Basket Finalization Service
Migration to v1.23.0
Service 2 Service Authentication
Add - new API path:
The "service 2 service" feature has been introduced in this version of the Basket Finalization Service. From now on, the Basket Finalization Service is only able to validate service tokens (client/operator tokens are no longer validated). The validation of all kinds of client/operator tokens now happens in the API gateway, therefore the new API path has been introduced (/api/basket-finalization) and must be used by all clients (Basket Authorization and Authentication).
Add - new base roles:
A new set of base roles has been introduced for the Basket Finalization Service. Every client calling the Basket Finalization Service needs the required base role for the called endpoint either in its service token or passport (if it is the first service in the call chain). The new base roles start with "b:basket.fin".
Remove - "tenantId" as a variable in the base path (url):
Resolving the "tenantId" out of the request URL of an incoming request has been removed by changing the security lib (AppKit to cloud platform). The tenantId must be provided by the caller via an http header (GK-Tenant-Id) or in the passport.
Section in the API Guideline: Using tenantId as a variable in the base path does not work well with the API gateway. Therefore, new service APIs must not use tenantId as a path. The tenantId must be taken from JWT (transformed by the API gateway into GK Passport) or the GK-Tenant-Id header.
Migration to v1.19.0
Configuration Changes
| Old | New | Description |
|---|---|---|
|
|
|
Migration to v1.11.0
Configuration Changes
A lot of configurations have been moved from the Storemanager template to application.yaml (e.g. client-side 'Basic Auth' credentials are automatically set to cluster secret values and do not need to be configured in the SM template).
| Removed | application.yaml (New) | Description | |
|---|---|---|---|
| ## Basket Service gkr.basket-finalization-service.remote-client.basket.url gkr.basket-finalization-service.remote-client.basket.connectTimeout gkr.basket-finalization-service.remote-client.basket.readTimeout core.common.security.client.http.auth.group.basket-service.type core.common.security.client.http.auth.group.basket-service.BASIC.username core.common.security.client.http.auth.group.basket-service.BASIC.password |
|
No manual config change in the cluster needed. URLs are set to cloud-internal URLs and credentials are filled with values from cluster secrets. | |
| ## Gate Service gkr.basket-finalization-service.remote-client.gate-service.url gkr.basket-finalization-service.remote-client.gate-service.connectTimeout gkr.basket-finalization-service.remote-client.gate-service.readTimeout core.common.security.client.http.auth.group.gate-service.type core.common.security.client.http.auth.group.gate-service.BASIC.username core.common.security.client.http.auth.group.gate-service.BASIC.password |
|
No manual config change in the cluster needed. URLs are set to cloud-internal URLs and credentials are filled with values from cluster secrets. | |
| ## POS Service gkr.basket-finalization-service.remote-client.pos-service.url gkr.basket-finalization-service.remote-client.pos-service.connectTimeout gkr.basket-finalization-service.remote-client.pos-service.readTimeout core.common.security.client.http.auth.group.pos-service.type core.common.security.client.http.auth.group.pos-service.BASIC.username core.common.security.client.http.auth.group.pos-service.BASIC.password |
|
No manual config change in the cluster needed. URLs are set to cloud-internal URLs and credentials are filled with values from cluster secrets. | |
| ## SDC gkr.basket-finalization-service.remote-client.sdc.url gkr.basket-finalization-service.remote-client.sdc.connectTimeout gkr.basket-finalization-service.remote-client.sdc.readTimeout core.common.security.client.http.auth.group.sdc.type core.common.security.client.http.auth.group.sdc.BASIC.username core.common.security.client.http.auth.group.sdc.BASIC.password |
|
No manual config change in the cluster needed. URLs are set to cloud-internal URLs and credentials are filled with values from cluster secrets. | |
| ## Digital Receipt Service (eMailbon backend) gkr.basket-finalization-service.remote-client.digital-receipt-service.url gkr.basket-finalization-service.remote-client.digital-receipt-service.connectTimeout gkr.basket-finalization-service.remote-client.digital-receipt-service.readTimeout core.common.security.client.http.auth.group.digital-receipt-service.type core.common.security.client.http.auth.group.digital-receipt-service.BASIC.username core.common.security.client.http.auth.group.digital-receipt-service.BASIC.password |
|
|
URL, user and password must be set for the specific cluster e.g: |
| ## Transaction Pool gkr.basket-finalization-service.remote-client.tx-pool.url gkr.basket-finalization-service.remote-client.tx-pool.connectTimeout gkr.basket-finalization-service.remote-client.tx-pool.readTimeout core.common.security.client.http.auth.group.transaction-pool.type core.common.security.client.http.auth.group.transaction-pool.BASIC.username core.common.security.client.http.auth.group.transaction-pool.BASIC.password |
|
No manual config change in the cluster needed. URLs are set to cloud-internal URLs and credentials are filled with values from cluster secrets. | |
| # Caching caching.cachingEnabled caching.mbeansEnabled caching.statisticsEnabled # Cache BusinessUnit caching.cache.BusinessUnit.expiration caching.cache.BusinessUnit.capacity |
|
No manual config change in the cluster needed. | |
| ## Kafka spring.kafka.bootstrapServers spring.kafka.consumer.groupId spring.kafka.producer.clientId spring.kafka.producer.acks gkr.basket-finalization-service.kafka.enabled # Prefix of Kafka topics for cases where multiple application instances share the same Kafka broker: gkr.basket-finalization-service.kafka.topics.prefix= # Kafka topic for store events gkr.basket-finalization-service.kafka.topics.storeEventsTopic # Kafka topic for basket events gkr.basket-finalization-service.kafka.topics.basketEventsTopic gkr.basket-finalization-service.kafka.listeners.basketEventsListener.concurrency gkr.basket-finalization-service.kafka.listeners.basketEventsListener.initialRetryInterval gkr.basket-finalization-service.kafka.listeners.basketEventsListener.retryIntervalMultiplier gkr.basket-finalization-service.kafka.listeners.basketEventsListener.maxRetryInterval gkr.basket-finalization-service.kafka.listeners.basketEventsListener.maxRetriesNumber gkr.basket-finalization-service.kafka.listeners.basketEventsListener.maxPollRecords gkr.basket-finalization-service.kafka.listeners.basketEventsListener.maxPollInterval # Kafka topic for basket finalization events gkr.basket-finalization-service.kafka.topics.basketFinalizationEventsTopic gkr.basket-finalization-service.kafka.listeners.finalizationEventsListener.concurrency gkr.basket-finalization-service.kafka.listeners.finalizationEventsListener.initialRetryInterval gkr.basket-finalization-service.kafka.listeners.finalizationEventsListener.retryIntervalMultiplier gkr.basket-finalization-service.kafka.listeners.finalizationEventsListener.maxRetryInterval gkr.basket-finalization-service.kafka.listeners.finalizationEventsListener.maxRetriesNumber gkr.basket-finalization-service.kafka.listeners.finalizationEventsListener.maxPollRecords gkr.basket-finalization-service.kafka.listeners.finalizationEventsListener.maxPollInterval # StoreDeviceEvents gkr.basket-finalization-service.store-device-events.destination gkr.basket-finalization-service.store-device-events.deviceGroup gkr.basket-finalization-service.store-device-events.deviceType |
|
|
Topic names can be changed for a specific cluster via: |
| log4j-logging.propeties (complete file) |
|
Log settings can now be changed to "env" variables via helm chart values. Example: values.yaml |