","Description","Mapped Topics","Keywords","QR Code Required?","QR Code","Linked Content 1","Linked Content 2","Linked Content 3","Linked Content 4","Linked Content 5","Linked Content 6","Linked Content 7","Linked Content 8","Linked Content 9","Linked Content 10","Linked Content 11","Linked Content 12","Linked Content 13","Linked Content 14","Linked Content 15","Linked Content 16","Linked Content 17","Linked Content 18","Linked Content 19","Linked Content 20","Linked Content 21","Linked Content 22","Linked Content 23","Linked Content 24","Linked Content 25","Linked Content 26","Linked Content 27","Linked Content 28","Linked Content 29","Linked Content 30"] - sequence { - create = {"Level 1 Folder":0,"Level 2 Folder":1,"Level 3 Folder":2,"Level 4 Folder":3,"Description":4} - update = {"Collection Name":0,"Folder Identifier":1,"Level 1 Folder":2,"Level 2 Folder":3,"Level 3 Folder":4,"Level 4 Folder":5,"Description":6,"Mapped Topics":7,"Keywords":8,"QR Code Required?":9,"QR Code":10,"Linked Content 1":11,"Linked Content 2":12,"Linked Content 3":13,"Linked Content 4":14,"Linked Content 5":15,"Linked Content 6":16,"Linked Content 7":17,"Linked Content 8":18,"Linked Content 9":19,"Linked Content 10":20,"Linked Content 11":21,"Linked Content 12":22,"Linked Content 13":23,"Linked Content 14":24,"Linked Content 15":25,"Linked Content 16":26,"Linked Content 17":27,"Linked Content 18":28,"Linked Content 19":29,"Linked Content 20":30,"Linked Content 21":31,"Linked Content 22":32,"Linked Content 23":33,"Linked Content 24":34,"Linked Content 25":35,"Linked Content 26":36,"Linked Content 27":37,"Linked Content 28":38,"Linked Content 29":39,"Linked Content 30":40} - linkedContents = {"Linked Content 1":0,"Linked Content 2":1,"Linked Content 3":2,"Linked Content 4":3,"Linked Content 5":4,"Linked Content 6":5,"Linked Content 7":6,"Linked Content 8":7,"Linked Content 9":8,"Linked Content 10":9,"Linked Content 11":10,"Linked Content 12":11,"Linked Content 13":12,"Linked Content 14":13,"Linked Content 15":14,"Linked Content 16":15,"Linked Content 17":16,"Linked Content 18":17,"Linked Content 19":18,"Linked Content 20":19,"Linked Content 21":20,"Linked Content 22":21,"Linked Content 23":22,"Linked Content 24":23,"Linked Content 25":24,"Linked Content 26":25,"Linked Content 27":26,"Linked Content 28":27,"Linked Content 29":28,"Linked Content 30":29} - } - } - mandatory { - create = ["Level 1 Folder"] - update = ["Collection Name","Folder Identifier"] - } - } -} - -plugin.media.base.url="{{ plugin_media_base_url }}" -content.media.base.url="{{ plugin_media_base_url }}" diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index 27b2569ba5..dfb65e715a 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -33,10 +33,11 @@ sunbird_account_key={{sunbird_public_storage_account_key}} sunbird_quartz_mode={{sunbird_sunbird_quartz_mode}} sunbird_env_logo_url={{sunbird_env_logo_url}} sunbird_web_url={{sunbird_web_url}} +sunbird_fcm_account_key={{sunbird_fcm_account_key}} sunbird_msg_91_auth={{sunbird_msg_91_auth}} sunbird_msg_sender={{sunbird_msg_sender}} sunbird_installation_email={{sunbird_installation_email}} -{% if (cassandra_cluster_size | int) > 1 %} +{% if groups['cassandra-2'] is defined %} sunbird_cassandra_host={{groups['cassandra']|join(',')}} sunbird_cassandra_port=9042,9042,9042 sunbird_cassandra_consistency_level=quorum @@ -50,6 +51,7 @@ sunbird_mw_system_host=learner-service sunbird_mw_system_port=8088 background_actor_provider=local api_actor_provider=local +badging_authorization_key={{vault_badging_authorization_key}} sunbird_badger_baseurl=http://badger-service:8004 sunbird_remote_req_router_path=akka.tcp://SunbirdMWSystem@actor-service:8088/user/RequestRouter sunbird_remote_bg_req_router_path=akka.tcp://SunbirdMWSystem@actor-service:8088/user/BackgroundRequestRouter @@ -123,9 +125,3 @@ PORTAL_SERVICE_PORT=http://player.{{namespace}}.svc.cluster.local:3000 form_api_endpoint={{form_api_endpoint | default('/plugin/v1/form/read')}} -# Release-3.7.0 -learner_in_memory_cache_ttl={{learner_in_memory_cache_ttl | default(600)}} -user_index_alias={{user_index_alias | default('user_alias')}} -org_index_alias={{org_index_alias | default('org_alias')}} -sunbird_installation_display_name_for_sms=DIKSHA -sunbird_sso_lb_ip={{keycloak_url}} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 6a5a5e9b1f..389b8a4120 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -33,10 +33,11 @@ sunbird_account_name={{sunbird_public_storage_account_name}} sunbird_account_key={{sunbird_public_storage_account_key}} sunbird_quartz_mode={{sunbird_sunbird_quartz_mode}} sunbird_web_url={{sunbird_web_url}} +sunbird_fcm_account_key={{sunbird_fcm_account_key}} sunbird_msg_91_auth={{sunbird_msg_91_auth}} sunbird_msg_sender={{sunbird_msg_sender}} sunbird_installation_email={{sunbird_installation_email}} -{% if (cassandra_cluster_size | int) > 1 %} +{% if groups['cassandra-2'] is defined %} sunbird_cassandra_host={{groups['cassandra']|join(',')}} sunbird_cassandra_port=9042,9042,9042 sunbird_cassandra_consistency_level=quorum @@ -50,6 +51,7 @@ sunbird_mw_system_host=lms-service sunbird_mw_system_port=8088 background_actor_provider=local api_actor_provider=local +badging_authorization_key={{vault_badging_authorization_key}} sunbird_badger_baseurl=http://badger-service:8004 sunbird_remote_req_router_path=akka.tcp://SunbirdMWSystem@actor-service:8088/user/RequestRouter sunbird_remote_bg_req_router_path=akka.tcp://SunbirdMWSystem@actor-service:8088/user/BackgroundRequestRouter @@ -62,7 +64,7 @@ telemetry_queue_threshold_value=100 sunbird_default_channel={{sunbird_default_channel}} sunbird_api_mgr_base_url=http://knowledge-mw-service:5000 sunbird_cs_base_url=http://knowledge-mw-service:5000 -sunbird_cs_search_path=/v1/search +sunbird_cs_search_path=/v1/content/search sunbird_env_logo_url={{sunbird_env_logo_url}} sunbird_user_bulk_upload_size={{sunbird_user_bulk_upload_size}} @@ -98,20 +100,19 @@ sunbird_cache_enable={{sunbird_cache_enable | default(false)}} # Set below variables if above true sunbird_redis_host={{sunbird_redis_host}} sunbird_redis_port={{sunbird_redis_port|default(6379)}} -sunbird_user_org_api_base_url={{ sunbird_user_service_api_base_url }} +sunbird_user_org_api_base_url=http://learner-service:9000 kafka_topics_instruction={{kafka_topics_instruction}} kafka_urls={{kafka_urls}} kafka_topics_certificate_instruction={{kafka_topics_certificate_instruction}} kafka_assessment_topic={{kafka_assessment_topic}} kafka_topics_contentstate_invalid={{kafka_topics_contentstate_invalid}} -kafka_enrolment_sync_topic={{kafka_enrolment_sync_topic}} # Required by lms service to call cert service sunbird_cert_service_base_url=http://cert-service:9000 learning_service_base_url={{sunbird_content_repo_api_base_url}} sunbird_user_search_cretordetails_fields=id,firstName,lastName -sunbird_user_service_api_base_url={{ sunbird_user_service_api_base_url }} +sunbird_user_service_api_base_url={{sunbird_user_service_api_base_url}} limit_managed_user_creation={{limit_managed_user_creation | default(true)}} managed_user_limit={{managed_user_limit | default(30)}} @@ -124,7 +125,8 @@ learning.content.props.to.add={{ learning_content_props_to_add | default('mimeTy group_activity_agg_cache_ttl={{ group_activity_agg_cache_ttl }} group_activity_agg_cache_enable={{ group_activity_agg_cache_enable }} sunbird_env_name={{env_name}} - +content.default.fields=contentid,userid,batchid,courseid,completedcount,completionpercentage,lastcompletedtime,status,viewcount + ## Redis connection detail ## redis.connection.max={{ lms_redis_connection_max | default(64) }} redis.connection.idle.max={{ lms_redis_connection_idle_max | default(32) }} @@ -140,5 +142,5 @@ user_enrolments_response_cache_ttl={{ user_enrolments_response_cache_ttl | defau druid_proxy_api_host={{groups['raw-broker'][0]}} druid_proxy_api_port=8082 druid_proxy_api_endpoint=/druid/v2/ -collection_summary_agg_data_source={{ summary_agg_data_source | default('audit-rollup-syncts') }} +collection_summary_agg_data_source={{ summary_agg_data_source | default('telemetry-events') }} collection_summary_agg_cache_ttl={{ summary_agg_ttl | default(21600) }} diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 22395c9043..0797e68f2c 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -3,7 +3,6 @@ namespace: {{ namespace }} merge_domain_status: {{ merge_domain_status | lower }} service: - annotations: {{nginx_public_ingress_service_annotations | d('') | to_json}} type: {{ nginx_public_ingress_type | default('LoadBalancer') }} {% if nginx_public_ingress_ip is defined %} nginx_public_ingress_ip: {{ nginx_public_ingress_ip }} @@ -81,23 +80,4672 @@ proxyconfig: |- {% if nginx_server_config is defined and nginx_server_config %} {{ nginx_server_config | indent( width=4, indentfirst=True) }} {% endif %} + + # Limitting open connection per ip limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; - return 301 https://{{ proxy_server_name }}$request_uri; + #return 301 https://{{ proxy_server_name }}$request_uri; + return 301 https://{{ proxy_server_name }}$request_uri; + #} } {% endif %} + + server { + listen 3007; + server_name _; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-SSL on; + proxy_set_header X-Forwarded-Proto $scheme; + + location /web-hosted/ { + root /content-mount/web-host; + rewrite ^/web-hosted/(.*) /$1 break; + } + } + + server { + {% if proto=='http' %} + listen 80; + listen [::]:80; + {% else %} + listen 443 ssl; + ssl_certificate /etc/secrets/site.crt; + ssl_certificate_key /etc/secrets/site.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; + {% endif %} + server_name *.{{ proxy_server_name }} {{ proxy_server_name }}; + {# + custom nginx server config section + eg: + nginx_server_config: | + if ($allowed_country = no) { + return 444; + } + #} +{% if nginx_server_config is defined and nginx_server_config %} + {{ nginx_server_config | indent( width=6, indentfirst=True) }} +{% endif %} + # Limitting open connection per ip + limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-SSL on; + proxy_set_header X-Forwarded-Proto $scheme; + + #add_header Content-Security-Policy "frame-ancestors 'self'; frame-src *.youtube.com *.igot-stage.in *.{{ proxy_server_name }};"; + + ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. + resolver {{ kube_dns_ip }} valid=30s; + location ~* ^/auth/(.*)/impersonation { + return 301 {{proto}}://{{ proxy_server_name }}; + } + location ~* ^/auth/realms/master { + return 301 {{proto}}://{{ proxy_server_name }}; + } + location ~* ^/auth/admin/master/console/ { + return 301 {{proto}}://{{ proxy_server_name }}; + } + location ~* ^/auth/realms/(.+)/token/introspect/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/introspect; + } + location ~* ^/auth/realms/(.+)/token/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/; + } + location ~* ^/auth/realms/(.+)/userinfo/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/userinfo/; + } + location ~* ^/auth/realms/(.+)/logout/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/logout/; + } + location ~* ^/auth/realms/(.+)/certs/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/certs/; + } + location ~* ^/auth/realms/(.+)/clients-registrations/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/clients-registrations/; + } + location ~* ^/auth/admin/master/console/ { + return 301 {{proto}}://{{ proxy_server_name }}; + } + location ~* ^/auth/v1/refresh/token { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location /auth/ { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # Caching keycloak static assets + location ~ /auth/resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css)) { + # Enabling caching + proxy_cache_key $proxy_host$request_uri; + proxy_cache proxy_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # This is Caching mechanism for POST requests location search + location ~ /learner/data/v1/location/search { + # Enabling caching + proxy_cache_key "$request_uri|$request_body"; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-static; + } + # Caching for content consumption + location ~ /api/(content/v1/read|course/v1/hierarchy) { + # Enabling caching + proxy_cache_key "$request_uri|$request_body"; + proxy_cache content_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 14400s; + # Increasing the proxy buffer size + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://kong; + } + # This is Caching mechanism for Content search + location ~ /api/content/v1/search { + # Enabling caching + proxy_cache_key "$request_uri|$request_body"; + proxy_cache content_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 14400s; + # Increasing the proxy buffer size + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://kong; + } + # This is Caching mechanism for POST requests + location ~ /api/org/v1/search|/api/data/v1/(form/read|location/search) { + # Enabling caching + proxy_cache_key "$request_uri|$request_body"; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location ~ /api/(framework/v1/read|data/v1/system/settings/get) { + # Enabling caching + proxy_cache_key $proxy_host$request_uri; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + + location /api/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, x-authenticated-user-token, Authorization, Content-Type, user-id, Content-Encoding"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + if ( $arg_eHVyhwSdt ) { + set $custom_header "Bearer $arg_eHVyhwSdt"; + } + if ( $http_authorization ) { + set $custom_header "$http_authorization"; + } + proxy_set_header Authorization $custom_header; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + client_max_body_size 200M; + } + location /apis/ { + # if ($request_method = OPTIONS ) { + # add_header Access-Control-Allow-Origin "*" ; + # add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + # add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; + # add_header Content-Length 0; + # add_header Content-Type text/plain; + # return 200; + #} + # add_header Access-Control-Allow-Origin "*"; + # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + rewrite ^/apis/(.*) /$1 break; + proxy_pass http://ui-proxies:3003; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location /protected/v8/resource/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + # add_header Access-Control-Allow-Origin "*"; + # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_pass http://ui-proxies:3003; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location /nodebb/ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + set $target http://{{ nodebbvmip }}:4567; + proxy_pass $target; + } + + location /content { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host https://igot-content.azureedge.net; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://igot-content.azureedge.net/content; + } + + # Oauth2 config + location /oauth2/ { + set $target http://oauth2-proxy.logging.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Auth-Request-Redirect $request_uri; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location = /oauth2/auth { + set $target http://oauth2-proxy.logging.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + # nginx auth_request includes headers but not body + proxy_set_header Content-Length ""; + proxy_pass_request_body off; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /dashboard/ { + auth_request /oauth2/auth; + error_page 401 = /oauth2/sign_in; + # Setting target url + auth_request_set $target http://{{ kibana_service }}; + # pass information via X-User and X-Email headers to backend, + # requires running with --set-xauthrequest flag + auth_request_set $user $upstream_http_x_auth_request_user; + auth_request_set $email $upstream_http_x_auth_request_email; + proxy_set_header X-User $user; + proxy_set_header X-Email $email; + # if you enabled --cookie-refresh, this is needed for it to work with auth_request + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /grafana/ { + set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; + rewrite ^/grafana/(.*) /$1 break; + proxy_pass $target; + } + location /encryption/ { + set $target http://encryption.{{ namespace }}.svc.cluster.local; + rewrite ^/encryption/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 1; + proxy_send_timeout 30; + proxy_read_timeout 40; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $http_x_forwarded_for; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /badging/ { + set $target http://badger-service.{{ namespace }}.svc.cluster.local:8004; + rewrite ^/badging/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 1; + proxy_send_timeout 30; + proxy_read_timeout 40; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /discussions/ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_redirect off; + # Socket.IO Support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + set $target http://nodebb-service.{{ namespace }}.svc.cluster.local:4567; + #rewrite ^/discussions/(.*) /$1 break; + proxy_pass $target; + } + location ~* ^/assets/public/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "{{upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$bucket/$url_full; + } + location ~* ^/content/preview/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/v3/preview/$url_full; + } + location ~ /content-editor/telemetry|collection-editor/telemetry { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-static; + } + + # Caching ui-static static assets + location ~ /assets(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css)) { + # Enabling caching + proxy_cache_key $proxy_host$request_uri; + proxy_cache proxy_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/assets/(.*) /assets/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://ui-static; + } + location ~* ^/content-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/content-editor/$url_full; + } + location ~* ^/collection-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/collection-editor/$url_full; + } + location ~* ^/generic-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/generic-editor/$url_full; + } + location ~* ^/content-plugins/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/content-plugins/$url_full; + } + location /thirdparty { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-static; + } + location ~* ^/desktop/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $offline_bucket "{{ sunbird_offline_azure_storage_account_url }}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$offline_bucket/$url_full; + } + # compression for svg certs download + location /api/certreg/v2/certs/download { + rewrite ^/api/(.*) /$1 break; + # Compression + gzip on; + gzip_comp_level 5; + gzip_min_length 50000; # 50KB + gzip_proxied any; + gzip_vary on; + # Content types for compression + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + add_header test hello; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location /learner/certreg/v2/certs/download { + # Compression + gzip on; + gzip_comp_level 5; + gzip_min_length 50000; # 50KB + gzip_proxied any; + gzip_vary on; + # Content types for compression + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + add_header test hello; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-static; + } + location / { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-static; + } + location /v3/device/register { + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + proxy_set_header Connection ""; + rewrite ^/v3/device/register/(.*) /v3/device/register/$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + } + location /action/data/v3/metrics { + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + proxy_set_header Connection ""; + rewrite ^/action/data/v3/metrics/(.*) /data/v3/metrics/$1 break; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + } + location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info { + proxy_cache_key $proxy_host$request_uri; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-static; + } + location /api/channel/v1/read { + proxy_cache_key $proxy_host$request_uri; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/api/channel/v1/read/(.*) /channel/v1/read/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location ~ ^/chatapi/ { + set $target http://router-service.{{ namespace }}.svc.cluster.local:8000; + rewrite ^/chatapi/(.*) /$1 break; + proxy_pass $target; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + } + location /oauth2callback { + return 200 'OK'; + add_header Content-Type text/plain; + } + {# Including custom configuration #} + {{ proxy_custom_config }} + + client_max_body_size 200M; + } + + server { + {% if proto=='http' %} + listen 80; + listen [::]:80; + {% else %} + listen 443 ssl; + ssl_certificate /etc/secrets/site.crt; + ssl_certificate_key /etc/secrets/site.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; + {% endif %} + server_name *.ui.{{ proxy_server_name }} ui.{{ proxy_server_name }}; + {# + custom nginx server config section + eg: + nginx_server_config: | + if ($allowed_country = no) { + return 444; + } + #} +{% if nginx_server_config is defined and nginx_server_config %} + {{ nginx_server_config | indent( width=6, indentfirst=True) }} +{% endif %} + # Limitting open connection per ip + limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-SSL on; + proxy_set_header X-Forwarded-Proto $scheme; + ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. + resolver {{ kube_dns_ip }} valid=30s; + location ~* ^/auth/(.*)/impersonation { + return 301 {{proto}}://ui.{{ proxy_server_name }}; + } + location ~* ^/auth/realms/master { + return 301 {{proto}}://ui.{{ proxy_server_name }}; + } + location ~* ^/auth/admin/master/console/ { + return 301 {{proto}}://ui.{{ proxy_server_name }}; + } + location ~* ^/auth/realms/(.+)/token/introspect/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/introspect; + } + location ~* ^/auth/realms/(.+)/token/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/; + } + location ~* ^/auth/realms/(.+)/userinfo/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/userinfo/; + } + location ~* ^/auth/realms/(.+)/logout/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/logout/; + } + location ~* ^/auth/realms/(.+)/certs/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/certs/; + } + location ~* ^/auth/realms/(.+)/clients-registrations/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/clients-registrations/; + } + location ~* ^/auth/admin/master/console/ { + return 301 {{proto}}://ui.{{ proxy_server_name }}; + } + location ~* ^/auth/v1/refresh/token { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location /auth/ { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # Caching keycloak static assets + location ~ /auth/resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css)) { + # Enabling caching + proxy_cache_key $proxy_host$request_uri; + proxy_cache proxy_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # This is Caching mechanism for POST requests location search + location ~ /learner/data/v1/location/search { + # Enabling caching + proxy_cache_key "$request_uri|$request_body"; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + # Caching for content consumption + location ~ /api/(content/v1/read|course/v1/hierarchy) { + # Enabling caching + proxy_cache_key "$request_uri|$request_body"; + proxy_cache content_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 14400s; + # Increasing the proxy buffer size + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://kong; + } + # This is Caching mechanism for Content search + location ~ /api/content/v1/search { + # Enabling caching + proxy_cache_key "$request_uri|$request_body"; + proxy_cache content_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 14400s; + # Increasing the proxy buffer size + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://kong; + } + # This is Caching mechanism for POST requests + location ~ /api/org/v1/search|/api/data/v1/(form/read|location/search) { + # Enabling caching + proxy_cache_key "$request_uri|$request_body"; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location ~ /api/(framework/v1/read|data/v1/system/settings/get) { + # Enabling caching + proxy_cache_key $proxy_host$request_uri; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + + location /api/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + if ( $arg_eHVyhwSdt ) { + set $custom_header "Bearer $arg_eHVyhwSdt"; + } + if ( $http_authorization ) { + set $custom_header "$http_authorization"; + } + proxy_set_header Authorization $custom_header; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location /apis/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + rewrite ^/apis/(.*) /$1 break; + proxy_pass http://ui-proxies:3003; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + location /nodebb/ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + set $target http://10.0.0.12:4567; + proxy_pass $target; + } + # Oauth2 config + location /oauth2/ { + set $target http://oauth2-proxy.logging.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Auth-Request-Redirect $request_uri; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location = /oauth2/auth { + set $target http://oauth2-proxy.logging.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + # nginx auth_request includes headers but not body + proxy_set_header Content-Length ""; + proxy_pass_request_body off; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /dashboard/ { + auth_request /oauth2/auth; + error_page 401 = /oauth2/sign_in; + # Setting target url + auth_request_set $target http://{{ kibana_service }}; + # pass information via X-User and X-Email headers to backend, + # requires running with --set-xauthrequest flag + auth_request_set $user $upstream_http_x_auth_request_user; + auth_request_set $email $upstream_http_x_auth_request_email; + proxy_set_header X-User $user; + proxy_set_header X-Email $email; + # if you enabled --cookie-refresh, this is needed for it to work with auth_request + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /grafana/ { + set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; + rewrite ^/grafana/(.*) /$1 break; + proxy_pass $target; + } + location /encryption/ { + set $target http://encryption.{{ namespace }}.svc.cluster.local; + rewrite ^/encryption/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 1; + proxy_send_timeout 30; + proxy_read_timeout 40; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $http_x_forwarded_for; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /badging/ { + set $target http://badger-service.{{ namespace }}.svc.cluster.local:8004; + rewrite ^/badging/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 1; + proxy_send_timeout 30; + proxy_read_timeout 40; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /discussions/ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_redirect off; + # Socket.IO Support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + set $target http://nodebb-service.{{ namespace }}.svc.cluster.local:4567; + #rewrite ^/discussions/(.*) /$1 break; + proxy_pass $target; + } + location ~* ^/assets/public/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "{{upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$bucket/$url_full; + } + location ~* ^/content/preview/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/v3/preview/$url_full; + } + location ~ /content-editor/telemetry|collection-editor/telemetry { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location ~* ^/content-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/content-editor/$url_full; + } + location ~* ^/collection-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/collection-editor/$url_full; + } + location ~* ^/generic-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/generic-editor/$url_full; + } + location ~* ^/content-plugins/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/content-plugins/$url_full; + } + location /thirdparty { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location ~* ^/desktop/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $offline_bucket "{{ sunbird_offline_azure_storage_account_url }}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$offline_bucket/$url_full; + } + # compression for svg certs download + location /api/certreg/v2/certs/download { + rewrite ^/api/(.*) /$1 break; + # Compression + gzip on; + gzip_comp_level 5; + gzip_min_length 50000; # 50KB + gzip_proxied any; + gzip_vary on; + # Content types for compression + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + add_header test hello; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location /learner/certreg/v2/certs/download { + # Compression + gzip on; + gzip_comp_level 5; + gzip_min_length 50000; # 50KB + gzip_proxied any; + gzip_vary on; + # Content types for compression + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + add_header test hello; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location / { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location /v3/device/register { + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + proxy_set_header Connection ""; + rewrite ^/v3/device/register/(.*) /v3/device/register/$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + } + location /action/data/v3/metrics { + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + proxy_set_header Connection ""; + rewrite ^/action/data/v3/metrics/(.*) /data/v3/metrics/$1 break; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + } + location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info { + proxy_cache_key $proxy_host$request_uri; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location /api/channel/v1/read { + proxy_cache_key $proxy_host$request_uri; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/api/channel/v1/read/(.*) /channel/v1/read/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location ~ ^/chatapi/ { + set $target http://router-service.{{ namespace }}.svc.cluster.local:8000; + rewrite ^/chatapi/(.*) /$1 break; + proxy_pass $target; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + } + location /oauth2callback { + return 200 'OK'; + add_header Content-Type text/plain; + } + {# Including custom configuration #} + {{ proxy_custom_config }} + + client_max_body_size 200M; + + } + + server { + if ($host = cbp.{{ proxy_server_name }}) { + return 301 https://$host$request_uri; + } + + listen 80; + server_name cbp.{{ proxy_server_name }}; + return 404; + } + + server { + listen 443 ssl; + ssl_certificate /etc/secrets/site.crt; + ssl_certificate_key /etc/secrets/site.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; + server_name *.cbp.{{ proxy_server_name }} cbp.{{ proxy_server_name }}; + {# + custom nginx server config section + eg: + nginx_server_config: | + if ($allowed_country = no) { + return 444; + } + #} +{% if nginx_server_config is defined and nginx_server_config %} + {{ nginx_server_config | indent( width=6, indentfirst=True) }} +{% endif %} + # Limitting open connection per ip + limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-SSL on; + proxy_set_header X-Forwarded-Proto $scheme; + ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. + resolver {{ kube_dns_ip }} valid=30s; + location ~* ^/auth/(.*)/impersonation { + return 301 {{proto}}://cbp.{{ proxy_server_name }}; + } + location ~* ^/auth/realms/master { + return 301 {{proto}}://cbp.{{ proxy_server_name }}; + } + location ~* ^/auth/admin/master/console/ { + return 301 {{proto}}://cbp.{{ proxy_server_name }}; + } + location ~* ^/auth/realms/(.+)/token/introspect/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/introspect; + } + location ~* ^/auth/realms/(.+)/token/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/; + } + location ~* ^/auth/realms/(.+)/userinfo/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/userinfo/; + } + location ~* ^/auth/realms/(.+)/logout/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/logout/; + } + location ~* ^/auth/realms/(.+)/certs/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/certs/; + } + location ~* ^/auth/realms/(.+)/clients-registrations/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/clients-registrations/; + } + location ~* ^/auth/admin/master/console/ { + return 301 {{proto}}://cbp.{{ proxy_server_name }}; + } + location ~* ^/auth/v1/refresh/token { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location /auth/ { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # Caching keycloak static assets + location ~ /auth/resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css)) { + # Enabling caching + proxy_cache_key $proxy_host$request_uri; + proxy_cache proxy_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # This is Caching mechanism for POST requests location search + location ~ /learner/data/v1/location/search { + # Enabling caching + proxy_cache_key "$request_uri|$request_body"; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-cbp-igot; + } + # Caching for content consumption + location ~ /api/(content/v1/read|course/v1/hierarchy) { + # Enabling caching + proxy_cache_key "$request_uri|$request_body"; + proxy_cache content_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 14400s; + # Increasing the proxy buffer size + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://kong; + } + # This is Caching mechanism for Content search + location ~ /api/content/v1/search { + # Enabling caching + proxy_cache_key "$request_uri|$request_body"; + proxy_cache content_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 14400s; + # Increasing the proxy buffer size + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://kong; + } + # This is Caching mechanism for POST requests + location ~ /api/org/v1/search|/api/data/v1/(form/read|location/search) { + # Enabling caching + proxy_cache_key "$request_uri|$request_body"; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location ~ /api/(framework/v1/read|data/v1/system/settings/get) { + # Enabling caching + proxy_cache_key $proxy_host$request_uri; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + + location /api/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + if ( $arg_eHVyhwSdt ) { + set $custom_header "Bearer $arg_eHVyhwSdt"; + } + if ( $http_authorization ) { + set $custom_header "$http_authorization"; + } + proxy_set_header Authorization $custom_header; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location /apis/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + rewrite ^/apis/(.*) /$1 break; + proxy_pass http://ui-proxies:3003; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location /protected/v8/resource/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + # add_header Access-Control-Allow-Origin "*"; + # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_pass http://ui-proxies:3003; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location /nodebb/ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + set $target http://{{ nodebbvmip }}:4567; + proxy_pass $target; + } + # Oauth2 config + location /oauth2/ { + set $target http://oauth2-proxy.logging.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Auth-Request-Redirect $request_uri; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location = /oauth2/auth { + set $target http://oauth2-proxy.logging.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + # nginx auth_request includes headers but not body + proxy_set_header Content-Length ""; + proxy_pass_request_body off; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /dashboard/ { + auth_request /oauth2/auth; + error_page 401 = /oauth2/sign_in; + # Setting target url + auth_request_set $target http://{{ kibana_service }}; + # pass information via X-User and X-Email headers to backend, + # requires running with --set-xauthrequest flag + auth_request_set $user $upstream_http_x_auth_request_user; + auth_request_set $email $upstream_http_x_auth_request_email; + proxy_set_header X-User $user; + proxy_set_header X-Email $email; + # if you enabled --cookie-refresh, this is needed for it to work with auth_request + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /grafana/ { + set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; + rewrite ^/grafana/(.*) /$1 break; + proxy_pass $target; + } + location /encryption/ { + set $target http://encryption.{{ namespace }}.svc.cluster.local; + rewrite ^/encryption/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 1; + proxy_send_timeout 30; + proxy_read_timeout 40; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $http_x_forwarded_for; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /badging/ { + set $target http://badger-service.{{ namespace }}.svc.cluster.local:8004; + rewrite ^/badging/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 1; + proxy_send_timeout 30; + proxy_read_timeout 40; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /discussions/ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_redirect off; + # Socket.IO Support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + set $target http://nodebb-service.{{ namespace }}.svc.cluster.local:4567; + #rewrite ^/discussions/(.*) /$1 break; + proxy_pass $target; + } + location ~* ^/assets/public/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "{{upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$bucket/$url_full; + } + location ~* ^/content/preview/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/v3/preview/$url_full; + } + location ~ /content-editor/telemetry|collection-editor/telemetry { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-cbp-igot; + } + location ~* ^/content-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/content-editor/$url_full; + } + location ~* ^/collection-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/collection-editor/$url_full; + } + location ~* ^/generic-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/generic-editor/$url_full; + } + location ~* ^/content-plugins/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/content-plugins/$url_full; + } + location /thirdparty { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-cbp-igot; + } + location ~* ^/desktop/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $offline_bucket "{{ sunbird_offline_azure_storage_account_url }}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$offline_bucket/$url_full; + } + # compression for svg certs download + location /api/certreg/v2/certs/download { + rewrite ^/api/(.*) /$1 break; + # Compression + gzip on; + gzip_comp_level 5; + gzip_min_length 50000; # 50KB + gzip_proxied any; + gzip_vary on; + # Content types for compression + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + add_header test hello; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location /learner/certreg/v2/certs/download { + # Compression + gzip on; + gzip_comp_level 5; + gzip_min_length 50000; # 50KB + gzip_proxied any; + gzip_vary on; + # Content types for compression + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + add_header test hello; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-cbp-igot; + } + location / { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-cbp-igot; + } + location /v3/device/register { + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + proxy_set_header Connection ""; + rewrite ^/v3/device/register/(.*) /v3/device/register/$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + } + location /action/data/v3/metrics { + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + proxy_set_header Connection ""; + rewrite ^/action/data/v3/metrics/(.*) /data/v3/metrics/$1 break; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + } + location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info { + proxy_cache_key $proxy_host$request_uri; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-cbp-igot; + } + location /api/channel/v1/read { + proxy_cache_key $proxy_host$request_uri; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/api/channel/v1/read/(.*) /channel/v1/read/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location ~ ^/chatapi/ { + set $target http://router-service.{{ namespace }}.svc.cluster.local:8000; + rewrite ^/chatapi/(.*) /$1 break; + proxy_pass $target; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + } + location /oauth2callback { + return 200 'OK'; + add_header Content-Type text/plain; + } + {# Including custom configuration #} + {{ proxy_custom_config }} + + client_max_body_size 200M; + + } + + server { + if ($host = cbc.{{ proxy_server_name }}) { + return 301 https://$host$request_uri; + } + + listen 80; + server_name cbc.{{ proxy_server_name }}; + return 404; + } + + server { + listen 443 ssl; + ssl_certificate /etc/secrets/site.crt; + ssl_certificate_key /etc/secrets/site.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; + server_name *.cbc.{{ proxy_server_name }} cbc.{{ proxy_server_name }}; + {# + custom nginx server config section + eg: + nginx_server_config: | + if ($allowed_country = no) { + return 444; + } + #} +{% if nginx_server_config is defined and nginx_server_config %} + {{ nginx_server_config | indent( width=6, indentfirst=True) }} +{% endif %} + # Limitting open connection per ip + limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-SSL on; + proxy_set_header X-Forwarded-Proto $scheme; + ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. + resolver {{ kube_dns_ip }} valid=30s; + location ~* ^/auth/(.*)/impersonation { + return 301 {{proto}}://cbc.{{ proxy_server_name }}; + } + location ~* ^/auth/realms/master { + return 301 {{proto}}://cbc.{{ proxy_server_name }}; + } + location ~* ^/auth/admin/master/console/ { + return 301 {{proto}}://cbc.{{ proxy_server_name }}; + } + location ~* ^/auth/realms/(.+)/token/introspect/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/introspect; + } + location ~* ^/auth/realms/(.+)/token/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/; + } + location ~* ^/auth/realms/(.+)/userinfo/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/userinfo/; + } + location ~* ^/auth/realms/(.+)/logout/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/logout/; + } + location ~* ^/auth/realms/(.+)/certs/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/certs/; + } + location ~* ^/auth/realms/(.+)/clients-registrations/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/clients-registrations/; + } + location ~* ^/auth/admin/master/console/ { + return 301 {{proto}}://cbc.{{ proxy_server_name }}; + } + location ~* ^/auth/v1/refresh/token { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location /auth/ { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # Caching keycloak static assets + location ~ /auth/resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css)) { + # Enabling caching + proxy_cache_key $proxy_host$request_uri; + proxy_cache proxy_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # This is Caching mechanism for POST requests location search + location ~ /learner/data/v1/location/search { + # Enabling caching + proxy_cache_key "$request_uri|$request_body"; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-cbp-igot; + } + location /api/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + if ( $arg_eHVyhwSdt ) { + set $custom_header "Bearer $arg_eHVyhwSdt"; + } + if ( $http_authorization ) { + set $custom_header "$http_authorization"; + } + proxy_set_header Authorization $custom_header; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location / { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-cbc-igot; + } + location /apis/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + rewrite ^/apis/(.*) /$1 break; + proxy_pass http://ui-proxies:3003; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location /protected/v8/resource/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + # add_header Access-Control-Allow-Origin "*"; + # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_pass http://ui-proxies:3003; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info { + proxy_cache_key $proxy_host$request_uri; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-cbc-igot; + } + location /oauth2callback { + return 200 'OK'; + add_header Content-Type text/plain; + } + {# Including custom configuration #} + {{ proxy_custom_config }} + + client_max_body_size 200M; + + } + + + server { + if ($host = spv.{{ proxy_server_name }}) { + return 301 https://$host$request_uri; + } + + listen 80; + server_name spv.{{ proxy_server_name }}; + return 404; + } + + server { + listen 443 ssl; + ssl_certificate /etc/secrets/site.crt; + ssl_certificate_key /etc/secrets/site.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; + server_name *.spv.{{ proxy_server_name }} spv.{{ proxy_server_name }}; + {# + custom nginx server config section + eg: + nginx_server_config: | + if ($allowed_country = no) { + return 444; + } + #} +{% if nginx_server_config is defined and nginx_server_config %} + {{ nginx_server_config | indent( width=6, indentfirst=True) }} +{% endif %} + # Limitting open connection per ip + limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-SSL on; + proxy_set_header X-Forwarded-Proto $scheme; + ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. + resolver {{ kube_dns_ip }} valid=30s; + location ~* ^/auth/(.*)/impersonation { + return 301 {{proto}}://spv.{{ proxy_server_name }}; + } + location ~* ^/auth/realms/master { + return 301 {{proto}}://spv.{{ proxy_server_name }}; + } + location ~* ^/auth/admin/master/console/ { + return 301 {{proto}}://spv.{{ proxy_server_name }}; + } + location ~* ^/auth/realms/(.+)/token/introspect/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/introspect; + } + location ~* ^/auth/realms/(.+)/token/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/; + } + location ~* ^/auth/realms/(.+)/userinfo/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/userinfo/; + } + location ~* ^/auth/realms/(.+)/logout/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/logout/; + } + location ~* ^/auth/realms/(.+)/certs/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/certs/; + } + location ~* ^/auth/realms/(.+)/clients-registrations/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/clients-registrations/; + } + location ~* ^/auth/admin/master/console/ { + return 301 {{proto}}://spv.{{ proxy_server_name }}; + } + location ~* ^/auth/v1/refresh/token { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location /auth/ { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # Caching keycloak static assets + location ~ /auth/resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css)) { + # Enabling caching + proxy_cache_key $proxy_host$request_uri; + proxy_cache proxy_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # This is Caching mechanism for POST requests location search + location ~ /learner/data/v1/location/search { + # Enabling caching + proxy_cache_key "$request_uri|$request_body"; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-cbp-igot; + } + # Caching for content consumption + location ~ /api/(content/v1/read|course/v1/hierarchy) { + # Enabling caching + proxy_cache_key "$request_uri|$request_body"; + proxy_cache content_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 14400s; + # Increasing the proxy buffer size + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://kong; + } + # This is Caching mechanism for Content search + location ~ /api/content/v1/search { + # Enabling caching + proxy_cache_key "$request_uri|$request_body"; + proxy_cache content_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 14400s; + # Increasing the proxy buffer size + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://kong; + } + # This is Caching mechanism for POST requests + location ~ /api/org/v1/search|/api/data/v1/(form/read|location/search) { + # Enabling caching + proxy_cache_key "$request_uri|$request_body"; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location ~ /api/(framework/v1/read|data/v1/system/settings/get) { + # Enabling caching + proxy_cache_key $proxy_host$request_uri; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + + location /api/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + if ( $arg_eHVyhwSdt ) { + set $custom_header "Bearer $arg_eHVyhwSdt"; + } + if ( $http_authorization ) { + set $custom_header "$http_authorization"; + } + proxy_set_header Authorization $custom_header; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location /apis/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + rewrite ^/apis/(.*) /$1 break; + proxy_pass http://ui-proxies:3003; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location /protected/v8/resource/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + # add_header Access-Control-Allow-Origin "*"; + # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_pass http://ui-proxies:3003; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location /nodebb/ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + set $target http://{{ nodebbvmip }}:4567; + proxy_pass $target; + } + # Oauth2 config + location /oauth2/ { + set $target http://oauth2-proxy.logging.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Auth-Request-Redirect $request_uri; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location = /oauth2/auth { + set $target http://oauth2-proxy.logging.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + # nginx auth_request includes headers but not body + proxy_set_header Content-Length ""; + proxy_pass_request_body off; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /dashboard/ { + auth_request /oauth2/auth; + error_page 401 = /oauth2/sign_in; + # Setting target url + auth_request_set $target http://{{ kibana_service }}; + # pass information via X-User and X-Email headers to backend, + # requires running with --set-xauthrequest flag + auth_request_set $user $upstream_http_x_auth_request_user; + auth_request_set $email $upstream_http_x_auth_request_email; + proxy_set_header X-User $user; + proxy_set_header X-Email $email; + # if you enabled --cookie-refresh, this is needed for it to work with auth_request + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /grafana/ { + set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; + rewrite ^/grafana/(.*) /$1 break; + proxy_pass $target; + } + location /encryption/ { + set $target http://encryption.{{ namespace }}.svc.cluster.local; + rewrite ^/encryption/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 1; + proxy_send_timeout 30; + proxy_read_timeout 40; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $http_x_forwarded_for; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /badging/ { + set $target http://badger-service.{{ namespace }}.svc.cluster.local:8004; + rewrite ^/badging/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 1; + proxy_send_timeout 30; + proxy_read_timeout 40; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /discussions/ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_redirect off; + # Socket.IO Support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + set $target http://nodebb-service.{{ namespace }}.svc.cluster.local:4567; + #rewrite ^/discussions/(.*) /$1 break; + proxy_pass $target; + } + location ~* ^/assets/public/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "{{upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$bucket/$url_full; + } + location ~* ^/content/preview/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/v3/preview/$url_full; + } + location ~ /content-editor/telemetry|collection-editor/telemetry { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-cbp-igot; + } + location ~* ^/content-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/content-editor/$url_full; + } + location ~* ^/collection-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/collection-editor/$url_full; + } + location ~* ^/generic-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/generic-editor/$url_full; + } + location ~* ^/content-plugins/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $s3_bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$s3_bucket/content-plugins/$url_full; + } + location /thirdparty { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-cbp-igot; + } + location ~* ^/desktop/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $offline_bucket "{{ sunbird_offline_azure_storage_account_url }}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[0]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$offline_bucket/$url_full; + } + # compression for svg certs download + location /api/certreg/v2/certs/download { + rewrite ^/api/(.*) /$1 break; + # Compression + gzip on; + gzip_comp_level 5; + gzip_min_length 50000; # 50KB + gzip_proxied any; + gzip_vary on; + # Content types for compression + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + add_header test hello; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location /learner/certreg/v2/certs/download { + # Compression + gzip on; + gzip_comp_level 5; + gzip_min_length 50000; # 50KB + gzip_proxied any; + gzip_vary on; + # Content types for compression + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + add_header test hello; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-cbp-igot; + } + location / { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-spv-igot; + } + location /v3/device/register { + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + proxy_set_header Connection ""; + rewrite ^/v3/device/register/(.*) /v3/device/register/$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + } + location /action/data/v3/metrics { + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + proxy_set_header Connection ""; + rewrite ^/action/data/v3/metrics/(.*) /data/v3/metrics/$1 break; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + } + location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info { + proxy_cache_key $proxy_host$request_uri; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://ui-cbp-igot; + } + location /api/channel/v1/read { + proxy_cache_key $proxy_host$request_uri; + proxy_cache framework_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/api/channel/v1/read/(.*) /channel/v1/read/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location ~ ^/chatapi/ { + set $target http://router-service.{{ namespace }}.svc.cluster.local:8000; + rewrite ^/chatapi/(.*) /$1 break; + proxy_pass $target; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + } + location /oauth2callback { + return 200 'OK'; + add_header Content-Type text/plain; + } + {# Including custom configuration #} + {{ proxy_custom_config }} + + client_max_body_size 200M; + + } + + server { + if ($host = frac.{{ proxy_server_name }}) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + server_name frac.{{ proxy_server_name }}; + return 404; # managed by Certbot + } + + server { + listen 443 ssl; + ssl_certificate /etc/secrets/site.crt; + ssl_certificate_key /etc/secrets/site.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; + server_name *.frac.{{ proxy_server_name }} frac.{{ proxy_server_name }}; + {# + custom nginx server config section + eg: + nginx_server_config: | + if ($allowed_country = no) { + return 444; + } + #} +{% if nginx_server_config is defined and nginx_server_config %} + {{ nginx_server_config | indent( width=6, indentfirst=True) }} +{% endif %} + # Limitting open connection per ip + limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-SSL on; + proxy_set_header X-Forwarded-Proto $scheme; + ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. + resolver {{ kube_dns_ip }} valid=30s; + + location /auth/ { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + + location /protected/v8/resource/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + # add_header Access-Control-Allow-Origin "*"; + # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_pass http://ui-proxies:3003; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + + location / { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://frac-web-service; + } + + location /fracapis/ { + + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + # add_header Access-Control-Allow-Origin "*"; + # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + rewrite ^/fracapis/(.*) /$1 break; + proxy_pass http://frac-backend-service:8095; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location /socket.io/ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + + proxy_pass http://frac-collab-service:8080/socket.io/; + proxy_redirect off; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + location /fraccollab/ { + + # add_header Access-Control-Allow-Origin "*"; + # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + add_header Access-Control-Allow-Headers "*" ; + add_header Access-Control-Allow-Origin "*" ; + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + rewrite ^/fraccollab/(.*) /$1 break; + proxy_pass http://frac-collab-service:8080; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + + + } + + location /oauth2callback { + return 200 'OK'; + add_header Content-Type text/plain; + } + {# Including custom configuration #} + {{ proxy_custom_config }} + + client_max_body_size 200M; + + } + + server { + if ($host = pm-survey.{{ proxy_server_name }}) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + server_name pm-survey.{{ proxy_server_name }}; + return 404; # managed by Certbot + } + + server { + listen 443 ssl; + ssl_certificate /etc/secrets/site.crt; + ssl_certificate_key /etc/secrets/site.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; + server_name *.pm-survey.{{ proxy_server_name }} pm-survey.{{ proxy_server_name }}; + {# + custom nginx server config section + eg: + nginx_server_config: | + if ($allowed_country = no) { + return 444; + } + #} +{% if nginx_server_config is defined and nginx_server_config %} + {{ nginx_server_config | indent( width=6, indentfirst=True) }} +{% endif %} + # Limitting open connection per ip + limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-SSL on; + proxy_set_header X-Forwarded-Proto $scheme; + ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. + resolver {{ kube_dns_ip }} valid=30s; + + location / { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://pm-microsurvey-web-service:5000; + } + + location /api/ { + + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + rewrite ^/api/(.*) /$1 break; + proxy_pass http://pm-microsurvey-service:8099; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location /oauth2callback { + return 200 'OK'; + add_header Content-Type text/plain; + } + {# Including custom configuration #} + {{ proxy_custom_config }} + + client_max_body_size 200M; + + } + + server { + if ($host = frac-dictionary.{{ proxy_server_name }}) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + server_name frac-dictionary.{{ proxy_server_name }}; + return 404; # managed by Certbot + } + + server { + listen 443 ssl; + ssl_certificate /etc/secrets/site.crt; + ssl_certificate_key /etc/secrets/site.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; + server_name *.frac-dictionary.{{ proxy_server_name }} frac-dictionary.{{ proxy_server_name }}; + {# + custom nginx server config section + eg: + nginx_server_config: | + if ($allowed_country = no) { + return 444; + } + #} +{% if nginx_server_config is defined and nginx_server_config %} + {{ nginx_server_config | indent( width=6, indentfirst=True) }} +{% endif %} + # Limitting open connection per ip + limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-SSL on; + proxy_set_header X-Forwarded-Proto $scheme; + ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. + resolver {{ kube_dns_ip }} valid=30s; + + location / { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://frac-dictionary-service:3040; + } + + location /oauth2callback { + return 200 'OK'; + add_header Content-Type text/plain; + } + {# Including custom configuration #} + {{ proxy_custom_config }} + + client_max_body_size 200M; + + } + + server { + if ($host = officer-survey.{{ proxy_server_name }}) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + server_name officer-survey.{{ proxy_server_name }}; + return 404; # managed by Certbot + } + + server { + listen 443 ssl; + ssl_certificate /etc/secrets/site.crt; + ssl_certificate_key /etc/secrets/site.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; + server_name *.officer-survey.{{ proxy_server_name }} officer-survey.{{ proxy_server_name }}; + {# + custom nginx server config section + eg: + nginx_server_config: | + if ($allowed_country = no) { + return 444; + } + + #} +{% if nginx_server_config is defined and nginx_server_config %} + {{ nginx_server_config | indent( width=6, indentfirst=True) }} +{% endif %} + # Limitting open connection per ip + limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-SSL on; + proxy_set_header X-Forwarded-Proto $scheme; + ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. + resolver {{ kube_dns_ip }} valid=30s; + + location / { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://wat-sourcing-web-service; + } + + location /watapis { + + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + rewrite ^/watapis/(.*) /$1 break; + proxy_pass http://wat-sourcing-service:5000; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location /oauth2callback { + return 200 'OK'; + add_header Content-Type text/plain; + } + {# Including custom configuration #} + {{ proxy_custom_config }} + + client_max_body_size 200M; + + } + + server { + if ($host = vega-console.{{ proxy_server_name }}) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + server_name vega-console.{{ proxy_server_name }}; + return 404; # managed by Certbot + } + server { + listen 443 ssl; + ssl_certificate /etc/secrets/site.crt; + ssl_certificate_key /etc/secrets/site.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; + server_name *.vega-console.{{ proxy_server_name }} vega-console.{{ proxy_server_name }}; + {# + custom nginx server config section + eg: + nginx_server_config: | + if ($allowed_country = no) { + return 444; + } + + #} +{% if nginx_server_config is defined and nginx_server_config %} + {{ nginx_server_config | indent( width=6, indentfirst=True) }} +{% endif %} + # Limitting open connection per ip + limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-SSL on; + proxy_set_header X-Forwarded-Proto $scheme; + ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. + resolver {{ kube_dns_ip }} valid=30s; + + location / { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://vega-web-service; + } + + location /vegaapis { + + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + rewrite ^/vegaapis/(.*) /$1 break; + proxy_pass http://vega-console-service:8081; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location /router { + + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + rewrite ^/router/(.*) /$1 break; + proxy_pass http://vega-router-service:80; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location /socket.io/ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + + proxy_pass http://vega-router-service:80/socket.io/; + proxy_redirect off; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + location /oauth2callback { + return 200 'OK'; + add_header Content-Type text/plain; + } + {# Including custom configuration #} + {{ proxy_custom_config }} + + client_max_body_size 200M; + + } + + server { + if ($host = pm.{{ proxy_server_name }}) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + server_name pm.{{ proxy_server_name }}; + return 404; # managed by Certbot + } + + server { + listen 443 ssl; + ssl_certificate /etc/secrets/site.crt; + ssl_certificate_key /etc/secrets/site.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; + server_name *.pm.{{ proxy_server_name }} pm.{{ proxy_server_name }}; + {# + custom nginx server config section + eg: + nginx_server_config: | + if ($allowed_country = no) { + return 444; + } + #} +{% if nginx_server_config is defined and nginx_server_config %} + {{ nginx_server_config | indent( width=6, indentfirst=True) }} +{% endif %} + # Limitting open connection per ip + limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-SSL on; + proxy_set_header X-Forwarded-Proto $scheme; + ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. + resolver {{ kube_dns_ip }} valid=30s; + + location /auth/ { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + + location /protected/v8/resource/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + # add_header Access-Control-Allow-Origin "*"; + # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_pass http://ui-proxies:3003; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location / { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://pm-web-service; + } + + location /pmapis/ { + + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + rewrite ^/pmapis/(.*) /$1 break; + proxy_pass http://pm-analytics-service:8091; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location /oauth2callback { + return 200 'OK'; + add_header Content-Type text/plain; + } + {# Including custom configuration #} + {{ proxy_custom_config }} + + client_max_body_size 200M; + + } + + server { + if ($host = console.{{ proxy_server_name }}) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + server_name console.{{ proxy_server_name }}; + return 404; # managed by Certbot + } + + server { + listen 443 ssl; + ssl_certificate /etc/secrets/site.crt; + ssl_certificate_key /etc/secrets/site.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; + server_name *.console.{{ proxy_server_name }} console.{{ proxy_server_name }}; + {# + custom nginx server config section + eg: + nginx_server_config: | + if ($allowed_country = no) { + return 444; + } + #} +{% if nginx_server_config is defined and nginx_server_config %} + {{ nginx_server_config | indent( width=6, indentfirst=True) }} +{% endif %} + # Limitting open connection per ip + limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-SSL on; + proxy_set_header X-Forwarded-Proto $scheme; + ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. + resolver {{ kube_dns_ip }} valid=30s; + + location /auth/ { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + + location /protected/v8/resource/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + # add_header Access-Control-Allow-Origin "*"; + # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_pass http://ui-proxies:3003; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location / { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://developer-console-web-portal:5000; + } + + location /apis/ { + + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + rewrite ^/apis/(.*) /$1 break; + proxy_pass http://developer-console-service:8080; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location /oauth2callback { + return 200 'OK'; + add_header Content-Type text/plain; + } + {# Including custom configuration #} + {{ proxy_custom_config }} + + client_max_body_size 200M; + + } + + + server { + if ($host = mdo.{{ proxy_server_name }}) { + return 301 https://$host$request_uri; + } + + listen 80; + server_name mdo.{{ proxy_server_name }}; + return 404; + } + server { - {% if proto=='http' %} - listen 80; - listen [::]:80; - {% else %} listen 443 ssl; ssl_certificate /etc/secrets/site.crt; ssl_certificate_key /etc/secrets/site.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; - {% endif %} - server_name *.{{ proxy_server_name }} {{ proxy_server_name }}; + server_name *.mdo.{{ proxy_server_name }} mdo.{{ proxy_server_name }}; {# custom nginx server config section eg: @@ -117,14 +4765,43 @@ proxyconfig: |- proxy_set_header X-Forwarded-Proto $scheme; ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. resolver {{ kube_dns_ip }} valid=30s; - # Mobile Devices Refresh token Endpoints + location ~* ^/auth/(.*)/impersonation { + return 301 {{proto}}://mdo.{{ proxy_server_name }}; + } + location ~* ^/auth/realms/master { + return 301 {{proto}}://mdo.{{ proxy_server_name }}; + } + location ~* ^/auth/admin/master/console/ { + return 301 {{proto}}://mdo.{{ proxy_server_name }}; + } + location ~* ^/auth/realms/(.+)/token/introspect/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/introspect; + } + location ~* ^/auth/realms/(.+)/token/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/; + } + location ~* ^/auth/realms/(.+)/userinfo/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/userinfo/; + } + location ~* ^/auth/realms/(.+)/logout/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/logout/; + } + location ~* ^/auth/realms/(.+)/certs/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/certs/; + } + location ~* ^/auth/realms/(.+)/clients-registrations/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/clients-registrations/; + } + location ~* ^/auth/admin/master/console/ { + return 301 {{proto}}://mdo.{{ proxy_server_name }}; + } location ~* ^/auth/v1/refresh/token { rewrite ^/auth/(.*) /auth/$1 break; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 5; proxy_send_timeout 60; @@ -133,64 +4810,47 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://kong; } - # Admin API Endpoints for sunbird realm fpr forgot password flow - location ~ /auth/admin/realms/sunbird/users/ { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # Sunbird realm keycloak API endpoints - location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) { + location /auth/ { rewrite ^/auth/(.*) /auth/$1 break; proxy_set_header X-Request-ID $sb_request_id; proxy_set_header Host $host; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Connection ""; proxy_http_version 1.1; proxy_pass http://keycloak; } - # Static Assets for keycloak endpoints with caching - location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) { + # Caching keycloak static assets + location ~ /auth/resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css)) { # Enabling caching proxy_cache_key $proxy_host$request_uri; - proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}}; + proxy_cache proxy_cache; add_header X-Proxy-Cache $upstream_cache_status; add_header X-Proxy-Cache-Date $upstream_http_date; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + proxy_cache_valid 200 43200; rewrite ^/auth/(.*) /auth/$1 break; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_connect_timeout 5; proxy_send_timeout 60; proxy_read_timeout 70; proxy_http_version 1.1; proxy_pass http://keycloak; - } + } # This is Caching mechanism for POST requests location search location ~ /learner/data/v1/location/search { - # Enabling compression - include /etc/nginx/defaults.d/compression.conf; # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; + proxy_cache_key "$request_uri|$request_body"; + proxy_cache framework_cache; add_header X-Proxy-Cache $upstream_cache_status; add_header X-Proxy-Cache-Date $upstream_http_date; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; @@ -198,7 +4858,7 @@ proxyconfig: |- proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + proxy_cache_valid 200 43200; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; @@ -209,16 +4869,13 @@ proxyconfig: |- proxy_read_timeout 70; proxy_http_version 1.1; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; + proxy_pass http://ui-cbp-igot; } # Caching for content consumption - location ~ /api/(content/v1/read|course/v1/hierarchy|course/v1/batch/read) { - # Enabling compression - include /etc/nginx/defaults.d/compression.conf; + location ~ /api/(content/v1/read|course/v1/hierarchy) { # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.large_cache.keys_zone.split(':') | first}}; + proxy_cache_key "$request_uri|$request_body"; + proxy_cache content_cache; add_header X-Proxy-Cache $upstream_cache_status; add_header X-Proxy-Cache-Date $upstream_http_date; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; @@ -226,7 +4883,7 @@ proxyconfig: |- proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.medium_validity}}; + proxy_cache_valid 200 14400s; # Increasing the proxy buffer size proxy_buffer_size 16k; proxy_busy_buffers_size 16k; @@ -243,12 +4900,9 @@ proxyconfig: |- } # This is Caching mechanism for Content search location ~ /api/content/v1/search { - # Enabling compression - include /etc/nginx/defaults.d/compression.conf; # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.large_cache.keys_zone.split(':') | first}}; + proxy_cache_key "$request_uri|$request_body"; + proxy_cache content_cache; add_header X-Proxy-Cache $upstream_cache_status; add_header X-Proxy-Cache-Date $upstream_http_date; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; @@ -256,7 +4910,7 @@ proxyconfig: |- proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.medium_validity}}; + proxy_cache_valid 200 14400s; # Increasing the proxy buffer size proxy_buffer_size 16k; proxy_busy_buffers_size 16k; @@ -272,13 +4926,10 @@ proxyconfig: |- proxy_pass http://kong; } # This is Caching mechanism for POST requests - location ~ /api/data/v1/form/read { - # Enabling compression - include /etc/nginx/defaults.d/compression.conf; + location ~ /api/org/v1/search|/api/data/v1/(form/read|location/search) { # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}}; + proxy_cache_key "$request_uri|$request_body"; + proxy_cache framework_cache; add_header X-Proxy-Cache $upstream_cache_status; add_header X-Proxy-Cache-Date $upstream_http_date; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; @@ -286,7 +4937,7 @@ proxyconfig: |- proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + proxy_cache_valid 200 43200; rewrite ^/api/(.*) /$1 break; proxy_set_header Connection ""; proxy_set_header Host $host; @@ -300,21 +4951,17 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://kong; } - location ~ /api/(framework/v1/read|data/v1/system/settings/get|org/v1/search|org/v2/search|data/v1/location/search) { - # Enabling compression - include /etc/nginx/defaults.d/compression.conf; + location ~ /api/(framework/v1/read|data/v1/system/settings/get) { # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; + proxy_cache_key $proxy_host$request_uri; + proxy_cache framework_cache; add_header X-Proxy-Cache $upstream_cache_status; add_header X-Proxy-Cache-Date $upstream_http_date; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + proxy_cache_valid 200 43200; rewrite ^/api/(.*) /$1 break; proxy_set_header Connection ""; proxy_set_header Host $host; @@ -326,10 +4973,9 @@ proxyconfig: |- proxy_read_timeout 70; proxy_http_version 1.1; proxy_set_header X-Request-ID $sb_request_id; - proxy_buffer_size 16k; - proxy_busy_buffers_size 16k; proxy_pass http://kong; } + location /api/ { if ($request_method = OPTIONS ) { add_header Access-Control-Allow-Origin "*" ; @@ -345,7 +4991,6 @@ proxyconfig: |- if ( $http_authorization ) { set $custom_header "$http_authorization"; } - include /etc/nginx/defaults.d/compression.conf; proxy_set_header Authorization $custom_header; rewrite ^/api/(.*) /$1 break; proxy_set_header Connection ""; @@ -360,6 +5005,66 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://kong; } + location /apis/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, locale"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + rewrite ^/apis/(.*) /$1 break; + proxy_pass http://ui-proxies:3003; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location /protected/v8/resource/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + # add_header Access-Control-Allow-Origin "*"; + # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_pass http://ui-proxies:3003; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location /nodebb/ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + set $target http://10.0.0.12:4567; + proxy_pass $target; + } # Oauth2 config location /oauth2/ { set $target http://oauth2-proxy.logging.svc.cluster.local; @@ -381,35 +5086,6 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass $target; } -{% if graylog_open_to_public %} - location /graylog/ { - auth_request /oauth2/auth; - error_page 401 = /oauth2/sign_in; - # Setting target url - auth_request_set $target http://graylog.logging.svc.cluster.local; - # pass information via X-User and X-Email headers to backend, - # requires running with --set-xauthrequest flag - auth_request_set $user $upstream_http_x_auth_request_user; - auth_request_set $email $upstream_http_x_auth_request_email; - proxy_set_header X-User $user; - proxy_set_header X-Email $email; - # if you enabled --cookie-refresh, this is needed for it to work with auth_request - auth_request_set $auth_cookie $upstream_http_set_cookie; - add_header Set-Cookie $auth_cookie; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Scheme $scheme; - proxy_set_header Graylog-User viewer; - proxy_set_header X-Graylog-Server-URL {{proto}}://{{ proxy_server_name }}/graylog/; - rewrite ^/graylog/(.*)$ /$1 break; - proxy_pass $target; - } - location /dashboard { - return 301 /graylog/; - } -{% else %} location /dashboard/ { auth_request /oauth2/auth; error_page 401 = /oauth2/sign_in; @@ -427,35 +5103,7 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass $target; } -{% endif %} - location /oauth3 { - set $target http://oauth2-proxy.monitoring.svc.cluster.local; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Auth-Request-Redirect $request_uri; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location = /oauth3/auth { - set $target http://oauth2-proxy.monitoring.svc.cluster.local; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_set_header Content-Length ""; - proxy_pass_request_body off; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } location /grafana/ { - auth_request /oauth3/auth; - error_page 401 = /oauth3/sign_in; - auth_request_set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; - include /etc/nginx/defaults.d/compression.conf; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; rewrite ^/grafana/(.*) /$1 break; proxy_pass $target; @@ -474,6 +5122,19 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass $target; } + location /badging/ { + set $target http://badger-service.{{ namespace }}.svc.cluster.local:8004; + rewrite ^/badging/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 1; + proxy_send_timeout 30; + proxy_read_timeout 40; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } location /discussions/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -571,7 +5232,7 @@ proxyconfig: |- proxy_set_header Connection ""; proxy_http_version 1.1; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; + proxy_pass http://ui-cbp-igot; } location ~* ^/content-editor/(.*) { # Enabling compression @@ -606,32 +5267,6 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass https://$s3_bucket/content-editor/$url_full; } - - location ~* ^/discussion-ui/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - set $s3_bucket "{{discussion_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{discussion_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/discussion-ui/$url_full; - } - location ~* ^/collection-editor/(.*) { # Enabling compression gzip on; @@ -756,7 +5391,7 @@ proxyconfig: |- proxy_set_header Connection ""; proxy_http_version 1.1; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; + proxy_pass http://ui-cbp-igot; } location ~* ^/desktop/(.*) { # Enabling cache for Response code 200 @@ -798,7 +5433,34 @@ proxyconfig: |- # compression for svg certs download location /api/certreg/v2/certs/download { rewrite ^/api/(.*) /$1 break; - include /etc/nginx/defaults.d/compression.conf; + # Compression + gzip on; + gzip_comp_level 5; + gzip_min_length 50000; # 50KB + gzip_proxied any; + gzip_vary on; + # Content types for compression + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + add_header test hello; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -850,7 +5512,7 @@ proxyconfig: |- proxy_set_header Connection ""; proxy_http_version 1.1; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; + proxy_pass http://ui-cbp-igot; } location / { rewrite ^/(.*) /$1 break; @@ -864,7 +5526,7 @@ proxyconfig: |- proxy_set_header Connection ""; proxy_http_version 1.1; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; + proxy_pass http://ui-mdo-igot; } location /v3/device/register { proxy_set_header X-Request-ID $sb_request_id; @@ -893,41 +5555,33 @@ proxyconfig: |- proxy_read_timeout 70; } location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info { - # Enabling compression - include /etc/nginx/defaults.d/compression.conf; - # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; + proxy_cache_key $proxy_host$request_uri; + proxy_cache framework_cache; add_header X-Proxy-Cache $upstream_cache_status; add_header X-Proxy-Cache-Date $upstream_http_date; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + proxy_cache_valid 200 43200; proxy_set_header Host $host; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Scheme $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; + proxy_pass http://ui-cbp-igot; } location /api/channel/v1/read { - # Enabling compression - include /etc/nginx/defaults.d/compression.conf; - # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; + proxy_cache_key $proxy_host$request_uri; + proxy_cache framework_cache; add_header X-Proxy-Cache $upstream_cache_status; add_header X-Proxy-Cache-Date $upstream_http_date; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + proxy_cache_valid 200 43200; rewrite ^/api/channel/v1/read/(.*) /channel/v1/read/$1 break; proxy_set_header Connection ""; proxy_set_header Host $host; @@ -960,8 +5614,12 @@ proxyconfig: |- add_header Content-Type text/plain; } {# Including custom configuration #} - {{ proxy_custom_config }}} + {{ proxy_custom_config }} + + client_max_body_size 200M; + } + nginxconfig: | user nginx; worker_processes {{nginx_worker_processes | d("auto")}}; @@ -1005,7 +5663,7 @@ nginxconfig: | ' $request_time $upstream_response_time $pipe' ' "$http_referer" "$http_user_agent" "$sb_request_id"' ' "$http_x_device_id" "$http_x_channel_id" "$http_x_app_id"' - ' "$http_x_app_ver" "$http_x_session_id" {{nginx_additional_log_fields | default("")}}'; + ' "$http_x_app_ver" "$http_x_session_id"'; access_log /var/log/nginx/access.log main; # Shared dictionary to store metrics lua_shared_dict prometheus_metrics 100M; @@ -1040,7 +5698,7 @@ nginxconfig: | } sendfile on; #tcp_nopush on; - client_max_body_size 60M; + client_max_body_size 200M; keepalive_timeout 65s; keepalive_requests 200; # Nginx connection limit per ip @@ -1050,24 +5708,67 @@ nginxconfig: | server kong:8000; keepalive 1000; } - upstream encryption { - server enc-service:8013; - keepalive 1000; - } + #upstream encryption { + # server enc-service:8013; + # keepalive 1000; + #} upstream keycloak { server {{ keycloak_url.split('//')[-1] }}; keepalive 1000; } + upstream ui-static { + server ui-static:3002; + keepalive 1000; + } upstream player { server player:3000; keepalive 1000; } + upstream ui-cbp-igot { + server ui-cbp-igot:3002; + keepalive 1000; + } + upstream ui-spv-igot { + server ui-spv-igot:3002; + keepalive 1000; + } + upstream ui-mdo-igot { + server ui-mdo-igot:3002; + keepalive 1000; + } + + upstream frac-web-service { + server frac-web-service:5000; + keepalive 1000; + } + + upstream pm-web-service { + server pm-web-service:5000; + keepalive 1000; + } + + upstream ui-cbc-igot { + server ui-cbc-igot:3002; + keepalive 1000; + } + + upstream wat-sourcing-web-service { + server wat-sourcing-web-service:5000; + keepalive 1000; + } + + upstream vega-web-service { + server vega-web-service:3000; + keepalive 1000; + } + + include /etc/nginx/defaults.d/*.conf; include /etc/nginx/conf.d/*.conf; ################# # Caching Block # ################# - # + # # Keywords # # proxy_cache_path: path to store the cache content @@ -1078,10 +5779,16 @@ nginxconfig: | # use_temp_path: do we have to write the cache to a temp path first? This will reduce the performance. # # caching for images and files - {% for key,value in proxy_cache_path.items() %} - proxy_cache_path {{value['path']}} levels={{value['levels']}} keys_zone={{value['keys_zone']}} max_size={{value['max_size']}} inactive={{value['inactive']}} use_temp_path=off; - {% endfor %} - + proxy_cache_path /tmp/proxy_cache levels=1:2 keys_zone=tmp_cache:5m max_size=10m inactive=300m use_temp_path=off; + # caching for apis + proxy_cache_path /tmp/api_cache levels=1:2 keys_zone=proxy_cache:5m max_size=600m inactive=1400m use_temp_path=off; + # cache framework + proxy_cache_path /tmp/framework_cache levels=1:2 keys_zone=framework_cache:5m max_size=700m inactive=300m use_temp_path=off; + # cache content + proxy_cache_path /tmp/content_cache levels=1:2 keys_zone=content_cache:100m max_size=3000m inactive=600m use_temp_path=off; + # cache content metadata + proxy_cache_path /tmp/content_metadata levels=1:2 keys_zone=content_metadata:100m max_size=1000m inactive=300m use_temp_path=off; + server { listen 9145; location /metrics { @@ -1118,14 +5825,40 @@ keycloakconf: | proxy_set_header X-Forwarded-Proto $scheme; ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. resolver 127.0.0.11 valid=5s; - # Refresh token endpoint being routed to kong + location ~* ^/auth/(.*)/impersonation { + return 301 {{proto}}://{{ proxy_server_name }}; + } + location ~* ^/auth/realms/master { + return 301 {{proto}}://{{ proxy_server_name }}; + } + location ~* ^/auth/admin/master/console/ { + return 301 {{proto}}://{{ proxy_server_name }}; + } + location ~* ^/auth/realms/(.+)/token/introspect/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/introspect; + } + location ~* ^/auth/realms/(.+)/token/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/; + } + location ~* ^/auth/realms/(.+)/userinfo/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/userinfo/; + } + location ~* ^/auth/realms/(.+)/logout/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/logout/; + } + location ~* ^/auth/realms/(.+)/certs/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/certs/; + } + location ~* ^/auth/realms/(.+)/clients-registrations/ { + return 301 {{proto}}://$host/api/auth/v1/realms/$1/clients-registrations/; + } location ~* ^/auth/v1/refresh/token { rewrite ^/auth/(.*) /auth/$1 break; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 5; proxy_send_timeout 60; @@ -1134,58 +5867,19 @@ keycloakconf: | proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://kong; } - # Admin API Endpoints for sunbird realm fpr forgot password flow - location ~ /auth/admin/realms/sunbird/users/ { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_pass http://keycloak; + location ~* ^/auth/admin/master/console/ { + return 301 {{proto}}://{{ merge_proxy_server_name }}; } - # Sunbird realm keycloak API endpoints - location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) { + location /auth/ { + set $target {{ keycloak_url }}; rewrite ^/auth/(.*) /auth/$1 break; proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; proxy_set_header Host $host; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # Static Assets for keycloak endpoints with caching - location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) { - # Enabling compression - include /etc/nginx/defaults.d/compression.conf; - # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}}; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://keycloak; } location / { rewrite ^/(.*) /$1 break; @@ -1199,10 +5893,10 @@ keycloakconf: | proxy_set_header Connection ""; proxy_http_version 1.1; proxy_set_header X-Request-ID $request_id; - proxy_pass http://player; + proxy_pass http://ui-static; } } - + compressionConfig: |- # Compression gzip on; @@ -1232,7 +5926,7 @@ compressionConfig: |- text/css text/plain ; - + serviceMonitor: enabled: true labels: # labels with which the prometheus choose the serviceMonitor From b720f4a006c0ef7678d2059f9c9ec45b4f460aea Mon Sep 17 00:00:00 2001 From: gohilamariappan <41056032+gohilamariappan@users.noreply.github.com> Date: Fri, 17 Dec 2021 13:24:33 +0530 Subject: [PATCH 002/195] pip installtion commented in kong --- kubernetes/ansible/roles/kong-api/tasks/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/kubernetes/ansible/roles/kong-api/tasks/main.yml b/kubernetes/ansible/roles/kong-api/tasks/main.yml index a83c8a0706..4c5790cdd2 100644 --- a/kubernetes/ansible/roles/kong-api/tasks/main.yml +++ b/kubernetes/ansible/roles/kong-api/tasks/main.yml @@ -1,10 +1,10 @@ --- -- name: Ensure pip is installed - apt: name=python-pip update_cache=yes - when: ansible_os_family == 'Debian' +#- name: Ensure pip is installed +# apt: name=python-pip update_cache=yes +# when: ansible_os_family == 'Debian' -- name: Ensure retry is installed - pip: name=retry +#- name: Ensure retry is installed +# pip: name=retry - name: Save api details to json file copy: dest=/tmp/kong_apis.json content="{{ kong_apis | to_nice_json}}" mode=0644 From 12dcd145fbfcda9d2056755d1b3a4350d8f916d3 Mon Sep 17 00:00:00 2001 From: gohilamariappan <41056032+gohilamariappan@users.noreply.github.com> Date: Mon, 20 Dec 2021 17:38:30 +0530 Subject: [PATCH 003/195] updated values.j2 for 4.4.1 --- .../core/nginx-public-ingress/values.j2 | 113 ------------------ 1 file changed, 113 deletions(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 0797e68f2c..0eb7ea6cda 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -649,31 +649,6 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://ui-static; } - - # Caching ui-static static assets - location ~ /assets(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css)) { - # Enabling caching - proxy_cache_key $proxy_host$request_uri; - proxy_cache proxy_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/assets/(.*) /assets/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://ui-static; - } location ~* ^/content-editor/(.*) { # Enabling compression gzip on; @@ -4124,92 +4099,6 @@ proxyconfig: |- client_max_body_size 200M; } - - server { - if ($host = pm-survey.{{ proxy_server_name }}) { - return 301 https://$host$request_uri; - } # managed by Certbot - - listen 80; - server_name pm-survey.{{ proxy_server_name }}; - return 404; # managed by Certbot - } - - server { - listen 443 ssl; - ssl_certificate /etc/secrets/site.crt; - ssl_certificate_key /etc/secrets/site.key; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; - server_name *.pm-survey.{{ proxy_server_name }} pm-survey.{{ proxy_server_name }}; - {# - custom nginx server config section - eg: - nginx_server_config: | - if ($allowed_country = no) { - return 444; - } - #} -{% if nginx_server_config is defined and nginx_server_config %} - {{ nginx_server_config | indent( width=6, indentfirst=True) }} -{% endif %} - # Limitting open connection per ip - limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Proto $scheme; - ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. - resolver {{ kube_dns_ip }} valid=30s; - - location / { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://pm-microsurvey-web-service:5000; - } - - location /api/ { - - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - rewrite ^/api/(.*) /$1 break; - proxy_pass http://pm-microsurvey-service:8099; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location /oauth2callback { - return 200 'OK'; - add_header Content-Type text/plain; - } - {# Including custom configuration #} - {{ proxy_custom_config }} - - client_max_body_size 200M; - - } server { if ($host = frac-dictionary.{{ proxy_server_name }}) { @@ -5896,7 +5785,6 @@ keycloakconf: | proxy_pass http://ui-static; } } - compressionConfig: |- # Compression gzip on; @@ -5926,7 +5814,6 @@ compressionConfig: |- text/css text/plain ; - serviceMonitor: enabled: true labels: # labels with which the prometheus choose the serviceMonitor From 7f5d3d87670d0ae9bd35ff72fd2706ece27f4547 Mon Sep 17 00:00:00 2001 From: Haritest Date: Mon, 20 Dec 2021 17:50:23 +0530 Subject: [PATCH 004/195] Update values.j2 --- .../core/nginx-public-ingress/values.j2 | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 0eb7ea6cda..27ffef012e 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -246,6 +246,32 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://ui-static; } + + # Caching ui-static static assets + location ~ /assets(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css)) { + # Enabling caching + proxy_cache_key $proxy_host$request_uri; + proxy_cache proxy_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/assets/(.*) /assets/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://ui-static; + } + # Caching for content consumption location ~ /api/(content/v1/read|course/v1/hierarchy) { # Enabling caching From cfdcaf3556a98a4f65bc8329750a8f136926bed0 Mon Sep 17 00:00:00 2001 From: Haritest Date: Mon, 20 Dec 2021 17:55:34 +0530 Subject: [PATCH 005/195] Update values.j2 --- .../core/nginx-public-ingress/values.j2 | 112 ++++++++++++++---- 1 file changed, 87 insertions(+), 25 deletions(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 27ffef012e..062b60c049 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -246,31 +246,7 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://ui-static; } - - # Caching ui-static static assets - location ~ /assets(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css)) { - # Enabling caching - proxy_cache_key $proxy_host$request_uri; - proxy_cache proxy_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/assets/(.*) /assets/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://ui-static; - } + # Caching for content consumption location ~ /api/(content/v1/read|course/v1/hierarchy) { @@ -3965,6 +3941,92 @@ proxyconfig: |- client_max_body_size 200M; } + + server { + if ($host = pm-survey.{{ proxy_server_name }}) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + server_name pm-survey.{{ proxy_server_name }}; + return 404; # managed by Certbot + } + + server { + listen 443 ssl; + ssl_certificate /etc/secrets/site.crt; + ssl_certificate_key /etc/secrets/site.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; + server_name *.pm-survey.{{ proxy_server_name }} pm-survey.{{ proxy_server_name }}; + {# + custom nginx server config section + eg: + nginx_server_config: | + if ($allowed_country = no) { + return 444; + } + #} +{% if nginx_server_config is defined and nginx_server_config %} + {{ nginx_server_config | indent( width=6, indentfirst=True) }} +{% endif %} + # Limitting open connection per ip + limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-SSL on; + proxy_set_header X-Forwarded-Proto $scheme; + ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. + resolver {{ kube_dns_ip }} valid=30s; + + location / { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://pm-microsurvey-web-service:5000; + } + + location /api/ { + + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + rewrite ^/api/(.*) /$1 break; + proxy_pass http://pm-microsurvey-service:8099; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } + + location /oauth2callback { + return 200 'OK'; + add_header Content-Type text/plain; + } + {# Including custom configuration #} + {{ proxy_custom_config }} + + client_max_body_size 200M; + + } server { if ($host = frac.{{ proxy_server_name }}) { From 197933aadaf6bfc5a2b4584999a924b7f4e3153a Mon Sep 17 00:00:00 2001 From: Haritest Date: Tue, 21 Dec 2021 12:14:51 +0530 Subject: [PATCH 006/195] Update values.j2 --- .../core/nginx-public-ingress/values.j2 | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 062b60c049..ea3307fb90 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -520,10 +520,42 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass $target; } + + location /oauth3 { + set $target http://oauth2-proxy.monitoring.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Auth-Request-Redirect $request_uri; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location = /oauth3/auth { + set $target http://oauth2-proxy.monitoring.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header Content-Length ""; + proxy_pass_request_body off; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } location /grafana/ { + auth_request /oauth3/auth; + error_page 401 = /oauth3/sign_in; + auth_request_set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; + include /etc/nginx/defaults.d/compression.conf; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; rewrite ^/grafana/(.*) /$1 break; proxy_pass $target; + + #set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; + #rewrite ^/grafana/(.*) /$1 break; + #proxy_pass $target; } location /encryption/ { set $target http://encryption.{{ namespace }}.svc.cluster.local; From 05abc03ed5378880d7d54bbe4725ac869a43ba82 Mon Sep 17 00:00:00 2001 From: gohilamariappan <41056032+gohilamariappan@users.noreply.github.com> Date: Thu, 23 Dec 2021 14:02:07 +0530 Subject: [PATCH 007/195] ui-static cache added --- .../core/nginx-public-ingress/values.j2 | 25 ++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index ea3307fb90..bfcf2ee4c1 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -247,7 +247,30 @@ proxyconfig: |- proxy_pass http://ui-static; } - + # Caching ui-static static assets + location ~ /assets(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css)) { + # Enabling caching + proxy_cache_key $proxy_host$request_uri; + proxy_cache proxy_cache; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 43200; + rewrite ^/assets/(.*) /assets/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://ui-static; + } # Caching for content consumption location ~ /api/(content/v1/read|course/v1/hierarchy) { # Enabling caching From 44e6d1da3951c1823fa5b3b8cae62fc6952575e7 Mon Sep 17 00:00:00 2001 From: gohilamariappan <41056032+gohilamariappan@users.noreply.github.com> Date: Fri, 24 Dec 2021 15:13:20 +0530 Subject: [PATCH 008/195] Mongo template updated --- .../stack-sunbird/templates/sunbird_nodebb.env | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_nodebb.env b/ansible/roles/stack-sunbird/templates/sunbird_nodebb.env index ba09122b9d..9e0b890f9d 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_nodebb.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_nodebb.env @@ -1,18 +1,10 @@ # Initialization variable for mongo # Ref: https://community.nodebb.org/topic/4325/set-up-nodebb-via-environment-variables -database=redis -# declearing js heap memory size -NODE_OPTIONS={{nodebb_heap_size|default(1024)}} +database=mongo secret={{nodebb_hash_key|default('1d57ba64-86d4-43ff-bd10-f6e9e0782899')}} url=http://0.0.0.0:4567/discussions/ -redis__host={{sunbird_nodebb_redis_host|default(sunbird_lp_redis_host)}} -redis__port=6379 -redis__username={{nodebb_db_username|default('')}} -redis__password={{nodebb_db_password|default('')}} -isCluster={{nodebb_cluster_enable|default('true')}} -# redis database number -redis__database={{nodebb_db_index_name|default(10)}} -redis__secondarydb={{nodebb_db_secondary_index_name|default(11)}} +mongo__host={{mongo_nodebb_host}} +mongo__database=nodebb # password won't get overwritten if you run # 'node app --setup' multiple times # Default username is admin From 7bfb3d43418578079a905eb7632d1e4a8911dd7b Mon Sep 17 00:00:00 2001 From: gohilamariappan <41056032+gohilamariappan@users.noreply.github.com> Date: Mon, 27 Dec 2021 13:26:32 +0530 Subject: [PATCH 009/195] keycloak_url added for learner service --- .../roles/stack-sunbird/templates/sunbird_learner-service.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index dfb65e715a..54ad335281 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -123,5 +123,5 @@ google_captcha_private_key={{google_captcha_private_key | default("")}} google_captcha_mobile_private_key={{google_captcha_mobile_private_key | default("")}} PORTAL_SERVICE_PORT=http://player.{{namespace}}.svc.cluster.local:3000 form_api_endpoint={{form_api_endpoint | default('/plugin/v1/form/read')}} - +sunbird_sso_lb_ip= {{keycloak_url}} From d00d33eff99a6cc9081aa34bf742c3bdc8883cd7 Mon Sep 17 00:00:00 2001 From: gohilamariappan <41056032+gohilamariappan@users.noreply.github.com> Date: Mon, 27 Dec 2021 14:10:07 +0530 Subject: [PATCH 010/195] updated --- .../roles/stack-sunbird/templates/sunbird_learner-service.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index 54ad335281..a68cebddba 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -123,5 +123,5 @@ google_captcha_private_key={{google_captcha_private_key | default("")}} google_captcha_mobile_private_key={{google_captcha_mobile_private_key | default("")}} PORTAL_SERVICE_PORT=http://player.{{namespace}}.svc.cluster.local:3000 form_api_endpoint={{form_api_endpoint | default('/plugin/v1/form/read')}} -sunbird_sso_lb_ip= {{keycloak_url}} +sunbird_sso_lb_ip={{keycloak_url}} From 169e13a734e3152f58e62f3fe026ec51f68c4d1e Mon Sep 17 00:00:00 2001 From: nivetha Date: Thu, 30 Dec 2021 16:05:35 +0530 Subject: [PATCH 011/195] User batch progress API --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index f657106165..982cbe3190 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7105,3 +7105,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getUserProgress + uris: "/v1/batch/getUserProgress" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/progress/getUserProgress" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" From 303c616766d0bfbe214e46c658e03dd951ea8010 Mon Sep 17 00:00:00 2001 From: Haritest Date: Tue, 4 Jan 2022 15:56:39 +0530 Subject: [PATCH 012/195] pm-survey removed from values.j2 --- .../core/nginx-public-ingress/values.j2 | 86 ------------------- 1 file changed, 86 deletions(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index bfcf2ee4c1..3760adaefb 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -3997,92 +3997,6 @@ proxyconfig: |- } - server { - if ($host = pm-survey.{{ proxy_server_name }}) { - return 301 https://$host$request_uri; - } # managed by Certbot - - listen 80; - server_name pm-survey.{{ proxy_server_name }}; - return 404; # managed by Certbot - } - - server { - listen 443 ssl; - ssl_certificate /etc/secrets/site.crt; - ssl_certificate_key /etc/secrets/site.key; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; - server_name *.pm-survey.{{ proxy_server_name }} pm-survey.{{ proxy_server_name }}; - {# - custom nginx server config section - eg: - nginx_server_config: | - if ($allowed_country = no) { - return 444; - } - #} -{% if nginx_server_config is defined and nginx_server_config %} - {{ nginx_server_config | indent( width=6, indentfirst=True) }} -{% endif %} - # Limitting open connection per ip - limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Proto $scheme; - ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. - resolver {{ kube_dns_ip }} valid=30s; - - location / { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://pm-microsurvey-web-service:5000; - } - - location /api/ { - - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - rewrite ^/api/(.*) /$1 break; - proxy_pass http://pm-microsurvey-service:8099; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location /oauth2callback { - return 200 'OK'; - add_header Content-Type text/plain; - } - {# Including custom configuration #} - {{ proxy_custom_config }} - - client_max_body_size 200M; - - } - server { if ($host = frac.{{ proxy_server_name }}) { return 301 https://$host$request_uri; From ea9b818fdbe05e08b40a895af4b5808817a0a33e Mon Sep 17 00:00:00 2001 From: gohilamariappan <41056032+gohilamariappan@users.noreply.github.com> Date: Wed, 5 Jan 2022 14:39:04 +0530 Subject: [PATCH 013/195] content template updated --- .../stack-sunbird/templates/content-service_application.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/stack-sunbird/templates/content-service_application.conf b/ansible/roles/stack-sunbird/templates/content-service_application.conf index 061e9a748f..b54f3bc00f 100644 --- a/ansible/roles/stack-sunbird/templates/content-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/content-service_application.conf @@ -358,6 +358,7 @@ collection { keyspace: "{{ lp_cassandra_keyspace_prefix }}_hierarchy_store" cache.enable: true image.migration.enabled: true + children_status_validation: false } content { From 36db0f4d16b474760e94bce35a17e5b45f0fd0ca Mon Sep 17 00:00:00 2001 From: Haritest Date: Wed, 5 Jan 2022 17:16:06 +0530 Subject: [PATCH 014/195] Update values.j2 --- .../core/nginx-public-ingress/values.j2 | 26 +------------------ 1 file changed, 1 insertion(+), 25 deletions(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 3760adaefb..a4e2ee3088 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -246,31 +246,7 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://ui-static; } - - # Caching ui-static static assets - location ~ /assets(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css)) { - # Enabling caching - proxy_cache_key $proxy_host$request_uri; - proxy_cache proxy_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/assets/(.*) /assets/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://ui-static; - } + # Caching for content consumption location ~ /api/(content/v1/read|course/v1/hierarchy) { # Enabling caching From 66d6422b794912f5af66a3037e205d55b1f9a642 Mon Sep 17 00:00:00 2001 From: nivetha Date: Wed, 5 Jan 2022 18:24:54 +0530 Subject: [PATCH 015/195] User batch enrolment API --- ansible/roles/kong-api/defaults/main.yml | 36 ++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 982cbe3190..100db6776b 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7123,3 +7123,39 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: courseEnrolment + uris: "{{ course_service_prefix }}/v1/enrol" + upstream_url: "{{ lms_service_url }}/v1/course/admin/enroll" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'courseAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: courseUnEnrolment + uris: "{{ course_service_prefix }}/v1/unenrol" + upstream_url: "{{ lms_service_url }}/v1/course/admin/unenroll" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'courseAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 4dd4bc969b1641490822d661a2cacfb8ac54f352 Mon Sep 17 00:00:00 2001 From: nivetha Date: Wed, 5 Jan 2022 18:32:16 +0530 Subject: [PATCH 016/195] Updated incoming url for user batch enrolment API --- ansible/roles/kong-api/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 100db6776b..15d677b685 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7125,7 +7125,7 @@ kong_apis: config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: courseEnrolment - uris: "{{ course_service_prefix }}/v1/enrol" + uris: "{{ course_service_prefix }}/v1/admin/enrol" upstream_url: "{{ lms_service_url }}/v1/course/admin/enroll" strip_uri: true plugins: @@ -7143,7 +7143,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: courseUnEnrolment - uris: "{{ course_service_prefix }}/v1/unenrol" + uris: "{{ course_service_prefix }}/v1/admin/unenrol" upstream_url: "{{ lms_service_url }}/v1/course/admin/unenroll" strip_uri: true plugins: From 21b9ca846601ad592ff791bed4f20ba16ce679fd Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Thu, 13 Jan 2022 14:04:30 +0530 Subject: [PATCH 017/195] Added API for user extended patch --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 15d677b685..d3d8f58d52 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7159,3 +7159,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: userExtendedPatch + uris: "{{ user_service_prefix }}/v1/extPatch" + upstream_url: "{{ sb_cb_ext_service_url }}/user/patch" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'courseAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 3f66270c400b13902df7d17085022c67cb9ec2d3 Mon Sep 17 00:00:00 2001 From: Haritest Date: Mon, 17 Jan 2022 11:20:08 +0530 Subject: [PATCH 018/195] moderatoradmin added --- .../core/nginx-public-ingress/values.j2 | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index a4e2ee3088..5f0ca52b99 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -3404,6 +3404,30 @@ proxyconfig: |- proxy_send_timeout 300; proxy_read_timeout 300; } + + location /moderatoradmin/ { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + proxy_cookie_path ~*^/.* /; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + rewrite ^/moderatoradmin/(.*) /$1 break; + proxy_pass http://profanity-moderator-admin-service:3003; + proxy_connect_timeout 10; + proxy_send_timeout 300; + proxy_read_timeout 300; + } location /nodebb/ { proxy_set_header X-Real-IP $remote_addr; From 82537529671ec17f7861dff5b91c884481580b10 Mon Sep 17 00:00:00 2001 From: Haritest Date: Mon, 17 Jan 2022 11:31:39 +0530 Subject: [PATCH 019/195] moderator-admin-service port updated --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 5f0ca52b99..285ccfcbd9 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -3423,7 +3423,7 @@ proxyconfig: |- proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; rewrite ^/moderatoradmin/(.*) /$1 break; - proxy_pass http://profanity-moderator-admin-service:3003; + proxy_pass http://profanity-moderator-admin-service:4000; proxy_connect_timeout 10; proxy_send_timeout 300; proxy_read_timeout 300; From d0ae1079873e20a64a47bcb64d563af9f2ec3fa0 Mon Sep 17 00:00:00 2001 From: nivetha Date: Fri, 21 Jan 2022 11:27:04 +0530 Subject: [PATCH 020/195] User Enrolment admin API --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index d3d8f58d52..81396a19d2 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7177,3 +7177,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: listUserCourseEnrollments + uris: "{{ course_service_prefix }}/v2/user/enrollment/admin/list" + upstream_url: "{{ lms_service_url }}/v2/user/courses/admin/list" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'courseAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 9ab00e6f1db273c100d68f9e64dc822d60c01aa6 Mon Sep 17 00:00:00 2001 From: gohilamariappan <41056032+gohilamariappan@users.noreply.github.com> Date: Tue, 1 Feb 2022 18:34:08 +0530 Subject: [PATCH 021/195] hyphen testing in master-deploy job --- pipelines/master-deploy/Jenkinsfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pipelines/master-deploy/Jenkinsfile b/pipelines/master-deploy/Jenkinsfile index 9216daeee8..9610738278 100644 --- a/pipelines/master-deploy/Jenkinsfile +++ b/pipelines/master-deploy/Jenkinsfile @@ -1,8 +1,8 @@ def writeBlock(File file, String module, String jobname, String private_branch, String tag){ file.append(" \"Building " + module + jobname + "\": {\n") - file.append(" " + module + jobname + "Result = build(job: '" + module + "/" + jobname + "', parameters: [string(name: 'branch_or_tag', value: '" + tag + "'), string(name: 'private_branch', value: '" + private_branch + "')], propagate: false).result\n") - file.append(" echo \"" + module + jobname + " build status = \"+ " + module + jobname + "Result\n") - file.append(" sh \"echo " + module + jobname + " job status = \$" + module + jobname + "Result >> out.txt\"\n") + file.append(" " + module + jobname.replace('-','') + "Result = build(job: '" + module + "/" + jobname + "', parameters: [string(name: 'branch_or_tag', value: '" + tag + "'), string(name: 'private_branch', value: '" + private_branch + "')], propagate: false).result\n") + file.append(" echo \"" + module + jobname + " build status = \"+ " + module + jobname.replace('-','') + "Result\n") + file.append(" sh \"echo " + module + jobname + " job status = \$" + module + jobname.replace('-','') + "Result >> out.txt\"\n") } def continueBlock(File file){ From 5239d9f14ee0c0170448629e379e4862a960e703 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Thu, 10 Feb 2022 15:17:47 +0530 Subject: [PATCH 022/195] Added QuestionList API --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 81396a19d2..7493d09287 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -5820,6 +5820,24 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: questionList + uris: "{{ question_prefix }}/v1/list" + upstream_url: "{{ assessment_service_url }}/question/v4/list" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: questionSetCreate uris: "{{ questionset_prefix }}/v1/create" upstream_url: "{{ assessment_service_url }}/questionset/v4/create" From f33326a1af75a24f3919cd5defbef3210b6129e9 Mon Sep 17 00:00:00 2001 From: Haritest Date: Mon, 14 Feb 2022 10:39:25 +0530 Subject: [PATCH 023/195] Update values.j2 --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 285ccfcbd9..72f963a043 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -3409,7 +3409,7 @@ proxyconfig: |- if ($request_method = OPTIONS ) { add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; add_header Content-Length 0; add_header Content-Type text/plain; return 200; From 5be55d6f19f0769377ba5c118ea943ed2d7110e2 Mon Sep 17 00:00:00 2001 From: Haritest Date: Mon, 14 Feb 2022 10:57:33 +0530 Subject: [PATCH 024/195] Update values.j2 --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 72f963a043..218fba455a 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -3409,7 +3409,7 @@ proxyconfig: |- if ($request_method = OPTIONS ) { add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, locale, wid, hostpath"; add_header Content-Length 0; add_header Content-Type text/plain; return 200; From 19e7c7667cda4d2e4df1d6baf9b0350e5538b320 Mon Sep 17 00:00:00 2001 From: gohilamariappan <41056032+gohilamariappan@users.noreply.github.com> Date: Tue, 15 Feb 2022 17:07:18 +0530 Subject: [PATCH 025/195] updated content template --- .../content-service_application.conf | 70 +++++++++---------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/content-service_application.conf b/ansible/roles/stack-sunbird/templates/content-service_application.conf index b54f3bc00f..5e00fa0660 100644 --- a/ansible/roles/stack-sunbird/templates/content-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/content-service_application.conf @@ -504,41 +504,41 @@ content.import.topic_name="{{ env_name }}.auto.creation.job.request" content.import.remove_props={{ content_import_remove_props }} contentTypeToPrimaryCategory { - ClassroomTeachingVideo: "Explanation Content" - ConceptMap: "Learning Resource" - Course: "Course" - CuriosityQuestionSet: "Practice Question Set" - eTextBook: "eTextbook" - ExperientialResource: "Learning Resource" - ExplanationResource: "Explanation Content" - ExplanationVideo: "Explanation Content" - FocusSpot: "Teacher Resource" - LearningOutcomeDefinition: "Teacher Resource" - MarkingSchemeRubric: "Teacher Resource" - PedagogyFlow: "Teacher Resource" - PracticeQuestionSet: "Practice Question Set" - PracticeResource: "Practice Question Set" - SelfAssess: "Course Assessment" - TeachingMethod: "Teacher Resource" - TextBook: "Digital Textbook" - Collection: "Content Playlist" - ExplanationReadingMaterial: "Learning Resource" - LearningActivity: "Learning Resource" - LessonPlan: "Content Playlist" - LessonPlanResource: "Teacher Resource" - PreviousBoardExamPapers: "Learning Resource" - TVLesson: "Explanation Content" - OnboardingResource: "Learning Resource" - ReadingMaterial: "Learning Resource" - Template: "Template" - Asset: "Asset" - Plugin: "Plugin" - LessonPlanUnit: "Lesson Plan Unit" - CourseUnit: "Course Unit" - TextBookUnit: "Textbook Unit" - Asset: "Certificate Template" - Program: "Program" -} + ClassroomTeachingVideo: "Explanation Content" + ConceptMap: "Learning Resource" + Course: "Course" + CuriosityQuestionSet: "Practice Question Set" + eTextBook: "eTextbook" + ExperientialResource: "Learning Resource" + ExplanationResource: "Explanation Content" + ExplanationVideo: "Explanation Content" + FocusSpot: "Teacher Resource" + LearningOutcomeDefinition: "Teacher Resource" + MarkingSchemeRubric: "Teacher Resource" + PedagogyFlow: "Teacher Resource" + PracticeQuestionSet: "Practice Question Set" + PracticeResource: "Practice Question Set" + SelfAssess: "Course Assessment" + TeachingMethod: "Teacher Resource" + TextBook: "Digital Textbook" + Collection: "Content Playlist" + ExplanationReadingMaterial: "Learning Resource" + LearningActivity: "Learning Resource" + LessonPlan: "Content Playlist" + LessonPlanResource: "Teacher Resource" + PreviousBoardExamPapers: "Learning Resource" + TVLesson: "Explanation Content" + OnboardingResource: "Learning Resource" + ReadingMaterial: "Learning Resource" + Template: "Template" + Asset: "Asset" + Plugin: "Plugin" + LessonPlanUnit: "Lesson Plan Unit" + CourseUnit: "Course Unit" + TextBookUnit: "Textbook Unit" + Asset: "Certificate Template" + Course: "Program" + } resourceTypeToPrimaryCategory { Learn: "Learning Resource" From 61034cc7f5f72b2144a9be9d03962057484b16e0 Mon Sep 17 00:00:00 2001 From: Haritest Date: Thu, 17 Feb 2022 19:36:08 +0530 Subject: [PATCH 026/195] Update content-service_application.conf --- .../stack-sunbird/templates/content-service_application.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/content-service_application.conf b/ansible/roles/stack-sunbird/templates/content-service_application.conf index 5e00fa0660..ed4d98e8f6 100644 --- a/ansible/roles/stack-sunbird/templates/content-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/content-service_application.conf @@ -14,7 +14,7 @@ # And if an environment variable exists when there is no other substitution, then # HOCON will fall back to substituting environment variable: #mykey = ${JAVA_HOME} -indexHtmlValidation.env=false +indexHtmlValidation.env=true ## Akka # https://www.playframework.com/documentation/latest/ScalaAkka#Configuration From 0a2d23750c19371724378825c605aafc7241f0e1 Mon Sep 17 00:00:00 2001 From: Haritest Date: Thu, 24 Feb 2022 10:12:33 +0530 Subject: [PATCH 027/195] Update main.yml --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 7493d09287..1c4edd67f1 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7213,3 +7213,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: ratingAndReviews + uris: "/ratings" + upstream_url: "{{ sb_cb_ext_service_url }}/ratings" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 7d13bd618f610dbfc1d25a744ff7f5445a7d69ca Mon Sep 17 00:00:00 2001 From: Haritest Date: Thu, 24 Feb 2022 10:16:03 +0530 Subject: [PATCH 028/195] Update main.yml --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 1c4edd67f1..9fb3a04b1e 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7224,7 +7224,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'dataAccess' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" From 1fdb947f3bc3d94fc62b736c84f488f7022632a4 Mon Sep 17 00:00:00 2001 From: Haritest Date: Thu, 24 Feb 2022 10:17:57 +0530 Subject: [PATCH 029/195] Update main.yml --- ansible/roles/kong-api/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 9fb3a04b1e..35fdb977b4 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7223,8 +7223,8 @@ kong_apis: - name: cors - "{{ statsd_pulgin }}" - name: acl - config.whitelist: - - 'dataAccess' + config.whitelist: + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" From 14db12905dc6d1ce9e7f6b484d9f1558eea78464 Mon Sep 17 00:00:00 2001 From: Haritest Date: Wed, 2 Mar 2022 17:02:05 +0530 Subject: [PATCH 030/195] Update values.j2 --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 218fba455a..abc45d27e3 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -555,6 +555,8 @@ proxyconfig: |- #set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; #rewrite ^/grafana/(.*) /$1 break; #proxy_pass $target; + allow 106.200.53.0/24; + deny all; } location /encryption/ { set $target http://encryption.{{ namespace }}.svc.cluster.local; From a69d7e45f34559d3e59b642a2418a9a1c254b9fd Mon Sep 17 00:00:00 2001 From: Haritest Date: Wed, 2 Mar 2022 18:25:48 +0530 Subject: [PATCH 031/195] Update values.j2 --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index abc45d27e3..1cc4696fd5 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -555,7 +555,7 @@ proxyconfig: |- #set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; #rewrite ^/grafana/(.*) /$1 break; #proxy_pass $target; - allow 106.200.53.0/24; + allow 27.61.52.0/24; deny all; } location /encryption/ { From cc03ed56cc4b4a52fd05ecfde8dafd5a6baa85ec Mon Sep 17 00:00:00 2001 From: Haritest Date: Wed, 2 Mar 2022 18:29:41 +0530 Subject: [PATCH 032/195] Update values.j2 --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 1cc4696fd5..abc45d27e3 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -555,7 +555,7 @@ proxyconfig: |- #set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; #rewrite ^/grafana/(.*) /$1 break; #proxy_pass $target; - allow 27.61.52.0/24; + allow 106.200.53.0/24; deny all; } location /encryption/ { From a0b8bfb595755dc6f53e74b43e939016dd3e9b6b Mon Sep 17 00:00:00 2001 From: Haritest Date: Wed, 2 Mar 2022 18:35:01 +0530 Subject: [PATCH 033/195] Update values.j2 --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index abc45d27e3..218fba455a 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -555,8 +555,6 @@ proxyconfig: |- #set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; #rewrite ^/grafana/(.*) /$1 break; #proxy_pass $target; - allow 106.200.53.0/24; - deny all; } location /encryption/ { set $target http://encryption.{{ namespace }}.svc.cluster.local; From 48dfac903f19fd7fce4081f7ec80103f2205bf31 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Tue, 22 Mar 2022 18:22:13 +0530 Subject: [PATCH 034/195] Increasing the API rate for Discussion hub --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 35fdb977b4..82df355057 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -6892,7 +6892,7 @@ kong_apis: - 'dataAccess' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" From 087cc44622f88d0163e125bcdfd9e07e7a53e7e9 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Thu, 24 Mar 2022 13:25:55 +0530 Subject: [PATCH 035/195] Updated API path for Assessment feature --- ansible/roles/kong-api/defaults/main.yml | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 82df355057..b6a6f55cc5 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -5822,7 +5822,7 @@ kong_apis: - name: questionList uris: "{{ question_prefix }}/v1/list" - upstream_url: "{{ assessment_service_url }}/question/v4/list" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/quml/question/list" strip_uri: true plugins: - name: jwt @@ -5966,7 +5966,7 @@ kong_apis: - name: questionSetReadHierarchy uris: "{{ questionset_prefix }}/v1/hierarchy" - upstream_url: "{{ assessment_service_url }}/questionset/v4/hierarchy" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/quml/assessment/read" strip_uri: true plugins: - name: jwt @@ -7231,3 +7231,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: assessmentSubmitV3 + uris: "/v3/user/assessment/submit" + upstream_url: "{{ sb_cb_ext_service_url }}/v3/user/assessment/submit" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" From 3b3b62aef41909b66b6f41828a12462c5da78523 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Thu, 24 Mar 2022 16:04:36 +0530 Subject: [PATCH 036/195] Updated Assessment API path Added new APIs for hierarchy read and question list instead of changing route on existing APIs --- ansible/roles/kong-api/defaults/main.yml | 41 ++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index b6a6f55cc5..76f5e67299 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -85,6 +85,7 @@ content_validation_service_prefix: /contentValidation scoring_engine_service_prefix: /scoring hub_graph_service_prefix: /connections workflow_handler_service_prefix: /workflow +player_prefix: /player # Service URLs knowledge_mw_service_url: "http://knowledge-mw-service:5000" @@ -5822,7 +5823,7 @@ kong_apis: - name: questionList uris: "{{ question_prefix }}/v1/list" - upstream_url: "{{ sb_cb_ext_service_url }}/v1/quml/question/list" + upstream_url: "{{ assessment_service_url }}/question/v4/list" strip_uri: true plugins: - name: jwt @@ -5966,7 +5967,7 @@ kong_apis: - name: questionSetReadHierarchy uris: "{{ questionset_prefix }}/v1/hierarchy" - upstream_url: "{{ sb_cb_ext_service_url }}/v1/quml/assessment/read" + upstream_url: "{{ assessment_service_url }}/questionset/v4/hierarchy" strip_uri: true plugins: - name: jwt @@ -7249,3 +7250,39 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: playerQuSetReadHierarchy + uris: "{{ player_prefix }}/questionset/v1/hierarchy" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/quml/assessment/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: playerQuestionList + uris: "{{ player_prefix }}/question/v1/list" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/quml/question/list" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" From ed450615c332884d18dcfd07dc9a765e3711ac93 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Tue, 29 Mar 2022 10:19:05 +0530 Subject: [PATCH 037/195] Added QuestionSet Reject API --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 76f5e67299..b6658ab8ae 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -5983,6 +5983,24 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: questionSetReject + uris: "{{ questionset_prefix }}/v1/reject" + upstream_url: "{{ assessment_service_url }}/questionset/v4/reject" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: createEvent uris: "{{ event_prefix }}/v4/create" upstream_url: "{{ content_service_url }}/event/v4/create" From 6d10924caf74d8cea8c7c5340a6f41100711ea3c Mon Sep 17 00:00:00 2001 From: Haritest Date: Mon, 18 Apr 2022 17:08:20 +0530 Subject: [PATCH 038/195] Update all.yml --- ansible/inventory/env/group_vars/all.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 2f9d997e3d..5b41dff098 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -684,3 +684,6 @@ sunbird_trampoline_desktop_keycloak_client_id: trampoline-desktop # DIAL-service schema dial_plugin_container_name: "sunbird-dial-{{env}}" dial_service_schema_base_path: "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{dial_plugin_container_name}}/schemas/local" + +plugin_media_base_url: "{{proto}}://{{domain_name}}" + From d3d6c756d93c0eafa4843708a82a26538dff0537 Mon Sep 17 00:00:00 2001 From: Haritest Date: Wed, 20 Apr 2022 14:56:19 +0530 Subject: [PATCH 039/195] Update values.j2 --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 5fcf4199cb..385b83945f 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -4158,12 +4158,12 @@ proxyconfig: |- } server { - if ($host = frac-dictionary.{{ proxy_server_name }}) { + if ($host = frac-dictionary-backend.{{ proxy_server_name }}) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; - server_name frac-dictionary.{{ proxy_server_name }}; + server_name frac-dictionary-backend.{{ proxy_server_name }}; return 404; # managed by Certbot } @@ -4173,7 +4173,7 @@ proxyconfig: |- ssl_certificate_key /etc/secrets/site.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; - server_name *.frac-dictionary.{{ proxy_server_name }} frac-dictionary.{{ proxy_server_name }}; + server_name *.frac-dictionary-backend.{{ proxy_server_name }} frac-dictionary-backend.{{ proxy_server_name }}; {# custom nginx server config section eg: From 07487b642565e6f109cd9bf4effa55c29f104b14 Mon Sep 17 00:00:00 2001 From: Nivetha-M <34033831+Nivetha-M@users.noreply.github.com> Date: Thu, 21 Apr 2022 18:14:58 +0530 Subject: [PATCH 040/195] Org update config --- .../roles/stack-sunbird/templates/sunbird_learner-service.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index a68cebddba..3f339d662f 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -124,4 +124,4 @@ google_captcha_mobile_private_key={{google_captcha_mobile_private_key | default( PORTAL_SERVICE_PORT=http://player.{{namespace}}.svc.cluster.local:3000 form_api_endpoint={{form_api_endpoint | default('/plugin/v1/form/read')}} sunbird_sso_lb_ip={{keycloak_url}} - +channel_registration_disabled: "true" From 0411ce703b86683df4c1f898b7eb9a53498b1c3b Mon Sep 17 00:00:00 2001 From: Haritest Date: Tue, 26 Apr 2022 12:57:51 +0530 Subject: [PATCH 041/195] updated with sunbird nginx-config --- .../core/nginx-public-ingress/values.j2 | 5086 +---------------- 1 file changed, 211 insertions(+), 4875 deletions(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 385b83945f..e6ac52f0bd 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -3,6 +3,7 @@ namespace: {{ namespace }} merge_domain_status: {{ merge_domain_status | lower }} service: + annotations: {{nginx_public_ingress_service_annotations | d('') | to_json}} type: {{ nginx_public_ingress_type | default('LoadBalancer') }} {% if nginx_public_ingress_ip is defined %} nginx_public_ingress_ip: {{ nginx_public_ingress_ip }} @@ -80,4618 +81,23 @@ proxyconfig: |- {% if nginx_server_config is defined and nginx_server_config %} {{ nginx_server_config | indent( width=4, indentfirst=True) }} {% endif %} - - # Limitting open connection per ip limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; - #return 301 https://{{ proxy_server_name }}$request_uri; - return 301 https://{{ proxy_server_name }}$request_uri; - #} + return 301 https://{{ proxy_server_name }}$request_uri; } {% endif %} - - server { - listen 3007; - server_name _; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Proto $scheme; - - location /web-hosted/ { - root /content-mount/web-host; - rewrite ^/web-hosted/(.*) /$1 break; - } - } - - server { - {% if proto=='http' %} - listen 80; - listen [::]:80; - {% else %} - listen 443 ssl; - ssl_certificate /etc/secrets/site.crt; - ssl_certificate_key /etc/secrets/site.key; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; - {% endif %} - server_name *.{{ proxy_server_name }} {{ proxy_server_name }}; - {# - custom nginx server config section - eg: - nginx_server_config: | - if ($allowed_country = no) { - return 444; - } - #} -{% if nginx_server_config is defined and nginx_server_config %} - {{ nginx_server_config | indent( width=6, indentfirst=True) }} -{% endif %} - # Limitting open connection per ip - limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Proto $scheme; - - #add_header Content-Security-Policy "frame-ancestors 'self'; frame-src *.youtube.com *.igot-stage.in *.{{ proxy_server_name }};"; - - ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. - resolver {{ kube_dns_ip }} valid=30s; - location ~* ^/auth/(.*)/impersonation { - return 301 {{proto}}://{{ proxy_server_name }}; - } - location ~* ^/auth/realms/master { - return 301 {{proto}}://{{ proxy_server_name }}; - } - location ~* ^/auth/admin/master/console/ { - return 301 {{proto}}://{{ proxy_server_name }}; - } - location ~* ^/auth/realms/(.+)/token/introspect/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/introspect; - } - location ~* ^/auth/realms/(.+)/token/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/; - } - location ~* ^/auth/realms/(.+)/userinfo/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/userinfo/; - } - location ~* ^/auth/realms/(.+)/logout/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/logout/; - } - location ~* ^/auth/realms/(.+)/certs/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/certs/; - } - location ~* ^/auth/realms/(.+)/clients-registrations/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/clients-registrations/; - } - location ~* ^/auth/admin/master/console/ { - return 301 {{proto}}://{{ proxy_server_name }}; - } - location ~* ^/auth/v1/refresh/token { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location /auth/ { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # Caching keycloak static assets - location ~ /auth/resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css)) { - # Enabling caching - proxy_cache_key $proxy_host$request_uri; - proxy_cache proxy_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # This is Caching mechanism for POST requests location search - location ~ /learner/data/v1/location/search { - # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-static; - } - - # Caching for content consumption - location ~ /api/(content/v1/read|course/v1/hierarchy) { - # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache content_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 14400s; - # Increasing the proxy buffer size - proxy_buffer_size 16k; - proxy_busy_buffers_size 16k; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://kong; - } - # This is Caching mechanism for Content search - location ~ /api/content/v1/search { - # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache content_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 14400s; - # Increasing the proxy buffer size - proxy_buffer_size 16k; - proxy_busy_buffers_size 16k; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://kong; - } - # This is Caching mechanism for POST requests - location ~ /api/org/v1/search|/api/data/v1/(form/read|location/search) { - # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location ~ /api/(framework/v1/read|data/v1/system/settings/get) { - # Enabling caching - proxy_cache_key $proxy_host$request_uri; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - - location /api/ { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, x-authenticated-user-token, Authorization, Content-Type, user-id, Content-Encoding"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - if ( $arg_eHVyhwSdt ) { - set $custom_header "Bearer $arg_eHVyhwSdt"; - } - if ( $http_authorization ) { - set $custom_header "$http_authorization"; - } - proxy_set_header Authorization $custom_header; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - client_max_body_size 200M; - } - location /apis/ { - # if ($request_method = OPTIONS ) { - # add_header Access-Control-Allow-Origin "*" ; - # add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - # add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; - # add_header Content-Length 0; - # add_header Content-Type text/plain; - # return 200; - #} - # add_header Access-Control-Allow-Origin "*"; - # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - rewrite ^/apis/(.*) /$1 break; - proxy_pass http://ui-proxies:3003; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location /protected/v8/resource/ { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - # add_header Access-Control-Allow-Origin "*"; - # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_pass http://ui-proxies:3003; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location /nodebb/ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - set $target http://{{ nodebbvmip }}:4567; - proxy_pass $target; - } - - location /content { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host https://igot-content.azureedge.net; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://igot-content.azureedge.net/content; - } - - # Oauth2 config - location /oauth2/ { - set $target http://oauth2-proxy.logging.svc.cluster.local; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Auth-Request-Redirect $request_uri; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location = /oauth2/auth { - set $target http://oauth2-proxy.logging.svc.cluster.local; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - # nginx auth_request includes headers but not body - proxy_set_header Content-Length ""; - proxy_pass_request_body off; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location /dashboard/ { - auth_request /oauth2/auth; - error_page 401 = /oauth2/sign_in; - # Setting target url - auth_request_set $target http://{{ kibana_service }}; - # pass information via X-User and X-Email headers to backend, - # requires running with --set-xauthrequest flag - auth_request_set $user $upstream_http_x_auth_request_user; - auth_request_set $email $upstream_http_x_auth_request_email; - proxy_set_header X-User $user; - proxy_set_header X-Email $email; - # if you enabled --cookie-refresh, this is needed for it to work with auth_request - auth_request_set $auth_cookie $upstream_http_set_cookie; - add_header Set-Cookie $auth_cookie; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - - location /oauth3 { - set $target http://oauth2-proxy.monitoring.svc.cluster.local; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Auth-Request-Redirect $request_uri; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location = /oauth3/auth { - set $target http://oauth2-proxy.monitoring.svc.cluster.local; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_set_header Content-Length ""; - proxy_pass_request_body off; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location /grafana/ { - auth_request /oauth3/auth; - error_page 401 = /oauth3/sign_in; - auth_request_set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; - include /etc/nginx/defaults.d/compression.conf; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; - rewrite ^/grafana/(.*) /$1 break; - proxy_pass $target; - - #set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; - #rewrite ^/grafana/(.*) /$1 break; - #proxy_pass $target; - } - location /encryption/ { - set $target http://encryption.{{ namespace }}.svc.cluster.local; - rewrite ^/encryption/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 1; - proxy_send_timeout 30; - proxy_read_timeout 40; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $http_x_forwarded_for; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location /badging/ { - set $target http://badger-service.{{ namespace }}.svc.cluster.local:8004; - rewrite ^/badging/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 1; - proxy_send_timeout 30; - proxy_read_timeout 40; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location /discussions/ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_redirect off; - # Socket.IO Support - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - set $target http://nodebb-service.{{ namespace }}.svc.cluster.local:4567; - #rewrite ^/discussions/(.*) /$1 break; - proxy_pass $target; - } - location ~* ^/assets/public/(.*) { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $bucket "{{upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$bucket/$url_full; - } - location ~* ^/content/preview/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/v3/preview/$url_full; - } - location ~ /content-editor/telemetry|collection-editor/telemetry { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-static; - } - location ~* ^/content-editor/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/content-editor/$url_full; - } - location ~* ^/collection-editor/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/collection-editor/$url_full; - } - location ~* ^/generic-editor/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/generic-editor/$url_full; - } - location ~* ^/content-plugins/(.*) { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/content-plugins/$url_full; - } - location /thirdparty { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-static; - } - location ~* ^/desktop/(.*) { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $offline_bucket "{{ sunbird_offline_azure_storage_account_url }}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$offline_bucket/$url_full; - } - # compression for svg certs download - location /api/certreg/v2/certs/download { - rewrite ^/api/(.*) /$1 break; - # Compression - gzip on; - gzip_comp_level 5; - gzip_min_length 50000; # 50KB - gzip_proxied any; - gzip_vary on; - # Content types for compression - gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - add_header test hello; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location /learner/certreg/v2/certs/download { - # Compression - gzip on; - gzip_comp_level 5; - gzip_min_length 50000; # 50KB - gzip_proxied any; - gzip_vary on; - # Content types for compression - gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - add_header test hello; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-static; - } - location / { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-static; - } - location /v3/device/register { - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - proxy_set_header Connection ""; - rewrite ^/v3/device/register/(.*) /v3/device/register/$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - } - location /action/data/v3/metrics { - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - proxy_set_header Connection ""; - rewrite ^/action/data/v3/metrics/(.*) /data/v3/metrics/$1 break; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - } - location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info { - proxy_cache_key $proxy_host$request_uri; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-static; - } - location /api/channel/v1/read { - proxy_cache_key $proxy_host$request_uri; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/api/channel/v1/read/(.*) /channel/v1/read/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location ~ ^/chatapi/ { - set $target http://router-service.{{ namespace }}.svc.cluster.local:8000; - rewrite ^/chatapi/(.*) /$1 break; - proxy_pass $target; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - } - location /oauth2callback { - return 200 'OK'; - add_header Content-Type text/plain; - } - {# Including custom configuration #} - {{ proxy_custom_config }} - - client_max_body_size 200M; - } - - server { - {% if proto=='http' %} - listen 80; - listen [::]:80; - {% else %} - listen 443 ssl; - ssl_certificate /etc/secrets/site.crt; - ssl_certificate_key /etc/secrets/site.key; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; - {% endif %} - server_name *.ui.{{ proxy_server_name }} ui.{{ proxy_server_name }}; - {# - custom nginx server config section - eg: - nginx_server_config: | - if ($allowed_country = no) { - return 444; - } - #} -{% if nginx_server_config is defined and nginx_server_config %} - {{ nginx_server_config | indent( width=6, indentfirst=True) }} -{% endif %} - # Limitting open connection per ip - limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Proto $scheme; - ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. - resolver {{ kube_dns_ip }} valid=30s; - location ~* ^/auth/(.*)/impersonation { - return 301 {{proto}}://ui.{{ proxy_server_name }}; - } - location ~* ^/auth/realms/master { - return 301 {{proto}}://ui.{{ proxy_server_name }}; - } - location ~* ^/auth/admin/master/console/ { - return 301 {{proto}}://ui.{{ proxy_server_name }}; - } - location ~* ^/auth/realms/(.+)/token/introspect/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/introspect; - } - location ~* ^/auth/realms/(.+)/token/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/; - } - location ~* ^/auth/realms/(.+)/userinfo/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/userinfo/; - } - location ~* ^/auth/realms/(.+)/logout/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/logout/; - } - location ~* ^/auth/realms/(.+)/certs/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/certs/; - } - location ~* ^/auth/realms/(.+)/clients-registrations/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/clients-registrations/; - } - location ~* ^/auth/admin/master/console/ { - return 301 {{proto}}://ui.{{ proxy_server_name }}; - } - location ~* ^/auth/v1/refresh/token { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location /auth/ { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # Caching keycloak static assets - location ~ /auth/resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css)) { - # Enabling caching - proxy_cache_key $proxy_host$request_uri; - proxy_cache proxy_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # This is Caching mechanism for POST requests location search - location ~ /learner/data/v1/location/search { - # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; - } - # Caching for content consumption - location ~ /api/(content/v1/read|course/v1/hierarchy) { - # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache content_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 14400s; - # Increasing the proxy buffer size - proxy_buffer_size 16k; - proxy_busy_buffers_size 16k; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://kong; - } - # This is Caching mechanism for Content search - location ~ /api/content/v1/search { - # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache content_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 14400s; - # Increasing the proxy buffer size - proxy_buffer_size 16k; - proxy_busy_buffers_size 16k; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://kong; - } - # This is Caching mechanism for POST requests - location ~ /api/org/v1/search|/api/data/v1/(form/read|location/search) { - # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location ~ /api/(framework/v1/read|data/v1/system/settings/get) { - # Enabling caching - proxy_cache_key $proxy_host$request_uri; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - - location /api/ { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - if ( $arg_eHVyhwSdt ) { - set $custom_header "Bearer $arg_eHVyhwSdt"; - } - if ( $http_authorization ) { - set $custom_header "$http_authorization"; - } - proxy_set_header Authorization $custom_header; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location /apis/ { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - rewrite ^/apis/(.*) /$1 break; - proxy_pass http://ui-proxies:3003; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - location /nodebb/ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - set $target http://10.0.0.12:4567; - proxy_pass $target; - } - # Oauth2 config - location /oauth2/ { - set $target http://oauth2-proxy.logging.svc.cluster.local; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Auth-Request-Redirect $request_uri; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location = /oauth2/auth { - set $target http://oauth2-proxy.logging.svc.cluster.local; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - # nginx auth_request includes headers but not body - proxy_set_header Content-Length ""; - proxy_pass_request_body off; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location /dashboard/ { - auth_request /oauth2/auth; - error_page 401 = /oauth2/sign_in; - # Setting target url - auth_request_set $target http://{{ kibana_service }}; - # pass information via X-User and X-Email headers to backend, - # requires running with --set-xauthrequest flag - auth_request_set $user $upstream_http_x_auth_request_user; - auth_request_set $email $upstream_http_x_auth_request_email; - proxy_set_header X-User $user; - proxy_set_header X-Email $email; - # if you enabled --cookie-refresh, this is needed for it to work with auth_request - auth_request_set $auth_cookie $upstream_http_set_cookie; - add_header Set-Cookie $auth_cookie; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location /grafana/ { - set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; - rewrite ^/grafana/(.*) /$1 break; - proxy_pass $target; - } - location /encryption/ { - set $target http://encryption.{{ namespace }}.svc.cluster.local; - rewrite ^/encryption/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 1; - proxy_send_timeout 30; - proxy_read_timeout 40; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $http_x_forwarded_for; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location /badging/ { - set $target http://badger-service.{{ namespace }}.svc.cluster.local:8004; - rewrite ^/badging/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 1; - proxy_send_timeout 30; - proxy_read_timeout 40; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location /discussions/ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_redirect off; - # Socket.IO Support - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - set $target http://nodebb-service.{{ namespace }}.svc.cluster.local:4567; - #rewrite ^/discussions/(.*) /$1 break; - proxy_pass $target; - } - location ~* ^/assets/public/(.*) { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $bucket "{{upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$bucket/$url_full; - } - location ~* ^/content/preview/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/v3/preview/$url_full; - } - location ~ /content-editor/telemetry|collection-editor/telemetry { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; - } - location ~* ^/content-editor/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/content-editor/$url_full; - } - location ~* ^/collection-editor/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/collection-editor/$url_full; - } - location ~* ^/generic-editor/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/generic-editor/$url_full; - } - location ~* ^/content-plugins/(.*) { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/content-plugins/$url_full; - } - location /thirdparty { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; - } - location ~* ^/desktop/(.*) { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $offline_bucket "{{ sunbird_offline_azure_storage_account_url }}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$offline_bucket/$url_full; - } - # compression for svg certs download - location /api/certreg/v2/certs/download { - rewrite ^/api/(.*) /$1 break; - # Compression - gzip on; - gzip_comp_level 5; - gzip_min_length 50000; # 50KB - gzip_proxied any; - gzip_vary on; - # Content types for compression - gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - add_header test hello; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location /learner/certreg/v2/certs/download { - # Compression - gzip on; - gzip_comp_level 5; - gzip_min_length 50000; # 50KB - gzip_proxied any; - gzip_vary on; - # Content types for compression - gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - add_header test hello; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; - } - location / { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; - } - location /v3/device/register { - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - proxy_set_header Connection ""; - rewrite ^/v3/device/register/(.*) /v3/device/register/$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - } - location /action/data/v3/metrics { - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - proxy_set_header Connection ""; - rewrite ^/action/data/v3/metrics/(.*) /data/v3/metrics/$1 break; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - } - location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info { - proxy_cache_key $proxy_host$request_uri; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; - } - location /api/channel/v1/read { - proxy_cache_key $proxy_host$request_uri; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/api/channel/v1/read/(.*) /channel/v1/read/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location ~ ^/chatapi/ { - set $target http://router-service.{{ namespace }}.svc.cluster.local:8000; - rewrite ^/chatapi/(.*) /$1 break; - proxy_pass $target; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - } - location /oauth2callback { - return 200 'OK'; - add_header Content-Type text/plain; - } - {# Including custom configuration #} - {{ proxy_custom_config }} - - client_max_body_size 200M; - - } - - server { - if ($host = cbp.{{ proxy_server_name }}) { - return 301 https://$host$request_uri; - } - - listen 80; - server_name cbp.{{ proxy_server_name }}; - return 404; - } - - server { - listen 443 ssl; - ssl_certificate /etc/secrets/site.crt; - ssl_certificate_key /etc/secrets/site.key; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; - server_name *.cbp.{{ proxy_server_name }} cbp.{{ proxy_server_name }}; - {# - custom nginx server config section - eg: - nginx_server_config: | - if ($allowed_country = no) { - return 444; - } - #} -{% if nginx_server_config is defined and nginx_server_config %} - {{ nginx_server_config | indent( width=6, indentfirst=True) }} -{% endif %} - # Limitting open connection per ip - limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Proto $scheme; - ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. - resolver {{ kube_dns_ip }} valid=30s; - location ~* ^/auth/(.*)/impersonation { - return 301 {{proto}}://cbp.{{ proxy_server_name }}; - } - location ~* ^/auth/realms/master { - return 301 {{proto}}://cbp.{{ proxy_server_name }}; - } - location ~* ^/auth/admin/master/console/ { - return 301 {{proto}}://cbp.{{ proxy_server_name }}; - } - location ~* ^/auth/realms/(.+)/token/introspect/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/introspect; - } - location ~* ^/auth/realms/(.+)/token/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/; - } - location ~* ^/auth/realms/(.+)/userinfo/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/userinfo/; - } - location ~* ^/auth/realms/(.+)/logout/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/logout/; - } - location ~* ^/auth/realms/(.+)/certs/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/certs/; - } - location ~* ^/auth/realms/(.+)/clients-registrations/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/clients-registrations/; - } - location ~* ^/auth/admin/master/console/ { - return 301 {{proto}}://cbp.{{ proxy_server_name }}; - } - location ~* ^/auth/v1/refresh/token { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location /auth/ { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # Caching keycloak static assets - location ~ /auth/resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css)) { - # Enabling caching - proxy_cache_key $proxy_host$request_uri; - proxy_cache proxy_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # This is Caching mechanism for POST requests location search - location ~ /learner/data/v1/location/search { - # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-cbp-igot; - } - # Caching for content consumption - location ~ /api/(content/v1/read|course/v1/hierarchy) { - # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache content_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 14400s; - # Increasing the proxy buffer size - proxy_buffer_size 16k; - proxy_busy_buffers_size 16k; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://kong; - } - # This is Caching mechanism for Content search - location ~ /api/content/v1/search { - # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache content_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 14400s; - # Increasing the proxy buffer size - proxy_buffer_size 16k; - proxy_busy_buffers_size 16k; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://kong; - } - # This is Caching mechanism for POST requests - location ~ /api/org/v1/search|/api/data/v1/(form/read|location/search) { - # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location ~ /api/(framework/v1/read|data/v1/system/settings/get) { - # Enabling caching - proxy_cache_key $proxy_host$request_uri; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - - location /api/ { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - if ( $arg_eHVyhwSdt ) { - set $custom_header "Bearer $arg_eHVyhwSdt"; - } - if ( $http_authorization ) { - set $custom_header "$http_authorization"; - } - proxy_set_header Authorization $custom_header; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location /apis/ { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - rewrite ^/apis/(.*) /$1 break; - proxy_pass http://ui-proxies:3003; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location /protected/v8/resource/ { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - # add_header Access-Control-Allow-Origin "*"; - # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_pass http://ui-proxies:3003; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location /nodebb/ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - set $target http://{{ nodebbvmip }}:4567; - proxy_pass $target; - } - # Oauth2 config - location /oauth2/ { - set $target http://oauth2-proxy.logging.svc.cluster.local; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Auth-Request-Redirect $request_uri; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location = /oauth2/auth { - set $target http://oauth2-proxy.logging.svc.cluster.local; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - # nginx auth_request includes headers but not body - proxy_set_header Content-Length ""; - proxy_pass_request_body off; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location /dashboard/ { - auth_request /oauth2/auth; - error_page 401 = /oauth2/sign_in; - # Setting target url - auth_request_set $target http://{{ kibana_service }}; - # pass information via X-User and X-Email headers to backend, - # requires running with --set-xauthrequest flag - auth_request_set $user $upstream_http_x_auth_request_user; - auth_request_set $email $upstream_http_x_auth_request_email; - proxy_set_header X-User $user; - proxy_set_header X-Email $email; - # if you enabled --cookie-refresh, this is needed for it to work with auth_request - auth_request_set $auth_cookie $upstream_http_set_cookie; - add_header Set-Cookie $auth_cookie; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location /grafana/ { - set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; - rewrite ^/grafana/(.*) /$1 break; - proxy_pass $target; - } - location /encryption/ { - set $target http://encryption.{{ namespace }}.svc.cluster.local; - rewrite ^/encryption/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 1; - proxy_send_timeout 30; - proxy_read_timeout 40; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $http_x_forwarded_for; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location /badging/ { - set $target http://badger-service.{{ namespace }}.svc.cluster.local:8004; - rewrite ^/badging/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 1; - proxy_send_timeout 30; - proxy_read_timeout 40; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location /discussions/ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_redirect off; - # Socket.IO Support - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - set $target http://nodebb-service.{{ namespace }}.svc.cluster.local:4567; - #rewrite ^/discussions/(.*) /$1 break; - proxy_pass $target; - } - location ~* ^/assets/public/(.*) { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $bucket "{{upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$bucket/$url_full; - } - location ~* ^/content/preview/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/v3/preview/$url_full; - } - location ~ /content-editor/telemetry|collection-editor/telemetry { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-cbp-igot; - } - location ~* ^/content-editor/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/content-editor/$url_full; - } - location ~* ^/collection-editor/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/collection-editor/$url_full; - } - location ~* ^/generic-editor/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/generic-editor/$url_full; - } - location ~* ^/content-plugins/(.*) { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/content-plugins/$url_full; - } - location /thirdparty { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-cbp-igot; - } - location ~* ^/desktop/(.*) { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $offline_bucket "{{ sunbird_offline_azure_storage_account_url }}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$offline_bucket/$url_full; - } - # compression for svg certs download - location /api/certreg/v2/certs/download { - rewrite ^/api/(.*) /$1 break; - # Compression - gzip on; - gzip_comp_level 5; - gzip_min_length 50000; # 50KB - gzip_proxied any; - gzip_vary on; - # Content types for compression - gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - add_header test hello; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location /learner/certreg/v2/certs/download { - # Compression - gzip on; - gzip_comp_level 5; - gzip_min_length 50000; # 50KB - gzip_proxied any; - gzip_vary on; - # Content types for compression - gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - add_header test hello; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-cbp-igot; - } - location / { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-cbp-igot; - } - location /v3/device/register { - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - proxy_set_header Connection ""; - rewrite ^/v3/device/register/(.*) /v3/device/register/$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - } - location /action/data/v3/metrics { - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - proxy_set_header Connection ""; - rewrite ^/action/data/v3/metrics/(.*) /data/v3/metrics/$1 break; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - } - location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info { - proxy_cache_key $proxy_host$request_uri; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-cbp-igot; - } - location /api/channel/v1/read { - proxy_cache_key $proxy_host$request_uri; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/api/channel/v1/read/(.*) /channel/v1/read/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location ~ ^/chatapi/ { - set $target http://router-service.{{ namespace }}.svc.cluster.local:8000; - rewrite ^/chatapi/(.*) /$1 break; - proxy_pass $target; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - } - location /oauth2callback { - return 200 'OK'; - add_header Content-Type text/plain; - } - {# Including custom configuration #} - {{ proxy_custom_config }} - - client_max_body_size 200M; - - } - - server { - if ($host = cbc.{{ proxy_server_name }}) { - return 301 https://$host$request_uri; - } - - listen 80; - server_name cbc.{{ proxy_server_name }}; - return 404; - } - - server { - listen 443 ssl; - ssl_certificate /etc/secrets/site.crt; - ssl_certificate_key /etc/secrets/site.key; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; - server_name *.cbc.{{ proxy_server_name }} cbc.{{ proxy_server_name }}; - {# - custom nginx server config section - eg: - nginx_server_config: | - if ($allowed_country = no) { - return 444; - } - #} -{% if nginx_server_config is defined and nginx_server_config %} - {{ nginx_server_config | indent( width=6, indentfirst=True) }} -{% endif %} - # Limitting open connection per ip - limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Proto $scheme; - ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. - resolver {{ kube_dns_ip }} valid=30s; - location ~* ^/auth/(.*)/impersonation { - return 301 {{proto}}://cbc.{{ proxy_server_name }}; - } - location ~* ^/auth/realms/master { - return 301 {{proto}}://cbc.{{ proxy_server_name }}; - } - location ~* ^/auth/admin/master/console/ { - return 301 {{proto}}://cbc.{{ proxy_server_name }}; - } - location ~* ^/auth/realms/(.+)/token/introspect/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/introspect; - } - location ~* ^/auth/realms/(.+)/token/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/; - } - location ~* ^/auth/realms/(.+)/userinfo/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/userinfo/; - } - location ~* ^/auth/realms/(.+)/logout/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/logout/; - } - location ~* ^/auth/realms/(.+)/certs/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/certs/; - } - location ~* ^/auth/realms/(.+)/clients-registrations/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/clients-registrations/; - } - location ~* ^/auth/admin/master/console/ { - return 301 {{proto}}://cbc.{{ proxy_server_name }}; - } - location ~* ^/auth/v1/refresh/token { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location /auth/ { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # Caching keycloak static assets - location ~ /auth/resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css)) { - # Enabling caching - proxy_cache_key $proxy_host$request_uri; - proxy_cache proxy_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # This is Caching mechanism for POST requests location search - location ~ /learner/data/v1/location/search { - # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-cbp-igot; - } - location /api/ { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - if ( $arg_eHVyhwSdt ) { - set $custom_header "Bearer $arg_eHVyhwSdt"; - } - if ( $http_authorization ) { - set $custom_header "$http_authorization"; - } - proxy_set_header Authorization $custom_header; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location / { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-cbc-igot; - } - location /apis/ { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - rewrite ^/apis/(.*) /$1 break; - proxy_pass http://ui-proxies:3003; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location /protected/v8/resource/ { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - # add_header Access-Control-Allow-Origin "*"; - # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_pass http://ui-proxies:3003; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info { - proxy_cache_key $proxy_host$request_uri; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-cbc-igot; - } - location /oauth2callback { - return 200 'OK'; - add_header Content-Type text/plain; - } - {# Including custom configuration #} - {{ proxy_custom_config }} - - client_max_body_size 200M; - - } - - - server { - if ($host = spv.{{ proxy_server_name }}) { - return 301 https://$host$request_uri; - } - - listen 80; - server_name spv.{{ proxy_server_name }}; - return 404; - } - - server { - listen 443 ssl; - ssl_certificate /etc/secrets/site.crt; - ssl_certificate_key /etc/secrets/site.key; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; - server_name *.spv.{{ proxy_server_name }} spv.{{ proxy_server_name }}; - {# - custom nginx server config section - eg: - nginx_server_config: | - if ($allowed_country = no) { - return 444; - } - #} -{% if nginx_server_config is defined and nginx_server_config %} - {{ nginx_server_config | indent( width=6, indentfirst=True) }} -{% endif %} - # Limitting open connection per ip - limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Proto $scheme; - ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. - resolver {{ kube_dns_ip }} valid=30s; - location ~* ^/auth/(.*)/impersonation { - return 301 {{proto}}://spv.{{ proxy_server_name }}; - } - location ~* ^/auth/realms/master { - return 301 {{proto}}://spv.{{ proxy_server_name }}; - } - location ~* ^/auth/admin/master/console/ { - return 301 {{proto}}://spv.{{ proxy_server_name }}; - } - location ~* ^/auth/realms/(.+)/token/introspect/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/introspect; - } - location ~* ^/auth/realms/(.+)/token/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/; - } - location ~* ^/auth/realms/(.+)/userinfo/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/userinfo/; - } - location ~* ^/auth/realms/(.+)/logout/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/logout/; - } - location ~* ^/auth/realms/(.+)/certs/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/certs/; - } - location ~* ^/auth/realms/(.+)/clients-registrations/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/clients-registrations/; - } - location ~* ^/auth/admin/master/console/ { - return 301 {{proto}}://spv.{{ proxy_server_name }}; - } - location ~* ^/auth/v1/refresh/token { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location /auth/ { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # Caching keycloak static assets - location ~ /auth/resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css)) { - # Enabling caching - proxy_cache_key $proxy_host$request_uri; - proxy_cache proxy_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # This is Caching mechanism for POST requests location search - location ~ /learner/data/v1/location/search { - # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-cbp-igot; - } - # Caching for content consumption - location ~ /api/(content/v1/read|course/v1/hierarchy) { - # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache content_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 14400s; - # Increasing the proxy buffer size - proxy_buffer_size 16k; - proxy_busy_buffers_size 16k; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://kong; - } - # This is Caching mechanism for Content search - location ~ /api/content/v1/search { - # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache content_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 14400s; - # Increasing the proxy buffer size - proxy_buffer_size 16k; - proxy_busy_buffers_size 16k; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://kong; - } - # This is Caching mechanism for POST requests - location ~ /api/org/v1/search|/api/data/v1/(form/read|location/search) { - # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location ~ /api/(framework/v1/read|data/v1/system/settings/get) { - # Enabling caching - proxy_cache_key $proxy_host$request_uri; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - - location /api/ { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - if ( $arg_eHVyhwSdt ) { - set $custom_header "Bearer $arg_eHVyhwSdt"; - } - if ( $http_authorization ) { - set $custom_header "$http_authorization"; - } - proxy_set_header Authorization $custom_header; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location /apis/ { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - rewrite ^/apis/(.*) /$1 break; - proxy_pass http://ui-proxies:3003; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location /protected/v8/resource/ { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - # add_header Access-Control-Allow-Origin "*"; - # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_pass http://ui-proxies:3003; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location /moderatoradmin/ { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, locale, wid, hostpath"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - rewrite ^/moderatoradmin/(.*) /$1 break; - proxy_pass http://profanity-moderator-admin-service:4000; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location /nodebb/ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - set $target http://{{ nodebbvmip }}:4567; - proxy_pass $target; - } - # Oauth2 config - location /oauth2/ { - set $target http://oauth2-proxy.logging.svc.cluster.local; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Auth-Request-Redirect $request_uri; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location = /oauth2/auth { - set $target http://oauth2-proxy.logging.svc.cluster.local; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - # nginx auth_request includes headers but not body - proxy_set_header Content-Length ""; - proxy_pass_request_body off; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location /dashboard/ { - auth_request /oauth2/auth; - error_page 401 = /oauth2/sign_in; - # Setting target url - auth_request_set $target http://{{ kibana_service }}; - # pass information via X-User and X-Email headers to backend, - # requires running with --set-xauthrequest flag - auth_request_set $user $upstream_http_x_auth_request_user; - auth_request_set $email $upstream_http_x_auth_request_email; - proxy_set_header X-User $user; - proxy_set_header X-Email $email; - # if you enabled --cookie-refresh, this is needed for it to work with auth_request - auth_request_set $auth_cookie $upstream_http_set_cookie; - add_header Set-Cookie $auth_cookie; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location /grafana/ { - set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; - rewrite ^/grafana/(.*) /$1 break; - proxy_pass $target; - } - location /encryption/ { - set $target http://encryption.{{ namespace }}.svc.cluster.local; - rewrite ^/encryption/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 1; - proxy_send_timeout 30; - proxy_read_timeout 40; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $http_x_forwarded_for; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location /badging/ { - set $target http://badger-service.{{ namespace }}.svc.cluster.local:8004; - rewrite ^/badging/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 1; - proxy_send_timeout 30; - proxy_read_timeout 40; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location /discussions/ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_redirect off; - # Socket.IO Support - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - set $target http://nodebb-service.{{ namespace }}.svc.cluster.local:4567; - #rewrite ^/discussions/(.*) /$1 break; - proxy_pass $target; - } - location ~* ^/assets/public/(.*) { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $bucket "{{upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$bucket/$url_full; - } - location ~* ^/content/preview/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/v3/preview/$url_full; - } - location ~ /content-editor/telemetry|collection-editor/telemetry { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-cbp-igot; - } - location ~* ^/content-editor/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/content-editor/$url_full; - } - location ~* ^/collection-editor/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/collection-editor/$url_full; - } - location ~* ^/generic-editor/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/generic-editor/$url_full; - } - location ~* ^/content-plugins/(.*) { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/content-plugins/$url_full; - } - location /thirdparty { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-cbp-igot; - } - location ~* ^/desktop/(.*) { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $offline_bucket "{{ sunbird_offline_azure_storage_account_url }}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$offline_bucket/$url_full; - } - # compression for svg certs download - location /api/certreg/v2/certs/download { - rewrite ^/api/(.*) /$1 break; - # Compression - gzip on; - gzip_comp_level 5; - gzip_min_length 50000; # 50KB - gzip_proxied any; - gzip_vary on; - # Content types for compression - gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - add_header test hello; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location /learner/certreg/v2/certs/download { - # Compression - gzip on; - gzip_comp_level 5; - gzip_min_length 50000; # 50KB - gzip_proxied any; - gzip_vary on; - # Content types for compression - gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - add_header test hello; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-cbp-igot; - } - location / { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-spv-igot; - } - location /v3/device/register { - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - proxy_set_header Connection ""; - rewrite ^/v3/device/register/(.*) /v3/device/register/$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - } - location /action/data/v3/metrics { - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - proxy_set_header Connection ""; - rewrite ^/action/data/v3/metrics/(.*) /data/v3/metrics/$1 break; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - } - location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info { - proxy_cache_key $proxy_host$request_uri; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-cbp-igot; - } - location /api/channel/v1/read { - proxy_cache_key $proxy_host$request_uri; - proxy_cache framework_cache; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 43200; - rewrite ^/api/channel/v1/read/(.*) /channel/v1/read/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location ~ ^/chatapi/ { - set $target http://router-service.{{ namespace }}.svc.cluster.local:8000; - rewrite ^/chatapi/(.*) /$1 break; - proxy_pass $target; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - } - location /oauth2callback { - return 200 'OK'; - add_header Content-Type text/plain; - } - {# Including custom configuration #} - {{ proxy_custom_config }} - - client_max_body_size 200M; - - } - - server { - if ($host = frac.{{ proxy_server_name }}) { - return 301 https://$host$request_uri; - } # managed by Certbot - - listen 80; - server_name frac.{{ proxy_server_name }}; - return 404; # managed by Certbot - } - - server { - listen 443 ssl; - ssl_certificate /etc/secrets/site.crt; - ssl_certificate_key /etc/secrets/site.key; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; - server_name *.frac.{{ proxy_server_name }} frac.{{ proxy_server_name }}; - {# - custom nginx server config section - eg: - nginx_server_config: | - if ($allowed_country = no) { - return 444; - } - #} -{% if nginx_server_config is defined and nginx_server_config %} - {{ nginx_server_config | indent( width=6, indentfirst=True) }} -{% endif %} - # Limitting open connection per ip - limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Proto $scheme; - ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. - resolver {{ kube_dns_ip }} valid=30s; - - location /auth/ { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - - location /protected/v8/resource/ { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - # add_header Access-Control-Allow-Origin "*"; - # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_pass http://ui-proxies:3003; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - - location / { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://frac-web-service; - } - - location /fracapis/ { - - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - # add_header Access-Control-Allow-Origin "*"; - # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - rewrite ^/fracapis/(.*) /$1 break; - proxy_pass http://frac-backend-service:8095; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location /socket.io/ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - - proxy_pass http://frac-collab-service:8080/socket.io/; - proxy_redirect off; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - - location /fraccollab/ { - - # add_header Access-Control-Allow-Origin "*"; - # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "*" ; - add_header Access-Control-Allow-Origin "*" ; - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - rewrite ^/fraccollab/(.*) /$1 break; - proxy_pass http://frac-collab-service:8080; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - - - } - - location /oauth2callback { - return 200 'OK'; - add_header Content-Type text/plain; - } - {# Including custom configuration #} - {{ proxy_custom_config }} - - client_max_body_size 200M; - - } - - server { - if ($host = frac-dictionary-backend.{{ proxy_server_name }}) { - return 301 https://$host$request_uri; - } # managed by Certbot - - listen 80; - server_name frac-dictionary-backend.{{ proxy_server_name }}; - return 404; # managed by Certbot - } - - server { - listen 443 ssl; - ssl_certificate /etc/secrets/site.crt; - ssl_certificate_key /etc/secrets/site.key; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; - server_name *.frac-dictionary-backend.{{ proxy_server_name }} frac-dictionary-backend.{{ proxy_server_name }}; - {# - custom nginx server config section - eg: - nginx_server_config: | - if ($allowed_country = no) { - return 444; - } - #} -{% if nginx_server_config is defined and nginx_server_config %} - {{ nginx_server_config | indent( width=6, indentfirst=True) }} -{% endif %} - # Limitting open connection per ip - limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Proto $scheme; - ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. - resolver {{ kube_dns_ip }} valid=30s; - - location / { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://frac-dictionary-service:3040; - } - - location /oauth2callback { - return 200 'OK'; - add_header Content-Type text/plain; - } - {# Including custom configuration #} - {{ proxy_custom_config }} - - client_max_body_size 200M; - - } - - server { - if ($host = officer-survey.{{ proxy_server_name }}) { - return 301 https://$host$request_uri; - } # managed by Certbot - - listen 80; - server_name officer-survey.{{ proxy_server_name }}; - return 404; # managed by Certbot - } - - server { - listen 443 ssl; - ssl_certificate /etc/secrets/site.crt; - ssl_certificate_key /etc/secrets/site.key; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; - server_name *.officer-survey.{{ proxy_server_name }} officer-survey.{{ proxy_server_name }}; - {# - custom nginx server config section - eg: - nginx_server_config: | - if ($allowed_country = no) { - return 444; - } - - #} -{% if nginx_server_config is defined and nginx_server_config %} - {{ nginx_server_config | indent( width=6, indentfirst=True) }} -{% endif %} - # Limitting open connection per ip - limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Proto $scheme; - ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. - resolver {{ kube_dns_ip }} valid=30s; - - location / { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://wat-sourcing-web-service; - } - - location /watapis { - - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - rewrite ^/watapis/(.*) /$1 break; - proxy_pass http://wat-sourcing-service:5000; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location /oauth2callback { - return 200 'OK'; - add_header Content-Type text/plain; - } - {# Including custom configuration #} - {{ proxy_custom_config }} - - client_max_body_size 200M; - - } - - server { - if ($host = vega-console.{{ proxy_server_name }}) { - return 301 https://$host$request_uri; - } # managed by Certbot - - listen 80; - server_name vega-console.{{ proxy_server_name }}; - return 404; # managed by Certbot - } - server { - listen 443 ssl; - ssl_certificate /etc/secrets/site.crt; - ssl_certificate_key /etc/secrets/site.key; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; - server_name *.vega-console.{{ proxy_server_name }} vega-console.{{ proxy_server_name }}; - {# - custom nginx server config section - eg: - nginx_server_config: | - if ($allowed_country = no) { - return 444; - } - - #} -{% if nginx_server_config is defined and nginx_server_config %} - {{ nginx_server_config | indent( width=6, indentfirst=True) }} -{% endif %} - # Limitting open connection per ip - limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Proto $scheme; - ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. - resolver {{ kube_dns_ip }} valid=30s; - - location / { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://vega-web-service; - } - - location /vegaapis { - - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - rewrite ^/vegaapis/(.*) /$1 break; - proxy_pass http://vega-console-service:8081; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location /router { - - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - rewrite ^/router/(.*) /$1 break; - proxy_pass http://vega-router-service:80; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location /socket.io/ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - - proxy_pass http://vega-router-service:80/socket.io/; - proxy_redirect off; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - - location /oauth2callback { - return 200 'OK'; - add_header Content-Type text/plain; - } - {# Including custom configuration #} - {{ proxy_custom_config }} - - client_max_body_size 200M; - - } - - server { - if ($host = pm.{{ proxy_server_name }}) { - return 301 https://$host$request_uri; - } # managed by Certbot - - listen 80; - server_name pm.{{ proxy_server_name }}; - return 404; # managed by Certbot - } - - server { - listen 443 ssl; - ssl_certificate /etc/secrets/site.crt; - ssl_certificate_key /etc/secrets/site.key; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; - server_name *.pm.{{ proxy_server_name }} pm.{{ proxy_server_name }}; - {# - custom nginx server config section - eg: - nginx_server_config: | - if ($allowed_country = no) { - return 444; - } - #} -{% if nginx_server_config is defined and nginx_server_config %} - {{ nginx_server_config | indent( width=6, indentfirst=True) }} -{% endif %} - # Limitting open connection per ip - limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Proto $scheme; - ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. - resolver {{ kube_dns_ip }} valid=30s; - - location /auth/ { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - - location /protected/v8/resource/ { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - # add_header Access-Control-Allow-Origin "*"; - # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_pass http://ui-proxies:3003; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location / { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://pm-web-service; - } - - location /pmapis/ { - - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - rewrite ^/pmapis/(.*) /$1 break; - proxy_pass http://pm-analytics-service:8091; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location /oauth2callback { - return 200 'OK'; - add_header Content-Type text/plain; - } - {# Including custom configuration #} - {{ proxy_custom_config }} - - client_max_body_size 200M; - - } - - server { - if ($host = console.{{ proxy_server_name }}) { - return 301 https://$host$request_uri; - } # managed by Certbot - - listen 80; - server_name console.{{ proxy_server_name }}; - return 404; # managed by Certbot - } - - server { - listen 443 ssl; - ssl_certificate /etc/secrets/site.crt; - ssl_certificate_key /etc/secrets/site.key; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; - server_name *.console.{{ proxy_server_name }} console.{{ proxy_server_name }}; - {# - custom nginx server config section - eg: - nginx_server_config: | - if ($allowed_country = no) { - return 444; - } - #} -{% if nginx_server_config is defined and nginx_server_config %} - {{ nginx_server_config | indent( width=6, indentfirst=True) }} -{% endif %} - # Limitting open connection per ip - limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Proto $scheme; - ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. - resolver {{ kube_dns_ip }} valid=30s; - - location /auth/ { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - - location /protected/v8/resource/ { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - # add_header Access-Control-Allow-Origin "*"; - # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_pass http://ui-proxies:3003; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location / { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://developer-console-web-portal:5000; - } - - location /apis/ { - - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - rewrite ^/apis/(.*) /$1 break; - proxy_pass http://developer-console-service:8080; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location /oauth2callback { - return 200 'OK'; - add_header Content-Type text/plain; - } - {# Including custom configuration #} - {{ proxy_custom_config }} - - client_max_body_size 200M; - - } - - - server { - if ($host = mdo.{{ proxy_server_name }}) { - return 301 https://$host$request_uri; - } - - listen 80; - server_name mdo.{{ proxy_server_name }}; - return 404; - } - server { + {% if proto=='http' %} + listen 80; + listen [::]:80; + {% else %} listen 443 ssl; ssl_certificate /etc/secrets/site.crt; ssl_certificate_key /etc/secrets/site.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; - server_name *.mdo.{{ proxy_server_name }} mdo.{{ proxy_server_name }}; + {% endif %} + server_name *.{{ proxy_server_name }} {{ proxy_server_name }}; {# custom nginx server config section eg: @@ -4711,43 +117,14 @@ proxyconfig: |- proxy_set_header X-Forwarded-Proto $scheme; ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. resolver {{ kube_dns_ip }} valid=30s; - location ~* ^/auth/(.*)/impersonation { - return 301 {{proto}}://mdo.{{ proxy_server_name }}; - } - location ~* ^/auth/realms/master { - return 301 {{proto}}://mdo.{{ proxy_server_name }}; - } - location ~* ^/auth/admin/master/console/ { - return 301 {{proto}}://mdo.{{ proxy_server_name }}; - } - location ~* ^/auth/realms/(.+)/token/introspect/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/introspect; - } - location ~* ^/auth/realms/(.+)/token/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/; - } - location ~* ^/auth/realms/(.+)/userinfo/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/userinfo/; - } - location ~* ^/auth/realms/(.+)/logout/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/logout/; - } - location ~* ^/auth/realms/(.+)/certs/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/certs/; - } - location ~* ^/auth/realms/(.+)/clients-registrations/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/clients-registrations/; - } - location ~* ^/auth/admin/master/console/ { - return 301 {{proto}}://mdo.{{ proxy_server_name }}; - } + # Mobile Devices Refresh token Endpoints location ~* ^/auth/v1/refresh/token { rewrite ^/auth/(.*) /auth/$1 break; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 5; proxy_send_timeout 60; @@ -4756,47 +133,64 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://kong; } - location /auth/ { + # Admin API Endpoints for sunbird realm fpr forgot password flow + location ~ /auth/admin/realms/sunbird/users/ { rewrite ^/auth/(.*) /auth/$1 break; proxy_set_header X-Request-ID $sb_request_id; proxy_set_header Host $host; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # Sunbird realm keycloak API endpoints + location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Connection ""; proxy_http_version 1.1; proxy_pass http://keycloak; } - # Caching keycloak static assets - location ~ /auth/resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css)) { + # Static Assets for keycloak endpoints with caching + location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) { # Enabling caching proxy_cache_key $proxy_host$request_uri; - proxy_cache proxy_cache; + proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}}; add_header X-Proxy-Cache $upstream_cache_status; add_header X-Proxy-Cache-Date $upstream_http_date; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_lock on; - proxy_cache_valid 200 43200; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; rewrite ^/auth/(.*) /auth/$1 break; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_connect_timeout 5; proxy_send_timeout 60; proxy_read_timeout 70; proxy_http_version 1.1; proxy_pass http://keycloak; - } + } # This is Caching mechanism for POST requests location search location ~ /learner/data/v1/location/search { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache framework_cache; + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; add_header X-Proxy-Cache $upstream_cache_status; add_header X-Proxy-Cache-Date $upstream_http_date; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; @@ -4804,7 +198,7 @@ proxyconfig: |- proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_lock on; - proxy_cache_valid 200 43200; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; @@ -4815,13 +209,16 @@ proxyconfig: |- proxy_read_timeout 70; proxy_http_version 1.1; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-cbp-igot; + proxy_pass http://player; } # Caching for content consumption - location ~ /api/(content/v1/read|course/v1/hierarchy) { + location ~ /api/(content/v1/read|course/v1/hierarchy|course/v1/batch/read) { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache content_cache; + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.large_cache.keys_zone.split(':') | first}}; add_header X-Proxy-Cache $upstream_cache_status; add_header X-Proxy-Cache-Date $upstream_http_date; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; @@ -4829,7 +226,7 @@ proxyconfig: |- proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_lock on; - proxy_cache_valid 200 14400s; + proxy_cache_valid 200 {{proxy_cache_valid.medium_validity}}; # Increasing the proxy buffer size proxy_buffer_size 16k; proxy_busy_buffers_size 16k; @@ -4846,9 +243,12 @@ proxyconfig: |- } # This is Caching mechanism for Content search location ~ /api/content/v1/search { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache content_cache; + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.large_cache.keys_zone.split(':') | first}}; add_header X-Proxy-Cache $upstream_cache_status; add_header X-Proxy-Cache-Date $upstream_http_date; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; @@ -4856,7 +256,7 @@ proxyconfig: |- proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_lock on; - proxy_cache_valid 200 14400s; + proxy_cache_valid 200 {{proxy_cache_valid.medium_validity}}; # Increasing the proxy buffer size proxy_buffer_size 16k; proxy_busy_buffers_size 16k; @@ -4872,10 +272,13 @@ proxyconfig: |- proxy_pass http://kong; } # This is Caching mechanism for POST requests - location ~ /api/org/v1/search|/api/data/v1/(form/read|location/search) { + location ~ /api/data/v1/form/read { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; # Enabling caching - proxy_cache_key "$request_uri|$request_body"; - proxy_cache framework_cache; + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}}; add_header X-Proxy-Cache $upstream_cache_status; add_header X-Proxy-Cache-Date $upstream_http_date; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; @@ -4883,7 +286,7 @@ proxyconfig: |- proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_lock on; - proxy_cache_valid 200 43200; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; rewrite ^/api/(.*) /$1 break; proxy_set_header Connection ""; proxy_set_header Host $host; @@ -4897,17 +300,21 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://kong; } - location ~ /api/(framework/v1/read|data/v1/system/settings/get) { + location ~ /api/(framework/v1/read|data/v1/system/settings/get|org/v1/search|org/v2/search|data/v1/location/search) { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; # Enabling caching - proxy_cache_key $proxy_host$request_uri; - proxy_cache framework_cache; + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; add_header X-Proxy-Cache $upstream_cache_status; add_header X-Proxy-Cache-Date $upstream_http_date; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_lock on; - proxy_cache_valid 200 43200; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; rewrite ^/api/(.*) /$1 break; proxy_set_header Connection ""; proxy_set_header Host $host; @@ -4919,9 +326,10 @@ proxyconfig: |- proxy_read_timeout 70; proxy_http_version 1.1; proxy_set_header X-Request-ID $sb_request_id; + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; proxy_pass http://kong; - } - + } location /api/ { if ($request_method = OPTIONS ) { add_header Access-Control-Allow-Origin "*" ; @@ -4937,6 +345,7 @@ proxyconfig: |- if ( $http_authorization ) { set $custom_header "$http_authorization"; } + include /etc/nginx/defaults.d/compression.conf; proxy_set_header Authorization $custom_header; rewrite ^/api/(.*) /$1 break; proxy_set_header Connection ""; @@ -4951,66 +360,6 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://kong; } - location /apis/ { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, locale"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - rewrite ^/apis/(.*) /$1 break; - proxy_pass http://ui-proxies:3003; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location /protected/v8/resource/ { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding, rootorg, org, wid, hostpath"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - # add_header Access-Control-Allow-Origin "*"; - # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - proxy_cookie_path ~*^/.* /; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_pass http://ui-proxies:3003; - proxy_connect_timeout 10; - proxy_send_timeout 300; - proxy_read_timeout 300; - } - - location /nodebb/ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - set $target http://10.0.0.12:4567; - proxy_pass $target; - } # Oauth2 config location /oauth2/ { set $target http://oauth2-proxy.logging.svc.cluster.local; @@ -5032,6 +381,35 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass $target; } +{% if graylog_open_to_public %} + location /graylog/ { + auth_request /oauth2/auth; + error_page 401 = /oauth2/sign_in; + # Setting target url + auth_request_set $target http://graylog.logging.svc.cluster.local; + # pass information via X-User and X-Email headers to backend, + # requires running with --set-xauthrequest flag + auth_request_set $user $upstream_http_x_auth_request_user; + auth_request_set $email $upstream_http_x_auth_request_email; + proxy_set_header X-User $user; + proxy_set_header X-Email $email; + # if you enabled --cookie-refresh, this is needed for it to work with auth_request + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Scheme $scheme; + proxy_set_header Graylog-User viewer; + proxy_set_header X-Graylog-Server-URL {{proto}}://{{ proxy_server_name }}/graylog/; + rewrite ^/graylog/(.*)$ /$1 break; + proxy_pass $target; + } + location /dashboard { + return 301 /graylog/; + } +{% else %} location /dashboard/ { auth_request /oauth2/auth; error_page 401 = /oauth2/sign_in; @@ -5049,7 +427,35 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass $target; } +{% endif %} + location /oauth3 { + set $target http://oauth2-proxy.monitoring.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Auth-Request-Redirect $request_uri; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location = /oauth3/auth { + set $target http://oauth2-proxy.monitoring.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header Content-Length ""; + proxy_pass_request_body off; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } location /grafana/ { + auth_request /oauth3/auth; + error_page 401 = /oauth3/sign_in; + auth_request_set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; + include /etc/nginx/defaults.d/compression.conf; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; rewrite ^/grafana/(.*) /$1 break; proxy_pass $target; @@ -5068,19 +474,6 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass $target; } - location /badging/ { - set $target http://badger-service.{{ namespace }}.svc.cluster.local:8004; - rewrite ^/badging/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 1; - proxy_send_timeout 30; - proxy_read_timeout 40; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } location /discussions/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -5178,7 +571,7 @@ proxyconfig: |- proxy_set_header Connection ""; proxy_http_version 1.1; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-cbp-igot; + proxy_pass http://player; } location ~* ^/content-editor/(.*) { # Enabling compression @@ -5212,7 +605,7 @@ proxyconfig: |- add_header Access-Control-Allow-Methods GET; proxy_set_header X-Request-ID $sb_request_id; proxy_pass https://$s3_bucket/content-editor/$url_full; - } + } location ~* ^/discussion-ui/(.*) { # Enabling compression gzip on; @@ -5361,7 +754,7 @@ proxyconfig: |- proxy_set_header Connection ""; proxy_http_version 1.1; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-cbp-igot; + proxy_pass http://player; } location ~* ^/desktop/(.*) { # Enabling cache for Response code 200 @@ -5403,34 +796,7 @@ proxyconfig: |- # compression for svg certs download location /api/certreg/v2/certs/download { rewrite ^/api/(.*) /$1 break; - # Compression - gzip on; - gzip_comp_level 5; - gzip_min_length 50000; # 50KB - gzip_proxied any; - gzip_vary on; - # Content types for compression - gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - add_header test hello; + include /etc/nginx/defaults.d/compression.conf; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -5482,7 +848,7 @@ proxyconfig: |- proxy_set_header Connection ""; proxy_http_version 1.1; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-cbp-igot; + proxy_pass http://player; } location / { rewrite ^/(.*) /$1 break; @@ -5496,7 +862,7 @@ proxyconfig: |- proxy_set_header Connection ""; proxy_http_version 1.1; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-mdo-igot; + proxy_pass http://player; } location /v3/device/register { proxy_set_header X-Request-ID $sb_request_id; @@ -5525,33 +891,41 @@ proxyconfig: |- proxy_read_timeout 70; } location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info { - proxy_cache_key $proxy_host$request_uri; - proxy_cache framework_cache; + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; add_header X-Proxy-Cache $upstream_cache_status; add_header X-Proxy-Cache-Date $upstream_http_date; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_lock on; - proxy_cache_valid 200 43200; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; proxy_set_header Host $host; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Scheme $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://ui-cbp-igot; + proxy_pass http://player; } location /api/channel/v1/read { - proxy_cache_key $proxy_host$request_uri; - proxy_cache framework_cache; + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; add_header X-Proxy-Cache $upstream_cache_status; add_header X-Proxy-Cache-Date $upstream_http_date; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_lock on; - proxy_cache_valid 200 43200; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; rewrite ^/api/channel/v1/read/(.*) /channel/v1/read/$1 break; proxy_set_header Connection ""; proxy_set_header Host $host; @@ -5600,12 +974,8 @@ proxyconfig: |- proxy_pass http://$dial_upstream_host; } {# Including custom configuration #} - {{ proxy_custom_config }} - - client_max_body_size 200M; + {{ proxy_custom_config }}} - } - nginxconfig: | user nginx; worker_processes {{nginx_worker_processes | d("auto")}}; @@ -5649,7 +1019,7 @@ nginxconfig: | ' $request_time $upstream_response_time $pipe' ' "$http_referer" "$http_user_agent" "$sb_request_id"' ' "$http_x_device_id" "$http_x_channel_id" "$http_x_app_id"' - ' "$http_x_app_ver" "$http_x_session_id"'; + ' "$http_x_app_ver" "$http_x_session_id" {{nginx_additional_log_fields | default("")}}'; access_log /var/log/nginx/access.log main; # Shared dictionary to store metrics lua_shared_dict prometheus_metrics 100M; @@ -5688,7 +1058,7 @@ nginxconfig: | } sendfile on; #tcp_nopush on; - client_max_body_size 200M; + client_max_body_size 60M; keepalive_timeout 65s; keepalive_requests 200; # Nginx connection limit per ip @@ -5698,67 +1068,24 @@ nginxconfig: | server kong:8000; keepalive 1000; } - #upstream encryption { - # server enc-service:8013; - # keepalive 1000; - #} - upstream keycloak { - server {{ keycloak_url.split('//')[-1] }}; + upstream encryption { + server enc-service:8013; keepalive 1000; } - upstream ui-static { - server ui-static:3002; + upstream keycloak { + server {{ keycloak_url.split('//')[-1] }}; keepalive 1000; } upstream player { server player:3000; keepalive 1000; } - upstream ui-cbp-igot { - server ui-cbp-igot:3002; - keepalive 1000; - } - upstream ui-spv-igot { - server ui-spv-igot:3002; - keepalive 1000; - } - upstream ui-mdo-igot { - server ui-mdo-igot:3002; - keepalive 1000; - } - - upstream frac-web-service { - server frac-web-service:5000; - keepalive 1000; - } - - upstream pm-web-service { - server pm-web-service:5000; - keepalive 1000; - } - - upstream ui-cbc-igot { - server ui-cbc-igot:3002; - keepalive 1000; - } - - upstream wat-sourcing-web-service { - server wat-sourcing-web-service:5000; - keepalive 1000; - } - - upstream vega-web-service { - server vega-web-service:3000; - keepalive 1000; - } - - include /etc/nginx/defaults.d/*.conf; include /etc/nginx/conf.d/*.conf; ################# # Caching Block # ################# - # + # # Keywords # # proxy_cache_path: path to store the cache content @@ -5769,16 +1096,10 @@ nginxconfig: | # use_temp_path: do we have to write the cache to a temp path first? This will reduce the performance. # # caching for images and files - proxy_cache_path /tmp/proxy_cache levels=1:2 keys_zone=tmp_cache:5m max_size=10m inactive=300m use_temp_path=off; - # caching for apis - proxy_cache_path /tmp/api_cache levels=1:2 keys_zone=proxy_cache:5m max_size=600m inactive=1400m use_temp_path=off; - # cache framework - proxy_cache_path /tmp/framework_cache levels=1:2 keys_zone=framework_cache:5m max_size=700m inactive=300m use_temp_path=off; - # cache content - proxy_cache_path /tmp/content_cache levels=1:2 keys_zone=content_cache:100m max_size=3000m inactive=600m use_temp_path=off; - # cache content metadata - proxy_cache_path /tmp/content_metadata levels=1:2 keys_zone=content_metadata:100m max_size=1000m inactive=300m use_temp_path=off; - + {% for key,value in proxy_cache_path.items() %} + proxy_cache_path {{value['path']}} levels={{value['levels']}} keys_zone={{value['keys_zone']}} max_size={{value['max_size']}} inactive={{value['inactive']}} use_temp_path=off; + {% endfor %} + server { listen 9145; location /metrics { @@ -5815,40 +1136,14 @@ keycloakconf: | proxy_set_header X-Forwarded-Proto $scheme; ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. resolver 127.0.0.11 valid=5s; - location ~* ^/auth/(.*)/impersonation { - return 301 {{proto}}://{{ proxy_server_name }}; - } - location ~* ^/auth/realms/master { - return 301 {{proto}}://{{ proxy_server_name }}; - } - location ~* ^/auth/admin/master/console/ { - return 301 {{proto}}://{{ proxy_server_name }}; - } - location ~* ^/auth/realms/(.+)/token/introspect/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/introspect; - } - location ~* ^/auth/realms/(.+)/token/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/; - } - location ~* ^/auth/realms/(.+)/userinfo/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/userinfo/; - } - location ~* ^/auth/realms/(.+)/logout/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/logout/; - } - location ~* ^/auth/realms/(.+)/certs/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/certs/; - } - location ~* ^/auth/realms/(.+)/clients-registrations/ { - return 301 {{proto}}://$host/api/auth/v1/realms/$1/clients-registrations/; - } + # Refresh token endpoint being routed to kong location ~* ^/auth/v1/refresh/token { rewrite ^/auth/(.*) /auth/$1 break; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 5; proxy_send_timeout 60; @@ -5857,19 +1152,58 @@ keycloakconf: | proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://kong; } - location ~* ^/auth/admin/master/console/ { - return 301 {{proto}}://{{ merge_proxy_server_name }}; + # Admin API Endpoints for sunbird realm fpr forgot password flow + location ~ /auth/admin/realms/sunbird/users/ { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; } - location /auth/ { - set $target {{ keycloak_url }}; + # Sunbird realm keycloak API endpoints + location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) { rewrite ^/auth/(.*) /auth/$1 break; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; proxy_set_header Host $host; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # Static Assets for keycloak endpoints with caching + location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://keycloak; } location / { rewrite ^/(.*) /$1 break; @@ -5883,9 +1217,10 @@ keycloakconf: | proxy_set_header Connection ""; proxy_http_version 1.1; proxy_set_header X-Request-ID $request_id; - proxy_pass http://ui-static; + proxy_pass http://player; } } + compressionConfig: |- # Compression gzip on; @@ -5915,6 +1250,7 @@ compressionConfig: |- text/css text/plain ; + serviceMonitor: enabled: true labels: # labels with which the prometheus choose the serviceMonitor From 20c693f2d7f340acb2f3adf6d9b03a538ba96f5a Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Fri, 6 May 2022 14:15:29 +0530 Subject: [PATCH 042/195] Updated configs for LMS Service Removed content.default.fields - which is not used anymore. Added hierarchyUpdate.allow.resource.at.root.level with value as TRUE --- .../roles/stack-sunbird/templates/sunbird_lms-service.env | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index bd25acfbc4..6831d1a4f5 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -125,7 +125,9 @@ learning.content.props.to.add={{ learning_content_props_to_add | default('mimeTy group_activity_agg_cache_ttl={{ group_activity_agg_cache_ttl }} group_activity_agg_cache_enable={{ group_activity_agg_cache_enable }} sunbird_env_name={{env_name}} -content.default.fields=contentid,userid,batchid,courseid,completedcount,completionpercentage,lastcompletedtime,status,viewcount + +## HierarchyUpdate ## Allow adding resource to Root Node +hierarchyUpdate.allow.resource.at.root.level=true ## Redis connection detail ## redis.connection.max={{ lms_redis_connection_max | default(64) }} @@ -144,4 +146,4 @@ druid_proxy_api_port=8082 druid_proxy_api_endpoint=/druid/v2/ collection_summary_agg_data_source={{ summary_agg_data_source | default('telemetry-events') }} collection_summary_agg_cache_ttl={{ summary_agg_ttl | default(21600) }} -enrollment_list_size={{ enrollment_list_size | default(1000) }} \ No newline at end of file +enrollment_list_size={{ enrollment_list_size | default(1000) }} From 2ef82abd087e97909814f645bf1d0744b2181f08 Mon Sep 17 00:00:00 2001 From: juhi agarwal Date: Thu, 12 May 2022 14:05:14 +0530 Subject: [PATCH 043/195] Update main.yml --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 7070c0fbf6..c19c069985 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8667,3 +8667,21 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: request-transformer config.remove.headers: Authorization + + - name: updateUsersFirstLoginTime + uris: "{{ user_service_prefix }}/v1/updateLogin" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/updateLogin" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" From d210046e9493385705119993153dbedfa19aae9d Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Tue, 17 May 2022 00:04:45 +0530 Subject: [PATCH 044/195] Fix for Syntax error --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index c19c069985..7ddaf7e6ff 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8668,7 +8668,7 @@ kong_apis: - name: request-transformer config.remove.headers: Authorization - - name: updateUsersFirstLoginTime + - name: updateUsersFirstLoginTime uris: "{{ user_service_prefix }}/v1/updateLogin" upstream_url: "{{ sb_cb_ext_service_url }}/v1/updateLogin" strip_uri: true From 89b4ae45de25e303aa0cb156d2d4e909248a0dee Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Tue, 17 May 2022 09:26:48 +0530 Subject: [PATCH 045/195] Fixed API path for updateLogin --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 7ddaf7e6ff..acee63f20f 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8670,7 +8670,7 @@ kong_apis: - name: updateUsersFirstLoginTime uris: "{{ user_service_prefix }}/v1/updateLogin" - upstream_url: "{{ sb_cb_ext_service_url }}/v1/updateLogin" + upstream_url: "{{ sb_cb_ext_service_url }}/user/v1/updateLogin" strip_uri: true plugins: - name: jwt From e2512a31e786b2392bb088c22dc9e5d4664955b5 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Mon, 30 May 2022 17:56:43 +0530 Subject: [PATCH 046/195] User Registration APIs --- ansible/roles/kong-api/defaults/main.yml | 42 ++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index acee63f20f..0a2b30da4a 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8685,3 +8685,45 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: getAllDeptDetails + uris: "{{ user_service_prefix }}/registration/v1/getDeptDetails" + upstream_url: "{{ sb_cb_ext_service_url }}/user/registration/v1/getDeptDetails" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ small_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: registerUser + uris: "{{ user_service_prefix }}/registration/v1/register" + upstream_url: "{{ sb_cb_ext_service_url }}/user/registration/v1/register" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ small_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: registerUser + uris: "{{ user_service_prefix }}/registration/v1/getRegisterDetails" + upstream_url: "{{ sb_cb_ext_service_url }}/user/registration/v1/getUserRegistrationDetails" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ small_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 7b49671376383fe940d595889ab095029914cc98 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Mon, 30 May 2022 18:05:17 +0530 Subject: [PATCH 047/195] Updated the name properly --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 0a2b30da4a..ea6ad994de 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8714,7 +8714,7 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: registerUser + - name: getUserRegistrationDetails uris: "{{ user_service_prefix }}/registration/v1/getRegisterDetails" upstream_url: "{{ sb_cb_ext_service_url }}/user/registration/v1/getUserRegistrationDetails" strip_uri: true From 761b01c80e723b218fa2d563bd38ceb133f40428 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Fri, 10 Jun 2022 12:20:58 +0530 Subject: [PATCH 048/195] Added API to get positions master list --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index ea6ad994de..1302bb2f67 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8727,3 +8727,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getUserPositionList + uris: "{{ user_service_prefix }}/v1/positions" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/listPositions" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 19ddc931bb784db700e7ba9ea6562b6430ebe3aa Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Sat, 11 Jun 2022 20:36:00 +0530 Subject: [PATCH 049/195] Increase the rate for extPatch API --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 1302bb2f67..96b9577cde 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8096,7 +8096,7 @@ kong_apis: - 'courseAccess' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" From 731219e02c160897f292e7ba41fef7515cc3d238 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Tue, 21 Jun 2022 11:29:05 +0530 Subject: [PATCH 050/195] Added org on-boarding APIs --- ansible/roles/kong-api/defaults/main.yml | 73 ++++++++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 96b9577cde..74e385a075 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8745,3 +8745,76 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getOrgList + uris: "{{ org_service_prefix }}/v1/list" + upstream_url: "{{ sb_cb_ext_service_url }}/org/v1/list" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ small_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: orgExtendedCreate + uris: "{{ org_service_prefix }}/ext/v1/create" + upstream_url: "{{ sb_cb_ext_service_url }}/org/ext/v1/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ small_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: orgExtendedProfileRead + uris: "{{ org_service_prefix }}/v1/profile/read" + upstream_url: "{{ sb_cb_ext_service_url }}/org/v1/profile/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ small_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: orgExtendedProfilePatch + uris: "{{ org_service_prefix }}/v1/profile/patch" + upstream_url: "{{ sb_cb_ext_service_url }}/org/v1/profile/patch" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ small_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + From 8e470b828de68e5d1b7e23d509702e99bb26747a Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Tue, 21 Jun 2022 14:40:20 +0530 Subject: [PATCH 051/195] Made orgList API as Public --- ansible/roles/kong-api/defaults/main.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 74e385a075..836e1dec4f 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8754,9 +8754,6 @@ kong_apis: - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ small_rate_limit_per_hour }}" From 132ee9d591b66b0226201de2f88290fd9b6efa98 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Tue, 21 Jun 2022 14:50:16 +0530 Subject: [PATCH 052/195] Made org list API as public --- ansible/roles/kong-api/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 836e1dec4f..6d79c4b2a1 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8751,7 +8751,6 @@ kong_apis: upstream_url: "{{ sb_cb_ext_service_url }}/org/v1/list" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - name: rate-limiting From c83324d1484b27b0811694a4761e7565f4d887e8 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Fri, 24 Jun 2022 12:43:21 +0530 Subject: [PATCH 053/195] Added Org Ext Search API --- ansible/roles/kong-api/defaults/main.yml | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 6d79c4b2a1..96dd023e88 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8813,4 +8813,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - + + - name: orgExtendedSearch + uris: "{{ org_service_prefix }}/v1/ext/search" + upstream_url: "{{ sb_cb_ext_service_url }}/org/v1/ext/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ small_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 782634a2b243352425533e4c1a6be8ca9808fcac Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Fri, 24 Jun 2022 13:03:54 +0530 Subject: [PATCH 054/195] Updated the path for org ext search to avoid conflict --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 96dd023e88..d78709e3a6 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8815,7 +8815,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: orgExtendedSearch - uris: "{{ org_service_prefix }}/v1/ext/search" + uris: "{{ org_service_prefix }}/v1/cb/ext/search" upstream_url: "{{ sb_cb_ext_service_url }}/org/v1/ext/search" strip_uri: true plugins: From 6cb9b48bef4be458cfc081cc8cc61f65af2aa4c5 Mon Sep 17 00:00:00 2001 From: gohilamariappan <41056032+gohilamariappan@users.noreply.github.com> Date: Fri, 24 Jun 2022 18:22:21 +0530 Subject: [PATCH 055/195] ACL groups Added --- ansible/roles/kong-consumer/defaults/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ansible/roles/kong-consumer/defaults/main.yml b/ansible/roles/kong-consumer/defaults/main.yml index 9acffb2f50..a2225f3d1d 100644 --- a/ansible/roles/kong-consumer/defaults/main.yml +++ b/ansible/roles/kong-consumer/defaults/main.yml @@ -150,6 +150,14 @@ kong_all_consumer_groups: - readNotificationFeed - updateNotificationFeed - deleteNotificationFeed + - frameworkAdmin + - frameworkCreate + - userSuperAdmin + - orgUpdatecontent + - SuperAdmin + - frameworkAdmin + - orgSuperAdmin + - orgAdmin kong_consumers: - username: api-admin From e9c9dd631567d645f3ba75336776721ea25b0898 Mon Sep 17 00:00:00 2001 From: Haritest Date: Fri, 24 Jun 2022 18:41:28 +0530 Subject: [PATCH 056/195] portal_loggedin removed --- ansible/roles/kong-consumer/defaults/main.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/ansible/roles/kong-consumer/defaults/main.yml b/ansible/roles/kong-consumer/defaults/main.yml index a2225f3d1d..a97f730398 100644 --- a/ansible/roles/kong-consumer/defaults/main.yml +++ b/ansible/roles/kong-consumer/defaults/main.yml @@ -185,12 +185,12 @@ kong_consumers: - username: portal_anonymous groups: "{{ anonymous_user_groups }}" state: present - - username: portal_loggedin - groups: "{{ kong_all_consumer_groups }}" - state: present - - username: portal_anonymous_fallback_token - groups: "{{ anonymous_user_groups }}" - state: present - - username: portal_loggedin_fallback_token - groups: "{{ kong_all_consumer_groups }}" - state: present + # - username: portal_loggedin + # groups: "{{ kong_all_consumer_groups }}" + # state: present + # - username: portal_anonymous_fallback_token + # groups: "{{ anonymous_user_groups }}" + # state: present + # - username: portal_loggedin_fallback_token + # groups: "{{ kong_all_consumer_groups }}" + # state: present From fcbeb63cf18db537c7a883e874d220fe7e4c655a Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Tue, 26 Jul 2022 10:25:44 +0530 Subject: [PATCH 057/195] Added user BasicInfo API --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index d78709e3a6..e92b5782c0 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8831,3 +8831,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getUserBasicInfo + uris: "{{ user_service_prefix }}/basicInfo" + upstream_url: "{{ sb_cb_ext_service_url }}/user/v1/basicInfo" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 9ceac59a399ccb425d49b7a678e6a29d180940e1 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Wed, 27 Jul 2022 09:30:33 +0530 Subject: [PATCH 058/195] Added basic profile update API --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index e92b5782c0..f52a813834 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8849,3 +8849,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: updateUserBasicProfile + uris: "{{ user_service_prefix }}/basicProfileUpdate" + upstream_url: "{{ sb_cb_ext_service_url }}/user/v1/basicProfileUpdate" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 79d055759e4e3434e8364bd2336db679c099a743 Mon Sep 17 00:00:00 2001 From: Darshan Nagesh Date: Wed, 27 Jul 2022 15:22:24 +0530 Subject: [PATCH 059/195] Update main.yml Adding Form Service Configurations --- ansible/roles/kong-api/defaults/main.yml | 76 ++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index f52a813834..addab6c5ae 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -87,6 +87,7 @@ hub_graph_service_prefix: /connections workflow_handler_service_prefix: /workflow player_prefix: /player registry_service_prefix: /rc +forms_service_prefix: /forms # Service URLs knowledge_mw_service_url: "http://knowledge-mw-service:5000" @@ -116,6 +117,7 @@ discussions_mw_url: "http://discussionsmw-service:3002" nodebb_url: "http://nodebb-service:4567/discussions" analytics_url: "http://pm-analytics-service:8091" registry_service_url: "http://registry-service:8081" +forms_service_url: "http://form-service/8099" premium_consumer_rate_limits: - api: createContent @@ -8867,3 +8869,77 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: createForm + uris: "{{ forms_service_prefix }}/createForm" + upstream_url: "{{ forms_service_url }}/forms/createForm" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getFormById + uris: "{{ forms_service_prefix }}/getFormById" + upstream_url: "{{ forms_service_url }}/forms/getFormById" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getAllForms + uris: "{{ forms_service_prefix }}/getAllForms" + upstream_url: "{{ forms_service_url }}/forms/getAllForms" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: saveFormSubmit + uris: "{{ forms_service_prefix }}/v1/saveFormSubmit" + upstream_url: "{{ forms_service_url }}/forms/v1/saveFormSubmit" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + From 3c9e1d87cb5c0837779400941ba2abc5eb0b40a2 Mon Sep 17 00:00:00 2001 From: Darshan Nagesh Date: Wed, 27 Jul 2022 17:09:54 +0530 Subject: [PATCH 060/195] Update main.yml Updating the Form Service Port Number --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index addab6c5ae..718d816428 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -117,7 +117,7 @@ discussions_mw_url: "http://discussionsmw-service:3002" nodebb_url: "http://nodebb-service:4567/discussions" analytics_url: "http://pm-analytics-service:8091" registry_service_url: "http://registry-service:8081" -forms_service_url: "http://form-service/8099" +forms_service_url: "http://form-service:8099" premium_consumer_rate_limits: - api: createContent From 33b87b8b3b923e1f83e618ebeca5a003b9a6a410 Mon Sep 17 00:00:00 2001 From: Haritest Date: Wed, 3 Aug 2022 10:43:34 +0530 Subject: [PATCH 061/195] added new group to mobile --- ansible/roles/kong-consumer/defaults/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ansible/roles/kong-consumer/defaults/main.yml b/ansible/roles/kong-consumer/defaults/main.yml index a97f730398..400cae8cb8 100644 --- a/ansible/roles/kong-consumer/defaults/main.yml +++ b/ansible/roles/kong-consumer/defaults/main.yml @@ -55,6 +55,14 @@ mobile_device_groups: - solutionAccess - surveyAccess - surveyUpdate + - frameworkAdmin + - frameworkCreate + - userSuperAdmin + - orgUpdatecontent + - SuperAdmin + - frameworkAdmin + - orgSuperAdmin + - orgAdmin anonymous_user_groups: - deviceCreate From 8f0edff2cbc2046e90064fb75f92b279f73d86ab Mon Sep 17 00:00:00 2001 From: Haritest Date: Wed, 3 Aug 2022 10:48:40 +0530 Subject: [PATCH 062/195] Update main.yml --- ansible/roles/kong-consumer/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/ansible/roles/kong-consumer/defaults/main.yml b/ansible/roles/kong-consumer/defaults/main.yml index 400cae8cb8..f91e33e99e 100644 --- a/ansible/roles/kong-consumer/defaults/main.yml +++ b/ansible/roles/kong-consumer/defaults/main.yml @@ -163,7 +163,6 @@ kong_all_consumer_groups: - userSuperAdmin - orgUpdatecontent - SuperAdmin - - frameworkAdmin - orgSuperAdmin - orgAdmin From 7586bf9b60a19592ce0d72cb60b34865f09fa235 Mon Sep 17 00:00:00 2001 From: Haritest Date: Wed, 3 Aug 2022 10:50:41 +0530 Subject: [PATCH 063/195] removed duplicate group --- ansible/roles/kong-consumer/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/ansible/roles/kong-consumer/defaults/main.yml b/ansible/roles/kong-consumer/defaults/main.yml index f91e33e99e..c2cbe42a19 100644 --- a/ansible/roles/kong-consumer/defaults/main.yml +++ b/ansible/roles/kong-consumer/defaults/main.yml @@ -60,7 +60,6 @@ mobile_device_groups: - userSuperAdmin - orgUpdatecontent - SuperAdmin - - frameworkAdmin - orgSuperAdmin - orgAdmin From 02bc3c599cb73941e0126c31576c60a672c7eb92 Mon Sep 17 00:00:00 2001 From: Haritest Date: Thu, 4 Aug 2022 11:00:29 +0530 Subject: [PATCH 064/195] dataAccess group added to mobile_device --- ansible/roles/kong-consumer/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/kong-consumer/defaults/main.yml b/ansible/roles/kong-consumer/defaults/main.yml index c2cbe42a19..354338977d 100644 --- a/ansible/roles/kong-consumer/defaults/main.yml +++ b/ansible/roles/kong-consumer/defaults/main.yml @@ -62,6 +62,7 @@ mobile_device_groups: - SuperAdmin - orgSuperAdmin - orgAdmin + - dataAccess anonymous_user_groups: - deviceCreate From bc69fb19dba65d913a76339646a571646c50e89e Mon Sep 17 00:00:00 2001 From: Haritest Date: Thu, 4 Aug 2022 17:46:31 +0530 Subject: [PATCH 065/195] mobile_device updated --- ansible/roles/kong-consumer/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/kong-consumer/defaults/main.yml b/ansible/roles/kong-consumer/defaults/main.yml index 354338977d..a277670119 100644 --- a/ansible/roles/kong-consumer/defaults/main.yml +++ b/ansible/roles/kong-consumer/defaults/main.yml @@ -63,6 +63,7 @@ mobile_device_groups: - orgSuperAdmin - orgAdmin - dataAccess + - dataCreate anonymous_user_groups: - deviceCreate From dedf921f07057706b65c099eeb504443deef104c Mon Sep 17 00:00:00 2001 From: Haritest Date: Thu, 4 Aug 2022 18:00:05 +0530 Subject: [PATCH 066/195] mobile device updated --- ansible/roles/kong-consumer/defaults/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ansible/roles/kong-consumer/defaults/main.yml b/ansible/roles/kong-consumer/defaults/main.yml index a277670119..6fb6a853c0 100644 --- a/ansible/roles/kong-consumer/defaults/main.yml +++ b/ansible/roles/kong-consumer/defaults/main.yml @@ -64,6 +64,12 @@ mobile_device_groups: - orgAdmin - dataAccess - dataCreate + - contentAdmin + - contentTempAccess + - pluginAccess + - channelAdmin + - noteAccess + - userTempAdmin anonymous_user_groups: - deviceCreate From d01e84e60f5932eeb6c0efa4ec33b8ad5aa1ec11 Mon Sep 17 00:00:00 2001 From: Darshan Nagesh Date: Fri, 5 Aug 2022 15:42:31 +0530 Subject: [PATCH 067/195] Update main.yml Added new entries for Form Service --- ansible/roles/kong-api/defaults/main.yml | 36 ++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 718d816428..02e26629be 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8941,5 +8941,41 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: tagFormToCourse + uris: "{{ forms_service_prefix }}/tagFormToCourse" + upstream_url: "{{ forms_service_url }}/forms/tagFormToCourse" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: untagFormToCourse + uris: "{{ forms_service_prefix }}/untagFormToCourse" + upstream_url: "{{ forms_service_url }}/forms/untagFormToCourse" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From f63d79b91c0cddddd6818ae488e977dfb995aeb4 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Fri, 12 Aug 2022 16:27:06 +0530 Subject: [PATCH 068/195] Added API to get explore course list --- ansible/roles/kong-api/defaults/main.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 02e26629be..b590342e23 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8978,4 +8978,17 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: getExploreCourseDetail + uris: "{{ course_service_prefix }}/v1/explore" + upstream_url: "{{ sb_cb_ext_service_url }}/course/v1/explore" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 7577ba1408414d87f091f2de2383360552c54724 Mon Sep 17 00:00:00 2001 From: Darshan Nagesh Date: Tue, 16 Aug 2022 19:42:59 +0530 Subject: [PATCH 069/195] Update main.yml Get All Applications API has been added --- ansible/roles/kong-api/defaults/main.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index b590342e23..3d6883d260 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8992,3 +8992,20 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: getAllApplications + uris: "{{ forms_service_prefix }}/getAllApplications" + upstream_url: "{{ forms_service_url }}/forms/getAllApplications" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 528d29fa04c30912e1d1213b8f1c509dfc060c0a Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Fri, 19 Aug 2022 12:45:59 +0530 Subject: [PATCH 070/195] Added API for telemetry public access --- ansible/roles/kong-api/defaults/main.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 3d6883d260..eb2190febf 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9009,3 +9009,18 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: telemetryPublic + uris: "{{ data_service_prefix }}/v1/public/telemetry" + upstream_url: "{{ telemetry_service_url }}/v1/telemetry" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ small_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + From d96a444d0bad3a1c9052ad56ec7bc8085925d2c6 Mon Sep 17 00:00:00 2001 From: Darshan Nagesh Date: Mon, 22 Aug 2022 12:42:10 +0530 Subject: [PATCH 071/195] Update main.yml Updated the URL for the Create Form API --- ansible/roles/kong-api/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index eb2190febf..b7485b6b15 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -710,8 +710,8 @@ kong_apis: config.allowed_payload_size: "{{ large_request_size_limit }}" - name: createForm - uris: "{{ data_service_prefix }}/v1/form/create" - upstream_url: "{{ player_service_url }}/plugin/v1/form/create" + uris: "{{ data_service_prefix }}/v1/form/createForm" + upstream_url: "{{ player_service_url }}/plugin/v1/form/createForm" strip_uri: true plugins: - name: jwt From 384767986a5281f070b983f661b9d5b2ecd44169 Mon Sep 17 00:00:00 2001 From: Darshan Nagesh Date: Mon, 22 Aug 2022 13:24:02 +0530 Subject: [PATCH 072/195] Update main.yml Removed the older v1 version of Create Form API --- ansible/roles/kong-api/defaults/main.yml | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index b7485b6b15..7f067dffbb 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -708,25 +708,7 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ large_request_size_limit }}" - - - name: createForm - uris: "{{ data_service_prefix }}/v1/form/createForm" - upstream_url: "{{ player_service_url }}/plugin/v1/form/createForm" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'formCreate' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - + - name: createFramework uris: "{{ framework_service_prefix }}/v1/create" upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/create" From b7cca1ab76c3bd5da58e505a8ae2988c0a6fcaed Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Wed, 24 Aug 2022 14:18:23 +0530 Subject: [PATCH 073/195] Added Private user search API Added Private user search API to support Parichay login via mobile clients --- ansible/roles/kong-api/defaults/main.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 7f067dffbb..be03b69ef0 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9006,3 +9006,20 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: searchUserPrivate + uris: "{{ learner_private_route_prefix }}/user/v1/search" + upstream_url: "{{ learning_service_url }}/private/user/v1/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ small_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From afe4647742a4cc3e02f1672a7d9a52d2b3ec0395 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Wed, 24 Aug 2022 16:12:52 +0530 Subject: [PATCH 074/195] Updated User Auto Complete Search API Using cb-ext service for auto complete user search instead of learner service. Cb-Ext API will return only the active users. --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index be03b69ef0..8c80899d15 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7531,7 +7531,7 @@ kong_apis: - name: userAutoComplete uris: "{{ user_service_prefix }}/v1/autocomplete" - upstream_url: "{{ learning_service_url }}/v1/user/autocomplete" + upstream_url: "{{ sb_cb_ext_service_url }}/user/v1/autocomplete" strip_uri: true plugins: - name: jwt From 3e5465e34bc806fbfa5b8252a94c5c15a716d692 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Thu, 25 Aug 2022 16:58:41 +0530 Subject: [PATCH 075/195] Using Cb-Ext migration API to update profile --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 8c80899d15..b8d1570629 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7752,7 +7752,7 @@ kong_apis: - name: privateUserMigrate uris: "{{ user_service_prefix }}/private/v1/migrate" - upstream_url: "{{ learning_service_url }}/private/user/v1/migrate" + upstream_url: "{{ sb_cb_ext_service_url }}/user/v1/migrate" strip_uri: true plugins: - name: jwt From 8eca9a1afe66b8ae4317e12a1e2aed1eb47d468a Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Thu, 1 Sep 2022 09:47:55 +0530 Subject: [PATCH 076/195] Adding extended user sign up for mobile --- ansible/roles/kong-api/defaults/main.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index b8d1570629..45aa1d8e0f 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9023,3 +9023,22 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: ssoUserV2CreateExt + uris: "{{ user_service_prefix }}/v1/ext/signup" + upstream_url: "{{ sb_cb_ext_service_url }}/user/v1/ext/signup" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'anonymousUserCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + From 278b9176b5b022dfab3392ab9da0d5d280674877 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Fri, 2 Sep 2022 08:38:50 +0530 Subject: [PATCH 077/195] Added user bulk upload API --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 45aa1d8e0f..d7f4c51a93 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9042,3 +9042,21 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: userBulkUpload + uris: "{{ user_service_prefix }}/v1/bulkupload" + upstream_url: "{{ sb_cb_ext_service_url }}/user/v1/bulkupload" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + From 65688fa01a3d5f03033d923a897287f9796b194c Mon Sep 17 00:00:00 2001 From: waibhav chandra Date: Fri, 9 Sep 2022 10:13:41 +0530 Subject: [PATCH 078/195] added routes for moderator admin APIs in kong config --- ansible/roles/kong-api/defaults/main.yml | 76 +++++++++++++++++++++++- 1 file changed, 75 insertions(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index d7f4c51a93..3e5f8f7b78 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -88,6 +88,7 @@ workflow_handler_service_prefix: /workflow player_prefix: /player registry_service_prefix: /rc forms_service_prefix: /forms +profanity-moderator-admin_prefix: /moderatoradmin # Service URLs knowledge_mw_service_url: "http://knowledge-mw-service:5000" @@ -118,7 +119,7 @@ nodebb_url: "http://nodebb-service:4567/discussions" analytics_url: "http://pm-analytics-service:8091" registry_service_url: "http://registry-service:8081" forms_service_url: "http://form-service:8099" - +profanity-moderator-admin-service: "http://profanity-moderator-admin-service:4000" premium_consumer_rate_limits: - api: createContent config.hour: "{{ premium_consumer_small_rate_limit_per_hour }}" @@ -8121,6 +8122,79 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: profanityModerationPersistModeratedText + uris: "{{ profanity-moderator-admin_prefix }}/feedback/persist/text/moderated" + upstream_url: "{{ profanity-moderator-admin-service }}/feedback/persist/text/moderated" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: profanityModerationFetchText + uris: "{{ profanity-moderator-admin_prefix }}/feedback/text/fetch" + upstream_url: "{{ profanity-moderator-admin-service }}/feedback/text/fetch" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: profanityModerationTypeText + uris: "{{ profanity-moderator-admin_prefix }}/profanity/type/text" + upstream_url: "{{ profanity-moderator-admin-service }}/profanity/type/text" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: profanityModerationFeedbackFlags + uris: "{{ profanity-moderator-admin_prefix }}/feedback/flag/values" + upstream_url: "{{ profanity-moderator-admin-service }}/feedback/flag/values" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: assessmentSubmitV3 uris: "/v3/user/assessment/submit" upstream_url: "{{ sb_cb_ext_service_url }}/v3/user/assessment/submit" From 072c84a15af62860bfe93e267201fd6c2d2aeee0 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Fri, 9 Sep 2022 11:38:07 +0530 Subject: [PATCH 079/195] Remove empty lines and added one where required --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 3e5f8f7b78..880c867c55 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -120,6 +120,7 @@ analytics_url: "http://pm-analytics-service:8091" registry_service_url: "http://registry-service:8081" forms_service_url: "http://form-service:8099" profanity-moderator-admin-service: "http://profanity-moderator-admin-service:4000" + premium_consumer_rate_limits: - api: createContent config.hour: "{{ premium_consumer_small_rate_limit_per_hour }}" @@ -8194,7 +8195,6 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: assessmentSubmitV3 uris: "/v3/user/assessment/submit" upstream_url: "{{ sb_cb_ext_service_url }}/v3/user/assessment/submit" From fe1a35ba3bbc4e8bfffea0d5bc047bd6d1f1f62b Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Fri, 9 Sep 2022 12:00:47 +0530 Subject: [PATCH 080/195] Using underscore instead of hyphen --- ansible/roles/kong-api/defaults/main.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 880c867c55..f83cc6a695 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -88,7 +88,7 @@ workflow_handler_service_prefix: /workflow player_prefix: /player registry_service_prefix: /rc forms_service_prefix: /forms -profanity-moderator-admin_prefix: /moderatoradmin +profanity_moderator_admin_prefix: /moderatoradmin # Service URLs knowledge_mw_service_url: "http://knowledge-mw-service:5000" @@ -119,7 +119,7 @@ nodebb_url: "http://nodebb-service:4567/discussions" analytics_url: "http://pm-analytics-service:8091" registry_service_url: "http://registry-service:8081" forms_service_url: "http://form-service:8099" -profanity-moderator-admin-service: "http://profanity-moderator-admin-service:4000" +profanity_moderator_admin_service: "http://profanity-moderator-admin-service:4000" premium_consumer_rate_limits: - api: createContent @@ -8124,8 +8124,8 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: profanityModerationPersistModeratedText - uris: "{{ profanity-moderator-admin_prefix }}/feedback/persist/text/moderated" - upstream_url: "{{ profanity-moderator-admin-service }}/feedback/persist/text/moderated" + uris: "{{ profanity_moderator_admin_prefix }}/feedback/persist/text/moderated" + upstream_url: "{{ profanity_moderator_admin_service }}/feedback/persist/text/moderated" strip_uri: true plugins: - name: jwt @@ -8142,8 +8142,8 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: profanityModerationFetchText - uris: "{{ profanity-moderator-admin_prefix }}/feedback/text/fetch" - upstream_url: "{{ profanity-moderator-admin-service }}/feedback/text/fetch" + uris: "{{ profanity_moderator_admin_prefix }}/feedback/text/fetch" + upstream_url: "{{ profanity_moderator_admin_service }}/feedback/text/fetch" strip_uri: true plugins: - name: jwt @@ -8160,8 +8160,8 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: profanityModerationTypeText - uris: "{{ profanity-moderator-admin_prefix }}/profanity/type/text" - upstream_url: "{{ profanity-moderator-admin-service }}/profanity/type/text" + uris: "{{ profanity_moderator_admin_prefix }}/profanity/type/text" + upstream_url: "{{ profanity_moderator_admin_service }}/profanity/type/text" strip_uri: true plugins: - name: jwt @@ -8178,8 +8178,8 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: profanityModerationFeedbackFlags - uris: "{{ profanity-moderator-admin_prefix }}/feedback/flag/values" - upstream_url: "{{ profanity-moderator-admin-service }}/feedback/flag/values" + uris: "{{ profanity_moderator_admin_prefix }}/feedback/flag/values" + upstream_url: "{{ profanity_moderator_admin_service }}/feedback/flag/values" strip_uri: true plugins: - name: jwt From 846f5de09f470754edfb1c0b03bc4aa335764445 Mon Sep 17 00:00:00 2001 From: Darshan Nagesh Date: Thu, 22 Sep 2022 12:35:35 +0530 Subject: [PATCH 081/195] Update main.yml Onboarding Search Form API --- ansible/roles/kong-api/defaults/main.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index f83cc6a695..eedbf0c709 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9134,3 +9134,20 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: searchForms + uris: "{{ forms_service_prefix }}/searchForms" + upstream_url: "{{ forms_service_url }}/forms/searchForms" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 827a6ab65c40f38f9bdd611792750415f809e77e Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Mon, 17 Oct 2022 16:17:04 +0530 Subject: [PATCH 082/195] Updated cert validate and made it public --- ansible/roles/kong-api/defaults/main.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index eedbf0c709..e17a0d889e 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -4653,12 +4653,8 @@ kong_apis: upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/validate" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'certificateAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" From 9be0a717e1e4f91b288613db1cfdeaa9bb2b4654 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Wed, 16 Nov 2022 18:08:41 +0530 Subject: [PATCH 083/195] Added user notification preference APIs --- ansible/roles/kong-api/defaults/main.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index e17a0d889e..f362375b2c 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9147,3 +9147,22 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: userNotificationPreference + uris: "{{ user_service_prefix }}/v1/notificationPreference" + upstream_url: "{{ sb_cb_ext_service_url }}/user/v1/notificationPreference" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'courseAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + From f7ab8c8c8dec369dc308512bedf5e0587fb5345c Mon Sep 17 00:00:00 2001 From: juhi agarwal Date: Tue, 6 Dec 2022 15:53:22 +0530 Subject: [PATCH 084/195] Update main.yml --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index f362375b2c..4bcc98dfb3 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8226,6 +8226,24 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + +- name: retakeAssessment + uris: "{{ player_prefix }}/questionset/v1/retake" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/quml/assessment/retake" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: playerQuestionList uris: "{{ player_prefix }}/question/v1/list" From 6ba15d4c6e651135a3d6e4fe6da96b84911e7133 Mon Sep 17 00:00:00 2001 From: Haritest Date: Tue, 6 Dec 2022 16:01:03 +0530 Subject: [PATCH 085/195] syntax issue fixed --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 4bcc98dfb3..0437e8829b 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8227,7 +8227,7 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" -- name: retakeAssessment + - name: retakeAssessment uris: "{{ player_prefix }}/questionset/v1/retake" upstream_url: "{{ sb_cb_ext_service_url }}/v1/quml/assessment/retake" strip_uri: true From 8717af214e78c24fd75fdcaa77622dfbbfb1a46d Mon Sep 17 00:00:00 2001 From: juhi agarwal Date: Mon, 12 Dec 2022 12:52:50 +0530 Subject: [PATCH 086/195] Update main.yml --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 0437e8829b..60c4fb2109 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8228,7 +8228,7 @@ kong_apis: config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: retakeAssessment - uris: "{{ player_prefix }}/questionset/v1/retake" + uris: "{{ user_service_prefix }}/assessment/retake" upstream_url: "{{ sb_cb_ext_service_url }}/v1/quml/assessment/retake" strip_uri: true plugins: From d2aae4d5cc2996f7bb79bffdfb3586a297d0cf87 Mon Sep 17 00:00:00 2001 From: Darshan Nagesh Date: Tue, 20 Dec 2022 17:30:26 +0530 Subject: [PATCH 087/195] Update main.yml Adding getCourseListForSurveys API --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 60c4fb2109..ef1f7336d0 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9047,6 +9047,24 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getCourseListForSurveys + uris: "{{ forms_service_prefix }}/getCourseListForSurveys" + upstream_url: "{{ forms_service_url }}/forms/getCourseListForSurveys" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: getExploreCourseDetail uris: "{{ course_service_prefix }}/v1/explore" From 7c89310a43fc60e57aa4a0fb08f659730cb45f86 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Tue, 10 Jan 2023 15:54:55 +0530 Subject: [PATCH 088/195] Added APIs for MDO content modification --- ansible/roles/kong-api/defaults/main.yml | 73 ++++++++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index ef1f7336d0..d650e4ba8d 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -89,6 +89,7 @@ player_prefix: /player registry_service_prefix: /rc forms_service_prefix: /forms profanity_moderator_admin_prefix: /moderatoradmin +mdo_content_prefix: /mdo/content # Service URLs knowledge_mw_service_url: "http://knowledge-mw-service:5000" @@ -9202,3 +9203,75 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: MDOContentCreate + uris: "{{ mdo_content_prefix }}/v3/create" + upstream_url: "{{ knowledge_mw_service_url }}/action/content/v3/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: MDOContentHierarchyUpdate + uris: "{{ mdo_content_prefix }}/v3/hierarchyUpdate" + upstream_url: "{{ content_service_url }}/content/v3/hierarchy/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentUpdate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: MDOContentUpdate + uris: "{{ mdo_content_prefix }}/v3/update" + upstream_url: "{{ content_service_url }}/content/v3/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentUpdate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: MDOContentPublish + uris: "{{ mdo_content_prefix }}/v3/publish" + upstream_url: "{{ knowledge_mw_service_url }}/action/content/v3/publish" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + From b9676ff3518fd573133a4c4512309c798377fb12 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Tue, 10 Jan 2023 18:07:38 +0530 Subject: [PATCH 089/195] Fixed typo in API path for MDO content --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index d650e4ba8d..c7aceaddbd 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9222,7 +9222,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: MDOContentHierarchyUpdate - uris: "{{ mdo_content_prefix }}/v3/hierarchyUpdate" + uris: "{{ mdo_content_prefix }}/v3/hierarchy/update" upstream_url: "{{ content_service_url }}/content/v3/hierarchy/update" strip_uri: true plugins: From 47b3f4eb45bbca7235b204855d0f9c9a76b98d47 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Tue, 10 Jan 2023 19:38:59 +0530 Subject: [PATCH 090/195] Updated upstream url for mdo content publish Using learning vm service ip for content publish instead of knowledge-mw service. --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index c7aceaddbd..bc98c0f242 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9259,7 +9259,7 @@ kong_apis: - name: MDOContentPublish uris: "{{ mdo_content_prefix }}/v3/publish" - upstream_url: "{{ knowledge_mw_service_url }}/action/content/v3/publish" + upstream_url: "{{ vm_learning_service_url }}/content/v3/publish" strip_uri: true plugins: - name: jwt From 2dcf3584d690fedc5633514fd21bd17231bfcbda Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Wed, 11 Jan 2023 18:21:41 +0530 Subject: [PATCH 091/195] Added APIs for MDO content management --- ansible/roles/kong-api/defaults/main.yml | 37 ++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index bc98c0f242..1d50a65797 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9275,3 +9275,40 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: MDOContentAddUserToBatch + uris: "{{ mdo_content_prefix }}/v3/batch/addUser" + upstream_url: "{{ course_service_prefix }}/v1/admin/enrol" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: MDOContentRemoveUserFromBatch + uris: "{{ mdo_content_prefix }}/v3/batch/removeUser" + upstream_url: "{{ course_service_prefix }}/v1/admin/unenrol" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + From 681abe730b959555464fddc806619ba84d8c2ae8 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Wed, 11 Jan 2023 18:27:04 +0530 Subject: [PATCH 092/195] Fixed the typo for upstream url --- ansible/roles/kong-api/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 1d50a65797..f09d6d8520 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9277,7 +9277,7 @@ kong_apis: - name: MDOContentAddUserToBatch uris: "{{ mdo_content_prefix }}/v3/batch/addUser" - upstream_url: "{{ course_service_prefix }}/v1/admin/enrol" + upstream_url: "{{ lms_service_url }}/v1/course/admin/enroll" strip_uri: true plugins: - name: jwt @@ -9295,7 +9295,7 @@ kong_apis: - name: MDOContentRemoveUserFromBatch uris: "{{ mdo_content_prefix }}/v3/batch/removeUser" - upstream_url: "{{ course_service_prefix }}/v1/admin/unenrol" + upstream_url: "{{ lms_service_url }}/v1/course/admin/unenroll" strip_uri: true plugins: - name: jwt From 661ca8a2c857f6e0fb418092b0a46896e00110d0 Mon Sep 17 00:00:00 2001 From: juhi agarwal Date: Thu, 16 Feb 2023 23:01:35 +0530 Subject: [PATCH 093/195] Update Kong API Configs for Offensive Data Flags --- ansible/roles/kong-api/defaults/main.yml | 54 ++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index f09d6d8520..efd8eec854 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8245,6 +8245,60 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: flagCreate + uris: "{{ user_service_prefix }}/offensive/data/flag/create" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/offensive/data/flag/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: flagUpdate + uris: "{{ user_service_prefix }}/offensive/data/flag/update" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/offensive/data/flag/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getFlaggedData + uris: "{{ user_service_prefix }}/offensive/data/flag/getFlaggedData" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/offensive/data/flag/getFlaggedData" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: playerQuestionList uris: "{{ player_prefix }}/question/v1/list" From 71843e0f55d1eeb05fb661e6aa4989cbcfc99486 Mon Sep 17 00:00:00 2001 From: juhi agarwal Date: Mon, 20 Feb 2023 11:54:14 +0530 Subject: [PATCH 094/195] Update main.yml --- ansible/roles/kong-api/defaults/main.yml | 22 ++-------------------- 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index efd8eec854..8a92d580a8 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8247,26 +8247,8 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: flagCreate - uris: "{{ user_service_prefix }}/offensive/data/flag/create" - upstream_url: "{{ sb_cb_ext_service_url }}/v1/offensive/data/flag/create" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'contentAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: flagUpdate - uris: "{{ user_service_prefix }}/offensive/data/flag/update" - upstream_url: "{{ sb_cb_ext_service_url }}/v1/offensive/data/flag/update" + uris: "{{ user_service_prefix }}/offensive/data/flag" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/offensive/data/flag" strip_uri: true plugins: - name: jwt From 8a86bff1ef1fbca070a2ffc5ec0343f58611345e Mon Sep 17 00:00:00 2001 From: Manas-tarento Date: Tue, 7 Mar 2023 11:16:57 +0530 Subject: [PATCH 095/195] taxonomy workflow service kong api --- ansible/roles/kong-api/defaults/main.yml | 54 ++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index f83cc6a695..2241cbd9be 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9133,4 +9133,58 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: workflowTaxonomyTransition + uris: "{{ workflow_handler_service_prefix }}/taxonomy/transition" + upstream_url: "{{ workflow_handler_service_url }}/v2/workflow/taxonomy/transition" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workflowTaxonomyApplicationsSearch + uris: "{{ workflow_handler_service_prefix }}/taxonomy/search" + upstream_url: "{{ workflow_handler_service_url }}/v2/workflow/taxonomy/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ large_request_size_limit }}" + + - name: getWorkflowTaxonomyApplication + uris: "{{ workflow_handler_service_prefix }}/taxonomy" + upstream_url: "{{ workflow_handler_service_url }}/v2/workflow/taxonomy" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ large_request_size_limit }}" From 01e5393e146cb1734eaf92c2d3247f96ef0c8876 Mon Sep 17 00:00:00 2001 From: Manas-tarento Date: Wed, 8 Mar 2023 14:53:55 +0530 Subject: [PATCH 096/195] taxonomy workflow create kong api --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 2241cbd9be..16294a1f07 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9187,4 +9187,22 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ large_request_size_limit }}" + + - name: workflowTaxonomyTransitionCreate + uris: "{{ workflow_handler_service_prefix }}/taxonomy/transition/create" + upstream_url: "{{ workflow_handler_service_url }}/v2/workflow/taxonomy/transition" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From f092dfb9c870719ce9649277820e3aaf7c962d7c Mon Sep 17 00:00:00 2001 From: Manas-tarento Date: Thu, 9 Mar 2023 14:32:20 +0530 Subject: [PATCH 097/195] new url --- ansible/roles/kong-api/defaults/main.yml | 32 ++++++++++++------------ 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 16294a1f07..de54c62e17 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9134,9 +9134,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: workflowTaxonomyTransition - uris: "{{ workflow_handler_service_prefix }}/taxonomy/transition" - upstream_url: "{{ workflow_handler_service_url }}/v2/workflow/taxonomy/transition" + - name: workflowTaxonomyCreate + uris: "{{ workflow_handler_service_prefix }}/taxonomy/create" + upstream_url: "{{ workflow_handler_service_url }}/taxonomy/workflow/create" strip_uri: true plugins: - name: jwt @@ -9152,9 +9152,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: workflowTaxonomyApplicationsSearch - uris: "{{ workflow_handler_service_prefix }}/taxonomy/search" - upstream_url: "{{ workflow_handler_service_url }}/v2/workflow/taxonomy/search" + - name: workflowTaxonomyUpdate + uris: "{{ workflow_handler_service_prefix }}/taxonomy/update" + upstream_url: "{{ workflow_handler_service_url }}/taxonomy/workflow/update" strip_uri: true plugins: - name: jwt @@ -9162,17 +9162,17 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'dataAccess' + - 'dataCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ large_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getWorkflowTaxonomyApplication - uris: "{{ workflow_handler_service_prefix }}/taxonomy" - upstream_url: "{{ workflow_handler_service_url }}/v2/workflow/taxonomy" + - name: workflowTaxonomyApplicationsSearch + uris: "{{ workflow_handler_service_prefix }}/taxonomy/search" + upstream_url: "{{ workflow_handler_service_url }}/taxonomy/workflow/search" strip_uri: true plugins: - name: jwt @@ -9188,9 +9188,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ large_request_size_limit }}" - - name: workflowTaxonomyTransitionCreate - uris: "{{ workflow_handler_service_prefix }}/taxonomy/transition/create" - upstream_url: "{{ workflow_handler_service_url }}/v2/workflow/taxonomy/transition" + - name: getWorkflowTaxonomyApplication + uris: "{{ workflow_handler_service_prefix }}/taxonomy/read" + upstream_url: "{{ workflow_handler_service_url }}/taxonomy/workflow/read" strip_uri: true plugins: - name: jwt @@ -9198,11 +9198,11 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'dataCreate' + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ large_request_size_limit }}" From 0383338761bd47e8fcb6279630576341d4ced993 Mon Sep 17 00:00:00 2001 From: Manthansharma94 Date: Wed, 15 Mar 2023 12:13:46 +0530 Subject: [PATCH 098/195] add collectiveAggregation properties --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index d716abb7dc..acdb1b71c6 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8994,6 +8994,24 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getCollectiveAggregation + uris: "{{ forms_service_prefix }}/getCollectiveAggregation" + upstream_url: "{{ forms_service_url }}/forms/getCollectiveAggregation" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: getFormById uris: "{{ forms_service_prefix }}/getFormById" From 73d379610ee37810b607e49e028367cf6a20b26a Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Mon, 20 Mar 2023 09:21:24 +0530 Subject: [PATCH 099/195] Made OTP APIs as public access --- ansible/roles/kong-api/defaults/main.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index acdb1b71c6..30ee72d009 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -1361,12 +1361,8 @@ kong_apis: upstream_url: "{{ learning_service_url }}/v1/otp/generate" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4668,12 +4664,8 @@ kong_apis: upstream_url: "{{ learning_service_url }}/v1/otp/verify" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'userAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" From ff8b44a94176321883502ecc6d4194a197e0633b Mon Sep 17 00:00:00 2001 From: Manas-tarento Date: Wed, 29 Mar 2023 13:33:33 +0530 Subject: [PATCH 100/195] configuration for masterData API's --- ansible/roles/kong-api/defaults/main.yml | 205 ++++++++++++++++++++++- 1 file changed, 202 insertions(+), 3 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 30ee72d009..e710d2221a 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -90,6 +90,7 @@ registry_service_prefix: /rc forms_service_prefix: /forms profanity_moderator_admin_prefix: /moderatoradmin mdo_content_prefix: /mdo/content +master_data_service_prefix: /masterData # Service URLs knowledge_mw_service_url: "http://knowledge-mw-service:5000" @@ -8831,7 +8832,7 @@ kong_apis: - name: getUserPositionList uris: "{{ user_service_prefix }}/v1/positions" - upstream_url: "{{ sb_cb_ext_service_url }}/v1/listPositions" + upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/positions" strip_uri: true plugins: - name: jwt @@ -9428,5 +9429,203 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - + + - name: getMasterLanguageList + uris: "{{ master_data_service_prefix }}/v1/languages" + upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getLanguages" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getMasterNationalityList + uris: "{{ master_data_service_prefix }}/v1/nationalities" + upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getNationalities" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getIndustryList + uris: "{{ master_data_service_prefix }}/v1/industries" + upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getIndustries" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getGraduationList + uris: "{{ master_data_service_prefix }}/v1/graduations" + upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getGraduations" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getPostGraduationList + uris: "{{ master_data_service_prefix }}/v1/postGraduations" + upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getPostGraduations" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getMinistryList + uris: "{{ master_data_service_prefix }}/v1/ministries" + upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getMinistries" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getCadreList + uris: "{{ master_data_service_prefix }}/v1/cadre" + upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getCadre" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getServiceList + uris: "{{ master_data_service_prefix }}/v1/service" + upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getService" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getDesignationList + uris: "{{ master_data_service_prefix }}/v1/designations" + upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getDesignation" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getProfilePageMetaData + uris: "{{ master_data_service_prefix }}/v1/profilePageMetaData" + upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getProfilePageMetaData" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: masterDataUpsert + uris: "{{ master_data_service_prefix }}/v1/upsert" + upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/upsert" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ small_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + From 422bc980512227e49d5d9842473aa6e624710d8a Mon Sep 17 00:00:00 2001 From: Manas-tarento Date: Wed, 29 Mar 2023 16:54:59 +0530 Subject: [PATCH 101/195] configuration for masterData API's --- ansible/roles/kong-api/defaults/main.yml | 126 ----------------------- 1 file changed, 126 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index e710d2221a..19e853f10a 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9466,132 +9466,6 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getIndustryList - uris: "{{ master_data_service_prefix }}/v1/industries" - upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getIndustries" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getGraduationList - uris: "{{ master_data_service_prefix }}/v1/graduations" - upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getGraduations" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getPostGraduationList - uris: "{{ master_data_service_prefix }}/v1/postGraduations" - upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getPostGraduations" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getMinistryList - uris: "{{ master_data_service_prefix }}/v1/ministries" - upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getMinistries" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getCadreList - uris: "{{ master_data_service_prefix }}/v1/cadre" - upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getCadre" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getServiceList - uris: "{{ master_data_service_prefix }}/v1/service" - upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getService" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: getDesignationList - uris: "{{ master_data_service_prefix }}/v1/designations" - upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getDesignation" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: getProfilePageMetaData uris: "{{ master_data_service_prefix }}/v1/profilePageMetaData" upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getProfilePageMetaData" From e16011e09f5ce6ae743fe753d4180b4a3feccf28 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Tue, 4 Apr 2023 12:13:32 +0530 Subject: [PATCH 102/195] Updated position API as public --- ansible/roles/kong-api/defaults/main.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 19e853f10a..ab29bba767 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8835,12 +8835,8 @@ kong_apis: upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/positions" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" From 2f119455cc7f54faa3f35c7b42355242825cf485 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Mon, 17 Apr 2023 15:13:44 +0530 Subject: [PATCH 103/195] Added Content Private Read using V4 API Using API from https://github.com/project-sunbird/sunbird-devops/blob/release-5.2.0/ansible/roles/kong-api/defaults/main.yml#L2698 --- ansible/roles/kong-api/defaults/main.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index ab29bba767..eaeed22ab7 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9498,4 +9498,24 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: contentPrivateRead + uris: "{{ content_prefix }}/v1/private/read" + upstream_url: "{{ content_service_url }}/content/v4/private/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false From 84d0f5f095bfe7a003a132281f67fdca3ac9e4bb Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Fri, 21 Apr 2023 15:44:39 +0530 Subject: [PATCH 104/195] Added public org search API --- ansible/roles/kong-api/defaults/main.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index eaeed22ab7..c5e4d4d5a3 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9519,3 +9519,16 @@ kong_apis: config.required: false config.enabled: false + - name: registerUser + uris: "{{ org_service_prefix }}/ext/v2/signup/search" + upstream_url: "{{ sb_cb_ext_service_url }}/org/v2/ext/signup/search" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From b21492ee0842cb6cac64a31c7260109850a51510 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Fri, 21 Apr 2023 16:00:49 +0530 Subject: [PATCH 105/195] Removed Opa checks from contentPrivateRead API --- ansible/roles/kong-api/defaults/main.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index c5e4d4d5a3..e00a8d7230 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9515,9 +9515,6 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - name: registerUser uris: "{{ org_service_prefix }}/ext/v2/signup/search" From 1f9329a96c26e0f690b45e195da12f397460b6b2 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Fri, 21 Apr 2023 19:11:54 +0530 Subject: [PATCH 106/195] Added API for bulk user download API --- ansible/roles/kong-api/defaults/main.yml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index e00a8d7230..559e156b09 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9516,7 +9516,7 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: registerUser + - name: signupOrgSearchV2API uris: "{{ org_service_prefix }}/ext/v2/signup/search" upstream_url: "{{ sb_cb_ext_service_url }}/org/v2/ext/signup/search" strip_uri: true @@ -9529,3 +9529,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: bulkUserDownloadAPI + uris: "{{ user_service_prefix }}/v1/bulkuser/download" + upstream_url: "{{ sb_cb_ext_service_url }}/user/v1/bulkuser/download" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From f804b5d9bbe375eb03c34cb37ecf3e2e3a43d3a9 Mon Sep 17 00:00:00 2001 From: Manas-tarento Date: Wed, 26 Apr 2023 12:16:27 +0530 Subject: [PATCH 107/195] kong api mapping for workflow request for position org and domain --- ansible/roles/kong-api/defaults/main.yml | 204 +++++++++++++++++++++++ 1 file changed, 204 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 559e156b09..29793f62c2 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9547,3 +9547,207 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workFlowPositionCreate + uris: "{{ workflow_handler_service_prefix }}/position/create" + upstream_url: "{{ workflow_handler_service_url }}/v1/position/workflow/create" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workFlowOrgCreate + uris: "{{ workflow_handler_service_prefix }}/org/create" + upstream_url: "{{ workflow_handler_service_url }}/v1/org/workflow/create" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workFlowEmailDomainCreate + uris: "{{ workflow_handler_service_prefix }}/domain/create" + upstream_url: "{{ workflow_handler_service_url }}/v1/domain/workflow/create" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workFlowPositionUpdate + uris: "{{ workflow_handler_service_prefix }}/position/update" + upstream_url: "{{ workflow_handler_service_url }}/v1/position/workflow/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workFlowOrgUpdate + uris: "{{ workflow_handler_service_prefix }}/org/update" + upstream_url: "{{ workflow_handler_service_url }}/v1/org/workflow/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workFlowEmailDomainUpdate + uris: "{{ workflow_handler_service_prefix }}/domain/update" + upstream_url: "{{ workflow_handler_service_url }}/v1/domain/workflow/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workflowPositionSearch + uris: "{{ workflow_handler_service_prefix }}/position/search" + upstream_url: "{{ workflow_handler_service_url }}/v1/position/workflow/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ large_request_size_limit }}" + + - name: workflowOrgSearch + uris: "{{ workflow_handler_service_prefix }}/org/search" + upstream_url: "{{ workflow_handler_service_url }}/v1/org/workflow/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ large_request_size_limit }}" + + - name: workflowEmailDomainSearch + uris: "{{ workflow_handler_service_prefix }}/domain/search" + upstream_url: "{{ workflow_handler_service_url }}/v1/domain/workflow/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ large_request_size_limit }}" + + - name: getWorkflowPositionApplication + uris: "{{ workflow_handler_service_prefix }}/position/read" + upstream_url: "{{ workflow_handler_service_url }}/v1/position/workflow/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ large_request_size_limit }}" + + - name: getWorkflowOrgApplication + uris: "{{ workflow_handler_service_prefix }}/org/read" + upstream_url: "{{ workflow_handler_service_url }}/v1/org/workflow/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ large_request_size_limit }}" + + - name: getWorkflowEmailDomainApplication + uris: "{{ workflow_handler_service_prefix }}/domain/read" + upstream_url: "{{ workflow_handler_service_url }}/v1/domain/workflow/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ large_request_size_limit }}" From bc59f592380ed1c4d6c9811061322af217c7ff35 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Wed, 7 Jun 2023 14:32:43 +0530 Subject: [PATCH 108/195] Removed getActiveUsersForCourse API for Prod issue --- ansible/roles/kong-api/defaults/main.yml | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 29793f62c2..109bd8b7d2 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7008,24 +7008,6 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: getActiveUsersForCourse - uris: "/v2/resources/user/cohorts/activeusers" - upstream_url: "{{ sb_cb_ext_service_url }}/v2/resources/user/cohorts/activeusers" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: courseAutoenrollment uris: "/v1/autoenrollment" upstream_url: "{{ sb_cb_ext_service_url }}/v1/autoenrollment" From 50d5949bf3f55454329799309075a7dff7168439 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Tue, 20 Jun 2023 18:51:43 +0530 Subject: [PATCH 109/195] Added APIs for BlendedProgram workflow --- ansible/roles/kong-api/defaults/main.yml | 55 ++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 109bd8b7d2..661f38b9f6 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9733,3 +9733,58 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ large_request_size_limit }}" + + - name: workflowBlendedProgramEnrol + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/enrol" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/enrol" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workflowBlendedProgramSearch + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/search" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workflowBlendedProgramUserSearch + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/user/search" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/user/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + From 02a5f56ccab646a86a247820b8e235a8a3f3bcff Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Wed, 21 Jun 2023 13:29:41 +0530 Subject: [PATCH 110/195] Added BlendedProgram APIs --- ansible/roles/kong-api/defaults/main.yml | 54 ++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 661f38b9f6..27190885c3 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9788,3 +9788,57 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: workflowBlendedProgramUpdate + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/update" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/update + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workflowBlendedProgramReadByMDO + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/read/mdo" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/read/mdo + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workflowBlendedProgramReadByPC + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/read/pc" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/read/pc + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + From 29fd6c9e1b4e122e73246a951d2e87994222cdc5 Mon Sep 17 00:00:00 2001 From: Haritest Date: Wed, 21 Jun 2023 13:48:22 +0530 Subject: [PATCH 111/195] Update main.yml --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 27190885c3..6cb68a81ce 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9813,7 +9813,7 @@ kong_apis: plugins: - name: jwt - name: cors - - "{{ statsd_pulgin }}" + -"{{ statsd_pulgin }}" - name: acl config.whitelist: - 'dataAccess' From c757537e9fb2ed45784fe18a1cc89ad352791f3a Mon Sep 17 00:00:00 2001 From: Haritest Date: Wed, 21 Jun 2023 13:49:23 +0530 Subject: [PATCH 112/195] Update main.yml --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 6cb68a81ce..27190885c3 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9813,7 +9813,7 @@ kong_apis: plugins: - name: jwt - name: cors - -"{{ statsd_pulgin }}" + - "{{ statsd_pulgin }}" - name: acl config.whitelist: - 'dataAccess' From 4cc6b9257fcd13db1bef4fac6ff25cbc55e74ca5 Mon Sep 17 00:00:00 2001 From: Haritest Date: Wed, 21 Jun 2023 13:51:57 +0530 Subject: [PATCH 113/195] Update main.yml --- ansible/roles/kong-api/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 27190885c3..086aa5e53f 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9842,3 +9842,4 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + From 41da3a294938c33a0dd7313a8530788fdde7408e Mon Sep 17 00:00:00 2001 From: Haritest Date: Wed, 21 Jun 2023 13:55:06 +0530 Subject: [PATCH 114/195] Update main.yml typo fixed --- ansible/roles/kong-api/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 086aa5e53f..2927b92fca 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9790,7 +9790,7 @@ kong_apis: - name: workflowBlendedProgramUpdate uris: "{{ workflow_handler_service_prefix }}/blendedprogram/update" - upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/update + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/update" strip_uri: true plugins: - name: jwt @@ -9808,7 +9808,7 @@ kong_apis: - name: workflowBlendedProgramReadByMDO uris: "{{ workflow_handler_service_prefix }}/blendedprogram/read/mdo" - upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/read/mdo + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/read/mdo" strip_uri: true plugins: - name: jwt @@ -9826,7 +9826,7 @@ kong_apis: - name: workflowBlendedProgramReadByPC uris: "{{ workflow_handler_service_prefix }}/blendedprogram/read/pc" - upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/read/pc + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/read/pc" strip_uri: true plugins: - name: jwt From cfee2e0a88854da920ed00a99099eaa69067b806 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Mon, 26 Jun 2023 13:29:30 +0530 Subject: [PATCH 115/195] Updated with new names to avoid conflict Updated course enrolment API names to avoid conflict --- ansible/roles/kong-api/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 2927b92fca..2932c61afa 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8005,7 +8005,7 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: courseEnrolment + - name: courseAdminEnrolment uris: "{{ course_service_prefix }}/v1/admin/enrol" upstream_url: "{{ lms_service_url }}/v1/course/admin/enroll" strip_uri: true @@ -8023,7 +8023,7 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: courseUnEnrolment + - name: courseAdminUnEnrolment uris: "{{ course_service_prefix }}/v1/admin/unenrol" upstream_url: "{{ lms_service_url }}/v1/course/admin/unenroll" strip_uri: true From ff5509050b6c2635a61cbc06f51ffd61e3ca654b Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Fri, 7 Jul 2023 12:27:01 +0530 Subject: [PATCH 116/195] Added public API to get user groups --- ansible/roles/kong-api/defaults/main.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 2932c61afa..906b2a8de4 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9842,4 +9842,17 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: getUserGroupList + uris: "{{ user_service_prefix }}/v1/groups" + upstream_url: "{{ sb_cb_ext_service_url }}/user/v1/groups" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 90cbbb65ab1865bfa8dc5f478302005253dff619 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Wed, 12 Jul 2023 10:01:12 +0530 Subject: [PATCH 117/195] Added APIs for V4 Assessment enhancements --- ansible/roles/kong-api/defaults/main.yml | 73 ++++++++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 906b2a8de4..c667fa9d6d 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9856,3 +9856,76 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: assessmentSubmitV4 + uris: "/v4/user/assessment/submit" + upstream_url: "{{ sb_cb_ext_service_url }}/v4/user/assessment/submit" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: playerQuSetReadHierarchyV4 + uris: "{{ player_prefix }}/questionset/v4/hierarchy" + upstream_url: "{{ sb_cb_ext_service_url }}/v4/quml/assessment/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: playerQuestionListV4 + uris: "{{ player_prefix }}/question/v4/list" + upstream_url: "{{ sb_cb_ext_service_url }}/v4/quml/question/list" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: playerGetAssessmentResultV4 + uris: "{{ user_service_prefix }}/assessment/v4/result" + upstream_url: "{{ sb_cb_ext_service_url }}/v4/quml/assessment/result" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + From 6b9c0e41a66cf680ff86b53ef95f9946c0093783 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Wed, 12 Jul 2023 10:04:03 +0530 Subject: [PATCH 118/195] Using V4 Assessment APIs --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index c667fa9d6d..e06020c786 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8205,7 +8205,7 @@ kong_apis: - name: retakeAssessment uris: "{{ user_service_prefix }}/assessment/retake" - upstream_url: "{{ sb_cb_ext_service_url }}/v1/quml/assessment/retake" + upstream_url: "{{ sb_cb_ext_service_url }}/v4/quml/assessment/retake" strip_uri: true plugins: - name: jwt From 4de1be93c80dc790dd923c70b4bfc46c855250ff Mon Sep 17 00:00:00 2001 From: Haritest Date: Mon, 17 Jul 2023 14:04:45 +0530 Subject: [PATCH 119/195] Update main.yml rate limit changed for Assessment v4 --- ansible/roles/kong-api/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index e06020c786..ae0f81c6c1 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9869,7 +9869,7 @@ kong_apis: - 'dataCreate' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ x2_large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" @@ -9887,7 +9887,7 @@ kong_apis: - 'contentAccess' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" @@ -9905,7 +9905,7 @@ kong_apis: - 'contentAccess' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" @@ -9923,7 +9923,7 @@ kong_apis: - 'contentAccess' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" From b25b198fee3b6e22f1b61125c6a719671dd5ebf3 Mon Sep 17 00:00:00 2001 From: Haritest Date: Tue, 18 Jul 2023 18:50:56 +0530 Subject: [PATCH 120/195] Update main.yml assessmentSubmitV4 updated rate limit --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index ae0f81c6c1..885946dddd 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9869,7 +9869,7 @@ kong_apis: - 'dataCreate' - name: rate-limiting config.policy: local - config.hour: "{{ x2_large_rate_limit_per_hour }}" + config.hour: "{{ x_large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" From 5439d9aa2163a85f1b985144b9cbcca5a9990360 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Tue, 8 Aug 2023 14:15:38 +0530 Subject: [PATCH 121/195] Added API for listDeptNames --- ansible/roles/kong-api/defaults/main.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 885946dddd..647b69fd87 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9928,4 +9928,21 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: getDeptNameList + uris: "portal/v1/listDeptNames" + upstream_url: "{{ sb_cb_ext_service_url }}/portal/listDeptNames" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 138da09af7d5298821964152839df371218ef735 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Tue, 8 Aug 2023 14:57:47 +0530 Subject: [PATCH 122/195] Fixed typo error for listDeptNames API --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 647b69fd87..af42b580fe 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9929,7 +9929,7 @@ kong_apis: config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: getDeptNameList - uris: "portal/v1/listDeptNames" + uris: "/portal/v1/listDeptNames" upstream_url: "{{ sb_cb_ext_service_url }}/portal/listDeptNames" strip_uri: true plugins: From 4ba5408ea78227b067bd14b5a6183bbcca31c1de Mon Sep 17 00:00:00 2001 From: Sreerag K S <58926794+sreeragksgh@users.noreply.github.com> Date: Thu, 10 Aug 2023 17:23:42 +0530 Subject: [PATCH 123/195] Addition of new API getMasterCountryList --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index af42b580fe..8a5ed288dc 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9444,6 +9444,24 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: getMasterCountryList + uris: "{{ master_data_service_prefix }}/v1/countries" + upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getCountries" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: getProfilePageMetaData uris: "{{ master_data_service_prefix }}/v1/profilePageMetaData" upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v1/getProfilePageMetaData" From e305092ac2eea590b11785cca0dc86efeb97e6c3 Mon Sep 17 00:00:00 2001 From: Sahil-tarento <140611066+Sahil-tarento@users.noreply.github.com> Date: Tue, 22 Aug 2023 11:05:57 +0530 Subject: [PATCH 124/195] Changes for report storage Download changes --- ansible/roles/kong-api/defaults/main.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 8a5ed288dc..cf78c76edc 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9964,3 +9964,20 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: storageReportDownloadDoc + uris: "/storage/v1/report" + upstream_url: "{{ sb_cb_ext_service_url }}/storage/v1/report" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 6dfcccba99001e3afe772f852b28f35123057c69 Mon Sep 17 00:00:00 2001 From: tarentomaheshvakkund <139739142+tarentomaheshvakkund@users.noreply.github.com> Date: Tue, 22 Aug 2023 17:36:56 +0530 Subject: [PATCH 125/195] Update main.yml #Dev96252 - 1.Whitelisting the API to update attendance manually for offline session and restricted the API with Program co-ordinator roles. 2. Added the API to the ProxiesV8 --- ansible/roles/kong-api/defaults/main.yml | 38 ++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index cf78c76edc..756b8cc33c 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -122,6 +122,8 @@ analytics_url: "http://pm-analytics-service:8091" registry_service_url: "http://registry-service:8081" forms_service_url: "http://form-service:8099" profanity_moderator_admin_service: "http://profanity-moderator-admin-service:4000" +blended_program_service_prefix: /blendedprogram + premium_consumer_rate_limits: - api: createContent @@ -9981,3 +9983,39 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workflowBlendedProgramAdminEnrol + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/admin/enrol" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/admin/enroll" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: blendedProgramUpdateAttendance + uris: "{{ blended_program_service_prefix }}/v1/update/progress" + upstream_url: "{{ sb_cb_ext_service_url }}/blendedprogram/v1/update/progress" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" \ No newline at end of file From ad37df53bbe9ccc2a3580417622b820e4a8c7428 Mon Sep 17 00:00:00 2001 From: tarentomaheshvakkund <139739142+tarentomaheshvakkund@users.noreply.github.com> Date: Tue, 22 Aug 2023 17:39:53 +0530 Subject: [PATCH 126/195] Update main.yml Enroll endpoint spelling correction. --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 756b8cc33c..195fea832f 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9986,7 +9986,7 @@ kong_apis: - name: workflowBlendedProgramAdminEnrol uris: "{{ workflow_handler_service_prefix }}/blendedprogram/admin/enrol" - upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/admin/enroll" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/admin/enrol" strip_uri: true plugins: - name: jwt From 3dc5fb8f336b49c7e45fe01981dee90682d6a727 Mon Sep 17 00:00:00 2001 From: tarentomaheshvakkund <139739142+tarentomaheshvakkund@users.noreply.github.com> Date: Wed, 23 Aug 2023 09:54:14 +0530 Subject: [PATCH 127/195] Dev96252 #Dev96252 - prefix , added in 125th line moved to 94th line --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 195fea832f..aeaed1df99 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -91,6 +91,7 @@ forms_service_prefix: /forms profanity_moderator_admin_prefix: /moderatoradmin mdo_content_prefix: /mdo/content master_data_service_prefix: /masterData +blended_program_service_prefix: /blendedprogram # Service URLs knowledge_mw_service_url: "http://knowledge-mw-service:5000" @@ -122,7 +123,6 @@ analytics_url: "http://pm-analytics-service:8091" registry_service_url: "http://registry-service:8081" forms_service_url: "http://form-service:8099" profanity_moderator_admin_service: "http://profanity-moderator-admin-service:4000" -blended_program_service_prefix: /blendedprogram premium_consumer_rate_limits: From ced1b2c8f08eb8fcb0b646bd41e14245e8d875ce Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Thu, 24 Aug 2023 16:37:31 +0530 Subject: [PATCH 128/195] Added Workflow API for Blended Program to get stats --- ansible/roles/kong-api/defaults/main.yml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index aeaed1df99..5cedfea4a7 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10018,4 +10018,23 @@ kong_apis: config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" \ No newline at end of file + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workflowBlendedProgramReadUserStats + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/v1/stats" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/stats" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ small_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + From 917945c6eec92497a79676855976de5a8950b561 Mon Sep 17 00:00:00 2001 From: SaipradeepR <53404427+SaipradeepR@users.noreply.github.com> Date: Mon, 28 Aug 2023 15:38:02 +0530 Subject: [PATCH 129/195] Update main.yml Changes for Batch Session QR Code --- ansible/roles/kong-api/defaults/main.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 5cedfea4a7..8f79921418 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10038,3 +10038,20 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: downloadBatchSessionQRCode + uris: "{{ workflow_handler_service_prefix }}/batchsesion/qrcode" + upstream_url: "{{ sb_cb_ext_service_url }}/getBatchSessionQRPdf" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ small_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 8e907c3d7812f2439bd1aa2ee61bfdb3968e7cb4 Mon Sep 17 00:00:00 2001 From: Sahil-tarento <140611066+Sahil-tarento@users.noreply.github.com> Date: Tue, 29 Aug 2023 10:41:47 +0530 Subject: [PATCH 130/195] Update main.yml Dev #96252 Provide API to update attendance manually for offline session --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 8f79921418..1f9b78f64c 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10004,7 +10004,7 @@ kong_apis: - name: blendedProgramUpdateAttendance uris: "{{ blended_program_service_prefix }}/v1/update/progress" - upstream_url: "{{ sb_cb_ext_service_url }}/blendedprogram/v1/update/progress" + upstream_url: "{{ sb_cb_ext_service_url }}/content/progress/v1/ext/update" strip_uri: true plugins: - name: jwt From f2e4c504b72391e8ab1c011c83adb60f9e3a0c5d Mon Sep 17 00:00:00 2001 From: SaipradeepR <53404427+SaipradeepR@users.noreply.github.com> Date: Tue, 29 Aug 2023 14:36:54 +0530 Subject: [PATCH 131/195] Update main.yml Corrected the uri for dowloadQRCode API --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 8f79921418..17de028f14 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10039,7 +10039,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: downloadBatchSessionQRCode - uris: "{{ workflow_handler_service_prefix }}/batchsesion/qrcode" + uris: "/batchsesion/qrcode" upstream_url: "{{ sb_cb_ext_service_url }}/getBatchSessionQRPdf" strip_uri: true plugins: From c2a888ab26f5878e185664a7f1d401dcf11ecdb5 Mon Sep 17 00:00:00 2001 From: dkttarento <138442957+dkttarento@users.noreply.github.com> Date: Tue, 29 Aug 2023 18:10:47 +0530 Subject: [PATCH 132/195] Dev #96263 Provide API to remove the user from blended program Dev #96263 Provide API to remove the user from blended program --- ansible/roles/kong-api/defaults/main.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index f74d0bd1fa..aae7b763ac 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10055,3 +10055,23 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workflowBlendedProgramRemove + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/remove" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/remove" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + From 4f1ae9dfbe6ee392b3f21774db73cedcab3370ae Mon Sep 17 00:00:00 2001 From: Sahil-tarento <140611066+Sahil-tarento@users.noreply.github.com> Date: Fri, 1 Sep 2023 14:22:13 +0530 Subject: [PATCH 133/195] Dev #100488 API to Provide the details of the List of User's Session Details Progress (Attended / Not ) for queried batch Dev #100488 API to Provide the details of the List of User's Session Details Progress (Attended / Not ) for queried batch --- ansible/roles/kong-api/defaults/main.yml | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index aae7b763ac..2e12b4e1c7 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10073,5 +10073,22 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - + + - name: blendedProgramOfflineSessionGetUsers + uris: "{{ blended_program_service_prefix }}/v1/getUserContentProgress" + upstream_url: "{{ sb_cb_ext_service_url }}/content/progress/v1/read/getUserDetails" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 03ab2b8730eb581d2808c962e9cf7ff7633b0e74 Mon Sep 17 00:00:00 2001 From: Sahil-tarento <140611066+Sahil-tarento@users.noreply.github.com> Date: Wed, 13 Sep 2023 13:29:17 +0530 Subject: [PATCH 134/195] Update main.yml This is for FAQ file --- ansible/roles/kong-api/defaults/main.yml | 37 ++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 2e12b4e1c7..2e15350ed5 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -92,6 +92,7 @@ profanity_moderator_admin_prefix: /moderatoradmin mdo_content_prefix: /mdo/content master_data_service_prefix: /masterData blended_program_service_prefix: /blendedprogram +faq_assistant_service_prefix: /faq # Service URLs knowledge_mw_service_url: "http://knowledge-mw-service:5000" @@ -123,6 +124,7 @@ analytics_url: "http://pm-analytics-service:8091" registry_service_url: "http://registry-service:8081" forms_service_url: "http://form-service:8099" profanity_moderator_admin_service: "http://profanity-moderator-admin-service:4000" +faq_assistant_service: "http://faq-assistant-service:4003" premium_consumer_rate_limits: @@ -10092,3 +10094,38 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: faqAssistantGetLanguage + uris: "{{ faq_assistant_service_prefix }}/v1/assistant/available/language" + upstream_url: "{{ faq_assistant_service }}/assistant/available/language" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: faqAssistantGetConfig + uris: "{{ faq_assistant_service_prefix }}/v1/assistant/configs/language" + upstream_url: "{{ faq_assistant_service }}/assistant/configs/language" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From e3a9a34e97bc286c601d304dd7e1cd07cd1f86ee Mon Sep 17 00:00:00 2001 From: waibhav chandra Date: Wed, 13 Sep 2023 21:09:26 +0530 Subject: [PATCH 135/195] Update main.yml modified config to suit an open API for faq-assistant APIs --- ansible/roles/kong-api/defaults/main.yml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 2e15350ed5..261ad4291d 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10099,16 +10099,12 @@ kong_apis: upstream_url: "{{ faq_assistant_service }}/assistant/available/language" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential + config.limit_by: ip - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" @@ -10117,15 +10113,11 @@ kong_apis: upstream_url: "{{ faq_assistant_service }}/assistant/configs/language" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential + config.limit_by: ip - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" From fc238c0b84ef4782fc8b978d33f9a99b1ce12d73 Mon Sep 17 00:00:00 2001 From: Sahil-tarento <140611066+Sahil-tarento@users.noreply.github.com> Date: Wed, 20 Sep 2023 11:36:17 +0530 Subject: [PATCH 136/195] Dev #104404 Enrolling into Curated Program --- ansible/roles/kong-api/defaults/main.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 261ad4291d..2011a6cbc3 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -93,6 +93,7 @@ mdo_content_prefix: /mdo/content master_data_service_prefix: /masterData blended_program_service_prefix: /blendedprogram faq_assistant_service_prefix: /faq +curated_program_service_prefix: /curatedprogram # Service URLs knowledge_mw_service_url: "http://knowledge-mw-service:5000" @@ -10121,3 +10122,21 @@ kong_apis: config.limit_by: ip - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: curatedProgramEnrolment + uris: "{{ curated_program_service_prefix }}/v1/enrol" + upstream_url: "{{ lms_service_url }}/v1/program/enroll" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 748954255251f5d2ac6c3a8333cea337cc0c982f Mon Sep 17 00:00:00 2001 From: Sahil-tarento <140611066+Sahil-tarento@users.noreply.github.com> Date: Wed, 20 Sep 2023 12:27:24 +0530 Subject: [PATCH 137/195] Curated Program Prefix changes --- ansible/roles/kong-api/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 2011a6cbc3..1f4ea4c0f5 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -93,7 +93,7 @@ mdo_content_prefix: /mdo/content master_data_service_prefix: /masterData blended_program_service_prefix: /blendedprogram faq_assistant_service_prefix: /faq -curated_program_service_prefix: /curatedprogram +curated_program_prefix: /curatedprogram # Service URLs knowledge_mw_service_url: "http://knowledge-mw-service:5000" @@ -10124,7 +10124,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: curatedProgramEnrolment - uris: "{{ curated_program_service_prefix }}/v1/enrol" + uris: "{{ curated_program_prefix }}/v1/enrol" upstream_url: "{{ lms_service_url }}/v1/program/enroll" strip_uri: true plugins: From 6159840aaff7396942902661b4da30366d2259bf Mon Sep 17 00:00:00 2001 From: SaipradeepR <53404427+SaipradeepR@users.noreply.github.com> Date: Tue, 26 Sep 2023 16:46:54 +0530 Subject: [PATCH 138/195] Update main.yml New entry for the Enrol Status Count --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 1f4ea4c0f5..36b4e9fe44 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10140,3 +10140,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workflowBlendedProgramEnrolStatusCount + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/enrol/status/count" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/enrol/status/count" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 8ea56e83cd0e9a837e7771592dd72d4396fa6ef7 Mon Sep 17 00:00:00 2001 From: SaipradeepR <53404427+SaipradeepR@users.noreply.github.com> Date: Thu, 28 Sep 2023 06:36:43 +0530 Subject: [PATCH 139/195] Update main.yml Separated Update Operations between MDO & PC --- ansible/roles/kong-api/defaults/main.yml | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 36b4e9fe44..82e3f9e621 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9811,9 +9811,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: workflowBlendedProgramUpdate - uris: "{{ workflow_handler_service_prefix }}/blendedprogram/update" - upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/update" + - name: workflowBlendedProgramPCUpdate + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/update/pc" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/update/pc" strip_uri: true plugins: - name: jwt @@ -10158,3 +10158,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workflowBlendedProgramMDOUpdate + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/update/mdo" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/update/mdo" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 95de7d911a6a5097c2ec6203bcc186c71989ff7b Mon Sep 17 00:00:00 2001 From: SaipradeepR <53404427+SaipradeepR@users.noreply.github.com> Date: Thu, 28 Sep 2023 11:50:37 +0530 Subject: [PATCH 140/195] Update main.yml Added entries for SearchV2 for MDO & PC --- ansible/roles/kong-api/defaults/main.yml | 36 ++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 82e3f9e621..6a0ee9e6f6 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10176,3 +10176,39 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workflowBPPCSearchV2 + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/searchv2/pc" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/searchv2/pc" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workflowBPMDOSearchV2 + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/searchv2/mdo" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/searchv2/mdo" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From e15de3a0be64a4bb1bc920a29fc310b3e0ebd666 Mon Sep 17 00:00:00 2001 From: Haritest Date: Thu, 28 Sep 2023 13:04:44 +0530 Subject: [PATCH 141/195] Update main.yml space fixed --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 6a0ee9e6f6..7472de19dc 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10177,7 +10177,7 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: workflowBPPCSearchV2 + - name: workflowBPPCSearchV2 uris: "{{ workflow_handler_service_prefix }}/blendedprogram/searchv2/pc" upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/searchv2/pc" strip_uri: true From df960de5c7a3c8aa430bf53bbd011bec2ab6707b Mon Sep 17 00:00:00 2001 From: Haritest Date: Thu, 28 Sep 2023 13:06:27 +0530 Subject: [PATCH 142/195] Update main.yml space fixed --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 7472de19dc..ac06c4091d 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10195,7 +10195,7 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: workflowBPMDOSearchV2 + - name: workflowBPMDOSearchV2 uris: "{{ workflow_handler_service_prefix }}/blendedprogram/searchv2/mdo" upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/searchv2/mdo" strip_uri: true From 4a5facd99ac5afae79c8a2b9bc9dc25cc1b0725b Mon Sep 17 00:00:00 2001 From: SaipradeepR <53404427+SaipradeepR@users.noreply.github.com> Date: Thu, 28 Sep 2023 13:43:14 +0530 Subject: [PATCH 143/195] Update main.yml Modified the url to caps --- ansible/roles/kong-api/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index ac06c4091d..c65e1c31ef 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10178,8 +10178,8 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: workflowBPPCSearchV2 - uris: "{{ workflow_handler_service_prefix }}/blendedprogram/searchv2/pc" - upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/searchv2/pc" + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/searchV2/pc" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/searchV2/pc" strip_uri: true plugins: - name: jwt @@ -10196,8 +10196,8 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: workflowBPMDOSearchV2 - uris: "{{ workflow_handler_service_prefix }}/blendedprogram/searchv2/mdo" - upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/searchv2/mdo" + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/searchV2/mdo" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/searchV2/mdo" strip_uri: true plugins: - name: jwt From 3087ac9770a052ab9c25dec14c1d2a0c91c5e536 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Thu, 28 Sep 2023 18:28:18 +0530 Subject: [PATCH 144/195] Added reportInfo API --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index c65e1c31ef..424350dff2 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10212,3 +10212,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getReportInfo + uris: "/storage/v1/reportInfo" + upstream_url: "{{ sb_cb_ext_service_url }}/storage/v1/reportInfo" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 6c98cfd7beacf5ad3438a29d87deb3ee3f007c9d Mon Sep 17 00:00:00 2001 From: dkttarento <138442957+dkttarento@users.noreply.github.com> Date: Thu, 28 Sep 2023 19:38:27 +0530 Subject: [PATCH 145/195] Update main.yml KONG-API => BlendedProgram Unenrol. --- ansible/roles/kong-api/defaults/main.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 424350dff2..fd9d3f4daf 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10230,3 +10230,22 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workflowBlendedProgramUnEnrol + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/unenrol" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/unenrol" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + From 6f0808ba32fd268f99722dbc735ca2d21393c7ec Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Thu, 28 Sep 2023 20:29:46 +0530 Subject: [PATCH 146/195] Added Blended Program Unenrol API --- ansible/roles/kong-api/defaults/main.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 424350dff2..fd9d3f4daf 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10230,3 +10230,22 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workflowBlendedProgramUnEnrol + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/unenrol" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/unenrol" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + From 18f354fb2f13083637fff035f7ab62195b020978 Mon Sep 17 00:00:00 2001 From: SaipradeepR <53404427+SaipradeepR@users.noreply.github.com> Date: Fri, 29 Sep 2023 12:37:40 +0530 Subject: [PATCH 147/195] Update main.yml Separated Remove for PC & MDO --- ansible/roles/kong-api/defaults/main.yml | 25 +++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index fd9d3f4daf..22ab088aa3 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10059,9 +10059,9 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: workflowBlendedProgramRemove - uris: "{{ workflow_handler_service_prefix }}/blendedprogram/remove" - upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/remove" + - name: workflowBPPCRemove + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/remove/pc" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/remove/pc" strip_uri: true plugins: - name: jwt @@ -10076,6 +10076,25 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workflowBPMDORemove + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/remove/mdo" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/remove/mdo" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: blendedProgramOfflineSessionGetUsers uris: "{{ blended_program_service_prefix }}/v1/getUserContentProgress" From 1ce6b22c26ef7eae44935784a0fe0e86c8e54db4 Mon Sep 17 00:00:00 2001 From: Haritest Date: Fri, 29 Sep 2023 12:48:23 +0530 Subject: [PATCH 148/195] Update main.yml space removed --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 22ab088aa3..0e93159061 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10077,7 +10077,7 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: workflowBPMDORemove + - name: workflowBPMDORemove uris: "{{ workflow_handler_service_prefix }}/blendedprogram/remove/mdo" upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/remove/mdo" strip_uri: true From ff8514801bd21ad215dd94f921807891166d3708 Mon Sep 17 00:00:00 2001 From: SaipradeepR <53404427+SaipradeepR@users.noreply.github.com> Date: Fri, 29 Sep 2023 20:57:10 +0530 Subject: [PATCH 149/195] Update main.yml To support backward compatibility added back old Kong urls which will be not in usage from 8.6 --- ansible/roles/kong-api/defaults/main.yml | 35 ++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 0e93159061..036bcfa206 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10268,3 +10268,38 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: workflowBlendedProgramUpdate + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/update" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workflowBlendedProgramRemove + uris: "{{ workflow_handler_service_prefix }}/blendedprogram/remove" + upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/remove" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From cbbe3ac97d8d8c065ec3e3698a9d340d8ca5c296 Mon Sep 17 00:00:00 2001 From: Haritest Date: Fri, 29 Sep 2023 21:03:29 +0530 Subject: [PATCH 150/195] Update main.yml --- ansible/roles/kong-api/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 036bcfa206..591b65e736 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10268,7 +10268,7 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: workflowBlendedProgramUpdate + - name: workflowBlendedProgramUpdate uris: "{{ workflow_handler_service_prefix }}/blendedprogram/update" upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/update" strip_uri: true @@ -10286,7 +10286,7 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: workflowBlendedProgramRemove + - name: workflowBlendedProgramRemove uris: "{{ workflow_handler_service_prefix }}/blendedprogram/remove" upstream_url: "{{ workflow_handler_service_url }}/v1/blendedprogram/workflow/remove" strip_uri: true From a2678c5344c1488f4778dead908aa5361c90957c Mon Sep 17 00:00:00 2001 From: Sahil-tarento <140611066+Sahil-tarento@users.noreply.github.com> Date: Mon, 16 Oct 2023 16:53:27 +0530 Subject: [PATCH 151/195] Added the API for admin program enroll --- ansible/roles/kong-api/defaults/main.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 591b65e736..2eb38272c0 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -94,6 +94,7 @@ master_data_service_prefix: /masterData blended_program_service_prefix: /blendedprogram faq_assistant_service_prefix: /faq curated_program_prefix: /curatedprogram +program_prefix: /program # Service URLs knowledge_mw_service_url: "http://knowledge-mw-service:5000" @@ -10303,3 +10304,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: programAdminEnrolment + uris: "{{ program_prefix }}/v1/admin/enrol" + upstream_url: "{{ lms_service_url }}/v1/program/admin/enroll" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'courseAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From bb6d0106e5fa5866ef28abf8409cc98cd2e22753 Mon Sep 17 00:00:00 2001 From: dkttarento <138442957+dkttarento@users.noreply.github.com> Date: Mon, 23 Oct 2023 18:17:52 +0530 Subject: [PATCH 152/195] Update main.yml KBE-564 MDO Admin shall be able to update tags --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 2eb38272c0..21e1c65438 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10322,3 +10322,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: adminUserExtendedPatch + uris: "{{ user_service_prefix }}/v1/extPatch" + upstream_url: "{{ sb_cb_ext_service_url }}/user/admin/patch" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'courseAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 441e2b93a01ed3e2e889ec6c54240f2aa4c65c74 Mon Sep 17 00:00:00 2001 From: dkttarento <138442957+dkttarento@users.noreply.github.com> Date: Mon, 23 Oct 2023 20:22:19 +0530 Subject: [PATCH 153/195] Update main.yml Updated : KBE-564 :MDO Leader/ Admin shall be able to update tags --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 21e1c65438..cb656ff219 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10324,7 +10324,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: adminUserExtendedPatch - uris: "{{ user_service_prefix }}/v1/extPatch" + uris: "{{ user_service_prefix }}/v1/admin/extPatch" upstream_url: "{{ sb_cb_ext_service_url }}/user/admin/patch" strip_uri: true plugins: From 95b42662ee96ea7d59e4199d3d1368bdd61f5f6d Mon Sep 17 00:00:00 2001 From: Sahil-tarento <140611066+Sahil-tarento@users.noreply.github.com> Date: Fri, 3 Nov 2023 09:40:38 +0530 Subject: [PATCH 154/195] Kong API changes for Discussion Hub --- ansible/roles/kong-api/defaults/main.yml | 138 +++++++++++++++++++---- 1 file changed, 115 insertions(+), 23 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index cb656ff219..765e16fc92 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7747,29 +7747,6 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: discussionHubAPIs - uris: "/discussion" - upstream_url: "{{ discussions_mw_url }}/discussion" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: request-transformer - config: - rename: - headers: - - nodebb_authorization_token:Authorization - name: nodebbauthAPIs uris: "/nodebb/auth/api" @@ -10340,3 +10317,118 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: discussionHubAPIForRecent + uris: "/discussion/recent" + upstream_url: "{{ discussions_mw_url }}/discussion/recent" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: request-transformer + config: + rename: + headers: + - nodebb_authorization_token:Authorization + + - name: discussionHubAPIForTags + uris: "/discussion/tags " + upstream_url: "{{ discussions_mw_url }}/discussion/tags" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: request-transformer + config: + rename: + headers: + - nodebb_authorization_token:Authorization + + - name: discussionHubAPIForUserDiscussions + uris: "/discussion/user" + upstream_url: "{{ discussions_mw_url }}/discussion/user" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: request-transformer + config: + rename: + headers: + - nodebb_authorization_token:Authorization + + - name: discussionHubAPIForPost + uris: "/discussion/v2/topics" + upstream_url: "{{ discussions_mw_url }}/discussion/v2/topics" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: request-transformer + config: + rename: + headers: + - nodebb_authorization_token:Authorization + + - name: discussionHubAPIForCategories + uris: "/discussion/categories" + upstream_url: "{{ discussions_mw_url }}/discussion/categories" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: request-transformer + config: + rename: + headers: + - nodebb_authorization_token:Authorization From 9042fa0ab1b44e516e38051d6bbb6935cb228e9d Mon Sep 17 00:00:00 2001 From: Sahil-tarento <140611066+Sahil-tarento@users.noreply.github.com> Date: Fri, 3 Nov 2023 17:34:28 +0530 Subject: [PATCH 155/195] Reverting few changes --- ansible/roles/kong-api/defaults/main.yml | 25 +++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 765e16fc92..98722fb942 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7729,7 +7729,30 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - + + - name: discussionHubAPIs + uris: "/discussion" + upstream_url: "{{ discussions_mw_url }}/discussion" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: request-transformer + config: + rename: + headers: + - nodebb_authorization_token:Authorization + - name: privateUserMigrate uris: "{{ user_service_prefix }}/private/v1/migrate" upstream_url: "{{ sb_cb_ext_service_url }}/user/v1/migrate" From 8770521b1919896d34e1533afcef813b9805ccea Mon Sep 17 00:00:00 2001 From: Sahil-tarento <140611066+Sahil-tarento@users.noreply.github.com> Date: Fri, 3 Nov 2023 17:37:12 +0530 Subject: [PATCH 156/195] Fix Reverting --- ansible/roles/kong-api/defaults/main.yml | 38 ++++++++++++------------ 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 98722fb942..29fecebec1 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7729,6 +7729,24 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: privateUserMigrate + uris: "{{ user_service_prefix }}/private/v1/migrate" + upstream_url: "{{ sb_cb_ext_service_url }}/user/v1/migrate" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userUpdate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: discussionHubAPIs uris: "/discussion" @@ -7752,25 +7770,7 @@ kong_apis: rename: headers: - nodebb_authorization_token:Authorization - - - name: privateUserMigrate - uris: "{{ user_service_prefix }}/private/v1/migrate" - upstream_url: "{{ sb_cb_ext_service_url }}/user/v1/migrate" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'userUpdate' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - + - name: nodebbauthAPIs uris: "/nodebb/auth/api" upstream_url: "{{ nodebb_url }}/api" From 030a82913aea0c75ac97ad79a0fbee41ed318f44 Mon Sep 17 00:00:00 2001 From: Haritest Date: Mon, 6 Nov 2023 15:13:28 +0530 Subject: [PATCH 157/195] Update main.yml markAttendance added --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 29fecebec1..7fb6a2a6ab 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10455,3 +10455,21 @@ kong_apis: rename: headers: - nodebb_authorization_token:Authorization + + - name: markAttendance + uris: "{{ course_service_prefix }}/v1/content/markattendance" + upstream_url: "{{ lms_service_url }}/v1/content/state/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'courseAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From e0daf31b0317f5c3577592bfa4e27e2041d58afb Mon Sep 17 00:00:00 2001 From: Sahil-tarento <140611066+Sahil-tarento@users.noreply.github.com> Date: Mon, 6 Nov 2023 15:18:02 +0530 Subject: [PATCH 158/195] Event Retire API --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 7fb6a2a6ab..154d2de79f 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10473,3 +10473,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: retireEvent + uris: "{{ event_prefix }}/v4/retire" + upstream_url: "{{ content_service_url }}/private/event/v4/retire" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentUpdate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" From 33e7720c7c808e6eece04dc24d4e5bef4091931b Mon Sep 17 00:00:00 2001 From: SaipradeepR <53404427+SaipradeepR@users.noreply.github.com> Date: Mon, 13 Nov 2023 11:14:03 +0530 Subject: [PATCH 159/195] Update main.yml Added Insights & Trending API urls --- ansible/roles/kong-api/defaults/main.yml | 37 ++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 154d2de79f..20d0999828 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10491,3 +10491,40 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: userInsights + uris: "/insights" + upstream_url: "{{ sb_cb_ext_service_url }}/user/v2/insights" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + + - name: trending + uris: "/trending/search" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/trending/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" From e5f01301f9f5ca57ceed75f19b4b7628dc0f6c23 Mon Sep 17 00:00:00 2001 From: Haritest Date: Wed, 15 Nov 2023 17:02:11 +0530 Subject: [PATCH 160/195] Update main.yml hub_graph_service limit increased --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 20d0999828..3755bc9905 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7396,7 +7396,7 @@ kong_apis: config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ x_large_rate_limit_per_hour }}" - name: findSuggestedConnection uris: "{{ hub_graph_service_prefix }}/profile/find/suggests" From aec8b8ef34421f69e0fca08a7c6b7e453b6d7c51 Mon Sep 17 00:00:00 2001 From: Haritest Date: Wed, 15 Nov 2023 17:27:17 +0530 Subject: [PATCH 161/195] Update main.yml findRecommendedConnection updated --- ansible/roles/kong-api/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 3755bc9905..19cb14295c 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7393,10 +7393,10 @@ kong_apis: - 'dataAccess' - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ x_large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ x_large_rate_limit_per_hour }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: findSuggestedConnection uris: "{{ hub_graph_service_prefix }}/profile/find/suggests" From fa8368f6a173f813a3f83df320b879af9e7c7309 Mon Sep 17 00:00:00 2001 From: sreeragksgh Date: Thu, 23 Nov 2023 18:19:16 +0530 Subject: [PATCH 162/195] New Generate OTP EXT API --- ansible/roles/kong-api/defaults/main.yml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 19cb14295c..ce42e2ed64 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10527,4 +10527,20 @@ kong_apis: config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: generateOtpEXT + uris: "{{ otp_service_prefix }}/ext/v1/generate" + upstream_url: "{{ sb_cb_ext_service_url }}/user/otp/v1/generate" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + From c4b42a76342f3a4cc74b6a56710e3f1adfdf0b05 Mon Sep 17 00:00:00 2001 From: Sahil-tarento <140611066+Sahil-tarento@users.noreply.github.com> Date: Wed, 29 Nov 2023 16:54:27 +0530 Subject: [PATCH 163/195] Adding FRAC competency API --- ansible/roles/kong-api/defaults/main.yml | 56 ++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index ce42e2ed64..4c22bf8c2e 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -95,6 +95,7 @@ blended_program_service_prefix: /blendedprogram faq_assistant_service_prefix: /faq curated_program_prefix: /curatedprogram program_prefix: /program +competency_prefix: /competency # Service URLs knowledge_mw_service_url: "http://knowledge-mw-service:5000" @@ -127,6 +128,7 @@ registry_service_url: "http://registry-service:8081" forms_service_url: "http://form-service:8099" profanity_moderator_admin_service: "http://profanity-moderator-admin-service:4000" faq_assistant_service: "http://faq-assistant-service:4003" +competency_url: "http://fracentity-service:8083" premium_consumer_rate_limits: @@ -10543,4 +10545,58 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: readCompetencyById + uris: "{{ competency_prefix }}/read" + upstream_url: "{{ competency_url }}/v2/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: searchCompetency + uris: "{{ competency_prefix }}/search" + upstream_url: "{{ competency_url }}/v2/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: upsertCompetency + uris: "{{ competency_prefix }}/upsert" + upstream_url: "{{ competency_url }}/v2/upsert" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + From 396f808ca72dad920ceb804023f68c0f0774c32c Mon Sep 17 00:00:00 2001 From: Sahil-tarento <140611066+Sahil-tarento@users.noreply.github.com> Date: Thu, 30 Nov 2023 15:38:08 +0530 Subject: [PATCH 164/195] Adding UI-proxy and KONG-API for addUpdateCompetencyRelation --- ansible/roles/kong-api/defaults/main.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 4c22bf8c2e..160af0fc05 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10599,4 +10599,21 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: addUpdateCompetencyRelation + uris: "{{ competency_prefix }}/update/relation" + upstream_url: "{{ competency_url }}/v2/update/relation" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" From 1c48758e6d6e2ec6409f3b7effcc6de66539b1f0 Mon Sep 17 00:00:00 2001 From: shankaragoudab <140387294+shankaragoudab@users.noreply.github.com> Date: Fri, 1 Dec 2023 08:46:17 +0530 Subject: [PATCH 165/195] Update main.yml profilePhotoUpload api added --- ansible/roles/kong-api/defaults/main.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 160af0fc05..d5928c1222 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10617,3 +10617,20 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: profilePhotoUpload + uris: "/storage/sb-cb-ext-dev/profilePhotoUpload" + upstream_url: "{{ sb_cb_ext_service_url }}/storage/sb-cb-ext-dev/profilePhotoUpload" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ x_large_request_size_limit }}" From 1aedf0ca7a89454d76320c6893fe7de616f5101d Mon Sep 17 00:00:00 2001 From: Haritest Date: Fri, 1 Dec 2023 14:40:51 +0530 Subject: [PATCH 166/195] Update main.yml listUserCourseEnrollmentsv2 added for testing --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index d5928c1222..8c458cfafb 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10634,3 +10634,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ x_large_request_size_limit }}" + + - name: listUserCourseEnrollmentsv2 + uris: "{{ course_service_prefix }}/v2/user/enrollment/list" + upstream_url: "{{ lms_service_url }}/v2/user/courses/list" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'courseAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 5db7b998a6a1273aea4a15c96b284ff036b88e20 Mon Sep 17 00:00:00 2001 From: Haritest Date: Fri, 1 Dec 2023 14:53:47 +0530 Subject: [PATCH 167/195] Update main.yml listUserCourseEnrollments admin added --- ansible/roles/kong-api/defaults/main.yml | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 8c458cfafb..b15809e0e8 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -8067,7 +8067,7 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: listUserCourseEnrollments + - name: listAdminUserCourseEnrollments uris: "{{ course_service_prefix }}/v2/user/enrollment/admin/list" upstream_url: "{{ lms_service_url }}/v2/user/courses/admin/list" strip_uri: true @@ -10635,20 +10635,3 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ x_large_request_size_limit }}" - - name: listUserCourseEnrollmentsv2 - uris: "{{ course_service_prefix }}/v2/user/enrollment/list" - upstream_url: "{{ lms_service_url }}/v2/user/courses/list" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'courseAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" From 05950e77ddd53e72f98bc1bbdee394989f4d1079 Mon Sep 17 00:00:00 2001 From: shankaragoudab <140387294+shankaragoudab@users.noreply.github.com> Date: Mon, 4 Dec 2023 12:28:00 +0530 Subject: [PATCH 168/195] Update main.yml kong update for the profilePhotoUpload api --- ansible/roles/kong-api/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index b15809e0e8..476e78ed2e 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10618,8 +10618,8 @@ kong_apis: config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: profilePhotoUpload - uris: "/storage/sb-cb-ext-dev/profilePhotoUpload" - upstream_url: "{{ sb_cb_ext_service_url }}/storage/sb-cb-ext-dev/profilePhotoUpload" + uris: "/storage/profilePhotoUpload" + upstream_url: "{{ sb_cb_ext_service_url }}/storage/profilePhotoUpload" strip_uri: true plugins: - name: jwt From 28f200468e3de55d3d0b803122a135f404febdc4 Mon Sep 17 00:00:00 2001 From: Sahil-tarento <140611066+Sahil-tarento@users.noreply.github.com> Date: Thu, 7 Dec 2023 16:34:15 +0530 Subject: [PATCH 169/195] Added the competencies v4 --- ansible/roles/kong-api/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 160af0fc05..6174499ee4 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10546,7 +10546,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: readCompetencyById - uris: "{{ competency_prefix }}/read" + uris: "{{ competency_prefix }}/v4/read" upstream_url: "{{ competency_url }}/v2/read" strip_uri: true plugins: @@ -10564,7 +10564,7 @@ kong_apis: config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: searchCompetency - uris: "{{ competency_prefix }}/search" + uris: "{{ competency_prefix }}/v4/search" upstream_url: "{{ competency_url }}/v2/search" strip_uri: true plugins: @@ -10582,7 +10582,7 @@ kong_apis: config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: upsertCompetency - uris: "{{ competency_prefix }}/upsert" + uris: "{{ competency_prefix }}/v4/upsert" upstream_url: "{{ competency_url }}/v2/upsert" strip_uri: true plugins: @@ -10600,7 +10600,7 @@ kong_apis: config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: addUpdateCompetencyRelation - uris: "{{ competency_prefix }}/update/relation" + uris: "{{ competency_prefix }}/v4/update/relation" upstream_url: "{{ competency_url }}/v2/update/relation" strip_uri: true plugins: From 0fafad0f83785b01f48e86cbc02c83b1d2d3084f Mon Sep 17 00:00:00 2001 From: ravisaurav-tarento <142487505+ravisaurav-tarento@users.noreply.github.com> Date: Fri, 8 Dec 2023 01:12:20 +0530 Subject: [PATCH 170/195] Update main.yml Added a new API for admin search --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index feb498c4f0..f3ad0c5e20 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7528,6 +7528,24 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: userAdminAutoComplete + uris: "{{ user_service_prefix }}/v1/admin/autocomplete" + upstream_url: "{{ sb_cb_ext_service_url }}/user/v1/admin/autocomplete" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: userNetworkAutoComplete uris: "/v1/user/autocomplete" From aeba6c2b2c531c32be4709bb83821f03a05b0971 Mon Sep 17 00:00:00 2001 From: ravisaurav-tarento <142487505+ravisaurav-tarento@users.noreply.github.com> Date: Fri, 8 Dec 2023 14:39:56 +0530 Subject: [PATCH 171/195] Update main.yml Moved changes to EoF --- ansible/roles/kong-api/defaults/main.yml | 36 ++++++++++++------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index f3ad0c5e20..887e74d582 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7528,24 +7528,6 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - - name: userAdminAutoComplete - uris: "{{ user_service_prefix }}/v1/admin/autocomplete" - upstream_url: "{{ sb_cb_ext_service_url }}/user/v1/admin/autocomplete" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - name: userNetworkAutoComplete uris: "/v1/user/autocomplete" @@ -10653,3 +10635,21 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ x_large_request_size_limit }}" + - name: userAdminAutoComplete + uris: "{{ user_service_prefix }}/v1/admin/autocomplete" + upstream_url: "{{ sb_cb_ext_service_url }}/user/v1/admin/autocomplete" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + From c55f51d69c8379478cf3aa9b86523f12eb590207 Mon Sep 17 00:00:00 2001 From: Sahil-tarento <140611066+Sahil-tarento@users.noreply.github.com> Date: Tue, 12 Dec 2023 11:09:49 +0530 Subject: [PATCH 172/195] Add cbplan API --- ansible/roles/kong-api/defaults/main.yml | 54 ++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 887e74d582..8cc317d196 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -96,6 +96,7 @@ faq_assistant_service_prefix: /faq curated_program_prefix: /curatedprogram program_prefix: /program competency_prefix: /competency +cb_plan_prefix: /cbplan # Service URLs knowledge_mw_service_url: "http://knowledge-mw-service:5000" @@ -10653,3 +10654,56 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: cbPlanCreate + uris: "{{ cb_plan_prefix }}/v1/create" + upstream_url: "{{ sb_cb_ext_service_url }}/cbplan/v1/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: cbPlanPublish + uris: "{{ cb_plan_prefix }}/v1/publish" + upstream_url: "{{ sb_cb_ext_service_url }}/cbplan/v1/publish" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: cbPlanUpdate + uris: "{{ cb_plan_prefix }}/v1/update" + upstream_url: "{{ sb_cb_ext_service_url }}/cbplan/v1/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" \ No newline at end of file From f2558a723b87db3301f4e11c4cf081e04d337935 Mon Sep 17 00:00:00 2001 From: Haritest Date: Tue, 12 Dec 2023 11:26:43 +0530 Subject: [PATCH 173/195] Update Jenkinsfile notify commented --- kubernetes/pipelines/onboard-api/Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/pipelines/onboard-api/Jenkinsfile b/kubernetes/pipelines/onboard-api/Jenkinsfile index 4f37e268f4..dbcd4e73de 100644 --- a/kubernetes/pipelines/onboard-api/Jenkinsfile +++ b/kubernetes/pipelines/onboard-api/Jenkinsfile @@ -45,7 +45,7 @@ node() { throw err } finally { - slack_notify(currentBuild.result) - email_notify() + // slack_notify(currentBuild.result) + // email_notify() } } From 32967fe3cdeeae5527e287008cf71eb3c443c0aa Mon Sep 17 00:00:00 2001 From: tarentomaheshvakkund <139739142+tarentomaheshvakkund@users.noreply.github.com> Date: Wed, 13 Dec 2023 12:48:43 +0530 Subject: [PATCH 174/195] KB-1493 - DEV | BE | API for Top 10 MDO data for the Hall of Fame 1. Added the kong API entry for hall of fame. --- ansible/roles/kong-api/defaults/main.yml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 8cc317d196..e94db71737 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10706,4 +10706,22 @@ kong_apis: config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" \ No newline at end of file + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: halloffame + uris: "/halloffame/read" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/halloffame/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" \ No newline at end of file From c4a2c072a9bd25e5e7f388503dbc22646e31da47 Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Thu, 14 Dec 2023 09:55:46 +0530 Subject: [PATCH 175/195] Added API to get dept position --- ansible/roles/kong-api/defaults/main.yml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index e94db71737..118b9404a2 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10724,4 +10724,22 @@ kong_apis: config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" \ No newline at end of file + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: getPositionByOrg + uris: "{{ master_data_service_prefix }}/v2/deptPosition" + upstream_url: "{{ sb_cb_ext_service_url }}/masterData/v2/deptPosition" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From e217e477cf3b5e571fc681bec6b655321a2b313f Mon Sep 17 00:00:00 2001 From: Sahil-tarento <140611066+Sahil-tarento@users.noreply.github.com> Date: Thu, 14 Dec 2023 10:42:05 +0530 Subject: [PATCH 176/195] Adding KONG API for Retire and Read --- ansible/roles/kong-api/defaults/main.yml | 36 ++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 118b9404a2..d3e1ab7295 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10743,3 +10743,39 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: cbPlanRetire + uris: "{{ cb_plan_prefix }}/v1/archive" + upstream_url: "{{ sb_cb_ext_service_url }}/cbplan/v1/archive" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentUpdate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: cbPlanReadById + uris: "{{ cb_plan_prefix }}/v1/read" + upstream_url: "{{ sb_cb_ext_service_url }}/cbplan/v1/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 1b61608d4d90dafdab757e0f897281996eae08fa Mon Sep 17 00:00:00 2001 From: Karthikeyan Rajendran <70887864+karthik-tarento@users.noreply.github.com> Date: Fri, 15 Dec 2023 10:47:51 +0530 Subject: [PATCH 177/195] Added CB Plan List for MDO Portal --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index d3e1ab7295..69ff7cd6f1 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10779,3 +10779,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: cbPlanListByAdmin + uris: "{{ cb_plan_prefix }}/v1/list" + upstream_url: "{{ sb_cb_ext_service_url }}/cbplan/v1/list" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From d1ca3221f433c8f1db18a301dd8f318fb1dbda36 Mon Sep 17 00:00:00 2001 From: ravisaurav-tarento <142487505+ravisaurav-tarento@users.noreply.github.com> Date: Fri, 15 Dec 2023 17:09:19 +0530 Subject: [PATCH 178/195] KB-1492 : added API for cb-ext for CBplan user list --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 69ff7cd6f1..7ab6dcad14 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10797,3 +10797,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: cbPlanListByUser + uris: "{{ user_service_prefix }}v1/cbplan" + upstream_url: "{{ sb_cb_ext_service_url }}/cbplan/v1/user/list" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" From 89eb7afd27b75ec37a851581a78e447a2b8a1c94 Mon Sep 17 00:00:00 2001 From: ravisaurav-tarento <142487505+ravisaurav-tarento@users.noreply.github.com> Date: Fri, 15 Dec 2023 17:19:01 +0530 Subject: [PATCH 179/195] KB-1492:corrected API path --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 7ab6dcad14..6d6dc4413c 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10799,7 +10799,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: cbPlanListByUser - uris: "{{ user_service_prefix }}v1/cbplan" + uris: "{{ user_service_prefix }}/v1/cbplan" upstream_url: "{{ sb_cb_ext_service_url }}/cbplan/v1/user/list" strip_uri: true plugins: From 6462d3c76044a4de4f7271d3c4e71951e93dda40 Mon Sep 17 00:00:00 2001 From: dkttarento <138442957+dkttarento@users.noreply.github.com> Date: Mon, 18 Dec 2023 16:53:58 +0530 Subject: [PATCH 180/195] Update main.yml Kong api for Karma points --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 6d6dc4413c..3a02188bca 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10815,3 +10815,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: karmapoints + uris: "/karmapoints/read" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/karmapoints/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" From 8c2e980b60a4ab6c6cc0d92fe8867422be8ca8d2 Mon Sep 17 00:00:00 2001 From: shankaragoudab <140387294+shankaragoudab@users.noreply.github.com> Date: Tue, 19 Dec 2023 11:13:28 +0530 Subject: [PATCH 181/195] halloffame api removed jwt --- ansible/roles/kong-api/defaults/main.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 3a02188bca..fe66023a4c 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10713,12 +10713,8 @@ kong_apis: upstream_url: "{{ sb_cb_ext_service_url }}/v1/halloffame/read" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" From c7287c4e74617c4f17822000e534ae33b1d409c4 Mon Sep 17 00:00:00 2001 From: Sahil-tarento <140611066+Sahil-tarento@users.noreply.github.com> Date: Tue, 19 Dec 2023 16:05:22 +0530 Subject: [PATCH 182/195] Adding User Profile System Update --- ansible/roles/kong-api/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index fe66023a4c..ae7873e998 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10829,3 +10829,21 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: userProfileSystemUpdate + uris: "{{ user_service_prefix }}/v1/profile/externalsystem/update" + upstream_url: "{{ sb_cb_ext_service_url }}/user/v1/profile/externalsystem/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userUpdate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" \ No newline at end of file From 058351b2ab6f778a310fb9e4d60307d1276dedb5 Mon Sep 17 00:00:00 2001 From: SaipradeepR <53404427+SaipradeepR@users.noreply.github.com> Date: Mon, 1 Jan 2024 10:20:15 +0530 Subject: [PATCH 183/195] Update main.yml Added Entry for Karma Points User Course --- ansible/roles/kong-api/defaults/main.yml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index ae7873e998..6a8ee8f811 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10846,4 +10846,22 @@ kong_apis: config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" \ No newline at end of file + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: karmapoints + uris: "/karmapoints/user/course/read" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/user/course/karmapoints/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" From dce74e78b4be96b0dfda2dad0a2bd23e138d2afe Mon Sep 17 00:00:00 2001 From: dkttarento <138442957+dkttarento@users.noreply.github.com> Date: Mon, 1 Jan 2024 12:31:13 +0530 Subject: [PATCH 184/195] Update main.yml Kong API for Claim Karma points --- ansible/roles/kong-api/defaults/main.yml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 6a8ee8f811..83d6309fdf 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10864,4 +10864,22 @@ kong_apis: config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: claimKarmaPoints + uris: "/claimkarmapoints" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/claimkarmapoints" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" From 3a783c40f51098f75f7d98268b97ade6a8ed3f22 Mon Sep 17 00:00:00 2001 From: Haritest Date: Mon, 1 Jan 2024 14:29:09 +0530 Subject: [PATCH 185/195] Update main.yml space issue fixed --- ansible/roles/kong-api/defaults/main.yml | 52 ++++++++++++------------ 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 83d6309fdf..648f50891a 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10848,38 +10848,38 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: karmapoints + - name: userCourseKarmapoints uris: "/karmapoints/user/course/read" upstream_url: "{{ sb_cb_ext_service_url }}/v1/user/course/karmapoints/read" strip_uri: true plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: claimKarmaPoints uris: "/claimkarmapoints" upstream_url: "{{ sb_cb_ext_service_url }}/v1/claimkarmapoints" strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" From 476bdd8dcec30a15ccffdd9cd3e3cf844d3e10f1 Mon Sep 17 00:00:00 2001 From: Haritest Date: Mon, 1 Jan 2024 14:39:29 +0530 Subject: [PATCH 186/195] Update main.yml space issue fixed --- ansible/roles/kong-api/defaults/main.yml | 90 ++++++++++++------------ 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 648f50891a..58ee00a54d 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10835,51 +10835,51 @@ kong_apis: upstream_url: "{{ sb_cb_ext_service_url }}/user/v1/profile/externalsystem/update" strip_uri: true plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'userUpdate' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userUpdate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: userCourseKarmapoints - uris: "/karmapoints/user/course/read" - upstream_url: "{{ sb_cb_ext_service_url }}/v1/user/course/karmapoints/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl + - name: userCourseKarmapoints + uris: "/karmapoints/user/course/read" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/user/course/karmapoints/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: claimKarmaPoints + uris: "/claimkarmapoints" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/claimkarmapoints" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl config.whitelist: - 'dataAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - - name: claimKarmaPoints - uris: "/claimkarmapoints" - upstream_url: "{{ sb_cb_ext_service_url }}/v1/claimkarmapoints" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'dataAccess' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" From 740d1bc4526a61e53bd3aad3c8ae3c859ed3469b Mon Sep 17 00:00:00 2001 From: Haritest Date: Mon, 1 Jan 2024 14:41:43 +0530 Subject: [PATCH 187/195] Update main.yml space issue solved --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 58ee00a54d..40a46484ba 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10875,7 +10875,7 @@ kong_apis: - name: cors - "{{ statsd_pulgin }}" - name: acl - config.whitelist: + config.whitelist: - 'dataAccess' - name: rate-limiting config.policy: local From da5cc528ce6965967aa8edd2c31f9b9e0e1a96f1 Mon Sep 17 00:00:00 2001 From: shankaragoudab <140387294+shankaragoudab@users.noreply.github.com> Date: Tue, 2 Jan 2024 15:30:14 +0530 Subject: [PATCH 188/195] added user first login last login api --- ansible/roles/kong-api/defaults/main.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 40a46484ba..14f773e02b 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10883,3 +10883,17 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: userfirstloginlastlogin + uris: "/v1/user/login" + upstream_url: "{{ learning_service_url }}/v1/user/login" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + - config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + - config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" From 47057bda3682ff7fe7198f3a5c49351a3e212cfb Mon Sep 17 00:00:00 2001 From: Haritest Date: Tue, 2 Jan 2024 16:05:22 +0530 Subject: [PATCH 189/195] Update main.yml --- ansible/roles/kong-api/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 14f773e02b..eaf053c9fb 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10892,8 +10892,8 @@ kong_apis: - name: cors - "{{ statsd_pulgin }}" - name: rate-limiting - - config.policy: local + config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - - config.limit_by: credential + config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" From 6079729186dc1353df2bf403cbd0c1d44feb5241 Mon Sep 17 00:00:00 2001 From: shankaragoudab <140387294+shankaragoudab@users.noreply.github.com> Date: Tue, 2 Jan 2024 17:48:22 +0530 Subject: [PATCH 190/195] Updated the userfirstlogin api --- ansible/roles/kong-api/defaults/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index eaf053c9fb..bf3cf36b4f 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10889,8 +10889,12 @@ kong_apis: upstream_url: "{{ learning_service_url }}/v1/user/login" strip_uri: true plugins: + - name: jwt - name: cors - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" From 2b688b89821ab66c5465168d11acc920808eff27 Mon Sep 17 00:00:00 2001 From: ravisaurav-tarento <142487505+ravisaurav-tarento@users.noreply.github.com> Date: Thu, 4 Jan 2024 11:42:14 +0530 Subject: [PATCH 191/195] added API for request content by mdo --- ansible/roles/kong-api/defaults/main.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index bf3cf36b4f..2eb35d13b2 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10901,3 +10901,22 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: cbContentRequestByAdmin + uris: "{{ cb_plan_prefix }}/v1/admin/requestcontent" + upstream_url: "{{ sb_cb_ext_service_url }}/cbplan/v1/admin/requestcontent" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + From f1177f1ce28b6b28718fb2f4563c4a729f41e5e3 Mon Sep 17 00:00:00 2001 From: Haritest Date: Thu, 4 Jan 2024 11:53:13 +0530 Subject: [PATCH 192/195] Update main.yml Space corrected --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 2eb35d13b2..9834b07814 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10902,7 +10902,7 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: cbContentRequestByAdmin + - name: cbContentRequestByAdmin uris: "{{ cb_plan_prefix }}/v1/admin/requestcontent" upstream_url: "{{ sb_cb_ext_service_url }}/cbplan/v1/admin/requestcontent" strip_uri: true From 70de4fdab5a345a64cebfee0b6e376833fe6094c Mon Sep 17 00:00:00 2001 From: SaipradeepR <53404427+SaipradeepR@users.noreply.github.com> Date: Fri, 5 Jan 2024 07:08:38 +0530 Subject: [PATCH 193/195] Update main.yml Added entry for user total karma points --- ansible/roles/kong-api/defaults/main.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 9834b07814..e919a92051 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10920,3 +10920,20 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: karmapoints + uris: "/user/totalkarmapoints" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/user/totalkarmapoints" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" From 0b599aabb85451069b20fb4a3f5d9164b10343cf Mon Sep 17 00:00:00 2001 From: SaipradeepR <53404427+SaipradeepR@users.noreply.github.com> Date: Fri, 5 Jan 2024 10:29:47 +0530 Subject: [PATCH 194/195] Update main.yml Resolved conflict in kong entry names --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index e919a92051..c0083e9ef1 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10920,7 +10920,7 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: karmapoints + - name: totalkarmapoints uris: "/user/totalkarmapoints" upstream_url: "{{ sb_cb_ext_service_url }}/v1/user/totalkarmapoints" strip_uri: true From 348ca86606486bebe42040506fd73c02adc4682b Mon Sep 17 00:00:00 2001 From: Sahil-tarento <140611066+Sahil-tarento@users.noreply.github.com> Date: Fri, 5 Jan 2024 17:17:00 +0530 Subject: [PATCH 195/195] Adding the spv report --- ansible/roles/kong-api/defaults/main.yml | 36 ++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index c0083e9ef1..eb5e1c0b33 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10937,3 +10937,39 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: getReportInfoSPV + uris: "/storage/v1/spvReportInfo" + upstream_url: "{{ sb_cb_ext_service_url }}/storage/v1/spvReportInfo" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: storageReportDownloadSPV + uris: "/storage/v1/spvReport" + upstream_url: "{{ sb_cb_ext_service_url }}/storage/v1/spvReport" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}"