Skip to main content
Skip table of contents

Configuration scenarios

There are a number of scenarios in which you may need to relax, or even completely disable, the security features within MDS. This runbook describes the events in which you may need to do this and the steps to take to successfully manage any change.

Development platform running for client devices needs to allow for exploratory use of the API

MDS allows you to enable "God Mode", in which all security is disabled to allow for exploratory use of its API. This is more like the traditional use of MDS.

  1. Edit the MDS deployment definition file (mds-deployment.yml). This can be found either through the kubernetes dashboard, or on master01 at /etc/kubernetes/metadataserver/<version>/mds-deployment.yml.

  2. Locate the environment variable named GOD_MODE, and change the value of this variable to enabled (or disabled if removing).

    CODE 
    containers:
  - name: metadataservice
    env:
      - name: GOD_MODE
        value: enabled
  3. If using the kubernetes dashboard save the change, and kubernetes will automatically restart the cluster in a safe manner. If using the original deployment files, run the following command to apply the change.
    kubectl apply -f mds-deployment.yml -n otvpcse

Security features blocking critical functionality and need to be relaxed temporarily

Adding a new query to the white list

To add a new query to MDS whitelist post-deployment.

Prerequisites

  • You have a copy of the query that you need to add to the white list.
  1. Following the guide and examples found on the Whitelist page, convert your query to the MDS whitelist syntax. For example:
    { "editorial.id": "12345", "deviceType": { "$in": ["iPad"] }, "locale": "en_GB" }

    would become:

    { "editorial.id": string, "deviceType": { "$in": array }, "locale": string }

  2. Add the new query underneath the appropriate API in the whitelist, for example:

    CODE 
    /btv/programmes:
  enforce: true
  maxReturn: 100
  allowed:
    # Locker MdsServiceImpl#getProgramme
    - { "id": string, "locale": { "$exists": boolean }}
    - { "editorial.id": string, "deviceType": { "$in": array }, "locale": string }

Disabling fields check

To disable the field security filter, and allow queries to be run without specifying a &fields=[...] query parameter:

  • Change the ClientInterfaceConfig.enforceFields parameter to False.
    ClientInterfaceConfig.enforceFields = False

Increasing limit allowance for an API

Prerequisites:

  • You understand which API needs the amendment
  • You understand the max limit that needs to be specified for this API

Locate  the API you need to edit within the whitelist section. Underneath that section, increase the maxReturn value, for example:

CODE 
/vod/series:
  enforce: true
  maxReturn: 100


Enable/disable token based access to MDS via the api.* entrypoint

The token based access is controlled through nginx. The MDS nginx configuration is designed to be able to switch on/off the appropriate token requirement.

  1. Edit the modules_config.yaml and add the property (true or false as required):
    mds_token_enabled: true
  2. Re-run the appropriate ansible script to redeploy the module.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close