feat: added apache nifi (#100)

* feat: added apache nifi

* fix: issues

* fix: issues

* fix: nifi config

* chore: bump

* fix: ci

* fix: dep

.gitignore

@@ -32,4 +32,4 @@ Chart.lock
 **/charts
 repo
 tmp.yaml
-
+**/tmpcharts*

local-deployment-methods/helmfile/helmfile.yaml

@@ -0,0 +1,29 @@
+repositories:
+- name: codecentrics
+  url: https://codecentric.github.io/helm-charts
+- name: bitnami
+  url: https://charts.bitnami.com/bitnami
+- name: bitnami2
+  url: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
+- name: cloudhut
+  url: https://raw.githubusercontent.com/cloudhut/charts/master/archives
+- name: ory
+  url: https://k8s.ory.sh/helm/charts
+- name: mojaloop-charts
+  url: https://mojaloop.github.io/charts/repo
+- name: mojaloop
+  url: https://mojaloop.io/helm/repo/
+- name: cetic
+  url: https://cetic.github.io/helm-charts
+
+releases:
+- name: fp-backend
+  namespace: demo
+  chart: ../../mojaloop/example-backend
+  values:
+    - values-fp-backend-min.yaml
+- name: fp
+  namespace: demo
+  chart: ../../mojaloop/finance-portal
+  values:
+    - values-fp-min.yaml

local-deployment-methods/helmfile/values-fp-backend-min.yaml

@@ -0,0 +1,31 @@
+global:
+
+kafka:
+  enabled: false
+
+mysql:
+  enabled: false
+
+kowl:
+  enabled: false
+
+reporting-events-db:
+  enabled: true
+
+keto:
+  enabled: false
+
+oathkeeper:
+  enabled: false
+
+kratos:
+  enabled: false
+
+kratos-db:
+  enabled: false
+
+keto-db:
+  enabled: false
+
+wso2:
+  enabled: false

local-deployment-methods/helmfile/values-fp-min.yaml

@@ -0,0 +1,81 @@
+global:
+  adminApiSvc:
+    host: "centralledger-service"
+    port: 80
+  settlementSvc:
+    host: "centralsettlement-service"
+    port: 80
+  keto:
+    readURL: "http://keto-read:80"
+  reportingDB:
+    host: centralledger-mysql
+    port: 3306
+    user: user
+    database: default
+    # secret: {}
+    secret:
+      name: mysql
+      key: mysql-password
+  reportingEventsDB:
+    host: reporting-events-db
+    port: 27017
+    user: user
+    database: default
+    # secret: {}
+    secret:
+      name: reporting-events-db
+      key: mongodb-password
+  kafka:
+    host: test1-kafka-headless
+    port: 9092
+    topic: topic-event
+  rolePermOperator:
+    apiSvc: {}
+  keycloak:
+    url: 'http://keycloak:8080'
+    user: 'admin'
+    password: ''
+    # secret:
+    #   name: 'keycloak-secret'
+    #   key: 'password'
+    realm: 'master'
+
+
+rbacTests:
+  enabled: false
+
+reportTests:
+  enabled: false
+
+role-assignment-service:
+  enabled: false
+
+reporting-hub-bop-api-svc:
+  enabled: false
+
+reporting-legacy-api:
+  enabled: false
+
+reporting-events-processor-svc:
+  enabled: false
+
+reporting-hub-bop-experience-api-svc:
+  enabled: false
+
+reporting-hub-bop-shell:
+  enabled: false
+
+reporting-hub-bop-role-ui:
+  enabled: false
+
+reporting-hub-bop-trx-ui:
+  enabled: false
+
+reporting-hub-bop-positions-ui:
+  enabled: false
+
+reporting-hub-bop-settlements-ui:
+  enabled: false
+
+reporting-nifi-processor-svc:
+  enabled: true

mojaloop/example-backend/values.yaml

@@ -2411,11 +2411,11 @@ reporting-events-db:
     ## @param auth.databases List of custom databases to be created during the initialization
     ##
     usernames:
-      - 'bof'
+      - 'finance_portal'
     passwords:
-      - 'bof'
+      - 'password'
     databases:
-      - 'bof'
+      - 'finance_portal'
 
     username: ""
     password: ""

mojaloop/finance-portal/Chart.yaml

@@ -15,13 +15,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 4.2.5
+version: 4.3.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "4.2.5"
+appVersion: "4.3.0"
 dependencies:
   - name: common
     repository: "file://../common"
@@ -99,3 +99,10 @@ dependencies:
       - mojaloop
       - reporting-hub-bop-experience-api-svc
     version: 1.0.1
+  - name: reporting-nifi-processor-svc
+    condition: reporting-nifi-processor-svc.enabled
+    repository: "file://../reporting-nifi-processor-svc"
+    tags:
+      - mojaloop
+      - reporting-nifi-processor-svc
+    version: 0.0.1

mojaloop/finance-portal/values.yaml

@@ -286,3 +286,5 @@ reporting-hub-bop-settlements-ui:
       CENTRAL_SETTLEMENTS_ENDPOINT: http://test1-centralsettlement-service:80
       REPORTING_API_ENDPOINT: http://www-bof.local/proxy/transfers
 
+reporting-nifi-processor-svc:
+  enabled: true

mojaloop/reporting-nifi-processor-svc/Chart.yaml

@@ -0,0 +1,35 @@
+apiVersion: v2
+name: reporting-nifi-processor-svc
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.0.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.2.1"
+dependencies:
+  - name: common
+    repository: "file://../common"
+    tags:
+      - mojaloop
+      - common
+    version: 3.1.1
+  # - name: zookeeper
+  #   version: 9.2.7
+  #   repository: https://charts.bitnami.com/bitnami
+  #   condition: zookeeper.enabled

mojaloop/reporting-nifi-processor-svc/configs/authorizers.xml

@@ -0,0 +1,147 @@
+{{- $replicas := int .Values.replicaCount }}
+{{- $chart := .Chart.Name }}
+{{- $release := .Release.Name }}
+{{- $fullname := include "common.names.fullname" . }}
+{{- $namespace := .Release.Namespace }}
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+      http://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!--
+    This file lists the userGroupProviders, accessPolicyProviders, and authorizers to use when running securely. In order
+    to use a specific authorizer it must be configured here and it's identifier must be specified in the nifi.properties file.
+    If the authorizer is a managedAuthorizer, it may need to be configured with an accessPolicyProvider and an userGroupProvider.
+    This file allows for configuration of them, but they must be configured in order:
+    ...
+    all userGroupProviders
+    all accessPolicyProviders
+    all Authorizers
+    ...
+-->
+<authorizers>
+    <!--
+        The FileUserGroupProvider will provide support for managing users and groups which is backed by a file
+        on the local file system.
+        - Users File - The file where the FileUserGroupProvider will store users and groups.
+        - Legacy Authorized Users File - The full path to an existing authorized-users.xml that will be automatically
+            be used to load the users and groups into the Users File.
+        - Initial User Identity [unique key] - The identity of a users and systems to seed the Users File. The name of
+            each property must be unique, for example: "Initial User Identity A", "Initial User Identity B",
+            "Initial User Identity C" or "Initial User Identity 1", "Initial User Identity 2", "Initial User Identity 3"
+            NOTE: Any identity mapping rules specified in nifi.properties will also be applied to the user identities,
+            so the values should be the unmapped identities (i.e. full DN from a certificate).
+    -->
+    <userGroupProvider>
+        <identifier>file-user-group-provider</identifier>
+        <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
+        <property name="Users File">./auth-conf/users.xml</property>
+        <property name="Legacy Authorized Users File"></property>
+        {{- range $i := until $replicas }}
+        <property name="Initial User Identity {{ $i }}">CN={{ $fullname }}-{{ $i }}.{{ $fullname }}-headless.{{ $namespace }}.svc.cluster.local, OU=NIFI</property>
+        {{- end }}
+        <property name="Initial User Identity admin">{{ .Values.auth.admin }}</property>
+    </userGroupProvider>
+
+    <!--
+        The CompositeConfigurableUserGroupProvider will provide support for retrieving users and groups from multiple sources.
+        Additionally, a single configurable user group provider is required. Users from the configurable user group provider
+        are configurable, however users loaded from one of the User Group Provider [unique key] will not be.
+        - Configurable User Group Provider - A configurable user group provider.
+        - User Group Provider [unique key] - The identifier of user group providers to load from. The name of
+            each property must be unique, for example: "User Group Provider A", "User Group Provider B",
+            "User Group Provider C" or "User Group Provider 1", "User Group Provider 2", "User Group Provider 3"
+            NOTE: Any identity mapping rules specified in nifi.properties are not applied in this implementation. This behavior
+            would need to be applied by the base implementation.
+    -->
+    <!-- To enable the composite-configurable-user-group-provider remove 2 lines. This is 1 of 2.
+    <userGroupProvider>
+        <identifier>composite-configurable-user-group-provider</identifier>
+        <class>org.apache.nifi.authorization.CompositeConfigurableUserGroupProvider</class>
+        <property name="Configurable User Group Provider">file-user-group-provider</property>
+        <property name="User Group Provider 1"></property>
+    </userGroupProvider>
+    To enable the composite-configurable-user-group-provider remove 2 lines. This is 2 of 2. -->
+
+    <!--
+        The FileAccessPolicyProvider will provide support for managing access policies which is backed by a file
+        on the local file system.
+        - User Group Provider - The identifier for an User Group Provider defined above that will be used to access
+            users and groups for use in the managed access policies.
+        - Authorizations File - The file where the FileAccessPolicyProvider will store policies.
+        - Initial Admin Identity - The identity of an initial admin user that will be granted access to the UI and
+            given the ability to create additional users, groups, and policies. The value of this property could be
+            a DN when using certificates or LDAP, or a Kerberos principal. This property will only be used when there
+            are no other policies defined. If this property is specified then a Legacy Authorized Users File can not be specified.
+            NOTE: Any identity mapping rules specified in nifi.properties will also be applied to the initial admin identity,
+            so the value should be the unmapped identity. This identity must be found in the configured User Group Provider.
+        - Legacy Authorized Users File - The full path to an existing authorized-users.xml that will be automatically
+            converted to the new authorizations model. If this property is specified then an Initial Admin Identity can
+            not be specified, and this property will only be used when there are no other users, groups, and policies defined.
+            NOTE: Any users in the legacy users file must be found in the configured User Group Provider.
+        - Node Identity [unique key] - The identity of a NiFi cluster node. When clustered, a property for each node
+            should be defined, so that every node knows about every other node. If not clustered these properties can be ignored.
+            The name of each property must be unique, for example for a three node cluster:
+            "Node Identity A", "Node Identity B", "Node Identity C" or "Node Identity 1", "Node Identity 2", "Node Identity 3"
+            NOTE: Any identity mapping rules specified in nifi.properties will also be applied to the node identities,
+            so the values should be the unmapped identities (i.e. full DN from a certificate). This identity must be found
+            in the configured User Group Provider.
+    -->
+    <accessPolicyProvider>
+        <identifier>file-access-policy-provider</identifier>
+        <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
+        <property name="User Group Provider">file-user-group-provider</property>
+        <property name="Authorizations File">./auth-conf/authorizations.xml</property>
+        <property name="Initial Admin Identity">{{ .Values.auth.admin }}</property>
+        <property name="Legacy Authorized Users File"></property>
+        {{- range $i := until $replicas }}
+        <property name="Node Identity {{ $i }}">CN={{ $fullname }}-{{ $i }}.{{ $fullname }}-headless.{{ $namespace }}.svc.cluster.local, OU=NIFI</property>
+        {{- end }}
+        <property name="Node Identity"></property>
+    </accessPolicyProvider>
+     <!--
+        The StandardManagedAuthorizer. This authorizer implementation must be configured with the
+        Access Policy Provider which it will use to access and manage users, groups, and policies.
+        These users, groups, and policies will be used to make all access decisions during authorization
+        requests.
+        - Access Policy Provider - The identifier for an Access Policy Provider defined above.
+    -->
+    <authorizer>
+        <identifier>managed-authorizer</identifier>
+        <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
+        <property name="Access Policy Provider">file-access-policy-provider</property>
+    </authorizer>
+    <!--
+        NOTE: This Authorizer has been replaced with the more granular approach configured above with the Standard
+        Managed Authorizer. However, it is still available for backwards compatibility reasons.
+        The FileAuthorizer is NiFi's provided authorizer and has the following properties:
+        - Authorizations File - The file where the FileAuthorizer will store policies.
+        - Users File - The file where the FileAuthorizer will store users and groups.
+        - Initial Admin Identity - The identity of an initial admin user that will be granted access to the UI and
+            given the ability to create additional users, groups, and policies. The value of this property could be
+            a DN when using certificates or LDAP, or a Kerberos principal. This property will only be used when there
+            are no other users, groups, and policies defined. If this property is specified then a Legacy Authorized
+            Users File can not be specified.
+            NOTE: Any identity mapping rules specified in nifi.properties will also be applied to the initial admin identity,
+            so the value should be the unmapped identity.
+        - Legacy Authorized Users File - The full path to an existing authorized-users.xml that will be automatically
+            converted to the new authorizations model. If this property is specified then an Initial Admin Identity can
+            not be specified, and this property will only be used when there are no other users, groups, and policies defined.
+        - Node Identity [unique key] - The identity of a NiFi cluster node. When clustered, a property for each node
+            should be defined, so that every node knows about every other node. If not clustered these properties can be ignored.
+            The name of each property must be unique, for example for a three node cluster:
+            "Node Identity A", "Node Identity B", "Node Identity C" or "Node Identity 1", "Node Identity 2", "Node Identity 3"
+            NOTE: Any identity mapping rules specified in nifi.properties will also be applied to the node identities,
+            so the values should be the unmapped identities (i.e. full DN from a certificate).
+    -->
+</authorizers>