Copyright (C) 2023 The Open Library Foundation
This software is distributed under the terms of the Apache License, Version 2.0. See the file "LICENSE" for more information.
An edge API for FOLIO Query Machine.
Provides an ability to retrieve query and entity type information from FOLIO
The purpose of this edge API is to bridge the gap between 3rd party discovery services and FOLIO mod-fqm-manager module.
The edge-fqm API is secured via the facilities provided by edge-common. More specifically, via API Key. See edge-common for additional details.See edge-common-spring
- See edge-common for a description of how configuration works.
System properties
| Property | Default | Description |
|---|---|---|
server.port |
8081 |
Server port to listen on |
folio.client.okapiUrl |
http://okapi:9130 |
Okapi (URL) |
secure_store |
Ephemeral |
Type of secure store to use. Valid: Ephemeral, AwsSsm, Vault |
secure_store_props |
src/main/resources/ephemeral.properties |
Path to a properties file specifying secure store configuration |
To configure Transport Layer Security (TLS) for HTTP endpoints in edge module, the following configuration parameters can be used. These parameters allow you to specify key and keystore details necessary for setting up TLS.
spring.ssl.bundle.jks.web-server.key.password
- Description: Specifies the password for the private key in the keystore.
- Example:
spring.ssl.bundle.jks.web-server.key.password=SecretPassword
spring.ssl.bundle.jks.web-server.key.alias
- Description: Specifies the alias of the key within the keystore.
- Example:
spring.ssl.bundle.jks.web-server.key.alias=localhost
spring.ssl.bundle.jks.web-server.keystore.location
- Description: Specifies the location of the keystore file in the local file system.
- Example:
spring.ssl.bundle.jks.web-server.keystore.location=/some/secure/path/test.keystore.bcfks
spring.ssl.bundle.jks.web-server.keystore.password
- Description: Specifies the password for the keystore.
- Example:
spring.ssl.bundle.jks.web-server.keystore.password=SecretPassword
spring.ssl.bundle.jks.web-server.keystore.type
- Description: Specifies the type of the keystore. Common types include
JKS,PKCS12, andBCFKS. - Example:
spring.ssl.bundle.jks.web-server.keystore.type=BCFKS
server.ssl.bundle
- Description: Specifies which SSL bundle to use for configuring the server. This parameter links to the defined SSL bundle, for example,
web-server. - Example:
server.ssl.bundle=web-server
server.port
- Description: Specifies the port on which the server will listen for HTTPS requests.
- Example:
server.port=8443
To enable TLS for the edge module using the above parameters, you need to provide them as the environment variables. Below is an example configuration:
spring.ssl.bundle.jks.web-server.key.password=SecretPassword
spring.ssl.bundle.jks.web-server.key.alias=localhost
spring.ssl.bundle.jks.web-server.keystore.location=classpath:test/test.keystore.bcfks
spring.ssl.bundle.jks.web-server.keystore.password=SecretPassword
spring.ssl.bundle.jks.web-server.keystore.type=BCFKS
server.ssl.bundle=web-server
server.port=8443Also, you can use the relaxed binding with the upper case format, which is recommended when using system environment variables.
SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_PASSWORD=SecretPassword
SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_ALIAS=localhost
SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_LOCATION=classpath:test/test.keystore.bcfks
SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_PASSWORD=SecretPassword
SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE=BCFKS
SERVER_SSL_BUNDLE=web-server
SERVER_PORT=8443To configure Transport Layer Security (TLS) for HTTP clients created using Feign annotations in the edge module, you can use the following configuration parameters. These parameters allow you to specify trust store details necessary for setting up TLS for Feign clients.
folio.client.okapiUrl
- Description: Specifies the base URL for the Okapi service.
- Example:
folio.client.okapiUrl=https://okapi:443
folio.client.tls.enabled
- Description: Enables or disables TLS for the Feign clients.
- Example:
folio.client.tls.enabled=true
folio.client.tls.trustStorePath
- Description: Specifies the location of the trust store file.
- Example:
folio.client.tls.trustStorePath=classpath:/some/secure/path/test.truststore.bcfks
folio.client.tls.trustStorePassword
- Description: Specifies the password for the trust store.
- Example:
folio.client.tls.trustStorePassword="SecretPassword"
folio.client.tls.trustStoreType
- Description: Specifies the type of the trust store. Common types include
JKS,PKCS12, andBCFKS. - Example:
folio.client.tls.trustStoreType=bcfks
The trustStorePath, trustStorePassword, and trustStoreType parameters can be omitted if the server provides a public certificate.
To enable TLS for Feign HTTP clients using the above parameters, you need to provide them as the environment variables. Below is an example configuration:
folio.client.okapiUrl=https://okapi:443
folio.client.tls.enabled=true
folio.client.tls.trustStorePath=classpath:test/test.truststore.bcfks
folio.client.tls.trustStorePassword=SecretPassword
folio.client.tls.trustStoreType=bcfksAlso, you can use the relaxed binding with the upper case format, which is recommended when using system environment variables.
FOLIO_CLIENT_OKAPIURL=https://okapi:443
FOLIO_CLIENT_TLS_ENABLED=true
FOLIO_CLIENT_TLS_TRUSTSTOREPATH=classpath:test/test.truststore.bcfks
FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD=SecretPassword
FOLIO_CLIENT_TLS_TRUSTSTORETYPE=bcfksSpring boot properties can be overridden using the specified environment variables, if it is not it can be done using one of the following approaches (see also the documentation Spring Boot Externalized Configuration):
- Using the environment variable
SPRING_APPLICATION_JSON(example:SPRING_APPLICATION_JSON='{"foo":{"bar":"spam"}}') - Using the system variables within the
JAVA_OPTIONS(example:JAVA_OPTIONS=-Xmx400m -Dserver.port=1234)