Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configure Secure connectivity between Core Mojaloop Service and Backends (Tracking) #2100

Open
85 tasks
mdebarros opened this issue Mar 8, 2021 · 3 comments
Open
85 tasks
Labels
break-this-up oss-core This is an issue - story or epic related to a feature on a Mojaloop core service or related to it story to-be-refined This story is ready to be groomed

Comments

@mdebarros
Copy link
Member

mdebarros commented Mar 8, 2021

Goal:

As a Hub Operator

I want to configure TLS/Authentication for Mojaloop Backend services

so that communication is secure & authenticated between Mojaloop and Backend Services

Acceptance Criteria:

  • Central-Ledger supports TLS/Authentication configs for:
    • Kafka
    • MySQL
    • MongoDB
  • ML-API-Adapter supports TLS/Authentication configs for:
    • Kafka
  • Bulk-API-Adapter supports TLS/Authentication configs for:
    • Kafka
    • MongoDB
  • Central-Settlements supports TLS/Authentication configs for:
    • Kafka
    • MySQL
  • Account-Lookup-Service supports TLS/Authentication configs for:
    • MySQL
  • Quoting-Service supports TLS/Authentication configs for:
    • MySQL
    • Redis
  • Mojaloop-Simulators supports TLS/Authentication configs for:
    • Redis
  • Event-sidecar supports TLS/Authentication configs for:
    • Kafka
  • Event-Stream-Processor supports TLS/Authentication configs for:
    • Kafka
    • ElasticSearch supports TLS/Authentication configs for:
    • APM
  • Schema-Adapter supports TLS/Authentication configs for:
    • Redis
  • Email-Notifier supports TLS/Authentication configs for:
    • Kafka
  • Finance-Portal supports TLS/Authentication configs for:
    • MySQL
  • Settlement-Management supports TLS/Authentication configs for:
    • MySQL

Complexity: Medium

Uncertainty: Low


Tasks:

  • Update Central-Services-Database to support config for TLS & Authentication [#?] ~ 3
  • Update Central-Services-Stream to support config for TLS & Authentication [#?] ~ 3
  • Update Central-Object-Store to support config for TLS & Authentication [#?] ~ 3
    - In review - I simply allowed us to pass in config objects to Mongoose
  • Central-Ledger [#?] ~ 3
    • config files
    • setup/config for backends
    • integration tests
  • ML-API-Adapter [#?] ~ 3
    • config files
    • setup/config for backends
  • Bulk-API-Adapter [#?] ~ 3
    • config files
    • setup/config for backends
  • Central-Settlements [#?] ~ 3
    • config files
    • setup/config for backends
  • Account-Lookup-Service [#?] ~ 3
    • config files
    • setup/config for backends
  • Quoting-Service [#?] ~ 3
    • config files
    • setup/config for backends
  • Mojaloop-Simulators [#?] ~ 3
    • config files
    • setup/config for backends
  • Event-sidecar [#?] ~ 3
    • config files
    • setup/config for backends
  • Event-Stream-Processor [#?] ~ 3
    • config files
    • setup/config for backends
  • Schema-Adapter [#?] ~ 3
    • config files
    • setup/config for backends
  • Email-Notifier [#?] ~ 3
    • config files
    • setup/config for backends
  • Finance-Portal [#?] ~ 3
    • config files
    • setup/config for backends
  • Settlement-Management [#?] ~ 3
    • config files
    • setup/config for backends
  • Helm Support for TLS & Authentication Secrets [#?] ~ 5
    • Central-Ledger
    • ML-API-Adapter
    • Bulk-API-Adapter
    • Central-Settlements
    • Account-Lookup-Service
    • Quoting-Service
    • Mojaloop-Simulators
    • Event-sidecar
    • Event-Stream-Processor
    • Schema-Adapter
    • Email-Notifier
    • Finance-Portal
    • Settlement-Management

Done

  • Acceptance Criteria pass
  • Designs are up-to date
  • Unit Tests pass
  • Integration Tests pass
  • Code Style & Coverage meets standards
  • Changes made to config (default.json) are broadcast to team and follow-up tasks added to update helm charts and other deployment config.
  • TBD

Pull Requests:

Follow-up:

  • N/A

Dependencies:

  • N/A

Accountability:

  • Owner: TBC
  • QA/Review: TBC
@mdebarros mdebarros added the story label Mar 8, 2021
@mdebarros mdebarros changed the title Configure TLS & Authentication for Core Mojaloop Service connectivity to Backends Configure Secure connectivity between Core Mojaloop Service and Backends Mar 8, 2021
@mdebarros mdebarros changed the title Configure Secure connectivity between Core Mojaloop Service and Backends Configure Secure connectivity between Core Mojaloop Service and Backends (Tracking) Mar 8, 2021
@mdebarros mdebarros added break-this-up to-be-refined This story is ready to be groomed labels Mar 8, 2021
@vgenev vgenev added good first issue Good for newcomers and removed good first issue Good for newcomers labels Mar 8, 2021
@lewisdaly
Copy link
Contributor

MongoDB support for TLS doesn't look all that difficult:

https://github.com/Automattic/mongoose/blob/c25169702ccc2a8f8123853453ed755f17278ce7/docs/tutorials/ssl.md

We will probably want to expose some options around specifying a CA file, and turning off and on the sslValidate option.

@lewisdaly lewisdaly self-assigned this Mar 26, 2021
@lewisdaly
Copy link
Contributor

@mdebarros maybe we can convert this into an Epic? Seems pretty epic to me.

@elnyry-sam-k elnyry-sam-k added the oss-core This is an issue - story or epic related to a feature on a Mojaloop core service or related to it label Jun 2, 2021
@elnyry-sam-k
Copy link
Member

yep @lewisdaly , @mdebarros - this is epic :-)

@lewisdaly lewisdaly removed their assignment Nov 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
break-this-up oss-core This is an issue - story or epic related to a feature on a Mojaloop core service or related to it story to-be-refined This story is ready to be groomed
Projects
None yet
Development

No branches or pull requests

4 participants