Service Descriptors

For services that communicate with external services e.g. REST apis, triggers etc, there is a need to provide different values (called service descriptors) when deploying to different environments. A common case is when a given container is promoted via different environments (dev → test → prod) and need to access different services when in a different environment.

Service descriptors can be extracted from the DDC container by running it with an environment DES_INFO=json set.

An example docker run command would look like following:

docker run --rm --env DES_INFO=json <DDC_IMAGE>:<TAG>

This command will print an output that looks like:

{
  "prod/bpmn/my-service/1.0": [
    {
      "interfaceId": "_c9e1e003-ec00-47bc-abfe-10df53c1ed46", // 1
      "interfaceName": "Calculate Body Mass Index",
      "id": "6332b6e2-db81-4885-9a28-d20beb42e92e",
      "serviceUrl": "http://localhost:8080/execution", // 2
      "updated": "Mar 15, 2021, 12:17:11 PM",
      "name": "bpmn-test",
      "type": "oauth2", // 3
      "options": {  // 4
        "clientSecret": "to be set",
        "clientId": "to be set",
        "accessToken": "to be set",
        "tokenType": "Bearer",
        "refreshUrl": "http://localhost:8080/oauth2/token"
      }
    }
  ],
  ...
}

  1. Service interface that defines communication with the external system

  2. URL of the external system

  3. Authentication type

  4. Authentication options, note that when taken out from the container all sensitive information are replaced with to be set

This JSON file can be imported in the Service Descriptor Editor to easily modify them and prepare them for deployment.

The DDC consider a secret called <DDC_NAME>-ddc-service-descriptors with one secrets following the naming convention environment_group_artifact_version. For a DDC, the environment is always prod.

apiVersion: v1
kind: Secret
metadata:
 name: <DDC_NAME>-ddc-service-descriptors
type: Opaque
data:
  environment_group_artifact1_version:
    service: base64.encoded.json.descriptor
  environment_group_artifact2_version:
    service: base64.encoded.json.descriptor
To avoid creating entries for each service, file names can be reduced to be applied on higher level. Use file name prod_finance to apply to all services that are deployed to prod environment and are with finance group. Similar can be applied for all services in prod environment or all versions of prod_finance_my-service