<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:21:44 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-2583] Spike: Distributed configuration</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-2583</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;h2&gt;&lt;a name=&quot;Overview&quot;&gt;&lt;/a&gt;Overview&lt;/h2&gt;
&lt;p&gt;One outcome of 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-2565&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-2565&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Misleading Permission Set Configuration&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium&quot; /&gt;
            FOLIO-2565
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 is that centralized configuration via mod-configuration is problematic from a security perspective.  It provides a convenient mechanism for storing configuration, but the permission granularity is too coarse.  Granting a user the ability to access an entry for one app means that they will also have access to ALL configuration entries.&lt;/p&gt;

&lt;p&gt;An idea was proposed that all modules have a system interface which can be implement (or not), that presents a common interface for accessing configuration specific to various modules.&lt;/p&gt;

&lt;p&gt;e.g. each module would have the opportunity to implement the &quot;config&quot; interface and implement:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;GET /configurations/entries&lt;/li&gt;
	&lt;li&gt;GET /configurations/entries/&amp;lt;id&amp;gt;&lt;/li&gt;
	&lt;li&gt;POST /configurations/entries&lt;/li&gt;
	&lt;li&gt;PUT /configurations/entries/&amp;lt;id&amp;gt;&lt;/li&gt;
	&lt;li&gt;DELETE /configurations/entries/&amp;lt;id&amp;gt;&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Each of which would be protected by discrete permissions, e.g. mod-foo might have:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;foo.configurations.collection.get,&lt;/li&gt;
	&lt;li&gt;foo.configurations.item.get (put/post/delete)&lt;/li&gt;
&lt;/ul&gt;


&lt;h2&gt;&lt;a name=&quot;AcceptanceCriteria&quot;&gt;&lt;/a&gt;Acceptance Criteria&lt;/h2&gt;
&lt;ul&gt;
	&lt;li&gt;The following questions should be answered
	&lt;ul&gt;
		&lt;li&gt;Feasibility of this idea - a POC might make sense&lt;/li&gt;
		&lt;li&gt;What would adoption of this look like?  Is an opt-in model viable?&lt;/li&gt;
		&lt;li&gt;Are there other aspects to this that should be considered in the decision making process?
		&lt;ul&gt;
			&lt;li&gt;Sample/Reference data loading - seems like a win to me over centralized configuration&lt;/li&gt;
			&lt;li&gt;Default implementation by RMB?  Reference implementation?&lt;/li&gt;
			&lt;li&gt;Impact to the UI?&lt;/li&gt;
			&lt;li&gt;Optional use of permissionsDesired to offer even finer grained access control?&lt;/li&gt;
			&lt;li&gt;Ability to incorporate secret storage (encryption at rest) in the future, i.e. via extension of this API?&lt;/li&gt;
		&lt;/ul&gt;
		&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
	&lt;li&gt;Documentation of the high level design on the wiki&lt;/li&gt;
	&lt;li&gt;User stores are created for implementation&lt;/li&gt;
&lt;/ul&gt;
</description>
                <environment></environment>
        <key id="79625">FOLIO-2583</key>
            <summary>Spike: Distributed configuration</summary>
                <type id="10005" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10309?size=medium">Story</type>
                                            <priority id="10002" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p3.svg">P3</priority>
                        <status id="1" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/open.png" description="The issue is open and ready for the assignee to start work on it.">Open</status>
                    <statusCategory id="2" key="new" colorName="blue-gray"/>
                                    <resolution id="-1">Unresolved</resolution>
                                                        <assignee accountid="-1">Unassigned</assignee>
                                                                <reporter accountid="5cf6c546b87c300f36eb7b9a">Craig McNally</reporter>
                                    <labels>
                    </labels>
                <created>Mon, 4 May 2020 18:25:11 +0000</created>
                <updated>Fri, 28 Aug 2020 09:27:27 +0000</updated>
                                                                                <due></due>
                            <votes>0</votes>
                                    <watches>4</watches>
                                                                <comments>
                                                            <comment id="189472" author="557058:de4eac47-6d4e-4b50-9c3c-4a82ed705e52" created="Fri, 15 May 2020 12:20:16 +0000"  >&lt;p&gt;It looks like I did not comprehend the goal of implementing this distributed configuration. &lt;br/&gt;
As for me, the configuration itself is not a part of a module, and it can&#8217;t be provided by any other FOLIO modules, because usually configuration parameters are needed at the initialization stage of the module&#8217;s lifecycle less often during other module&apos;s activities. But there is no guarantee that the configuration module itself already completed its starting when a module requires configuration params at the initialization phase. The good solution here is to use externalized configurations (&lt;a href=&quot;https://microservices.io/patterns/externalized-configuration.html&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://microservices.io/patterns/externalized-configuration.html&lt;/a&gt;). It can be achieved in two ways. Either all configuration params are provided as environment variables to a module at start-up or there can be a dedicated configuration server that is not a part of the FOLIO, and each FOLIO module just connects to it to read its configurations. There is a wide variety of production-grade solutions for this like ZooKeeper, Consul, etcd. Vault can be used to leverage secure storage, etc. If we are talking about K8S it provides &#8220;Config Maps&#8221; and &#8220;Secrets&#8221; out of the box for providing configuration capabilities. We even can use a simple Spring Cloud Config Server and just learn RMB how to deal with that. Behind the Spring Config Server, there can be any configuration provider starting from flat properties files to the git repo and others. &lt;br/&gt;
So, what I want to say is that there are many solutions already available to us. So we do not have to reinvent the wheel, just work out criteria and requirements and select a solution that suits best our needs.&lt;/p&gt;</comment>
                                                            <comment id="189475" author="5cf6c546b87c300f36eb7b9a" created="Thu, 28 May 2020 18:27:09 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ade4eac47-6d4e-4b50-9c3c-4a82ed705e52&quot; class=&quot;user-hover&quot; rel=&quot;557058:de4eac47-6d4e-4b50-9c3c-4a82ed705e52&quot; data-account-id=&quot;557058:de4eac47-6d4e-4b50-9c3c-4a82ed705e52&quot; accountid=&quot;557058:de4eac47-6d4e-4b50-9c3c-4a82ed705e52&quot; rel=&quot;noreferrer&quot;&gt;Taras Spashchenko&lt;/a&gt; how would external configuration storage work with permissions?  The main challenge we face here is that the permissions in mod-configuration are not granular enough.  You&apos;re either able to access all config entries, or none of them.  By distributing the configuration we&apos;re able to better control who can access which configuration entries... i.e. a user might need to access orders configuration but not SAML or email configuration.  &lt;/p&gt;

&lt;p&gt;That&apos;s not to say that we the underlying storage can&apos;t be some external system, but users shouldn&apos;t be able to go directly to that storage to access configuration, otherwise we&apos;re back to all or nothing access.&lt;/p&gt;</comment>
                                                            <comment id="189477" author="5cf6c546b87c300f36eb7b9a" created="Thu, 27 Aug 2020 16:40:21 +0000"  >&lt;p&gt;See &lt;a href=&quot;https://folio-org.atlassian.net/wiki/display/DD/Distributed+Configuration&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-org.atlassian.net/wiki/display/DD/Distributed+Configuration&lt;/a&gt;&lt;/p&gt;</comment>
                                                            <comment id="189479" author="557058:de4eac47-6d4e-4b50-9c3c-4a82ed705e52" created="Fri, 28 Aug 2020 09:27:27 +0000"  >&lt;p&gt;Thank you.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="81663">FOLIO-2565</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="64755">MODOAIPMH-243</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10144"><![CDATA[Core: Platform]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i013lb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="1423">CP: Non-roadmap backlog</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Fri, 15 May 2020 12:20:16 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>