It has the following dependencies:

  • a MongoDB database
  • needs to be able to connect to the DB used by the engine
  • needs to be able to connect to the Kafka instance used by the engine
  • a Redis instance for caching

The plugin comes with most of the needed configuration properties filled in, but there are a few that need to be set up using some custom environment variables.

Dependencies

MongoDB database

Basic MongoDB configuration - helm values.yaml

notification-mdb:
    existingSecret: {{secretName}}
    mongodbDatabase: {{TaskManagementDatabaseName}}
    mongodbUsername: {{TaskManagementDatabaseUser}}
    persistence:
      enabled: true
      mountPath: /bitnami/mongodb
      size: 4Gi
    replicaSet:
      enabled: true
      name: rs0
      pdb:
        enabled: true
        minAvailable:
          arbiter: 1
          secondary: 1
      replicas:
        arbiter: 1
        secondary: 1
      useHostnames: true
    serviceAccount:
      create: false
    usePassword: true

Redis server

The plugin can use the Redis component already deployed for the FlowX Engine.

Configuration

Authorization configuration & access roles

The following variables need to be set in order to connect to the identity management platform:

  • SECURITY_OAUTH2_BASE_SERVER_URL
  • SECURITY_OAUTH2_CLIENT_CLIENT_ID
  • SECURITY_OAUTH2_CLIENT_CLIENT_SECRET
  • SECURITY_OAUTH2_REALM

A specific service account should be configured in the OpenID provider to allow the Task management microservice to access realm specific data. It can be configured using the following environment variables:

OpenID connect settings

  • SECURITY_TYPE: Indicates that OAuth 2.0 is the chosen security type, default value: oauth2.
  • SECURITY_PATHAUTHORIZATIONS_0_PATH: Defines a security path or endpoint pattern. In this case, it specifies that the security settings apply to all paths under the “/api/” path. The ** is a wildcard that means it includes all subpaths under “/api/**“.
  • SECURITY_PATHAUTHORIZATIONS_0_ROLESALLOWED: Specifies the roles allowed for accessing the specified path. In this case, the roles allowed are empty (""). This might imply that access to the “/api/**” paths is open to all users or that no specific roles are required for authorization.
  • SECURITY_OAUTH2_BASE_SERVER_URL: This setting specifies the base URL of the OpenID server, which is used for authentication and authorization.
  • SECURITY_OAUTH2_SERVICE_ACCOUNT_ADMIN_CLIENT_ID: The task management service account is utilized to facilitate process initiation, enable the use of the task management plugin (requiring the FLOWX_ROLE and role mapper), and access data from Keycloak.
  • SECURITY_OAUTH2_SERVICE_ACCOUNT_ADMIN_CLIENT_SECRET: Along with the client ID, you must also specify the client secret associated with the service account for proper authentication.

More details about the necessary service account, here:

Task management service account

FlowX Engine datasource configuration

The service needs to retrieve the data for a process instance from the engine database. So it needs to have all the correct information to connect to the engine database.

The following configuration details need to be added in configuration files or overwritten using environment variables:

  • SPRING_DATASOURCE_URL
  • SPRING_DATASOURCE_USERNAME
  • SPRING_DATASOURCE_PASSWORD

MongoDB configuration

The only thing that needs to be configured is the DB access info, the rest will be handled by the plugin.

  • SPRING_DATA_MONGODB_URI - the uri for the mongodb database

Redis configuration

The following values should be set with the corresponding Redis related values.

  • SPRING_REDIS_HOST
  • SPRING_REDIS_PASSWORD
  • REDIS_TTL

Kafka configuration

The following Kafka related configurations can be set by using environment variables:

  • SPRING_KAFKA_BOOTSTRAP_SERVERS - address of the Kafka server
  • SPRING_KAFKA_CONSUMER_GROUP_ID - group of consumers
  • KAFKA_CONSUMER_THREADS - the number of Kafka consumer threads
  • KAFKA_CONSUMER_EXCLUDE_USERS_THREADS -
  • KAFKA_AUTH_EXCEPTION_RETRY_INTERVAL - the interval between retries after AuthorizationException is thrown by KafkaConsumer
  • KAFKA_MESSAGE_MAX_BYTES - this is the largest size of the message that can be received by the broker from a producer.

Kafka topics

Each action available in the service corresponds to a Kafka event. A separate Kafka topic must be configured for each use-case:

  • KAFKA_TOPIC_PROCESS_START_OUT - is used for running hooks, the engine receives a start process request for a hook on this topic, and it needs to be matched with the corresponding ...start_in topic on the engine side
  • KAFKA_TOPIC_PROCESS_OPERATIONS_OUT- is used to update the engine on task manager operations such as assignment, unassignment, hold, unhold and terminate it is matched with the ...operations_in topic on the engine side
  • KAFKA_TOPIC_PROCESS_SCHEDULE_IN- is used to receive a message from the task manager when it’s time to run a hook (for hooks configured with SLA, for more details on how to configure a hook with SLA, click here)
  • KAFKA_TOPIC_PROCESS_SCHEDULE_OUT_SET- sends a message to the scheduler to set hooks or exclude users from automatic assignment when they are assigned to out of office feature, it needs to be matched with the configuration in the scheduler
  • KAFKA_TOPIC_PROCESS_SCHEDULE_OUT_STOP- ends a message to the scheduler to stop the schedule for the above actions. It needs to be matched with the configuration in the scheduler
  • KAFKA_TOPIC_EXCLUDE_USERS_SCHEDULE_IN- is used to receive a message from the scheduler when users need to be excluded
  • KAFKA_TOPIC_TASK_IN- used to receive a message from the engine to start a new task. It needs to be matched with the corresponding task_out topic on the engine side.
  • KAFKA_TOPIC_EVENTS_GATEWAY_OUT_MESSAGE - outgoing messages for Events Gateway

The Engine is listening for messages on topics with names of a certain pattern, make sure to use correct outgoing topic names when configuring the notifications plugin.

Logging

The following environment variables could be set in order to control log levels:

  • LOGGING_LEVEL_ROOT - root spring boot microservice logs
  • LOGGING_LEVEL_APP - app level logs
  • LOGGING_LEVEL_MONGO_DRIVER - MongoDB driver logs

Filtering

  • FLOWX_ALLOW_USERNAME_SEARCH_PARTIAL - filter possible assignees by partial names (default: true)