1. Cloud Native Deployment Guide
  2. Configuring and Deploying BRM Cloud Native
  3. Configuring REST Services

8 Configuring REST Services

Learn how to integrate external applications with your Oracle Communications Billing and Revenue Management (BRM) cloud native environment by using the BRM and PDC REST services.

Topics in this document:

Configuring BRM REST Services Manager

You use BRM REST Services Manager to integrate an external customer experience application with BRM. This allows you to manage billing and rating in BRM and then view your customers' account balances and bills in your external client. For more information, see REST Services Manager API for Billing and Revenue Management.

To configure BRM REST Services Manager in BRM cloud native:

  1. Generate an SSL certificate. See "Generating an SSL Certificate for BRM REST Services Manager".

  2. Optionally, configure the BRM REST Services Manager SDK. See "Configuring the SDK (Optional)".

  3. Configure the HTTPS port for Oracle Unified Directory. See "Configuring the Oracle Unified Directory HTTPS Port".

  4. If BRM and REST Services Manager are located in separate clusters, connect BRM REST Services Manager to BRM. See "Connecting to a Separate BRM Cluster".

  5. Override the BRM REST Services Manager-specific keys in the values.yaml file. See "Adding BRM REST Services Manager Keys".

Generating an SSL Certificate for BRM REST Services Manager

The following shows the steps for generating a sample SSL certificate:

  1. Create a directory named rsm_keystore under the oc-cn-helm-chart/rsm directory.

  2. Generate an SSL certificate. For example:

    openssl req -x509 -newkey rsa:4096 -keyout openSSLKey.pem -out cert.pem -days 365 -nodes

  3. Generate a PKCS12 KeyStore file. For example, this creates a KeyStore file named keystore.p12: 

    openssl pkcs12 -export -out keyStore.p12 -inkey openSSLKey.pem -in cert.pem

  4. Copy your SSL certificate file to the oc-cn-helm-chart/rsm/rsm_keystore directory.

Configuring the SDK (Optional)

To integrate the SDK with BRM REST Services Manager, generate an SDK image as follows:

  1. Copy your extended SDK JAR oc-cn-docker-files-15.0.x.0.0/oc-cn-docker-files/ocrsm/brm_rest_services_manager/SDK/libs to the oc-cn-docker-files-15.0.x.0.0/oc-cn-docker-files/ocrsm/brm_rest_services_manager/SDK directory.

    Note:

    The SDK JAR can be used directly from oc-cn-docker-files-15.0.x.0.0/oc-cn-docker-files/ocrsm/brm_rest_services_manager/SDK/libs if no changes are required. If you need to make further customizations, follow the instructions in REST Services Manager API for Billing and Revenue Management and then copy the updated SDK JAR to the oc-cn-docker-files-15.0.x.0.0/oc-cn-docker-files/ocrsm/brm_rest_services_manager/SDK directory.

  2. In your override-values.yaml file for oc-cn-helm-chart, set the ocrsm.rsm.configEnv.rsmExtensionJar key to the name of your extended SDK JAR file, such as BRMRESTExtension.jar.

  3. Go to the oc-cn-docker-files-15.0.x.0.0/oc-cn-docker-files/ocrsm/brm_rest_services_manager/SDK directory.

  4. Build the Podman image by running this command:

    podman build --format docker --tag imagerepo/brm-rest-services-manager-extension:1 .

  5. Push the SDK image to the repository by running this command:

    podman login --username user --password password imagerepo  
podman push imagerepo/brm-rest-services-manager-extension:1

Configuring the Oracle Unified Directory HTTPS Port

If an HTTPS port is used for Oracle Unified Directory, do the following:

  1. Create a directory named rsm_oud_keystore under the oc-cn-helm-chart/rsm directory.

  2. Copy the Oracle Unified Directory certificate to the oc-cn-helm-chart/rsm/rsm_oud_keystore directory.

Connecting to a Separate BRM Cluster

If BRM is located in a separate cluster from BRM REST Services Manager, do the following to connect BRM REST Services Manager to BRM:

  1. Open the configmap_env_brmrsm.yaml file in a text editor.

  2. Set BRM_HOST_NAME to the host name of the cluster on which BRM is located. The default value is cm.

  3. Save and close the file.

Adding BRM REST Services Manager Keys

Table 8-1 lists the keys that directly impact BRM REST Services Manager. Add these keys to your override-values.yaml file with the same path hierarchy.

Caution:

Keys with the path ocrsm.rsm.secretVal hold sensitive data. Handle them carefully with controlled access to the override file containing their values. Encode all of these values in Base64. See "Secrets" in Kubernetes Concepts.

Table 8-1 BRM REST Services Manager Keys

Key Path in Values.yaml File Description

isEnabled

ocrsm.rsm

The flag to indicate if BRM REST Services Manager should be deployed with BRM cloud native.

imageName

ocrsm.rsm.deployment

The name of the BRM REST Services Manager image, such as oracle/brm-rest-services-manager.

imageTag

ocrsm.rsm.deployment

The tag associated with the image, such as 15.0.0.0.0.

imageName

ocrsm.rsm.deployment.sdk

The name of the BRM REST Services Manager SDK image, such as brm-rest-services-manager-extension.

imageTag

ocrsm.rsm.deployment.sdk

The tag associated with the BRM Services Manager SDK image, such as 1.

httpPort

ocrsm.rsm.configEnv

The HTTP port in the container on which to deploy BRM REST Services Manager.

Note: Set this to a port number from 30000 through 32767 that is not in use.

httpsPort

ocrsm.rsm.configEnv

The HTTPS port in the container on which to deploy BRM REST Services Manager.

Note: Set this to a port number from 30000 through 32767 that is not in use.

tlsVersions

ocrsm.rsm.configEnv

(Release 15.0.1 or later) The list of TLS versions to support for connection with the WebLogic domain. List the version numbers in order, from lowest to highest, separated by a comma. For example: TLSv1.2, TLSv1.3.

rsmCertificateFileName

ocrsm.rsm.configEnv

The SSL certificate file name for BRM REST Services Manager.

baseURL

ocrsm.rsm.configEnv

The base URL with resource details to return in the response of BRM REST Services Manager requests.

Note: After deployment, you can update this value by editing your override-values.yaml file and then doing a Helm upgrade.

brmLogin

ocrsm.rsm.configEnv

The user name of the service with permission to access BRM, such as rsm.0.0.0.1.

brmServiceType

ocrsm.rsm.configEnv

The BRM service type, such as /service/admin_client.

brmServicePoidId

ocrsm.rsm.configEnv

The BRM service POID, such as 1.

brmSSLWalletFileName

ocrsm.rsm.configEnv

The BRM SSL wallet file name.

rsmExtensionJar

ocrsm.rsm.configEnv

The file name of the BRM REST Service Manager SDK JAR, such as BRMRESTExtension.jar.

bipURL

ocrsm.rsm.configEnv

The Oracle Analytics Publisher URL.

bipUserId

ocrsm.rsm.configEnv

The Oracle Analytics Publisher user ID.

securityEnabled

ocrsm.rsm.configEnv

The flag to indicate if token-based authentication is enabled for BRM REST Services Manager.

idcsURI

ocrsm.rsm.configEnv.idcs

The Oracle Identity Cloud Service (IDCS) URL.

clientID

ocrsm.rsm.configEnv.idcs

The IDCS client ID.

proxyHost

ocrsm.rsm.configEnv.idcs

The IDCS proxy host.

scopeAudience

ocrsm.rsm.configEnv.idcs

The primary audience configured in IDCS.

audience

ocrsm.rsm.configEnv.idcs

The secondary audience configured in IDCS. If a secondary audience is not configured, enter the primary audience.

domainName

ocrsm.rsm.configEnv.oam

The Oracle Access Manager domain name.

audience

ocrsm.rsm.configEnv.oam

The Oracle Access Manager OAuth server name.

endpointURL

ocrsm.rsm.configEnv.oam

The Oracle Access Manager OAuth token endpoint URL.

oudHostName

ocrsm.rsm.configEnv.oam

The Oracle Unified Directory host name.

oudRootUserDN

ocrsm.rsm.configEnv.oam

The Oracle Unified Directory root user domain name.

oudHttpPort

ocrsm.rsm.configEnv.oam

The Oracle Unified Directory HTTP port.

oudHttpsPort

ocrsm.rsm.configEnv.oam

The Oracle Unified Directory HTTPS port.

oudUserBaseDN

ocrsm.rsm.configEnv.oam

The Oracle Unified Directory user domain name.

oudGroupDN

ocrsm.rsm.configEnv.oam

The Oracle Unified Directory group domain name.

logLevel

ocrsm.rsm.configEnv

The application log level: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST.

helidonSecurityLogLevel

ocrsm.rsm.configEnv

The security log level: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST.

helidonWebServerLogLevel

ocrsm.rsm.configEnv

The server log level: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST.

helidonConfigLogLevel

ocrsm.rsm.configEnv

The Helidon configuration log level: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST.

helidonMicroProfileLogLevel

ocrsm.rsm.configEnv

 Helidon MP log level SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST.

helidonCommonLogLevel

ocrsm.rsm.configEnv

The Helidon common log level: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST.

nettyServerLogLevel

ocrsm.rsm.configEnv

 The embedded netty server log level: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST.

jerseyLogLevel

ocrsm.rsm.configEnv

 The jersey log level: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST.

jbossWeldLogLevel

ocrsm.rsm.configEnv

 The Helidon JBossWeld log level: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST.

auditLogLevel

ocrsm.rsm.configEnv

 The audit log level: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST.

rsmCertificatePassword

ocrsm.rsm.secretVal

 The Base64-encoded certificate password for BRM REST Services Manager.

brmInfranetWalletPassword

ocrsm.rsm.secretVal

The Base64-encoded wallet password. You can use any password.

This password will be used to store the Oracle Analytics Publisher and Infranet connections in the wallet and can be used to access the same.

bipPassword

ocrsm.rsm.secretVal

The Base64-encoded Oracle Analytics Publisher password.

clientSecret

ocrsm.rsm.secretVal

The Base64-encoded IDCS client secret.

oudCertificateAlias

ocrsm.rsm.secretVal

The certificate alias is any unique name that is Base64-encoded for JDK KeyStore. This key is required for Oracle Unified Directory HTTPS protocols.

oudRootUserPassword

ocrsm.rsm.secretVal

The Base64-encoded Oracle Unified Directory root password.

You can use the following commands to encode and decode passwords in Base64 format:

  • To encode strings in Linux:

    echo -n 'password' | base64

  • To decode strings in Linux:

    echo 'encoded_password' | base64 --decode
Sample override-values for IDCS Security Type

This shows sample content in the override-values.yaml for BRM REST Services Manager when the security type is Oracle Identity Cloud Service (IDCS): 

ocrsm:
    rsm:
        configEnv:
           securityEnabled: true
           bipUrl: http://xxxxxxx:xxxxx/xmlpserver/services/PublicReportService_v11
           bipUserId: weblogic
           baseURL: xxxxx.xxx.xxxxx.xxx
           idcs:
                idcsURI: "https://xxxxx.xxxx.xxxxx.xxxxx.xxxx"
                clientID: xxxxxx
                scopeAudience: "https://xxxxx:xxxxx:xxxx:xxxxx::"
                audience: "https://xxxxx:xxx:xxxxx:xxxxx::"
           rsmExtensionJar: brm-rest-extension.jar
           rsmCertificateFileName: keyStore.p12
        secretVal:
           rsmCertificatePassword: xxxxxx
           brmInfranetWalletPassword: xxxxxx
           bipPassword: xxxxxx
           clientSecret: xxxxxx
Sample override-values.yaml for OAM Security Type

This shows sample content in the override-values.yaml for BRM REST Services Manager when the security type is Oracle Access Manager: 

ocrsm:
    rsm:
        configEnv:
           securityEnabled: true
           bipUrl: http://xxxxxx:xxxxxx/xmlpserver/services/PublicReportService_v11
           bipUserId: weblogic
           securityType: OAM
           baseURL: xxxxx.xxx.xxxxx.xxx
           oam:
                domainName: TMFOAuthOIDCDomain
                audience: TMFResourceServer
                endpointURL: "http://xxxx.xxxx.xxxx.xxx:14100/oauth2/rest/token/info"
                oudHostName: xxxx.xxxx.xxxx.xxx
                oudRootUserDN: cn=MyRootUser
                oudHttpPort: 9090
                oudUserBaseDN: ou=people,dc=tmf,dc=com
                oudGroupDN: ou=Groups,dc=tmf,dc=com
           rsmExtensionJar: brm-rest-extension.jar
           rsmCertificateFileName: keyStore.p12
        secretVal:
           rsmCertificatePassword: xxxxx
           brmInfranetWalletPassword: xxxxx
           bipPassword: xxxxx
           oudRootUserPassword: xxxxx
Sample BRM RSM override-values for Separate BRM Cluster

This shows sample content in the override-values.yaml for BRM REST Services Manager when BRM is deployed in a separate cluster:

Note:

  • Pass the values for idcsURI, scopeAudience, audience, and OAM endpointURL in quotes when the URL ends with characters such as colon colon (::).

  • Ensure that you provide the hostname for connecting to the BRM cluster in the configmap_env_brmrsm.yaml file. See "Connecting to a Separate BRM Cluster". 

ocbrm:
    brm_root_pass: xxxxx
    isSSLEnabled: true
	
ocrsm:
    rsm:
        configEnv:
           securityEnabled: true
           bipUrl: http://xxxxx:xxxx/xmlpserver/services/PublicReportService_v11
           bipUserId: weblogic
           baseURL: xxxxx.xxx.xxxxx.xxx
           idcs:
                idcsURI: "https://xxxxx.xxxx.xxxxx.xxxxx.xxxx"
                clientID: xxxx
                scopeAudience: "https://xxxxx:xxxxx:xxxx:xxxxx::"
                audience: "https://xxxxx:xxx:xxxxx:xxxxx::"
           rsmExtensionJar: brm-rest-extension.jar
           rsmCertificateFileName: keyStore.p12
        secretVal:
           rsmCertificatePassword: xxxxx
           brmInfranetWalletPassword: xxxxx
           bipPassword: xxxxx
           clientSecret: xxxxx

Configuring PDC REST Services Manager

You use PDC REST Services Manager to integrate an enterprise product catalog, such as Oracle Digital Experience for Communications Launch Experience, with PDC. This enables you to create a variety of product offerings in your enterprise product catalog and then have all of the rating and billing performed by PDC and BRM. For more information, see "About PDC REST Services Manager" in PDC REST Services Manager Integration Guide.

To configure PDC REST Services Manager in BRM cloud native:

  1. Override the PDC REST Services Manager-specific keys in the values.yaml file. See "Adding PDC REST Services Manager Keys".

  2. Configure OAuth authentication:

    1. If you are using Oracle Access Management for OAuth, create an identity domain, resource server, and OAuth client for PDC REST Services Manager in Oracle Access Management as described in "Setting Up OAuth for PDC REST Services Manager with Oracle Access Management" in BRM Security Guide.

    2. Configure the keys in the override-values.yaml file for OAuth with either Oracle Identity Cloud Service or Oracle Access Management as described in "Configuring OAuth Authentication in PDC REST Services Manager".

  3. Configure outbound communication to the enterprise product catalog. See "Configuring Requests to the Enterprise Product Catalog".

  4. Enable TLS encryption in PDC REST Services Manager to secure the communications it receives from your enterprise product catalog. See "Enabling TLS in PDC REST Services Manager".

  5. Enable the T3S protocol in PDC REST Services Manager to secure its communications to PDC. See "Enabling T3S in PDC REST Services Manager".

  6. Map TMF620 priceType values to BRM events to ensure that PDC REST Services Manager triggers the correct charging events for your pricing components. See "Configuring Mapping of TMF620 priceType to BRM Events".

Adding PDC REST Services Manager Keys

Table 8-2 lists the keys that directly impact PDC REST Services Manager. Add these keys to your override-values.yaml file with the same path hierarchy.

Caution:

Keys with the path ocpdcrsm.secretValue hold sensitive data. Handle them carefully with controlled access to the override file containing their values. Encode all of these values in Base64. See "Secrets" in Kubernetes Concepts.

Table 8-2 PDC REST Services Manager Keys

Key Path in Values.yaml File Description
isEnabled ocpdcrsm.labels Whether to enable and deploy PDC REST Services Manager with BRM cloud native:
  • true: Enables and deploys PDC REST Services Manager.
  • false: Does not deploy PDC REST Services Manager. This is the default.
imageName ocpdcrsm.deployment The name of the PDC REST Services Manager image, such as oracle/pdcrsm.
imageTag ocpdcrsm.deployment The tag associated with the image.
rsmListenerPort ocpdcrsm.configEnv The HTTPS port number assigned to listen for API requests from the enterprise product catalog.

baseUrl

 ocpdcrsm.configEnv

The base URL with resource details to return in the response of PDC REST Services Manager requests.

Note: After deployment, you can update this value by editing your override-values.yaml file and then doing a Helm upgrade.

securityEnabled ocpdcrsm.configEnv Whether to enable token-based authentication for PDC REST Services Manager.
securityType ocpdcrsm.configEnv Which OAuth provider to use for token-based authentication. Set this to oam for Oracle Access Management or idcs for Oracle Identity Cloud Service.

Sample PDC REST Services Manager override-values.yaml Entries

The following shows sample content in the override-values.yaml for PDC REST Services Manager, when Oracle Access Management is used for OAuth authentication: 

ocpdcrsm:
    labels:
        name: "pdc-rsm"
        version: "15.0.0.0.0"
        isEnabled: true
    deployment:
        deadlineSeconds: 60
        revisionHistLimit: 10
        imageName: "oracle/pdcrsm"
        imageTag: ":15.0.0.0.0"
        imagePullPolicy: IfNotPresent
    configEnv:
        name: "pdcrsm-configmap-env"
        rsmListenerPort:
        baseURL: xxxxx.xxx.xxxxx.xxx
        securityEnabled: true
        securityType: oam
        oam:
            domainName: PDCRSMDomain
            audience: PDCRSMResourceServer
            endpointURL: http://oam_host:oam_port/oauth2/rest/token
            introspectendpointuri: http://oam_host:oam_port/oauth2/rest/token/info
            scopeaudience: http://oam_host:oam_port/
            authorizationendpointuri: http://oam_host:oam_port/oauth2/authorize
            proxyhost: http://proxyhost:proxyport/
            frontenduri: http://oam_host:oam_port
    secretValue:
        name: "pdcrsm-secret-env"
    service:
        name: "pdcrsm"
        type: "NodePort"
        nodePort: 31000

Configuring OAuth Authentication in PDC REST Services Manager

PDC REST Services Manager uses the OAuth 2.0 protocol to authenticate an enterprise product catalog's identity and to authorize the enterprise product catalog to access the PDC REST Services Manager API. It does this by validating an OAuth access token that is passed in the header of every HTTP/HTTPS request to the PDC REST Services Manager API.

To configure OAuth authentication in PDC REST Services Manager:

  1. Add these keys to your override-values.yaml file for oc-cn-helm-chart:
    • If you are using Oracle Identity Cloud Service (IDCS) for OAuth:
      • ocpdcrsm.configEnv.isInboundOauthEnabled: Set this to true to enable OAuth authentication.
      • ocpdcrsm.configEnv.inboundOauthUri: Set this to the base URL of your Oracle Identity Cloud Service (IDCS) instance in this format:
        https://idcs-TenantID.identity.oraclecloud.com
      • ocpdcrsm.configEnv.inboundOauthClientId: Set this to the client ID of your confidential application.
      • ocpdcrsm.secretValue.inboundOauthClientSecret: Set this to the Base64-encrypted client secret obtained from your IDCS application.
      • ocpdcrsm.configEnv.inboundOauthFrontendUri: Set this to the base URL of your confidential application when run, such as http://myapp.example.com:8080.
      • ocpdcrsm.configEnv.inboundOauthAudience: Set this to the primary audience as provisioned for the PDC REST Services Manager application in IDCS.
      • ocpdcrsm.configEnv.inboundOauthProxyHost: Set this to the host name of your proxy server, if required.
      • ocpdcrsm.configEnv.inboundOauthPubEventScope: Set this to the name of the scope for accessing the TMF620 Publish Event endpoint for inbound OAuth authentication, such as pubevent.
      • ocpdcrsm.configEnv.inboundOauthMetricsScope: Set this to the name of the scope for accessing the metrics endpoint for inbound OAuth authentication, such as metrics.
    • If you are using Oracle Access Management for OAuth:
      • ocpdcrsm.configEnv.oam.domainName: Set this to the name of the OAuth identity domain created in Oracle Access Management for PDC REST Services Manager.
      • ocpdcrsm.configEnv.oam.audience: Set this to the name of the OAuth resource server created in Oracle Access Management for PDC REST Services Manager.
      • ocpdcrsm.configEnv.oam.endpointURL: Set this to the URL for requesting an OAuth token from Oracle Access Management.
      • ocpdcrsm.configEnv.oam.introspectendpointuri: Set this to the URL for validating an OAuth token from Oracle Access Management.
      • ocpdcrsm.configEnv.oam.scopeaudience: Set this to the primary audience for PDC REST Services Manager in the Oracle Access Management resource, used for error handling. This is the same as ocpdcrsm.configEnv.oam.frontenduri, ending with /.
      • ocpdcrsm.configEnv.oam.authorizationendpointuri: The URL for authorizing role-based access. PDC REST Services Manager does not support role-based access, so this will not be used.
      • ocpdcrsm.configEnv.oam.proxyhost: Set this to the URL for your Oracle Access Management proxy server, if needed.
      • ocpdcrsm.configEnv.oam.frontenduri: Set this to the URL for of the OAuth client created in Oracle Access Management for PDC REST Services Manager.

  2. Run the helm upgrade command to update the Helm release: 

    helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile --namespace BrmNameSpace
  3. Restart the PDC REST Services Manager pods. If downtime is not a concern, both pods can be deleted and re-created by running the following command. Otherwise, delete one pod at a time, waiting for its replacement pod to become "Running" before deleting the next one.
    kubectl -n BrmNameSpace delete pods --selector=app.kubernetes.io/name=pdcrsm

Configuring Requests to the Enterprise Product Catalog

PDC REST Services Manager sends requests to the enterprise product catalog when calling the enterprise product catalog's REST API and when publishing acknowledgment notifications.

To configure PDC REST Services Manager to send requests to the enterprise product catalog:

  1. Open the override-values.yaml file for oc-cn-helm-chart.

  2. Edit the keys in the file based on the type of authentication required by your enterprise product catalog:

    • For OAuth 2.0 authentication, edit the keys in Table 8-3.

      Table 8-3 OAuth 2.0 Keys

      Key Path in Values.yaml file Description

      tokenEndpoint

      ocpdcrsm.configEnv.httpClients.security.oauth2

      The endpoint used to retrieve a token from.

      clientId

      ocpdcrsm.configEnv.httpClients.security.oauth2

      The client ID used to authenticate the request from PDC REST Services Manager.

      username

      ocpdcrsm.configEnv.httpClients.security.oauth2

      The user name required for accessing the enterprise product catalog.

      scope

      ocpdcrsm.configEnv.httpClients.security.oauth2

      The scopes required by the enterprise product catalog.

      grantType

      ocpdcrsm.configEnv.httpClients.security.oauth2

      The grant type to be used for the OAuth flow: client_credentials or password.

      clientsecret

      ocpdcrsm.secretValue.httpClients.security.oauth2

      The encrypted client secret used to authenticate the request from PDC REST Services Manager.

      password

      ocpdcrsm.secretValue.httpClients.security.oauth2

      The encrypted password required for accessing the enterprise product catalog.

    • For basic authentication, edit the keys in Table 8-4.

      Table 8-4 basicAuth Keys

      Key Path in Values.yaml file Description

      username

      ocpdcrsm.configEnv.httpClients.security.basicAuth

      The user name required for accessing the enterprise product catalog.

      password

      ocpdcrsm.secretValue.httpClients.security.basicAuth

      		 The password required for accessing the enterprise product catalog.

  3. Run the helm upgrade command to update the Helm release: 

    helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile --namespace BrmNameSpace

  4. Restart the PDC REST Services Manager pods. If downtime is not a concern, both pods can be deleted and re-created by running the following command. Otherwise, delete one pod at a time, waiting for its replacement pod to have a "Running" status before deleting the next one.

    kubectl --namespace BrmNameSpace delete pods --selector=app.kubernetes.io/name=pdcrsm

The following shows an example configuration for OAuth 2.0 authentication.

Note:

All urlRegex values in the file must be properly escaped with \\. The characters that must be escaped are: \.[]{}()<>*+-=!? ^$|. 

configEnv:
    httpClients:
        - urlRegex: "http://hostname:port/mobile/custom/catalogManagement/.*"
          security:
              oauth2:
                  tokenEndpoint: "https://idcs_hostname/oauth2/v1/token"
                  clientId: "fcb3443f6c504ed789ba38a78341b88a"
                  username: "user"
                  scope: "https://hostnameurn:opc:resource:consumer::all"
                  grantType: "password"
secretValue:
    httpClients:
        - urlRegex: "http://hostname:port/mobile/custom/catalogManagement/.*"
          security:
              oauth2:
                  clientSecret: client_secret
                  password: password

The following shows an example configuration for Basic authentication:

Note:

All urlRegex values in the file must be properly escaped with \\. The characters that must be escaped are: \.[]{}()<>*+-=!? ^$|. 

configEnv:
    httpClients:
        - urlRegex: "http://hostname:port/mobile/custom/PublishingAPI.*"
          security:
              basicAuth:
                 username: eccUser
secretValue:
    httpClients:
        - urlRegex: "http://hostname:port/mobile/custom/PublishingAPI.*"
          security:
              basicAuth:
                  password: password

Enabling TLS in PDC REST Services Manager

You can enable TLS encryption in PDC REST Services Manager to secure the communications it receives from your enterprise product catalog.

To enable TLS in PDC REST Services Manager:

  1. Generate a self-signed SSL certificate:

    1. Create a directory for storing your SSL certificate that is accessible by the BRM Helm chart, such as oc-cn-helm-chart/rsm_cert.

    2. Generate an SSL certificate. For example, this creates a certificate file named cert.pem: 

      openssl req -x509 -newkey rsa:4096 -keyout openSSLKey.pem -out cert.pem -days 365 -nodes

    3. Generate a PKCS12 KeyStore file. For example, this creates a KeyStore file named keystore.p12: 

      openssl pkcs12 -export -out keyStore.p12 -inkey openSSLKey.pem -in cert.pem

  2. Add these keys to your override-values.yaml file for oc-cn-helm-chart:

    • security.tlsVersions: Set this to the list of TLS versions supported by PDC REST Services Manager, such as TLSv1.2,TLSv1.3. This is the default global value for PDC REST Services Manager.

    • ocpdcrsm.configEnv.isTlsEnabled: Set this to true to enable TLS encryption for PDC REST Services Manager.

    • ocpdcrsm.configEnv.tlsVersions: Set this to the list of supported TLS versions, such as TLSv1.2,TLSv1.3.

      Note:

      Set this key if you want to override the value set it security.tlsVersions for communication with PDC or an enterprise product catalog.

    • ocpdcrsm.configEnv.tlsCertificatePath: Set this to the path of the TLS certificate bundle relative to this Helm chart, such as rsm_cert/keyStore.p12.

    • ocpdcrsm.secretValue.tlsCertificatePassphrase: Set this to the Base64-encrypted passphrase for the TLS certificate.

  3. Run the helm upgrade command to update the Helm release: 

    helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile --namespace BrmNameSpace

  4. To apply the changes, re-create any previously existing PDC REST Services Manager pods:

    kubectl --namespace BrmNameSpace delete pods --selector=app.kubernetes.io/name=pdcrsm

After you enable TLS, connect to PDC REST Services Manager services using HTTPS only.

Enabling T3S in PDC REST Services Manager

Enable the T3S protocol in PDC REST Services Manager to secure its communications to PDC.

To enable T3S in PDC REST Services Manager:

  1. Add these keys to your override-values.yaml file for oc-cn-helm-chart:

    • ocpdcrsm.configEnv.useT3s: Set this to true.

    • ocpdcrsm.configEnv.jksTrustStorePath: Set this to the path of the JKS TrustStore for the PDC T3S connection, such as rsm/truststore.jks.

  2. Run the helm upgrade command to update the Helm release: 

    helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile --namespace BrmNameSpace

  3. To apply the changes, re-create any previously existing PDC REST Services Manager pods:

    kubectl --namespace BrmNameSpace delete pods --selector=app.kubernetes.io/name=pdcrsm

Configuring Mapping of TMF620 priceType to BRM Events

If you are using PDC REST Services Manager, you must configure the mappings of BRM event names to the values your enterprise product catalog sends in the priceType property of the ProductOfferingPrice element of the TMF620 payload.

The mappings are configured in configmap_pdcrsm_appeventCfg.yaml. You can add mappings as needed for your deployment or use the default mappings provided at installation.

To add or edit mappings:

  1. Open the configmap_pdcrsm_appeventCfg.yaml file.

  2. Edit the existing mappings, or use them as templates to add new ones. Use the following format:

    pricetype : "eventname"

    where:

    • pricetype is the value sent in the priceType property of the ProductOfferingPrice element of the TMF620 payload.

    • eventname is the name of the BRM event the price type should be mapped to.

    For example, the default mappings for one-time fees and usage events are:

    ONE_TIME : "EventBillingProductFeePurchase"
ONE_TIME_PRICE_PLAN : "EventBillingProductFeePurchase"
USAGE : "EventSession"
USAGE_PRICE_PLAN : "EventSession"

  3. Run the helm upgrade command to update the Helm release: 

    helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile --namespace BrmNameSpace

  4. Restart the PDC REST Services Manager pods. If downtime is not a concern, both pods can be deleted and re-created by running the following command. Otherwise, delete one pod at a time, waiting for its replacement pod to become "Running" before deleting the next one.

    kubectl --namespace BrmNameSpace delete pods --selector=app.kubernetes.io/name=pdcrsm