From b7dc2a8daf07807b3d095b818af811f69956faeb Mon Sep 17 00:00:00 2001 From: Marco Vit Date: Fri, 14 Nov 2025 09:28:23 +0100 Subject: [PATCH 01/15] feature(document-archiving): deploy to QA, missing version numbers --- .../flyway-readmodel-agreement-configmap.yaml | 4 ++ ...eadmodel-attribute-registry-configmap.yaml | 4 ++ .../flyway-readmodel-catalog-configmap.yaml | 4 ++ ...flyway-readmodel-delegation-configmap.yaml | 6 +- .../flyway-readmodel-tenant-configmap.yaml | 4 ++ .../qa/configmaps/safe-storage-configmap.yaml | 10 ++++ commons/qa/images.yaml | 10 ++++ commons/qa/values-microservice.yaml | 2 + microservices/audit-signer/qa/values.yaml | 30 ++++++++++ .../documents-generator/qa/values.yaml | 58 +++++++++++++++++++ microservices/documents-signer/qa/values.yaml | 38 ++++++++++++ microservices/events-signer/qa/values.yaml | 38 ++++++++++++ .../signed-objects-persister/qa/values.yaml | 40 +++++++++++++ 13 files changed, 247 insertions(+), 1 deletion(-) create mode 100644 commons/qa/configmaps/safe-storage-configmap.yaml create mode 100644 microservices/audit-signer/qa/values.yaml create mode 100644 microservices/documents-generator/qa/values.yaml create mode 100644 microservices/documents-signer/qa/values.yaml create mode 100644 microservices/events-signer/qa/values.yaml create mode 100644 microservices/signed-objects-persister/qa/values.yaml diff --git a/commons/qa/configmaps/flyway-readmodel-agreement-configmap.yaml b/commons/qa/configmaps/flyway-readmodel-agreement-configmap.yaml index 6831f438..68a55d90 100644 --- a/commons/qa/configmaps/flyway-readmodel-agreement-configmap.yaml +++ b/commons/qa/configmaps/flyway-readmodel-agreement-configmap.yaml @@ -120,3 +120,7 @@ data: GRANT USAGE ON SCHEMA "${NAMESPACE}_agreement" to "${NAMESPACE}_token_generation_readmodel_checker_user"; GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_agreement" TO "${NAMESPACE}_token_generation_readmodel_checker_user"; + + V1.2__Grant_Access_DocumentsGenerator_Agreement.sql: |- + GRANT USAGE ON SCHEMA "${NAMESPACE}_agreement" to "${NAMESPACE}_documents_generator_user"; + GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_agreement" TO "${NAMESPACE}_documents_generator_user"; diff --git a/commons/qa/configmaps/flyway-readmodel-attribute-registry-configmap.yaml b/commons/qa/configmaps/flyway-readmodel-attribute-registry-configmap.yaml index a8df6b6d..e61f6383 100644 --- a/commons/qa/configmaps/flyway-readmodel-attribute-registry-configmap.yaml +++ b/commons/qa/configmaps/flyway-readmodel-attribute-registry-configmap.yaml @@ -49,3 +49,7 @@ data: GRANT USAGE ON SCHEMA "${NAMESPACE}_attribute" to "${NAMESPACE}_ivass_certified_attributes_importer_user"; GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_attribute" TO "${NAMESPACE}_ivass_certified_attributes_importer_user"; + + V1.2__Grant_Access_DocumentsGenerator_Attribute.sql: |- + GRANT USAGE ON SCHEMA "${NAMESPACE}_attribute" to "${NAMESPACE}_documents_generator_user"; + GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_attribute" TO "${NAMESPACE}_documents_generator_user"; diff --git a/commons/qa/configmaps/flyway-readmodel-catalog-configmap.yaml b/commons/qa/configmaps/flyway-readmodel-catalog-configmap.yaml index 2d6a5cc4..584a3b29 100644 --- a/commons/qa/configmaps/flyway-readmodel-catalog-configmap.yaml +++ b/commons/qa/configmaps/flyway-readmodel-catalog-configmap.yaml @@ -206,3 +206,7 @@ data: V1.2__Add_Column_PersonalData_EService.sql: |- ALTER TABLE IF EXISTS "${NAMESPACE}_catalog".eservice ADD COLUMN IF NOT EXISTS personal_data BOOLEAN; + + V1.3__Grant_Access_DocumentsGenerator_Catalog.sql: |- + GRANT USAGE ON SCHEMA "${NAMESPACE}_catalog" to "${NAMESPACE}_documents_generator_user"; + GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_catalog" TO "${NAMESPACE}_documents_generator_user"; diff --git a/commons/qa/configmaps/flyway-readmodel-delegation-configmap.yaml b/commons/qa/configmaps/flyway-readmodel-delegation-configmap.yaml index 6a76fb84..67613007 100644 --- a/commons/qa/configmaps/flyway-readmodel-delegation-configmap.yaml +++ b/commons/qa/configmaps/flyway-readmodel-delegation-configmap.yaml @@ -75,4 +75,8 @@ data: V1.1__Grant_Access_Job_Datalake-Export_Schema_Delegation.sql: |- GRANT USAGE ON SCHEMA "${NAMESPACE}_delegation" TO "${NAMESPACE}_datalake_data_export_user"; - GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_delegation" TO "${NAMESPACE}_datalake_data_export_user"; \ No newline at end of file + GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_delegation" TO "${NAMESPACE}_datalake_data_export_user"; + + V1.2__Grant_Access_DocumentsGenerator_Delegation.sql: |- + GRANT USAGE ON SCHEMA "${NAMESPACE}_delegation" TO "${NAMESPACE}_documents_generator_user"; + GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_delegation" TO "${NAMESPACE}_documents_generator_user"; diff --git a/commons/qa/configmaps/flyway-readmodel-tenant-configmap.yaml b/commons/qa/configmaps/flyway-readmodel-tenant-configmap.yaml index 30401772..b0958764 100644 --- a/commons/qa/configmaps/flyway-readmodel-tenant-configmap.yaml +++ b/commons/qa/configmaps/flyway-readmodel-tenant-configmap.yaml @@ -185,3 +185,7 @@ data: GRANT USAGE ON SCHEMA "${NAMESPACE}_tenant" to "${NAMESPACE}_selfcare_client_users_updater_user"; GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_tenant" TO "${NAMESPACE}_selfcare_client_users_updater_user"; + + V1.2__Grant_Access_DocumentsGenerator_Tenant.sql: |- + GRANT USAGE ON SCHEMA "${NAMESPACE}_tenant" to "${NAMESPACE}_documents_generator_user"; + GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_tenant" TO "${NAMESPACE}_documents_generator_user"; diff --git a/commons/qa/configmaps/safe-storage-configmap.yaml b/commons/qa/configmaps/safe-storage-configmap.yaml new file mode 100644 index 00000000..4f1a02ba --- /dev/null +++ b/commons/qa/configmaps/safe-storage-configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: common-safe-storage + namespace: qa +data: + BASE_URL: "http://vpce-0f17b997ad7e109cd-qh68uzeo.vpce-svc-075ebde4859d4c631.eu-south-1.vpce.amazonaws.com:8080" + DOC_TYPE: "INTEROP_LEGAL_FACTS" + DOC_STATUS: "SAVED" + LIVE_REQUESTS_DYNAMO_TABLE_NAME: "interop-safe-storage-signature-tracking-qa" diff --git a/commons/qa/images.yaml b/commons/qa/images.yaml index ff21a48e..7976f5b8 100644 --- a/commons/qa/images.yaml +++ b/commons/qa/images.yaml @@ -18,6 +18,8 @@ images: tag: "2.8.0-RC12" attribute-registry-readmodel-writer-sql: tag: "2.8.0-RC12" + audit-signer: + tag: "TBD" authorization-management: tag: "1.0.18" authorization-platformstate-writer: @@ -64,6 +66,10 @@ images: tag: "2.8.0-RC12" delegation-readmodel-writer-sql: tag: "2.8.0-RC12" + documents-generator: + tag: "TBD" + documents-signer: + tag: "TBD" eservice-descriptors-archiver: tag: "2.8.0-RC12" eservice-template-instances-updater: @@ -74,6 +80,8 @@ images: tag: "2.8.0-RC12" eservice-template-readmodel-writer-sql: tag: "2.8.0-RC12" + events-signer: + tag: "TBD" frontend: tag: "1.3.2-RC7" key-readmodel-writer: @@ -116,6 +124,8 @@ images: tag: "2.8.0-RC12" ses-mock: tag: "20" + signed-objects-persister: + tag: "TBD" smtp-mock: tag: "1.10.4" tenant-outbound-writer: diff --git a/commons/qa/values-microservice.yaml b/commons/qa/values-microservice.yaml index 74926205..d343ef5e 100644 --- a/commons/qa/values-microservice.yaml +++ b/commons/qa/values-microservice.yaml @@ -28,6 +28,8 @@ local: RSA_KEYS_IDENTIFIERS: "17d3f3c0-5730-45a9-be8a-655e77bf3555" DEV_ENDPOINTS_ENABLED: "true" ENABLED_PROJECTIONS: "false" + awsAccountId: "755649575658" + env: "qa" autoscaling: keda: diff --git a/microservices/audit-signer/qa/values.yaml b/microservices/audit-signer/qa/values.yaml new file mode 100644 index 00000000..28773550 --- /dev/null +++ b/microservices/audit-signer/qa/values.yaml @@ -0,0 +1,30 @@ +name: interop-be-audit-signer +techStack: nodejs + +serviceAccount: + roleArn: "arn:aws:iam::{{.Values.local.awsAccountId}}:role/interop-be-audit-signer-{{.Values.local.env}}-es1" + +service: + create: false + +configmap: + SERVICE_NAME: "audit-signer" + SQS_MAX_NUMBER_OF_MSGS: "5" + SQS_LONG_POLL_WAIT_TIME_SECONDS: "20" + SQS_VISIBILITY_TIMEOUT_SECONDS: "20" + S3_BUCKET: "interop-generated-jwt-details-{{.Values.local.env}}-es1" + SQS_URL: "https://sqs.eu-south-1.amazonaws.com/{{.Values.local.awsAccountId}}/interop-jwt-details-new-s3-object-{{.Values.namespace}}" + SAFE_STORAGE_CLIENT_ID: "interop-{{.Values.namespace}}-audit-signer" + +deployment: + envFromConfigmaps: + SAFE_STORAGE_BASE_URL: "common-safe-storage.BASE_URL" + SAFE_STORAGE_DOC_TYPE: "common-safe-storage.DOC_TYPE" + SAFE_STORAGE_DOC_STATUS: "common-safe-storage.DOC_STATUS" + SIGNATURE_REFERENCES_TABLE_NAME: "common-safe-storage.LIVE_REQUESTS_DYNAMO_TABLE_NAME" + + envFromSecrets: + SAFE_STORAGE_API_KEY: "safe-storage-signing-credentials.password" + + envFromFieldRef: + AWS_ROLE_SESSION_NAME: "metadata.name" diff --git a/microservices/documents-generator/qa/values.yaml b/microservices/documents-generator/qa/values.yaml new file mode 100644 index 00000000..98121c9e --- /dev/null +++ b/microservices/documents-generator/qa/values.yaml @@ -0,0 +1,58 @@ +name: interop-be-documents-generator +techStack: nodejs + +serviceAccount: + roleArn: "arn:aws:iam::{{.Values.local.awsAccountId}}:role/interop-be-documents-generator-{{.Values.local.env}}-es1" + +service: + create: false + +configmap: + KAFKA_GROUP_ID: "{{.Values.local.env}}-documents-generator" + TOPIC_STARTING_OFFSET: "earliest" + AVERAGE_KAFKA_MESSAGE_SIZE_IN_BYTES: "5000" + MESSAGES_TO_READ_PER_BATCH: "500" + MAX_WAIT_KAFKA_BATCH_MILLIS: "5000" + S3_BUCKET: "interop-application-documents-{{.Values.local.env}}-es1" + DELEGATION_DOCUMENT_PATH: "{{.Values.namespace}}/generated-documents-unsigned/delegation" + AGREEMENT_DOCUMENT_PATH: "{{.Values.namespace}}/generated-documents-unsigned/agreement" + RISK_ANALYSIS_DOCUMENT_PATH: "{{.Values.namespace}}/generated-documents-unsigned/risk-analysis" + INTERNAL_JWT_KID: "{{.Values.local.interop_be_commons.RSA_KEYS_IDENTIFIERS}}" + INTERNAL_JWT_SUBJECT: "{{.Values.namespace}}.interop-documents-generator" + INTERNAL_JWT_ISSUER: "{{.Values.namespace}}.interop.pagopa.it" + INTERNAL_JWT_AUDIENCE: "{{.Values.namespace}}.interop.pagopa.it/internal" + INTERNAL_JWT_SECONDS_DURATION: "3600" + +deployment: + envFromConfigmaps: + KAFKA_BROKERS: "common-kafka.KAFKA_BROKERS" + DELEGATION_TOPIC: "common-kafka.DELEGATION_TOPIC" + CATALOG_TOPIC: "common-kafka.CATALOG_TOPIC" + AGREEMENT_TOPIC: "common-kafka.AGREEMENT_TOPIC" + PURPOSE_TOPIC: "common-kafka.PURPOSE_TOPIC" + AUTHORIZATION_TOPIC: "common-kafka.AUTHORIZATION_TOPIC" + READMODEL_SQL_DB_HOST: "common-read-model-sql.DB_HOST_RO" + READMODEL_SQL_DB_PORT: "common-read-model-sql.DB_PORT" + READMODEL_SQL_DB_NAME: "common-read-model-sql.DB_NAME" + READMODEL_SQL_DB_USE_SSL: "common-read-model-sql.DB_USE_SSL" + READMODEL_SQL_DB_SCHEMA_AGREEMENT: "common-read-model-sql.DB_SCHEMA_AGREEMENT" + READMODEL_SQL_DB_SCHEMA_ATTRIBUTE: "common-read-model-sql.DB_SCHEMA_ATTRIBUTE" + READMODEL_SQL_DB_SCHEMA_CATALOG: "common-read-model-sql.DB_SCHEMA_CATALOG" + READMODEL_SQL_DB_SCHEMA_CLIENT_JWK_KEY: "common-read-model-sql.DB_SCHEMA_CLIENT_JWK_KEY" + READMODEL_SQL_DB_SCHEMA_CLIENT: "common-read-model-sql.DB_SCHEMA_CLIENT" + READMODEL_SQL_DB_SCHEMA_DELEGATION: "common-read-model-sql.DB_SCHEMA_DELEGATION" + READMODEL_SQL_DB_SCHEMA_ESERVICE_TEMPLATE: "common-read-model-sql.DB_SCHEMA_ESERVICE_TEMPLATE" + READMODEL_SQL_DB_SCHEMA_PRODUCER_JWK_KEY: "common-read-model-sql.DB_SCHEMA_PRODUCER_JWK_KEY" + READMODEL_SQL_DB_SCHEMA_PRODUCER_KEYCHAIN: "common-read-model-sql.DB_SCHEMA_PRODUCER_KEYCHAIN" + READMODEL_SQL_DB_SCHEMA_PURPOSE: "common-read-model-sql.DB_SCHEMA_PURPOSE" + READMODEL_SQL_DB_SCHEMA_PURPOSE_TEMPLATE: "common-read-model-sql.DB_SCHEMA_PURPOSE_TEMPLATE" + READMODEL_SQL_DB_SCHEMA_TENANT: "common-read-model-sql.DB_SCHEMA_TENANT" + AGREEMENT_PROCESS_URL: "common-services-urls.AGREEMENT_PROCESS_URL" + DELEGATION_PROCESS_URL: "common-services-urls.DELEGATION_PROCESS_URL" + PURPOSE_PROCESS_URL: "common-services-urls.PURPOSE_PROCESS_URL" + envFromSecrets: + READMODEL_SQL_DB_USERNAME: "platform-data-documents-generator-user.username" + READMODEL_SQL_DB_PASSWORD: "platform-data-documents-generator-user.password" + envFromFieldRef: + AWS_ROLE_SESSION_NAME: "metadata.name" + KAFKA_CLIENT_ID: "metadata.name" diff --git a/microservices/documents-signer/qa/values.yaml b/microservices/documents-signer/qa/values.yaml new file mode 100644 index 00000000..84b08383 --- /dev/null +++ b/microservices/documents-signer/qa/values.yaml @@ -0,0 +1,38 @@ +name: interop-be-documents-signer +techStack: nodejs + +serviceAccount: + roleArn: "arn:aws:iam::{{.Values.local.awsAccountId}}:role/interop-be-documents-signer-{{.Values.local.env}}-es1" + +service: + create: false + +configmap: + SERVICE_NAME: "documents-signer" + SAFE_STORAGE_CLIENT_ID: "interop-{{.Values.namespace}}-documents-signer" + KAFKA_GROUP_ID: "{{.Values.local.env}}-documents-signer" + TOPIC_STARTING_OFFSET: "earliest" + AVERAGE_KAFKA_MESSAGE_SIZE_IN_BYTES: "5000" + MESSAGES_TO_READ_PER_BATCH: "500" + MAX_WAIT_KAFKA_BATCH_MILLIS: "5000" + S3_BUCKET: "interop-application-documents-{{.Values.local.env}}-es1" + +deployment: + envFromConfigmaps: + KAFKA_BROKERS: "common-kafka.KAFKA_BROKERS" + DELEGATION_TOPIC: "common-kafka.DELEGATION_TOPIC" + CATALOG_TOPIC: "common-kafka.CATALOG_TOPIC" + AGREEMENT_TOPIC: "common-kafka.AGREEMENT_TOPIC" + PURPOSE_TOPIC: "common-kafka.PURPOSE_TOPIC" + AUTHORIZATION_TOPIC: "common-kafka.AUTHORIZATION_TOPIC" + SAFE_STORAGE_BASE_URL: "common-safe-storage.BASE_URL" + SAFE_STORAGE_DOC_TYPE: "common-safe-storage.DOC_TYPE" + SAFE_STORAGE_DOC_STATUS: "common-safe-storage.DOC_STATUS" + SIGNATURE_REFERENCES_TABLE_NAME: "common-safe-storage.LIVE_REQUESTS_DYNAMO_TABLE_NAME" + + envFromSecrets: + SAFE_STORAGE_API_KEY: "safe-storage-signing-credentials.password" + + envFromFieldRef: + AWS_ROLE_SESSION_NAME: "metadata.name" + KAFKA_CLIENT_ID: "metadata.name" diff --git a/microservices/events-signer/qa/values.yaml b/microservices/events-signer/qa/values.yaml new file mode 100644 index 00000000..21f9c847 --- /dev/null +++ b/microservices/events-signer/qa/values.yaml @@ -0,0 +1,38 @@ +name: interop-be-events-signer +techStack: nodejs + +serviceAccount: + roleArn: "arn:aws:iam::{{.Values.local.awsAccountId}}:role/interop-be-events-signer-{{.Values.local.env}}-es1" + +service: + create: false + +configmap: + SERVICE_NAME: "events-signer" + KAFKA_GROUP_ID: "{{.Values.local.env}}-events-signer" + AVERAGE_KAFKA_MESSAGE_SIZE_IN_BYTES: "5000" + MESSAGES_TO_READ_PER_BATCH: "500" + MAX_WAIT_KAFKA_BATCH_MILLIS: "5000" + TOPIC_STARTING_OFFSET: "earliest" + SAFE_STORAGE_CLIENT_ID: "interop-{{.Values.namespace}}-events-signer" + S3_BUCKET: "interop-domain-events-{{.Values.local.env}}-es1" + +deployment: + envFromConfigmaps: + AGREEMENT_TOPIC: "common-kafka.AGREEMENT_TOPIC" + AUTHORIZATION_TOPIC: "common-kafka.AUTHORIZATION_TOPIC" + CATALOG_TOPIC: "common-kafka.CATALOG_TOPIC" + DELEGATION_TOPIC: "common-kafka.DELEGATION_TOPIC" + PURPOSE_TOPIC: "common-kafka.PURPOSE_TOPIC" + KAFKA_BROKERS: "common-kafka.KAFKA_BROKERS" + SAFE_STORAGE_BASE_URL: "common-safe-storage.BASE_URL" + SAFE_STORAGE_DOC_TYPE: "common-safe-storage.DOC_TYPE" + SAFE_STORAGE_DOC_STATUS: "common-safe-storage.DOC_STATUS" + SIGNATURE_REFERENCES_TABLE_NAME: "common-safe-storage.LIVE_REQUESTS_DYNAMO_TABLE_NAME" + + envFromSecrets: + SAFE_STORAGE_API_KEY: "safe-storage-signing-credentials.password" + + envFromFieldRef: + AWS_ROLE_SESSION_NAME: "metadata.name" + KAFKA_CLIENT_ID: "metadata.name" diff --git a/microservices/signed-objects-persister/qa/values.yaml b/microservices/signed-objects-persister/qa/values.yaml new file mode 100644 index 00000000..81b06d29 --- /dev/null +++ b/microservices/signed-objects-persister/qa/values.yaml @@ -0,0 +1,40 @@ +name: interop-be-signed-objects-persister +techStack: nodejs + +serviceAccount: + roleArn: "arn:aws:iam::{{.Values.local.awsAccountId}}:role/interop-be-signed-objects-persister-{{.Values.local.env}}-es1" + +service: + create: false + +configmap: + SERVICE_NAME: "signed-objects-persister" + SQS_MAX_NUMBER_OF_MSGS: "5" + SQS_LONG_POLL_WAIT_TIME_SECONDS: "20" + SQS_VISIBILITY_TIMEOUT_SECONDS: "20" + S3_BUCKET_SIGNED_DOCUMENTS: "interop-signed-application-documents-{{.Values.local.env}}-es1" + S3_BUCKET_EVENTS: "interop-signed-domain-events-{{.Values.local.env}}-es1" + S3_BUCKET_AUDIT: "interop-signed-jwt-audit-{{.Values.local.env}}-es1" + SQS_URL: "https://sqs.eu-south-1.amazonaws.com/{{.Values.local.awsAccountId}}/interop-safe-storage-completed-tasks-{{.Values.namespace}}" + SAFE_STORAGE_CLIENT_ID: "interop-{{.Values.namespace}}-signed-objects-persister" + INTERNAL_JWT_KID: "{{.Values.local.interop_be_commons.RSA_KEYS_IDENTIFIERS}}" + INTERNAL_JWT_SUBJECT: "{{.Values.namespace}}.interop-signed-objects-persister" + INTERNAL_JWT_ISSUER: "{{.Values.namespace}}.interop.pagopa.it" + INTERNAL_JWT_AUDIENCE: "{{.Values.namespace}}.interop.pagopa.it/internal" + INTERNAL_JWT_SECONDS_DURATION: "3600" + +deployment: + envFromConfigmaps: + SAFE_STORAGE_BASE_URL: "common-safe-storage.BASE_URL" + SAFE_STORAGE_DOC_TYPE: "common-safe-storage.DOC_TYPE" + SAFE_STORAGE_DOC_STATUS: "common-safe-storage.DOC_STATUS" + SIGNATURE_REFERENCES_TABLE_NAME: "common-safe-storage.LIVE_REQUESTS_DYNAMO_TABLE_NAME" + AGREEMENT_PROCESS_URL: "common-services-urls.AGREEMENT_PROCESS_URL" + DELEGATION_PROCESS_URL: "common-services-urls.DELEGATION_PROCESS_URL" + PURPOSE_PROCESS_URL: "common-services-urls.PURPOSE_PROCESS_URL" + + envFromSecrets: + SAFE_STORAGE_API_KEY: "safe-storage-signing-credentials.password" + + envFromFieldRef: + AWS_ROLE_SESSION_NAME: "metadata.name" From 46855ba24ba1839215f4b2717b2c8c86dc077bb0 Mon Sep 17 00:00:00 2001 From: Marco Vit Date: Fri, 21 Nov 2025 14:25:35 +0100 Subject: [PATCH 02/15] fix: do not change migration version; correction to last merge --- .../flyway-readmodel-agreement-configmap.yaml | 13 +++++++------ ...yway-readmodel-attribute-registry-configmap.yaml | 10 +++++----- .../flyway-readmodel-catalog-configmap.yaml | 10 +++++----- .../flyway-readmodel-delegation-configmap.yaml | 12 ++++++------ .../flyway-readmodel-tenant-configmap.yaml | 10 +++++----- 5 files changed, 28 insertions(+), 27 deletions(-) diff --git a/commons/qa/configmaps/flyway-readmodel-agreement-configmap.yaml b/commons/qa/configmaps/flyway-readmodel-agreement-configmap.yaml index 8c48b83c..0ec1c3a0 100644 --- a/commons/qa/configmaps/flyway-readmodel-agreement-configmap.yaml +++ b/commons/qa/configmaps/flyway-readmodel-agreement-configmap.yaml @@ -121,15 +121,11 @@ data: GRANT USAGE ON SCHEMA "${NAMESPACE}_agreement" to "${NAMESPACE}_token_generation_readmodel_checker_user"; GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_agreement" TO "${NAMESPACE}_token_generation_readmodel_checker_user"; - V1.2__Grant_Access_DocumentsGenerator_Agreement.sql: |- - GRANT USAGE ON SCHEMA "${NAMESPACE}_agreement" to "${NAMESPACE}_documents_generator_user"; - GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_agreement" TO "${NAMESPACE}_documents_generator_user"; - - V1.3__Grant_Access_PurposeTemplateProcess_Agreement.sql: |- + V1.2__Grant_Access_PurposeTemplateProcess_Agreement.sql: |- GRANT USAGE ON SCHEMA "${NAMESPACE}_agreement" to "${NAMESPACE}_purpose_template_process_user"; GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_agreement" TO "${NAMESPACE}_purpose_template_process_user"; - V1.4__Add_Archiviazione_Documentale_signed_contract_table.sql: |- + V1.3__Add_Archiviazione_Documentale_signed_contract_table.sql: |- CREATE TABLE IF NOT EXISTS "${NAMESPACE}_agreement".agreement_signed_contract ( id UUID, agreement_id UUID UNIQUE NOT NULL REFERENCES "${NAMESPACE}_agreement".agreement (id) ON DELETE CASCADE, @@ -157,3 +153,8 @@ data: GRANT SELECT ON TABLE "${NAMESPACE}_agreement".agreement_signed_contract TO "${NAMESPACE}_notification_email_sender_user"; GRANT SELECT ON TABLE "${NAMESPACE}_agreement".agreement_signed_contract TO "${NAMESPACE}_token_generation_readmodel_checker_user"; GRANT SELECT ON TABLE "${NAMESPACE}_agreement".agreement_signed_contract TO "${NAMESPACE}_purpose_template_process_user"; + + V1.4__Grant_Access_DocumentsGenerator_Agreement.sql: |- + GRANT USAGE ON SCHEMA "${NAMESPACE}_agreement" to "${NAMESPACE}_documents_generator_user"; + GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_agreement" TO "${NAMESPACE}_documents_generator_user"; + \ No newline at end of file diff --git a/commons/qa/configmaps/flyway-readmodel-attribute-registry-configmap.yaml b/commons/qa/configmaps/flyway-readmodel-attribute-registry-configmap.yaml index 126bc2c1..c13a9a2b 100644 --- a/commons/qa/configmaps/flyway-readmodel-attribute-registry-configmap.yaml +++ b/commons/qa/configmaps/flyway-readmodel-attribute-registry-configmap.yaml @@ -50,10 +50,10 @@ data: GRANT USAGE ON SCHEMA "${NAMESPACE}_attribute" to "${NAMESPACE}_ivass_certified_attributes_importer_user"; GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_attribute" TO "${NAMESPACE}_ivass_certified_attributes_importer_user"; - V1.2__Grant_Access_DocumentsGenerator_Attribute.sql: |- - GRANT USAGE ON SCHEMA "${NAMESPACE}_attribute" to "${NAMESPACE}_documents_generator_user"; - GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_attribute" TO "${NAMESPACE}_documents_generator_user"; - - V1.3__Grant_Access_PurposeTemplateProcess_Attribute.sql: |- + V1.2__Grant_Access_PurposeTemplateProcess_Attribute.sql: |- GRANT USAGE ON SCHEMA "${NAMESPACE}_attribute" to "${NAMESPACE}_purpose_template_process_user"; GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_attribute" TO "${NAMESPACE}_purpose_template_process_user"; + + V1.3__Grant_Access_DocumentsGenerator_Attribute.sql: |- + GRANT USAGE ON SCHEMA "${NAMESPACE}_attribute" to "${NAMESPACE}_documents_generator_user"; + GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_attribute" TO "${NAMESPACE}_documents_generator_user"; diff --git a/commons/qa/configmaps/flyway-readmodel-catalog-configmap.yaml b/commons/qa/configmaps/flyway-readmodel-catalog-configmap.yaml index 4f7eaecb..4028c9c2 100644 --- a/commons/qa/configmaps/flyway-readmodel-catalog-configmap.yaml +++ b/commons/qa/configmaps/flyway-readmodel-catalog-configmap.yaml @@ -207,10 +207,10 @@ data: V1.2__Add_Column_PersonalData_EService.sql: |- ALTER TABLE IF EXISTS "${NAMESPACE}_catalog".eservice ADD COLUMN IF NOT EXISTS personal_data BOOLEAN; - V1.3__Grant_Access_DocumentsGenerator_Catalog.sql: |- - GRANT USAGE ON SCHEMA "${NAMESPACE}_catalog" to "${NAMESPACE}_documents_generator_user"; - GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_catalog" TO "${NAMESPACE}_documents_generator_user"; - - V1.4__Grant_Access_PurposeTemplateProcess_Catalog.sql: |- + V1.3__Grant_Access_PurposeTemplateProcess_Catalog.sql: |- GRANT USAGE ON SCHEMA "${NAMESPACE}_catalog" to "${NAMESPACE}_purpose_template_process_user"; GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_catalog" TO "${NAMESPACE}_purpose_template_process_user"; + + V1.4__Grant_Access_DocumentsGenerator_Catalog.sql: |- + GRANT USAGE ON SCHEMA "${NAMESPACE}_catalog" to "${NAMESPACE}_documents_generator_user"; + GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_catalog" TO "${NAMESPACE}_documents_generator_user"; diff --git a/commons/qa/configmaps/flyway-readmodel-delegation-configmap.yaml b/commons/qa/configmaps/flyway-readmodel-delegation-configmap.yaml index a8d49650..6eb398d4 100644 --- a/commons/qa/configmaps/flyway-readmodel-delegation-configmap.yaml +++ b/commons/qa/configmaps/flyway-readmodel-delegation-configmap.yaml @@ -77,15 +77,11 @@ data: GRANT USAGE ON SCHEMA "${NAMESPACE}_delegation" TO "${NAMESPACE}_datalake_data_export_user"; GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_delegation" TO "${NAMESPACE}_datalake_data_export_user"; - V1.2__Grant_Access_DocumentsGenerator_Delegation.sql: |- - GRANT USAGE ON SCHEMA "${NAMESPACE}_delegation" TO "${NAMESPACE}_documents_generator_user"; - GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_delegation" TO "${NAMESPACE}_documents_generator_user"; - - V1.3__Grant_Access_PurposeTemplateProcess_Delegation.sql: |- + V1.2__Grant_Access_PurposeTemplateProcess_Delegation.sql: |- GRANT USAGE ON SCHEMA "${NAMESPACE}_delegation" TO "${NAMESPACE}_purpose_template_process_user"; GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_delegation" TO "${NAMESPACE}_purpose_template_process_user"; - V1.4__Add_Archiviazione_Documentale_signed_contract_table.sql: |- + V1.3__Add_Archiviazione_Documentale_signed_contract_table.sql: |- CREATE TABLE IF NOT EXISTS "${NAMESPACE}_delegation".delegation_signed_contract_document ( id UUID, delegation_id UUID NOT NULL REFERENCES "${NAMESPACE}_delegation".delegation (id) ON DELETE CASCADE, @@ -111,3 +107,7 @@ data: GRANT SELECT ON TABLE "${NAMESPACE}_delegation".delegation_signed_contract_document TO "${NAMESPACE}_tenant_process_user"; GRANT SELECT ON TABLE "${NAMESPACE}_delegation".delegation_signed_contract_document TO "${NAMESPACE}_datalake_data_export_user"; GRANT SELECT ON TABLE "${NAMESPACE}_delegation".delegation_signed_contract_document TO "${NAMESPACE}_purpose_template_process_user"; + + V1.4__Grant_Access_DocumentsGenerator_Delegation.sql: |- + GRANT USAGE ON SCHEMA "${NAMESPACE}_delegation" TO "${NAMESPACE}_documents_generator_user"; + GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_delegation" TO "${NAMESPACE}_documents_generator_user"; diff --git a/commons/qa/configmaps/flyway-readmodel-tenant-configmap.yaml b/commons/qa/configmaps/flyway-readmodel-tenant-configmap.yaml index 758d9819..598705af 100644 --- a/commons/qa/configmaps/flyway-readmodel-tenant-configmap.yaml +++ b/commons/qa/configmaps/flyway-readmodel-tenant-configmap.yaml @@ -186,10 +186,10 @@ data: GRANT USAGE ON SCHEMA "${NAMESPACE}_tenant" to "${NAMESPACE}_selfcare_client_users_updater_user"; GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_tenant" TO "${NAMESPACE}_selfcare_client_users_updater_user"; - V1.2__Grant_Access_DocumentsGenerator_Tenant.sql: |- - GRANT USAGE ON SCHEMA "${NAMESPACE}_tenant" to "${NAMESPACE}_documents_generator_user"; - GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_tenant" TO "${NAMESPACE}_documents_generator_user"; - - V1.3__Grant_Access_PurposeTemplateProcess_Tenant.sql: |- + V1.2__Grant_Access_PurposeTemplateProcess_Tenant.sql: |- GRANT USAGE ON SCHEMA "${NAMESPACE}_tenant" to "${NAMESPACE}_purpose_template_process_user"; GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_tenant" TO "${NAMESPACE}_purpose_template_process_user"; + + V1.3__Grant_Access_DocumentsGenerator_Tenant.sql: |- + GRANT USAGE ON SCHEMA "${NAMESPACE}_tenant" to "${NAMESPACE}_documents_generator_user"; + GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_tenant" TO "${NAMESPACE}_documents_generator_user"; From 07ad8f830ff57321b80a7d6306f2c15fc5329b50 Mon Sep 17 00:00:00 2001 From: Marco Vit Date: Fri, 21 Nov 2025 14:53:35 +0100 Subject: [PATCH 03/15] fix: move feature flags definitions in the right container --- microservices/agreement-process/qa/values.yaml | 2 +- microservices/delegation-process/qa/values.yaml | 2 +- microservices/purpose-process/qa/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/microservices/agreement-process/qa/values.yaml b/microservices/agreement-process/qa/values.yaml index 3977c4de..ee3fec77 100644 --- a/microservices/agreement-process/qa/values.yaml +++ b/microservices/agreement-process/qa/values.yaml @@ -24,7 +24,6 @@ deployment: FLYWAY_PLACEHOLDER_REPLACEMENT: "true" FLYWAY_URL: jdbc:postgresql://$(POSTGRES_HOST):$(POSTGRES_PORT)/$(POSTGRES_DB) envFromConfigmaps: - FEATURE_FLAG_AGREEMENTS_CONTRACT_BUILDER: "common-feature-flags.FEATURE_FLAG_AGREEMENTS_CONTRACT_BUILDER" FLYWAY_SCHEMAS: "{{.Values.name}}.EVENTSTORE_DB_SCHEMA" FLYWAY_PLACEHOLDERS_APPLICATIONSCHEMA: "{{.Values.name}}.EVENTSTORE_DB_SCHEMA" POSTGRES_DB: "common-event-store.EVENTSTORE_DB_NAME" @@ -45,6 +44,7 @@ deployment: AWS_ROLE_SESSION_NAME: "metadata.name" PRODUCER_KAFKA_CLIENT_ID: "metadata.name" envFromConfigmaps: + FEATURE_FLAG_AGREEMENTS_CONTRACT_BUILDER: "common-feature-flags.FEATURE_FLAG_AGREEMENTS_CONTRACT_BUILDER" WELL_KNOWN_URLS: "common-jwt.WELL_KNOWN_URLS" SELFCARE_V2_URL: "common-selfcare.SELFCARE_V2_URL" EVENTSTORE_DB_HOST: "common-event-store.EVENTSTORE_DB_HOST" diff --git a/microservices/delegation-process/qa/values.yaml b/microservices/delegation-process/qa/values.yaml index 50a96525..7f8c1abd 100644 --- a/microservices/delegation-process/qa/values.yaml +++ b/microservices/delegation-process/qa/values.yaml @@ -24,7 +24,6 @@ deployment: FLYWAY_PLACEHOLDER_REPLACEMENT: "true" FLYWAY_URL: jdbc:postgresql://$(POSTGRES_HOST):$(POSTGRES_PORT)/$(POSTGRES_DB) envFromConfigmaps: - FEATURE_FLAG_DELEGATIONS_CONTRACT_BUILDER: "common-feature-flags.FEATURE_FLAG_DELEGATIONS_CONTRACT_BUILDER" FLYWAY_SCHEMAS: "{{.Values.name}}.EVENTSTORE_DB_SCHEMA" FLYWAY_PLACEHOLDERS_APPLICATIONSCHEMA: "{{.Values.name}}.EVENTSTORE_DB_SCHEMA" POSTGRES_HOST: "common-event-store.EVENTSTORE_DB_HOST" @@ -45,6 +44,7 @@ deployment: AWS_ROLE_SESSION_NAME: "metadata.name" PRODUCER_KAFKA_CLIENT_ID: "metadata.name" envFromConfigmaps: + FEATURE_FLAG_DELEGATIONS_CONTRACT_BUILDER: "common-feature-flags.FEATURE_FLAG_DELEGATIONS_CONTRACT_BUILDER" WELL_KNOWN_URLS: "common-jwt.WELL_KNOWN_URLS" EVENTSTORE_DB_HOST: "common-event-store.EVENTSTORE_DB_HOST" EVENTSTORE_DB_NAME: "common-event-store.EVENTSTORE_DB_NAME" diff --git a/microservices/purpose-process/qa/values.yaml b/microservices/purpose-process/qa/values.yaml index 78e82f1e..126885ca 100644 --- a/microservices/purpose-process/qa/values.yaml +++ b/microservices/purpose-process/qa/values.yaml @@ -23,7 +23,6 @@ deployment: FLYWAY_PLACEHOLDER_REPLACEMENT: "true" FLYWAY_URL: jdbc:postgresql://$(POSTGRES_HOST):$(POSTGRES_PORT)/$(POSTGRES_DB) envFromConfigmaps: - FEATURE_FLAG_PURPOSES_CONTRACT_BUILDER: "common-feature-flags.FEATURE_FLAG_PURPOSES_CONTRACT_BUILDER" FLYWAY_SCHEMAS: "{{.Values.name}}.EVENTSTORE_DB_SCHEMA" FLYWAY_PLACEHOLDERS_APPLICATIONSCHEMA: "{{.Values.name}}.EVENTSTORE_DB_SCHEMA" POSTGRES_HOST: "common-event-store.EVENTSTORE_DB_HOST" @@ -44,6 +43,7 @@ deployment: AWS_ROLE_SESSION_NAME: "metadata.name" PRODUCER_KAFKA_CLIENT_ID: "metadata.name" envFromConfigmaps: + FEATURE_FLAG_PURPOSES_CONTRACT_BUILDER: "common-feature-flags.FEATURE_FLAG_PURPOSES_CONTRACT_BUILDER" WELL_KNOWN_URLS: "common-jwt.WELL_KNOWN_URLS" EVENTSTORE_DB_HOST: "common-event-store.EVENTSTORE_DB_HOST" EVENTSTORE_DB_NAME: "common-event-store.EVENTSTORE_DB_NAME" From c369003d6897b56172cc614b3379eaf5836f8b2c Mon Sep 17 00:00:00 2001 From: Marco Vit Date: Wed, 26 Nov 2025 13:00:55 +0100 Subject: [PATCH 04/15] fix: Remove duplicated env entry, duplicated by merge --- microservices/agreement-process/qa/values.yaml | 1 - microservices/delegation-process/qa/values.yaml | 1 - microservices/purpose-process/qa/values.yaml | 1 - 3 files changed, 3 deletions(-) diff --git a/microservices/agreement-process/qa/values.yaml b/microservices/agreement-process/qa/values.yaml index 805f0dfa..94c4ce9f 100644 --- a/microservices/agreement-process/qa/values.yaml +++ b/microservices/agreement-process/qa/values.yaml @@ -44,7 +44,6 @@ deployment: AWS_ROLE_SESSION_NAME: "metadata.name" PRODUCER_KAFKA_CLIENT_ID: "metadata.name" envFromConfigmaps: - FEATURE_FLAG_AGREEMENTS_CONTRACT_BUILDER: "common-feature-flags.FEATURE_FLAG_AGREEMENTS_CONTRACT_BUILDER" WELL_KNOWN_URLS: "common-jwt.WELL_KNOWN_URLS" SELFCARE_V2_URL: "common-selfcare.SELFCARE_V2_URL" EVENTSTORE_DB_HOST: "common-event-store.EVENTSTORE_DB_HOST" diff --git a/microservices/delegation-process/qa/values.yaml b/microservices/delegation-process/qa/values.yaml index e93ce43f..c78d66ea 100644 --- a/microservices/delegation-process/qa/values.yaml +++ b/microservices/delegation-process/qa/values.yaml @@ -44,7 +44,6 @@ deployment: AWS_ROLE_SESSION_NAME: "metadata.name" PRODUCER_KAFKA_CLIENT_ID: "metadata.name" envFromConfigmaps: - FEATURE_FLAG_DELEGATIONS_CONTRACT_BUILDER: "common-feature-flags.FEATURE_FLAG_DELEGATIONS_CONTRACT_BUILDER" WELL_KNOWN_URLS: "common-jwt.WELL_KNOWN_URLS" EVENTSTORE_DB_HOST: "common-event-store.EVENTSTORE_DB_HOST" EVENTSTORE_DB_NAME: "common-event-store.EVENTSTORE_DB_NAME" diff --git a/microservices/purpose-process/qa/values.yaml b/microservices/purpose-process/qa/values.yaml index c260d6fc..193d4f25 100644 --- a/microservices/purpose-process/qa/values.yaml +++ b/microservices/purpose-process/qa/values.yaml @@ -43,7 +43,6 @@ deployment: AWS_ROLE_SESSION_NAME: "metadata.name" PRODUCER_KAFKA_CLIENT_ID: "metadata.name" envFromConfigmaps: - FEATURE_FLAG_PURPOSES_CONTRACT_BUILDER: "common-feature-flags.FEATURE_FLAG_PURPOSES_CONTRACT_BUILDER" WELL_KNOWN_URLS: "common-jwt.WELL_KNOWN_URLS" EVENTSTORE_DB_HOST: "common-event-store.EVENTSTORE_DB_HOST" EVENTSTORE_DB_NAME: "common-event-store.EVENTSTORE_DB_NAME" From 8cf4b6ee926ac04c9e89a2a25769b650c4c323b5 Mon Sep 17 00:00:00 2001 From: Marco Vit Date: Wed, 26 Nov 2025 13:01:58 +0100 Subject: [PATCH 05/15] feature: redirect B.f.F. to signed documents bucket --- microservices/backend-for-frontend/qa/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/microservices/backend-for-frontend/qa/values.yaml b/microservices/backend-for-frontend/qa/values.yaml index e7ccc3fb..2f8dbd30 100644 --- a/microservices/backend-for-frontend/qa/values.yaml +++ b/microservices/backend-for-frontend/qa/values.yaml @@ -26,11 +26,11 @@ configmap: INTERNAL_JWT_SUBJECT: "{{.Values.namespace}}.interop-m2m" INTERNAL_JWT_AUDIENCE: "{{.Values.namespace}}.interop.pagopa.it/internal" INTERNAL_JWT_SECONDS_DURATION: "3600" - CONSUMER_DOCUMENTS_CONTAINER: "interop-application-documents-{{.Values.namespace}}-es1" + CONSUMER_DOCUMENTS_CONTAINER: "interop-signed-application-documents-{{.Values.namespace}}-es1" CONSUMER_DOCUMENTS_PATH: "{{.Values.namespace}}/agreement/consumer-docs" ESERVICE_DOCUMENTS_CONTAINER: "interop-application-documents-{{.Values.namespace}}-es1" ESERVICE_DOCUMENTS_PATH: "eservices/docs" - RISK_ANALYSIS_DOCUMENTS_CONTAINER: "interop-application-documents-{{.Values.namespace}}-es1" + RISK_ANALYSIS_DOCUMENTS_CONTAINER: "interop-signed-application-documents-{{.Values.namespace}}-es1" RISK_ANALYSIS_DOCUMENTS_PATH: "{{.Values.namespace}}/risk-analysis/docs" PURPOSE_TEMPLATE_DOCUMENTS_CONTAINER: "interop-application-documents-{{.Values.namespace}}-es1" PURPOSE_TEMPLATE_DOCUMENTS_PATH: "{{.Values.namespace}}/purpose-template/docs" @@ -61,7 +61,7 @@ configmap: PRESIGNED_URL_PUT_DURATION_MINUTES: "2" PAGOPA_TENANT_ID: "69e2865e-65ab-4e48-a638-2037a9ee2ee7" INTEROP_SELFCARE_PRODUCT_NAME: "prod-interop-coll" - DELEGATION_CONTRACTS_CONTAINER: "interop-application-documents-{{.Values.namespace}}-es1" + DELEGATION_CONTRACTS_CONTAINER: "interop-signed-application-documents-{{.Values.namespace}}-es1" ESERVICE_TEMPLATE_DOCUMENTS_CONTAINER: "interop-application-documents-{{.Values.namespace}}-es1" ESERVICE_TEMPLATE_DOCUMENTS_PATH: "eservice-template/docs" BFF_SWAGGER_UI_ENABLED: true From 96e74603b692b5c326a865897fde1112365dc82c Mon Sep 17 00:00:00 2001 From: Marco Vit Date: Wed, 26 Nov 2025 15:54:14 +0100 Subject: [PATCH 06/15] feature: stop process document generation to activate documents-generation process --- commons/qa/configmaps/feature-flags-configmap.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/commons/qa/configmaps/feature-flags-configmap.yaml b/commons/qa/configmaps/feature-flags-configmap.yaml index a578fb65..a57b8a87 100644 --- a/commons/qa/configmaps/feature-flags-configmap.yaml +++ b/commons/qa/configmaps/feature-flags-configmap.yaml @@ -8,11 +8,11 @@ data: FEATURE_FLAG_ADMIN_CLIENT: "true" FEATURE_FLAG_SIGNALHUB_WHITELIST: "false" FEATURE_FLAG_AGREEMENT_APPROVAL_POLICY_UPDATE: "true" - FEATURE_FLAG_AGREEMENTS_CONTRACT_BUILDER: "true" + FEATURE_FLAG_AGREEMENTS_CONTRACT_BUILDER: "false" FEATURE_FLAG_CLIENT_ASSERTION_STRICT_CLAIMS_VALIDATION: "true" - FEATURE_FLAG_DELEGATIONS_CONTRACT_BUILDER: "true" + FEATURE_FLAG_DELEGATIONS_CONTRACT_BUILDER: "false" FEATURE_FLAG_IMPROVED_PRODUCER_VERIFICATION_CLAIMS: "true" FEATURE_FLAG_NOTIFICATION_CONFIG: "false" FEATURE_FLAG_PURPOSE_TEMPLATE: "true" - FEATURE_FLAG_PURPOSES_CONTRACT_BUILDER: "true" + FEATURE_FLAG_PURPOSES_CONTRACT_BUILDER: "false" FEATURE_FLAG_ESERVICE_PERSONAL_DATA: "true" From b3a4a83139d4d0b929542d8a7d251bd1c2fbd031 Mon Sep 17 00:00:00 2001 From: Marco Vit Date: Thu, 27 Nov 2025 09:31:21 +0100 Subject: [PATCH 07/15] set FEATURE_FLAG_USE_SIGNED_DOCUMENT into QA env --- commons/qa/configmaps/feature-flags-configmap.yaml | 1 + microservices/backend-for-frontend/qa/values.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/commons/qa/configmaps/feature-flags-configmap.yaml b/commons/qa/configmaps/feature-flags-configmap.yaml index a57b8a87..793a0e5e 100644 --- a/commons/qa/configmaps/feature-flags-configmap.yaml +++ b/commons/qa/configmaps/feature-flags-configmap.yaml @@ -16,3 +16,4 @@ data: FEATURE_FLAG_PURPOSE_TEMPLATE: "true" FEATURE_FLAG_PURPOSES_CONTRACT_BUILDER: "false" FEATURE_FLAG_ESERVICE_PERSONAL_DATA: "true" + FEATURE_FLAG_USE_SIGNED_DOCUMENT: "true" diff --git a/microservices/backend-for-frontend/qa/values.yaml b/microservices/backend-for-frontend/qa/values.yaml index 2f8dbd30..b4d31be8 100644 --- a/microservices/backend-for-frontend/qa/values.yaml +++ b/microservices/backend-for-frontend/qa/values.yaml @@ -100,6 +100,7 @@ deployment: FEATURE_FLAG_CLIENT_ASSERTION_STRICT_CLAIMS_VALIDATION: "common-feature-flags.FEATURE_FLAG_CLIENT_ASSERTION_STRICT_CLAIMS_VALIDATION" FEATURE_FLAG_NOTIFICATION_CONFIG: "common-feature-flags.FEATURE_FLAG_NOTIFICATION_CONFIG" FEATURE_FLAG_PURPOSE_TEMPLATE: "common-feature-flags.FEATURE_FLAG_PURPOSE_TEMPLATE" + FEATURE_FLAG_USE_SIGNED_DOCUMENT: "common-feature-flags.FEATURE_FLAG_USE_SIGNED_DOCUMENT" envFromSecrets: SAML_PUBLIC_KEY: "support-saml.SUPPORT_SAML_PUBLIC_KEY" SELFCARE_V2_API_KEY: "selfcare-v2.SELFCARE_V2_API_KEY" From 5d409b7c38e9172eac6294d337a45f8f8b2dc97c Mon Sep 17 00:00:00 2001 From: Marco Vit Date: Thu, 27 Nov 2025 09:40:21 +0100 Subject: [PATCH 08/15] fix: remove unused batching related variables from QA env of documents-generator and documents-signer microservices --- microservices/documents-generator/qa/values.yaml | 3 --- microservices/documents-signer/qa/values.yaml | 5 +---- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/microservices/documents-generator/qa/values.yaml b/microservices/documents-generator/qa/values.yaml index 98121c9e..8cf66317 100644 --- a/microservices/documents-generator/qa/values.yaml +++ b/microservices/documents-generator/qa/values.yaml @@ -10,9 +10,6 @@ service: configmap: KAFKA_GROUP_ID: "{{.Values.local.env}}-documents-generator" TOPIC_STARTING_OFFSET: "earliest" - AVERAGE_KAFKA_MESSAGE_SIZE_IN_BYTES: "5000" - MESSAGES_TO_READ_PER_BATCH: "500" - MAX_WAIT_KAFKA_BATCH_MILLIS: "5000" S3_BUCKET: "interop-application-documents-{{.Values.local.env}}-es1" DELEGATION_DOCUMENT_PATH: "{{.Values.namespace}}/generated-documents-unsigned/delegation" AGREEMENT_DOCUMENT_PATH: "{{.Values.namespace}}/generated-documents-unsigned/agreement" diff --git a/microservices/documents-signer/qa/values.yaml b/microservices/documents-signer/qa/values.yaml index 84b08383..0cc66234 100644 --- a/microservices/documents-signer/qa/values.yaml +++ b/microservices/documents-signer/qa/values.yaml @@ -12,9 +12,6 @@ configmap: SAFE_STORAGE_CLIENT_ID: "interop-{{.Values.namespace}}-documents-signer" KAFKA_GROUP_ID: "{{.Values.local.env}}-documents-signer" TOPIC_STARTING_OFFSET: "earliest" - AVERAGE_KAFKA_MESSAGE_SIZE_IN_BYTES: "5000" - MESSAGES_TO_READ_PER_BATCH: "500" - MAX_WAIT_KAFKA_BATCH_MILLIS: "5000" S3_BUCKET: "interop-application-documents-{{.Values.local.env}}-es1" deployment: @@ -32,7 +29,7 @@ deployment: envFromSecrets: SAFE_STORAGE_API_KEY: "safe-storage-signing-credentials.password" - + envFromFieldRef: AWS_ROLE_SESSION_NAME: "metadata.name" KAFKA_CLIENT_ID: "metadata.name" From ef03d777161316e1d127b1c0ee7dc964f1017d03 Mon Sep 17 00:00:00 2001 From: Marco Vit Date: Fri, 28 Nov 2025 17:06:18 +0100 Subject: [PATCH 09/15] fix: PIN-8650 add new env variables for signed documents bucket --- microservices/backend-for-frontend/qa/values.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/microservices/backend-for-frontend/qa/values.yaml b/microservices/backend-for-frontend/qa/values.yaml index b4d31be8..1c263497 100644 --- a/microservices/backend-for-frontend/qa/values.yaml +++ b/microservices/backend-for-frontend/qa/values.yaml @@ -26,11 +26,13 @@ configmap: INTERNAL_JWT_SUBJECT: "{{.Values.namespace}}.interop-m2m" INTERNAL_JWT_AUDIENCE: "{{.Values.namespace}}.interop.pagopa.it/internal" INTERNAL_JWT_SECONDS_DURATION: "3600" - CONSUMER_DOCUMENTS_CONTAINER: "interop-signed-application-documents-{{.Values.namespace}}-es1" + CONSUMER_DOCUMENTS_CONTAINER: "interop-application-documents-{{.Values.namespace}}-es1" + CONSUMER_SIGNED_DOCUMENTS_CONTAINER: "interop-signed-application-documents-{{.Values.namespace}}-es1" CONSUMER_DOCUMENTS_PATH: "{{.Values.namespace}}/agreement/consumer-docs" ESERVICE_DOCUMENTS_CONTAINER: "interop-application-documents-{{.Values.namespace}}-es1" ESERVICE_DOCUMENTS_PATH: "eservices/docs" - RISK_ANALYSIS_DOCUMENTS_CONTAINER: "interop-signed-application-documents-{{.Values.namespace}}-es1" + RISK_ANALYSIS_DOCUMENTS_CONTAINER: "interop-application-documents-{{.Values.namespace}}-es1" + RISK_ANALYSIS_SIGNED_DOCUMENTS_CONTAINER: "interop-signed-application-documents-{{.Values.namespace}}-es1" RISK_ANALYSIS_DOCUMENTS_PATH: "{{.Values.namespace}}/risk-analysis/docs" PURPOSE_TEMPLATE_DOCUMENTS_CONTAINER: "interop-application-documents-{{.Values.namespace}}-es1" PURPOSE_TEMPLATE_DOCUMENTS_PATH: "{{.Values.namespace}}/purpose-template/docs" @@ -61,7 +63,8 @@ configmap: PRESIGNED_URL_PUT_DURATION_MINUTES: "2" PAGOPA_TENANT_ID: "69e2865e-65ab-4e48-a638-2037a9ee2ee7" INTEROP_SELFCARE_PRODUCT_NAME: "prod-interop-coll" - DELEGATION_CONTRACTS_CONTAINER: "interop-signed-application-documents-{{.Values.namespace}}-es1" + DELEGATION_CONTRACTS_CONTAINER: "interop-application-documents-{{.Values.namespace}}-es1" + DELEGATION_SIGNED_CONTRACTS_CONTAINER: "interop-signed-application-documents-{{.Values.namespace}}-es1" ESERVICE_TEMPLATE_DOCUMENTS_CONTAINER: "interop-application-documents-{{.Values.namespace}}-es1" ESERVICE_TEMPLATE_DOCUMENTS_PATH: "eservice-template/docs" BFF_SWAGGER_UI_ENABLED: true From a7b2333f1667afc5c3c76cd871f82d29e091e94e Mon Sep 17 00:00:00 2001 From: Marco Vit Date: Mon, 1 Dec 2025 13:38:11 +0100 Subject: [PATCH 10/15] fix(document-archiving,PIN-7642): add FEATURE_FLAG_USE_SIGNED_DOCUMENT to frontend --- microservices/frontend/qa/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/microservices/frontend/qa/values.yaml b/microservices/frontend/qa/values.yaml index 835e23e8..a8e21864 100644 --- a/microservices/frontend/qa/values.yaml +++ b/microservices/frontend/qa/values.yaml @@ -34,6 +34,7 @@ frontend: SELFCARE_LOGIN_URL: "common-selfcare.SELFCARE_LOGIN_URL" WELL_KNOWN_URLS: "common-jwt.WELL_KNOWN_URLS" FEATURE_FLAG_ESERVICE_PERSONAL_DATA: "common-feature-flags.FEATURE_FLAG_ESERVICE_PERSONAL_DATA" + FEATURE_FLAG_USE_SIGNED_DOCUMENT: "common-feature-flags.FEATURE_FLAG_USE_SIGNED_DOCUMENT" nginx: default.conf: |- server { From 17d5937b356d78525109d777fbe9811dc990abc5 Mon Sep 17 00:00:00 2001 From: Marco Vit Date: Tue, 2 Dec 2025 17:38:22 +0100 Subject: [PATCH 11/15] fix(document-archiving,PIN-7642): fix some env var names: DELEGATION_DOCUMENT_PATH, AGREEMENT_DOCUMENT_PATH, RISK_ANALYSIS_DOCUMENT_PATH, become plurals (QA) --- microservices/delegation-process/qa/values.yaml | 2 +- microservices/documents-generator/qa/values.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/microservices/delegation-process/qa/values.yaml b/microservices/delegation-process/qa/values.yaml index c78d66ea..099f66a8 100644 --- a/microservices/delegation-process/qa/values.yaml +++ b/microservices/delegation-process/qa/values.yaml @@ -12,7 +12,7 @@ configmap: EVENTSTORE_DB_SCHEMA: "{{.Values.namespace}}_delegation" ACCEPTED_AUDIENCES: "{{.Values.namespace}}.interop.pagopa.it/ui,{{.Values.namespace}}.interop.pagopa.it/m2m,{{.Values.namespace}}.interop.pagopa.it/internal" S3_BUCKET: "interop-application-documents-{{.Values.namespace}}-es1" - DELEGATION_DOCUMENT_PATH: "delegation" + DELEGATION_DOCUMENTS_PATH: "delegation" DELEGATIONS_ALLOWED_ORIGINS: "IPA" deployment: diff --git a/microservices/documents-generator/qa/values.yaml b/microservices/documents-generator/qa/values.yaml index 8cf66317..11f2ec91 100644 --- a/microservices/documents-generator/qa/values.yaml +++ b/microservices/documents-generator/qa/values.yaml @@ -11,9 +11,9 @@ configmap: KAFKA_GROUP_ID: "{{.Values.local.env}}-documents-generator" TOPIC_STARTING_OFFSET: "earliest" S3_BUCKET: "interop-application-documents-{{.Values.local.env}}-es1" - DELEGATION_DOCUMENT_PATH: "{{.Values.namespace}}/generated-documents-unsigned/delegation" - AGREEMENT_DOCUMENT_PATH: "{{.Values.namespace}}/generated-documents-unsigned/agreement" - RISK_ANALYSIS_DOCUMENT_PATH: "{{.Values.namespace}}/generated-documents-unsigned/risk-analysis" + DELEGATION_DOCUMENTS_PATH: "{{.Values.namespace}}/generated-documents-unsigned/delegation" + AGREEMENT_DOCUMENTS_PATH: "{{.Values.namespace}}/generated-documents-unsigned/agreement" + RISK_ANALYSIS_DOCUMENTS_PATH: "{{.Values.namespace}}/generated-documents-unsigned/risk-analysis" INTERNAL_JWT_KID: "{{.Values.local.interop_be_commons.RSA_KEYS_IDENTIFIERS}}" INTERNAL_JWT_SUBJECT: "{{.Values.namespace}}.interop-documents-generator" INTERNAL_JWT_ISSUER: "{{.Values.namespace}}.interop.pagopa.it" From 3ffa70615a2eb8655a2ccf5de0abc4e2ee91f654 Mon Sep 17 00:00:00 2001 From: Marco Vit Date: Wed, 3 Dec 2025 12:24:24 +0100 Subject: [PATCH 12/15] feature(document-archiving,PIN-7642): disable signed documents download; keep generation enabled, to handle background old documents generation --- commons/qa/configmaps/feature-flags-configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/commons/qa/configmaps/feature-flags-configmap.yaml b/commons/qa/configmaps/feature-flags-configmap.yaml index 793a0e5e..6fa7a1a4 100644 --- a/commons/qa/configmaps/feature-flags-configmap.yaml +++ b/commons/qa/configmaps/feature-flags-configmap.yaml @@ -16,4 +16,4 @@ data: FEATURE_FLAG_PURPOSE_TEMPLATE: "true" FEATURE_FLAG_PURPOSES_CONTRACT_BUILDER: "false" FEATURE_FLAG_ESERVICE_PERSONAL_DATA: "true" - FEATURE_FLAG_USE_SIGNED_DOCUMENT: "true" + FEATURE_FLAG_USE_SIGNED_DOCUMENT: "false" From 11a4f1e40cec074c0a6a34b4044039442a08254a Mon Sep 17 00:00:00 2001 From: Marco Vit Date: Wed, 3 Dec 2025 22:14:46 +0100 Subject: [PATCH 13/15] update image numbers --- commons/qa/images.yaml | 152 ++++++++++++++++++++--------------------- 1 file changed, 75 insertions(+), 77 deletions(-) diff --git a/commons/qa/images.yaml b/commons/qa/images.yaml index e2bc01f0..0b9f267b 100644 --- a/commons/qa/images.yaml +++ b/commons/qa/images.yaml @@ -1,172 +1,170 @@ images: microservices: agreement-outbound-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" agreement-platformstate-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" agreement-process: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" agreement-readmodel-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" agreement-readmodel-writer-sql: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" api-gateway: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" attribute-registry-process: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" attribute-registry-readmodel-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" attribute-registry-readmodel-writer-sql: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" audit-signer: - tag: "TBD" + tag: "2.11.0-RC1" authorization-management: tag: "1.0.18" authorization-platformstate-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" authorization-process: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" authorization-server: tag: "1.0.15" authorization-server-node: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" authorization-updater: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" backend-for-frontend: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" catalog-outbound-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" catalog-platformstate-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" catalog-process: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" catalog-readmodel-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" catalog-readmodel-writer-sql: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" certified-email-sender: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" client-purpose-updater: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" client-readmodel-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" client-readmodel-writer-sql: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" compute-agreements-consumer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" datalake-interface-exporter: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" delegation-items-archiver: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" delegation-outbound-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" delegation-process: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" delegation-readmodel-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" delegation-readmodel-writer-sql: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" documents-generator: - tag: "TBD" + tag: "2.11.0-RC1" documents-signer: - tag: "TBD" + tag: "2.11.0-RC1" eservice-descriptors-archiver: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" eservice-template-instances-updater: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" eservice-template-process: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" eservice-template-readmodel-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" eservice-template-readmodel-writer-sql: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" events-signer: - tag: "TBD" + tag: "2.11.0-RC1" frontend: - tag: "1.4.0-RC5" + tag: "1.5.0-RC1" key-readmodel-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" key-readmodel-writer-sql: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" m2m-event-dispatcher: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" m2m-event-manager: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" m2m-gateway: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" notification-email-sender: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" notifier: tag: "1.0.19" notifier-seeder: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" party-registry-proxy: tag: "1.0.15" producer-key-readmodel-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" producer-key-readmodel-writer-sql: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" producer-keychain-readmodel-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" producer-keychain-readmodel-writer-sql: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" purpose-platformstate-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" purpose-process: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" purpose-outbound-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" purpose-readmodel-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" purpose-readmodel-writer-sql: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" purpose-template-readmodel-writer-sql: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" purpose-template-process: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" redis: tag: "7.0.4" selfcare-client-users-updater: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" selfcare-onboarding-consumer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" ses-mock: tag: "20" signed-objects-persister: - tag: "TBD" + tag: "2.11.0-RC1" smtp-mock: tag: "1.10.4" tenant-outbound-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" tenant-process: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" tenant-readmodel-writer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" tenant-readmodel-writer-sql: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" token-details-persister-node: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" jobs: anac-certified-attributes-importer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" datalake-data-export: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" dtd-catalog-exporter: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" ipa-certified-attributes-importer: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" ivass-certified-attributes-importer: - tag: "2.10.0-RC7" - m2m-event-cleaner: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" one-trust-notices: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" pn-consumers: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" readmodel-checker: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" token-details-persister: tag: "1.0.32" token-generation-readmodel-checker: - tag: "2.10.0-RC7" + tag: "2.11.0-RC1" From f31332d363f0a65703123b8923044a6f8a954613 Mon Sep 17 00:00:00 2001 From: Marco Vit Date: Wed, 3 Dec 2025 22:19:44 +0100 Subject: [PATCH 14/15] fix: re-add m2m-event-cleaner job accidentally removed during merge --- commons/qa/images.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/commons/qa/images.yaml b/commons/qa/images.yaml index 0b9f267b..ea77ea48 100644 --- a/commons/qa/images.yaml +++ b/commons/qa/images.yaml @@ -158,6 +158,8 @@ images: tag: "2.11.0-RC1" ivass-certified-attributes-importer: tag: "2.11.0-RC1" + m2m-event-cleaner: + tag: "2.11.0-RC1" one-trust-notices: tag: "2.11.0-RC1" pn-consumers: From 5a8fdd2437d81d4721f188e7f5989d79cbc84679 Mon Sep 17 00:00:00 2001 From: Marco Vit Date: Thu, 4 Dec 2025 11:56:22 +0100 Subject: [PATCH 15/15] Upgrade frontend to RC2 --- commons/qa/images.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/commons/qa/images.yaml b/commons/qa/images.yaml index ea77ea48..f98aafec 100644 --- a/commons/qa/images.yaml +++ b/commons/qa/images.yaml @@ -83,7 +83,7 @@ images: events-signer: tag: "2.11.0-RC1" frontend: - tag: "1.5.0-RC1" + tag: "1.5.0-RC2" key-readmodel-writer: tag: "2.11.0-RC1" key-readmodel-writer-sql: