Standardize configuration properties (#4452)

* Standardize configuration properties

* Refactor application properties files

* Make integration tests use the new application properties

* Make integration tests use the vertx client internally

* Make integration tests publish multi arch images

* Fix go sdk test

* Rename registry properties to apicurio properties

* Fix ui configuration page

* Rename missing properties

* Fix download ttl property name

* Align configuration properties

* Fix sql storage kind in integration tests

* Fix remaining properties issues

Author: carlesarnal

.github/workflows/integration-tests.yaml

@@ -38,6 +38,23 @@ jobs:
           distribution: 'temurin'
           cache: 'maven'
 
+      # Open-Source Machine emulator that allows you to emulate multiple CPU architectures on your machine
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      # Docker CLI plugin for extended build capabilities with BuildKit
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Inspect builder
+        run: |
+          echo "Name:      ${{ steps.buildx.outputs.name }}"
+          echo "Endpoint:  ${{ steps.buildx.outputs.endpoint }}"
+          echo "Status:    ${{ steps.buildx.outputs.status }}"
+          echo "Flags:     ${{ steps.buildx.outputs.flags }}"
+          echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
+
       - name: Get maven wrapper
         run: mvn -N io.takari:maven:wrapper -Dmaven=3.8.2
 
@@ -46,7 +63,7 @@ jobs:
 
       - name: Build and Push Application image
         run: |
-          docker build --push -f ./distro/docker/target/docker/Dockerfile.jvm -t ttl.sh/${{ github.sha }}/apicurio/apicurio-registry:1d ./distro/docker/target/docker
+          docker buildx build --push -f ./distro/docker/target/docker/Dockerfile.jvm -t ttl.sh/${{ github.sha }}/apicurio/apicurio-registry:1d --platform linux/amd64,linux/arm64,linux/s390x,linux/ppc64le ./distro/docker/target/docker
 
   prepare-ui-tests:
     name: Prepare for UI Integration Tests

README.md

@@ -22,9 +22,9 @@ Starting with Apicurio Registry 3.0, we now produce a single artifact suitable f
 
 Which storage variant will be used is determined by the following configuration:
 
-|Option|Command argument|Env. variable|
-|---|---|---|
-|Registry Storage Variant|`-Dregistry.storage.kind`|`REGISTRY_STORAGE_KIND`|
+|Option|Command argument| Env. variable           |
+|---|---|-------------------------|
+|Registry Storage Variant|`-Dapicurio.storage.kind`| `APICURIO_STORAGE_KIND` |
 
 For this property, there are three possible values:
 - *sql* - for the SQL storage variant.
@@ -79,12 +79,12 @@ The following parameters are available for executable files:
  - By default, the application expects an H2 server running at `jdbc:h2:tcp://localhost:9123/mem:registry`.
  - For configuring the database kind and the datasource values, the following configuration options are available:
 
-| Option                    |Command argument| Env. variable                  |
-|---------------------------|---|--------------------------------|
-| Registry SQL storage kind |`-Dregistry.storage.db-kind`| `REGISTRY_STORAGE_DB_KIND`     |
-| Data Source URL           |`-Dregistry.datasource.url`| `REGISTRY_DATASOURCE_URL`      |
-| DS Username               |`-Dregistry.datasource.username`| `REGISTRY_DATASOURCE_USERNAME` |
-| DS Password               |`-Dregistry.datasource.password`| `REGISTRY_DATASOURCE_PASSWORD` |
+| Option                    | Command argument                | Env. variable                  |
+|---------------------------|---------------------------------|--------------------------------|
+| Registry SQL storage kind | `-Dapicurio.storage.sql.kind`   | `APICURIO_STORAGE_SQL_KIND`    |
+| Data Source URL           | `-Dapicurio.datasource.url`     | `APICURIO_DATASOURCE_URL`      |
+| DS Username               | `-Dapicurio.datasource.username` | `APICURIO_DATASOURCE_USERNAME` |
+| DS Password               | `-Dapicurio.datasource.password` | `APICURIO_DATASOURCE_PASSWORD` |
 
 To see additional options, visit:
  - [Data Source config](https://quarkus.io/guides/datasource) 
@@ -94,9 +94,9 @@ To see additional options, visit:
 `./mvnw clean install -Pprod -DskipTests` builds the application artifact.
 The newly built runner can be found in `/app/target`
 ```
-java Dregistry.storage.kind=kafkasql -jar apicurio-registry-app-<version>-SNAPSHOT-runner.jar
+java Dapicurio.storage.kind=kafkasql -jar apicurio-registry-app-<version>-SNAPSHOT-runner.jar
 ```
-For using Kafka as the persistent storage for the server information the only required configuration is to set the property *registry.storage.kind*.
+For using Kafka as the persistent storage for the server information the only required configuration is to set the property *apicurio.storage.kind*.
 
 Should result in Quarkus and the registry starting up, with the ui and APIs available on localhost port 8080.
 By default, this will look for a kafka instance on `localhost:9092`, see [kafka-quickstart](https://kafka.apache.org/quickstart).
@@ -106,14 +106,14 @@ with the necessary details to connect to a kafka instance using a PKCS12 certifi
 scram-sha-512 credentials for user authorisation.
 ```
 java \
--Dregistry.storage.kind=kafkasql \
--Dregistry.kafka.common.bootstrap.servers=<kafka_bootstrap_server_address> \
--Dregistry.kafka.common.ssl.truststore.location=<truststore_file_location>\
--Dregistry.kafka.common.ssl.truststore.password=<truststore_file_password> \
--Dregistry.kafka.common.ssl.truststore.type=PKCS12 \
--Dregistry.kafka.common.security.protocol=SASL_SSL \
--Dregistry.kafka.common.sasl.mechanism=SCRAM-SHA-512 \
--Dregistry.kafka.common.sasl.jaas.config='org.apache.kafka.common.security.scram.ScramLoginModule required username="<username>" password="<password>";' \
+-Dapicurio.storage.kind=kafkasql \
+-Dapicurio.kafka.common.bootstrap.servers=<kafka_bootstrap_server_address> \
+-Dapicurio.kafka.common.ssl.truststore.location=<truststore_file_location>\
+-Dapicurio.kafka.common.ssl.truststore.password=<truststore_file_password> \
+-Dapicurio.kafka.common.ssl.truststore.type=PKCS12 \
+-Dapicurio.kafka.common.security.protocol=SASL_SSL \
+-Dapicurio.kafka.common.sasl.mechanism=SCRAM-SHA-512 \
+-Dapicurio.kafka.common.sasl.jaas.config='org.apache.kafka.common.security.scram.ScramLoginModule required username="<username>" password="<password>";' \
 -jar app/target/apicurio-registry-app-3.0.0-SNAPSHOT-runner.jar
 ```
 This will start up the registry with the persistence managed by the external kafka cluster.
@@ -176,11 +176,11 @@ services:
     ports:
       - 8080:8080
     environment:
-      REGISTRY_STORAGE_KIND: 'sql'
-      REGISTRY_STORAGE_DB_KIND: 'postgresql'
-      REGISTRY_DATASOURCE_URL: 'jdbc:postgresql://postgres/apicurio-registry'
-      REGISTRY_DATASOURCE_USERNAME: apicurio-registry
-      REGISTRY_DATASOURCE_PASSWORD: password
+      APICURIO_STORAGE_KIND: 'sql'
+      APICURIO_STORAGE_DB_KIND: 'postgresql'
+      APICURIO_DATASOURCE_URL: 'jdbc:postgresql://postgres/apicurio-registry'
+      APICURIO_DATASOURCE_USERNAME: apicurio-registry
+      APICURIO_DATASOURCE_PASSWORD: password
 ```
   - Run `docker-compose -f test.yml up`
 
@@ -205,10 +205,10 @@ In order no enable this integration, you will need to set the following environm
 
 |Option|Env. variable|
 |---|---|
-|`REGISTRY_AUTH_TYPE`|Set to `oidc` (default is `none`)|
-|`REGISTRY_AUTH_URL`|OIDC auth URL|
-|`REGISTRY_AUTH_REDIRECT_URL`|OIDC redirect URL|
-|`REGISTRY_AUTH_CLIENT_ID`|The client for the UI|
+|`APICURIO_AUTH_TYPE`|Set to `oidc` (default is `none`)|
+|`APICURIO_AUTH_URL`|OIDC auth URL|
+|`APICURIO_AUTH_REDIRECT_URL`|OIDC redirect URL|
+|`APICURIO_AUTH_CLIENT_ID`|The client for the UI|
 
 Note that you will need to have everything configured in your OIDC provider, before starting the application
 (the realm and the two clients).

app/pom.xml

@@ -113,6 +113,14 @@
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-oidc</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-elytron-security-properties-file</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-smallrye-jwt</artifactId>
+        </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-scheduler</artifactId>
@@ -408,7 +416,6 @@
                             <inputs>
                                 <param>${project.build.outputDirectory}/application.properties</param>
                                 <param>${project.build.outputDirectory}/application-prod.properties</param>
-                                <param>${project.build.outputDirectory}/application-dev.properties</param>
                                 <param>${project.build.outputDirectory}/application-test.properties</param>
                             </inputs>
                             <deleteInputs>false</deleteInputs>
@@ -425,7 +432,6 @@
                             <inputs>
                                 <param>${project.build.outputDirectory}/application.properties</param>
                                 <param>${project.build.outputDirectory}/application-prod.properties</param>
-                                <param>${project.build.outputDirectory}/application-dev.properties</param>
                                 <param>${project.build.outputDirectory}/application-test.properties</param>
                             </inputs>
                             <deleteInputs>true</deleteInputs>

app/src/main/java/io/apicurio/registry/ImportLifecycleBean.java

@@ -33,7 +33,7 @@ public class ImportLifecycleBean {
     @Current
     RegistryStorage storage;
 
-    @ConfigProperty(name = "registry.import.url")
+    @ConfigProperty(name = "apicurio.import.url")
     @Info(category = "import", description = "The import URL", availableSince = "2.1.0.Final")
     Optional<URL> registryImportUrlProp;
 

app/src/main/java/io/apicurio/registry/auth/AuthConfig.java

@@ -17,80 +17,80 @@ public class AuthConfig {
     @Inject
     Logger log;
 
-    @ConfigProperty(name = "registry.auth.enabled", defaultValue = "false")
+    @ConfigProperty(name = "quarkus.oidc.tenant-enabled", defaultValue = "false")
     boolean authenticationEnabled;
 
-    @ConfigProperty(name = "registry.auth.role-based-authorization", defaultValue = "false")
+    @ConfigProperty(name = "apicurio.auth.role-based-authorization", defaultValue = "false")
     @Info(category = "auth", description = "Enable role based authorization", availableSince = "2.1.0.Final")
     boolean roleBasedAuthorizationEnabled;
 
-    @Dynamic(label = "Artifact owner-only authorization", description = "When selected, Service Registry allows only the artifact owner (creator) to modify an artifact.", requires = "registry.auth.enabled=true")
-    @ConfigProperty(name = "registry.auth.owner-only-authorization", defaultValue = "false")
+    @Dynamic(label = "Artifact owner-only authorization", description = "When selected, Service Registry allows only the artifact owner (creator) to modify an artifact.", requires = "apicurio.auth.enabled=true")
+    @ConfigProperty(name = "apicurio.auth.owner-only-authorization", defaultValue = "false")
     @Info(category = "auth", description = "Artifact owner-only authorization", availableSince = "2.0.0.Final")
     Supplier<Boolean> ownerOnlyAuthorizationEnabled;
 
     @Dynamic(label = "Artifact group owner-only authorization", description = "When selected, Service Registry allows only the artifact group owner (creator) to modify an artifact group.", requires = {
-            "registry.auth.enabled=true",
-            "registry.auth.owner-only-authorization=true"
+            "apicurio.auth.enabled=true",
+            "apicurio.auth.owner-only-authorization=true"
     })
-    @ConfigProperty(name = "registry.auth.owner-only-authorization.limit-group-access", defaultValue = "false")
+    @ConfigProperty(name = "apicurio.auth.owner-only-authorization.limit-group-access", defaultValue = "false")
     @Info(category = "auth", description = "Artifact group owner-only authorization", availableSince = "2.1.0.Final")
     Supplier<Boolean> ownerOnlyAuthorizationLimitGroupAccess;
 
-    @Dynamic(label = "Anonymous read access", description = "When selected, requests from anonymous users (requests without any credentials) are granted read-only access.", requires = "registry.auth.enabled=true")
-    @ConfigProperty(name = "registry.auth.anonymous-read-access.enabled", defaultValue = "false")
+    @Dynamic(label = "Anonymous read access", description = "When selected, requests from anonymous users (requests without any credentials) are granted read-only access.", requires = "apicurio.auth.enabled=true")
+    @ConfigProperty(name = "apicurio.auth.anonymous-read-access.enabled", defaultValue = "false")
     @Info(category = "auth", description = "Anonymous read access", availableSince = "2.1.0.Final")
     Supplier<Boolean> anonymousReadAccessEnabled;
 
     @Dynamic(label = "Authenticated read access", description = "When selected, requests from any authenticated user are granted at least read-only access.", requires = {
-            "registry.auth.enabled=true",
-            "registry.auth.role-based-authorization=true"
+            "apicurio.auth.enabled=true",
+            "apicurio.auth.role-based-authorization=true"
     })
-    @ConfigProperty(name = "registry.auth.authenticated-read-access.enabled", defaultValue = "false")
+    @ConfigProperty(name = "apicurio.auth.authenticated-read-access.enabled", defaultValue = "false")
     @Info(category = "auth", description = "Authenticated read access", availableSince = "2.1.4.Final")
     Supplier<Boolean> authenticatedReadAccessEnabled;
 
-    @ConfigProperty(name = "registry.auth.roles.readonly", defaultValue = "sr-readonly")
+    @ConfigProperty(name = "apicurio.auth.roles.readonly", defaultValue = "sr-readonly")
     @Info(category = "auth", description = "Auth roles readonly", availableSince = "2.1.0.Final")
     String readOnlyRole;
 
-    @ConfigProperty(name = "registry.auth.roles.developer", defaultValue = "sr-developer")
+    @ConfigProperty(name = "apicurio.auth.roles.developer", defaultValue = "sr-developer")
     @Info(category = "auth", description = "Auth roles developer", availableSince = "2.1.0.Final")
     String developerRole;
 
-    @ConfigProperty(name = "registry.auth.roles.admin", defaultValue = "sr-admin")
+    @ConfigProperty(name = "apicurio.auth.roles.admin", defaultValue = "sr-admin")
     @Info(category = "auth", description = "Auth roles admin", availableSince = "2.0.0.Final")
     String adminRole;
 
-    @ConfigProperty(name = "registry.auth.role-source", defaultValue = "token")
+    @ConfigProperty(name = "apicurio.auth.role-source", defaultValue = "token")
     @Info(category = "auth", description = "Auth roles source", availableSince = "2.1.0.Final")
     String roleSource;
 
-    @ConfigProperty(name = "registry.auth.admin-override.enabled", defaultValue = "false")
+    @ConfigProperty(name = "apicurio.auth.admin-override.enabled", defaultValue = "false")
     @Info(category = "auth", description = "Auth admin override enabled", availableSince = "2.1.0.Final")
     boolean adminOverrideEnabled;
 
-    @ConfigProperty(name = "registry.auth.admin-override.from", defaultValue = "token")
+    @ConfigProperty(name = "apicurio.auth.admin-override.from", defaultValue = "token")
     @Info(category = "auth", description = "Auth admin override from", availableSince = "2.1.0.Final")
     String adminOverrideFrom;
 
-    @ConfigProperty(name = "registry.auth.admin-override.type", defaultValue = "role")
+    @ConfigProperty(name = "apicurio.auth.admin-override.type", defaultValue = "role")
     @Info(category = "auth", description = "Auth admin override type", availableSince = "2.1.0.Final")
     String adminOverrideType;
 
-    @ConfigProperty(name = "registry.auth.admin-override.role", defaultValue = "sr-admin")
+    @ConfigProperty(name = "apicurio.auth.admin-override.role", defaultValue = "sr-admin")
     @Info(category = "auth", description = "Auth admin override role", availableSince = "2.1.0.Final")
     String adminOverrideRole;
 
-    @ConfigProperty(name = "registry.auth.admin-override.claim", defaultValue = "org-admin")
+    @ConfigProperty(name = "apicurio.auth.admin-override.claim", defaultValue = "org-admin")
     @Info(category = "auth", description = "Auth admin override claim", availableSince = "2.1.0.Final")
     String adminOverrideClaim;
 
-    @ConfigProperty(name = "registry.auth.admin-override.claim-value", defaultValue = "true")
+    @ConfigProperty(name = "apicurio.auth.admin-override.claim-value", defaultValue = "true")
     @Info(category = "auth", description = "Auth admin override claim value", availableSince = "2.1.0.Final")
     String adminOverrideClaimValue;
 
-    @ConfigProperty(name = "registry.auth.admin-override.user", defaultValue = "admin")
+    @ConfigProperty(name = "apicurio.auth.admin-override.user", defaultValue = "admin")
     @Info(category = "auth", description = "Auth admin override user name", availableSince = "3.0.0.Final")
     String adminOverrideUser;
 

app/src/main/java/io/apicurio/registry/auth/AuthorizedInterceptor.java

@@ -80,7 +80,7 @@ public Object authorizeMethod(InvocationContext context) throws Exception {
                 }
 
                 // Anonymous users are allowed to perform read-only operations, but only if
-                // registry.auth.anonymous-read-access.enabled is set to 'true'
+                // apicurio.auth.anonymous-read-access.enabled is set to 'true'
                 if (authConfig.anonymousReadAccessEnabled.get() && annotation.level() == AuthorizedLevel.Read) {
                     log.trace("Anonymous user is being granted access to read-only operation.");
                     return context.proceed();

app/src/main/java/io/apicurio/registry/auth/HeaderRoleProvider.java

@@ -12,7 +12,7 @@
 @RequestScoped
 public class HeaderRoleProvider implements RoleProvider {
 
-    @ConfigProperty(name = "registry.auth.role-source.header.name")
+    @ConfigProperty(name = "apicurio.auth.role-source.header.name")
     @Info(category = "auth", description = "Header authorization name", availableSince = "2.4.3.Final")
     String roleHeader;
 

app/src/main/java/io/apicurio/registry/ccompat/rest/v7/impl/CCompatConfig.java

@@ -13,17 +13,17 @@
 public class CCompatConfig {
 
     @Dynamic(label = "Legacy ID mode (compatibility API)", description =  "When selected, the Schema Registry compatibility API uses global ID instead of content ID for artifact identifiers.")
-    @ConfigProperty(name = "registry.ccompat.legacy-id-mode.enabled", defaultValue = "false")
+    @ConfigProperty(name = "apicurio.ccompat.legacy-id-mode.enabled", defaultValue = "false")
     @Info(category = "ccompat", description = "Legacy ID mode (compatibility API)", availableSince = "2.0.2.Final")
     Supplier<Boolean> legacyIdModeEnabled;
 
     @Dynamic(label = "Canonical hash mode (compatibility API)", description = "When selected, the Schema Registry compatibility API uses the canonical hash instead of the regular hash of the content.")
-    @ConfigProperty(name = "registry.ccompat.use-canonical-hash", defaultValue = "false")
+    @ConfigProperty(name = "apicurio.ccompat.use-canonical-hash", defaultValue = "false")
     @Info(category = "ccompat", description = "Canonical hash mode (compatibility API)", availableSince = "2.3.0.Final")
     Supplier<Boolean> canonicalHashModeEnabled;
 
     @Dynamic(label = "Maximum number of Subjects returned (compatibility API)", description =  "Determines the maximum number of Subjects that will be returned by the ccompat API (for the '/subjects' endpoint).")
-    @ConfigProperty(name = "registry.ccompat.max-subjects", defaultValue = "1000")
+    @ConfigProperty(name = "apicurio.ccompat.max-subjects", defaultValue = "1000")
     @Info(category = "ccompat", description = "Maximum number of Subjects returned (compatibility API)", availableSince = "2.4.2.Final")
     Supplier<Integer> maxSubjects;
 

app/src/main/java/io/apicurio/registry/config/RegistryStorageConfigCache.java

@@ -27,7 +27,7 @@ public class RegistryStorageConfigCache extends RegistryStorageDecoratorBase imp
     @Inject
     Logger log;
 
-    @ConfigProperty(name = "registry.config.cache.enabled", defaultValue = "true")
+    @ConfigProperty(name = "apicurio.config.cache.enabled", defaultValue = "true")
     @Info(category = "cache", description = "Registry cache enabled", availableSince = "2.2.2.Final")
     boolean enabled;
 
@@ -79,7 +79,7 @@ private void invalidateCache() {
         configCache.clear();
     }
 
-    @Scheduled(concurrentExecution = SKIP, every = "{registry.config.refresh.every}")
+    @Scheduled(concurrentExecution = SKIP, every = "{apicurio.config.refresh.every}")
     void run() {
         if (!enabled) {
             return;