NOISSUE - Fetch SuperMQ (#387)

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

docker/.env

@@ -169,14 +169,56 @@ MG_PDF_CONVERTER_URL=http://pdf-generator:3000/forms/chromium/convert/html
 ### Certs
 SMQ_ADDONS_CERTS_PATH_PREFIX=./
 
-# Certs service configuration
+## CERTS
+AM_CERTS_LOG_LEVEL=debug
+AM_CERTS_DB_HOST=certs-db
+AM_CERTS_DB_PORT=5432
+AM_CERTS_DB_USER=absmach
+AM_CERTS_DB_PASS=absmach
+AM_CERTS_DB=certs
+AM_CERTS_DB_SSL_MODE=disable
+AM_CERTS_DB_SSL_CERT=
+AM_CERTS_DB_SSL_KEY=
+AM_CERTS_DB_SSL_ROOT_CERT=
+AM_CERTS_DB_MAX_CONNECTIONS=100
+AM_CERTS_HTTP_HOST=certs
+AM_CERTS_HTTP_PORT=9010
+AM_CERTS_HTTP_SERVER_CERT=
+AM_CERTS_HTTP_SERVER_KEY=
+AM_CERTS_GRPC_HOST=certs
+AM_CERTS_GRPC_PORT=7012
+AM_CERTS_GRPC_SERVER_CERT=
+AM_CERTS_GRPC_SERVER_KEY=
+AM_CERTS_GRPC_SERVER_CA_CERTS=
+AM_CERTS_GRPC_SERVER_CA_KEY=
+AM_CERTS_GRPC_CLIENT_CA_CERTS=
+AM_CERTS_GRPC_URL=${AM_CERTS_GRPC_HOST}:${AM_CERTS_GRPC_PORT}
+AM_CERTS_GRPC_TIMEOUT=
+AM_CERTS_GRPC_CLIENT_CERT=
+AM_CERTS_GRPC_CLIENT_KEY=
+AM_CERTS_GRPC_CLIENT_TLS=
+AM_CERTS_GRPC_CA_CERTS=
+AM_CERTS_INSTANCE_ID=
+AM_CERTS_RELEASE_TAG=latest
+# WARNING: This is a development/testing secret only.
+# NEVER use this weak secret in production! Generate a strong random secret for production deployments.
 AM_CERTS_SECRET=12345678
-AM_CERTS_OPENBAO_SECRET_ID_TTL=87600h
 
-# OpenBao PKI CA configuration
+## OpenBao PKI Config
+AM_CERTS_OPENBAO_HOST=http://certs-openbao:8200
+AM_CERTS_OPENBAO_APP_ROLE=absmach
+AM_CERTS_OPENBAO_APP_SECRET=absmach
+AM_CERTS_OPENBAO_SECRET_ID_TTL=720h
+AM_CERTS_OPENBAO_NAMESPACE=
+AM_CERTS_OPENBAO_PKI_PATH=pki
+AM_CERTS_OPENBAO_ROLE=absmach
+AM_CERTS_SERVICE_TOKEN_PATH=/openbao/service_token
+AM_CERTS_SECRET_ID_PATH=/openbao/secret_id
+AM_CERTS_SECRET_RENEW_THRESHOLD=24h
+AM_CERTS_SECRET_CHECK_INTERVAL=1h
 AM_CERTS_OPENBAO_PKI_CA_CN=Abstract Machines Certificate Authority
 AM_CERTS_OPENBAO_PKI_CA_OU=Abstract Machines
-AM_CERTS_OPENBAO_PKI_CA_O=AbstractMacines
+AM_CERTS_OPENBAO_PKI_CA_O=AbstractMachines
 AM_CERTS_OPENBAO_PKI_CA_C=FRANCE
 AM_CERTS_OPENBAO_PKI_CA_L=PARIS
 AM_CERTS_OPENBAO_PKI_CA_ST=PARIS
@@ -186,13 +228,37 @@ AM_CERTS_OPENBAO_PKI_CA_DNS_NAMES=localhost
 AM_CERTS_OPENBAO_PKI_CA_IP_ADDRESSES=127.0.0.1,::1
 AM_CERTS_OPENBAO_PKI_CA_URI_SANS=
 AM_CERTS_OPENBAO_PKI_CA_EMAIL_ADDRESSES=info@abstractmachines.rs
-
-# OpenBao unseal keys and token
 AM_CERTS_OPENBAO_UNSEAL_KEY_1=
 AM_CERTS_OPENBAO_UNSEAL_KEY_2=
 AM_CERTS_OPENBAO_UNSEAL_KEY_3=
 AM_CERTS_OPENBAO_ROOT_TOKEN=
 
+## Jaeger
+AM_JAEGER_PORT=6831
+AM_JAEGER_FRONTEND=16686
+AM_JAEGER_URL=http://jaeger:4318/v1/traces
+AM_JAEGER_TRACE_RATIO=1.0
+AM_JAEGER_COLLECTOR_OTLP_ENABLED=true
+AM_JAEGER_OLTP_HTTP_PORT=4318
+AM_JAEGER_MEMORY_MAX_TRACES=5000
+
+#### Auth Client Config
+AM_AUTH_URL=auth:9001
+AM_AUTH_GRPC_URL=auth:7001
+AM_AUTH_GRPC_TIMEOUT=300s
+AM_AUTH_GRPC_CLIENT_CERT=${GRPC_MTLS:+./ssl/certs/auth-grpc-client.crt}
+AM_AUTH_GRPC_CLIENT_KEY=${GRPC_MTLS:+./ssl/certs/auth-grpc-client.key}
+AM_AUTH_GRPC_CLIENT_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt}
+AM_AUTH_GRPC_SERVER_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt}
+
+#### Domains Client Config
+AM_DOMAINS_URL=domains:9003
+AM_DOMAINS_GRPC_URL=domains:7003
+AM_DOMAINS_GRPC_TIMEOUT=300s
+AM_DOMAINS_GRPC_CLIENT_CERT=${GRPC_MTLS:+./ssl/certs/domains-grpc-client.crt}
+AM_DOMAINS_GRPC_CLIENT_KEY=${GRPC_MTLS:+./ssl/certs/domains-grpc-client.key}
+AM_DOMAINS_GRPC_CLIENT_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt}
+
 ## Addon Services
 ### Bootstrap
 MG_BOOTSTRAP_LOG_LEVEL=debug

docker/supermq-docker-compose.override.yaml

@@ -126,9 +126,64 @@ services:
       - magistrala-base-net
 
   certs:
-    volumes:
-      - ../../docker/ssl/certs/ca.key:/etc/ssl/certs/ca.key
-      - ../../docker/ssl/certs/ca.crt:/etc/ssl/certs/ca.crt
+    environment:
+      AM_CERTS_LOG_LEVEL: ${AM_CERTS_LOG_LEVEL}
+      AM_CERTS_HTTP_HOST: ${AM_CERTS_HTTP_HOST}
+      AM_CERTS_HTTP_PORT: ${AM_CERTS_HTTP_PORT}
+      AM_CERTS_GRPC_HOST: ${AM_CERTS_GRPC_HOST}
+      AM_CERTS_GRPC_PORT: ${AM_CERTS_GRPC_PORT}
+      AM_CERTS_RELEASE_TAG: ${AM_CERTS_RELEASE_TAG}
+      AM_CERTS_SECRET: ${AM_CERTS_SECRET}
+      AM_CERTS_DB_HOST: ${AM_CERTS_DB_HOST}
+      AM_CERTS_DB_PORT: ${AM_CERTS_DB_PORT}
+      AM_CERTS_DB_USER: ${AM_CERTS_DB_USER}
+      AM_CERTS_DB_PASS: ${AM_CERTS_DB_PASS}
+      AM_CERTS_DB: ${AM_CERTS_DB}
+      AM_CERTS_DB_SSL_MODE: ${AM_CERTS_DB_SSL_MODE}
+      AM_CERTS_DB_MAX_CONNECTIONS: ${AM_CERTS_DB_MAX_CONNECTIONS}
+      AM_CERTS_OPENBAO_HOST: ${AM_CERTS_OPENBAO_HOST}
+      AM_CERTS_OPENBAO_APP_ROLE: ${AM_CERTS_OPENBAO_APP_ROLE}
+      AM_CERTS_OPENBAO_APP_SECRET: ${AM_CERTS_OPENBAO_APP_SECRET}
+      AM_CERTS_OPENBAO_NAMESPACE: ${AM_CERTS_OPENBAO_NAMESPACE}
+      AM_CERTS_OPENBAO_PKI_PATH: ${AM_CERTS_OPENBAO_PKI_PATH}
+      AM_CERTS_OPENBAO_ROLE: ${AM_CERTS_OPENBAO_ROLE}
+      AM_CERTS_OPENBAO_SECRET_ID_TTL: ${AM_CERTS_OPENBAO_SECRET_ID_TTL}
+      AM_CERTS_SERVICE_TOKEN_PATH: ${AM_CERTS_SERVICE_TOKEN_PATH}
+      AM_CERTS_SECRET_ID_PATH: ${AM_CERTS_SECRET_ID_PATH}
+      AM_CERTS_SECRET_RENEW_THRESHOLD: ${AM_CERTS_SECRET_RENEW_THRESHOLD}
+      AM_CERTS_SECRET_CHECK_INTERVAL: ${AM_CERTS_SECRET_CHECK_INTERVAL}
+
+      # OpenBao PKI CA configuration
+      AM_CERTS_OPENBAO_PKI_CA_CN: ${AM_CERTS_OPENBAO_PKI_CA_CN}
+      AM_CERTS_OPENBAO_PKI_CA_OU: ${AM_CERTS_OPENBAO_PKI_CA_OU}
+      AM_CERTS_OPENBAO_PKI_CA_O: ${AM_CERTS_OPENBAO_PKI_CA_O}
+      AM_CERTS_OPENBAO_PKI_CA_C: ${AM_CERTS_OPENBAO_PKI_CA_C}
+      AM_CERTS_OPENBAO_PKI_CA_L: ${AM_CERTS_OPENBAO_PKI_CA_L}
+      AM_CERTS_OPENBAO_PKI_CA_ST: ${AM_CERTS_OPENBAO_PKI_CA_ST}
+      AM_CERTS_OPENBAO_PKI_CA_ADDR: ${AM_CERTS_OPENBAO_PKI_CA_ADDR}
+      AM_CERTS_OPENBAO_PKI_CA_PO: ${AM_CERTS_OPENBAO_PKI_CA_PO}
+      AM_CERTS_OPENBAO_PKI_CA_DNS_NAMES: ${AM_CERTS_OPENBAO_PKI_CA_DNS_NAMES}
+      AM_CERTS_OPENBAO_PKI_CA_IP_ADDRESSES: ${AM_CERTS_OPENBAO_PKI_CA_IP_ADDRESSES}
+      AM_CERTS_OPENBAO_PKI_CA_URI_SANS: ${AM_CERTS_OPENBAO_PKI_CA_URI_SANS}
+      AM_CERTS_OPENBAO_PKI_CA_EMAIL_ADDRESSES: ${AM_CERTS_OPENBAO_PKI_CA_EMAIL_ADDRESSES}
+      AM_CERTS_OPENBAO_UNSEAL_KEY_1: ${AM_CERTS_OPENBAO_UNSEAL_KEY_1}
+      AM_CERTS_OPENBAO_UNSEAL_KEY_2: ${AM_CERTS_OPENBAO_UNSEAL_KEY_2}
+      AM_CERTS_OPENBAO_UNSEAL_KEY_3: ${AM_CERTS_OPENBAO_UNSEAL_KEY_3}
+      AM_CERTS_OPENBAO_ROOT_TOKEN: ${AM_CERTS_OPENBAO_ROOT_TOKEN}
+      
+      AM_JAEGER_URL: ${AM_JAEGER_URL}
+      AM_JAEGER_TRACE_RATIO: ${AM_JAEGER_TRACE_RATIO}
+      
+      AM_AUTH_GRPC_URL: ${AM_AUTH_GRPC_URL}
+      AM_AUTH_GRPC_TIMEOUT: ${AM_AUTH_GRPC_TIMEOUT}
+      AM_AUTH_GRPC_CLIENT_CERT: ${AM_AUTH_GRPC_CLIENT_CERT}
+      AM_AUTH_GRPC_CLIENT_KEY: ${AM_AUTH_GRPC_CLIENT_KEY}
+      AM_AUTH_GRPC_SERVER_CA_CERTS: ${AM_AUTH_GRPC_SERVER_CA_CERTS}
+      AM_DOMAINS_GRPC_URL: ${AM_DOMAINS_GRPC_URL}
+      AM_DOMAINS_GRPC_TIMEOUT: ${AM_DOMAINS_GRPC_TIMEOUT}
+      AM_DOMAINS_GRPC_CLIENT_CERT: ${AM_DOMAINS_GRPC_CLIENT_CERT}
+      AM_DOMAINS_GRPC_CLIENT_KEY: ${AM_DOMAINS_GRPC_CLIENT_KEY}
+      AM_DOMAINS_GRPC_SERVER_CA_CERTS: ${AM_DOMAINS_GRPC_SERVER_CA_CERTS}
     networks: !override
       - magistrala-base-net
 

docker/supermq-docker/.env

@@ -445,7 +445,7 @@ AM_CERTS_HTTP_PORT=9019
 AM_CERTS_GRPC_HOST=certs
 AM_CERTS_GRPC_PORT=7012
 AM_CERTS_RELEASE_TAG=latest
-AM_CERTS_TOKEN=
+AM_CERTS_SECRET=12345678
 
 ## Certs Database Configuration
 AM_CERTS_DB_HOST=certs-db
@@ -463,26 +463,31 @@ AM_CERTS_OPENBAO_APP_SECRET=absmach
 AM_CERTS_OPENBAO_NAMESPACE=
 AM_CERTS_OPENBAO_PKI_PATH=pki
 AM_CERTS_OPENBAO_ROLE=absmach
+AM_CERTS_OPENBAO_SECRET_ID_TTL=720h
+AM_CERTS_SERVICE_TOKEN_PATH=/openbao/service_token
+AM_CERTS_SECRET_ID_PATH=/openbao/secret_id
+AM_CERTS_SECRET_RENEW_THRESHOLD=24h
+AM_CERTS_SECRET_CHECK_INTERVAL=1h
 
 ## OpenBao PKI CA Configuration
-AM_OPENBAO_PKI_CA_CN=Abstract Machines Root Certificate Authority
-AM_OPENBAO_PKI_CA_OU=Abstract Machines
-AM_OPENBAO_PKI_CA_O=Abstract Machines
-AM_OPENBAO_PKI_CA_C=FRANCE
-AM_OPENBAO_PKI_CA_L=PARIS
-AM_OPENBAO_PKI_CA_ST=PARIS
-AM_OPENBAO_PKI_CA_ADDR=5 Av. Anatole
-AM_OPENBAO_PKI_CA_PO=75007
-AM_OPENBAO_PKI_CA_DNS_NAMES=localhost
-AM_OPENBAO_PKI_CA_IP_ADDRESSES=127.0.0.1,::1
-AM_OPENBAO_PKI_CA_URI_SANS=
-AM_OPENBAO_PKI_CA_EMAIL_ADDRESSES=info@abstractmachines.rs
+AM_CERTS_OPENBAO_PKI_CA_CN=Abstract Machines Certificate Authority
+AM_CERTS_OPENBAO_PKI_CA_OU=Abstract Machines
+AM_CERTS_OPENBAO_PKI_CA_O=AbstractMachines
+AM_CERTS_OPENBAO_PKI_CA_C=FRANCE
+AM_CERTS_OPENBAO_PKI_CA_L=PARIS
+AM_CERTS_OPENBAO_PKI_CA_ST=PARIS
+AM_CERTS_OPENBAO_PKI_CA_ADDR=5 Av. Anatole
+AM_CERTS_OPENBAO_PKI_CA_PO=75007
+AM_CERTS_OPENBAO_PKI_CA_DNS_NAMES=localhost
+AM_CERTS_OPENBAO_PKI_CA_IP_ADDRESSES=127.0.0.1,::1
+AM_CERTS_OPENBAO_PKI_CA_URI_SANS=
+AM_CERTS_OPENBAO_PKI_CA_EMAIL_ADDRESSES=info@abstractmachines.rs
 
 ## OpenBao Unseal Keys and Token
-AM_OPENBAO_UNSEAL_KEY_1=
-AM_OPENBAO_UNSEAL_KEY_2=
-AM_OPENBAO_UNSEAL_KEY_3=
-AM_OPENBAO_ROOT_TOKEN=
+AM_CERTS_OPENBAO_UNSEAL_KEY_1=
+AM_CERTS_OPENBAO_UNSEAL_KEY_2=
+AM_CERTS_OPENBAO_UNSEAL_KEY_3=
+AM_CERTS_OPENBAO_ROOT_TOKEN=
 
 ## Jaeger Configuration for Certs
 AM_JAEGER_URL=http://jaeger:4318/v1/traces

docker/supermq-docker/certs-docker-compose-override.yaml

@@ -1,10 +1,6 @@
 # Copyright (c) Abstract Machines
 # SPDX-License-Identifier: Apache-2.0
 
-networks:
-  supermq-base-net:
-    external: true
-
 services:
   certs:
     environment:
@@ -14,8 +10,7 @@ services:
       AM_CERTS_GRPC_HOST: ${AM_CERTS_GRPC_HOST}
       AM_CERTS_GRPC_PORT: ${AM_CERTS_GRPC_PORT}
       AM_CERTS_RELEASE_TAG: ${AM_CERTS_RELEASE_TAG}
-      AM_CERTS_TOKEN: ${AM_CERTS_TOKEN}
-      
+      AM_CERTS_SECRET: ${AM_CERTS_SECRET}
       AM_CERTS_DB_HOST: ${AM_CERTS_DB_HOST}
       AM_CERTS_DB_PORT: ${AM_CERTS_DB_PORT}
       AM_CERTS_DB_USER: ${AM_CERTS_DB_USER}
@@ -23,54 +18,52 @@ services:
       AM_CERTS_DB: ${AM_CERTS_DB}
       AM_CERTS_DB_SSL_MODE: ${AM_CERTS_DB_SSL_MODE}
       AM_CERTS_DB_MAX_CONNECTIONS: ${AM_CERTS_DB_MAX_CONNECTIONS}
-      
       AM_CERTS_OPENBAO_HOST: ${AM_CERTS_OPENBAO_HOST}
       AM_CERTS_OPENBAO_APP_ROLE: ${AM_CERTS_OPENBAO_APP_ROLE}
       AM_CERTS_OPENBAO_APP_SECRET: ${AM_CERTS_OPENBAO_APP_SECRET}
       AM_CERTS_OPENBAO_NAMESPACE: ${AM_CERTS_OPENBAO_NAMESPACE}
       AM_CERTS_OPENBAO_PKI_PATH: ${AM_CERTS_OPENBAO_PKI_PATH}
       AM_CERTS_OPENBAO_ROLE: ${AM_CERTS_OPENBAO_ROLE}
-      
-      # OpenBao PKI CA configuration
-      AM_OPENBAO_PKI_CA_CN: ${AM_OPENBAO_PKI_CA_CN}
-      AM_OPENBAO_PKI_CA_OU: ${AM_OPENBAO_PKI_CA_OU}
-      AM_OPENBAO_PKI_CA_O: ${AM_OPENBAO_PKI_CA_O}
-      AM_OPENBAO_PKI_CA_C: ${AM_OPENBAO_PKI_CA_C}
-      AM_OPENBAO_PKI_CA_L: ${AM_OPENBAO_PKI_CA_L}
-      AM_OPENBAO_PKI_CA_ST: ${AM_OPENBAO_PKI_CA_ST}
-      AM_OPENBAO_PKI_CA_ADDR: ${AM_OPENBAO_PKI_CA_ADDR}
-      AM_OPENBAO_PKI_CA_PO: ${AM_OPENBAO_PKI_CA_PO}
-      AM_OPENBAO_PKI_CA_DNS_NAMES: ${AM_OPENBAO_PKI_CA_DNS_NAMES}
-      AM_OPENBAO_PKI_CA_IP_ADDRESSES: ${AM_OPENBAO_PKI_CA_IP_ADDRESSES}
-      AM_OPENBAO_PKI_CA_URI_SANS: ${AM_OPENBAO_PKI_CA_URI_SANS}
-      AM_OPENBAO_PKI_CA_EMAIL_ADDRESSES: ${AM_OPENBAO_PKI_CA_EMAIL_ADDRESSES}
-      
-      AM_OPENBAO_UNSEAL_KEY_1: ${AM_OPENBAO_UNSEAL_KEY_1}
-      AM_OPENBAO_UNSEAL_KEY_2: ${AM_OPENBAO_UNSEAL_KEY_2}
-      AM_OPENBAO_UNSEAL_KEY_3: ${AM_OPENBAO_UNSEAL_KEY_3}
-      AM_OPENBAO_ROOT_TOKEN: ${AM_OPENBAO_ROOT_TOKEN}
-      
+      AM_CERTS_OPENBAO_SECRET_ID_TTL: ${AM_CERTS_OPENBAO_SECRET_ID_TTL}
+      AM_CERTS_SERVICE_TOKEN_PATH: ${AM_CERTS_SERVICE_TOKEN_PATH}
+      AM_CERTS_SECRET_ID_PATH: ${AM_CERTS_SECRET_ID_PATH}
+      AM_CERTS_SECRET_RENEW_THRESHOLD: ${AM_CERTS_SECRET_RENEW_THRESHOLD}
+      AM_CERTS_SECRET_CHECK_INTERVAL: ${AM_CERTS_SECRET_CHECK_INTERVAL}
+      AM_CERTS_OPENBAO_PKI_CA_CN: ${AM_CERTS_OPENBAO_PKI_CA_CN}
+      AM_CERTS_OPENBAO_PKI_CA_OU: ${AM_CERTS_OPENBAO_PKI_CA_OU}
+      AM_CERTS_OPENBAO_PKI_CA_O: ${AM_CERTS_OPENBAO_PKI_CA_O}
+      AM_CERTS_OPENBAO_PKI_CA_C: ${AM_CERTS_OPENBAO_PKI_CA_C}
+      AM_CERTS_OPENBAO_PKI_CA_L: ${AM_CERTS_OPENBAO_PKI_CA_L}
+      AM_CERTS_OPENBAO_PKI_CA_ST: ${AM_CERTS_OPENBAO_PKI_CA_ST}
+      AM_CERTS_OPENBAO_PKI_CA_ADDR: ${AM_CERTS_OPENBAO_PKI_CA_ADDR}
+      AM_CERTS_OPENBAO_PKI_CA_PO: ${AM_CERTS_OPENBAO_PKI_CA_PO}
+      AM_CERTS_OPENBAO_PKI_CA_DNS_NAMES: ${AM_CERTS_OPENBAO_PKI_CA_DNS_NAMES}
+      AM_CERTS_OPENBAO_PKI_CA_IP_ADDRESSES: ${AM_CERTS_OPENBAO_PKI_CA_IP_ADDRESSES}
+      AM_CERTS_OPENBAO_PKI_CA_URI_SANS: ${AM_CERTS_OPENBAO_PKI_CA_URI_SANS}
+      AM_CERTS_OPENBAO_PKI_CA_EMAIL_ADDRESSES: ${AM_CERTS_OPENBAO_PKI_CA_EMAIL_ADDRESSES}
+      AM_CERTS_OPENBAO_UNSEAL_KEY_1: ${AM_CERTS_OPENBAO_UNSEAL_KEY_1}
+      AM_CERTS_OPENBAO_UNSEAL_KEY_2: ${AM_CERTS_OPENBAO_UNSEAL_KEY_2}
+      AM_CERTS_OPENBAO_UNSEAL_KEY_3: ${AM_CERTS_OPENBAO_UNSEAL_KEY_3}
+      AM_CERTS_OPENBAO_ROOT_TOKEN: ${AM_CERTS_OPENBAO_ROOT_TOKEN}
       AM_JAEGER_URL: ${AM_JAEGER_URL}
       AM_JAEGER_TRACE_RATIO: ${AM_JAEGER_TRACE_RATIO}
-      
       AM_AUTH_GRPC_URL: ${AM_AUTH_GRPC_URL}
       AM_AUTH_GRPC_TIMEOUT: ${AM_AUTH_GRPC_TIMEOUT}
       AM_AUTH_GRPC_CLIENT_CERT: ${AM_AUTH_GRPC_CLIENT_CERT}
       AM_AUTH_GRPC_CLIENT_KEY: ${AM_AUTH_GRPC_CLIENT_KEY}
       AM_AUTH_GRPC_SERVER_CA_CERTS: ${AM_AUTH_GRPC_SERVER_CA_CERTS}
-      
       AM_DOMAINS_GRPC_URL: ${AM_DOMAINS_GRPC_URL}
       AM_DOMAINS_GRPC_TIMEOUT: ${AM_DOMAINS_GRPC_TIMEOUT}
       AM_DOMAINS_GRPC_CLIENT_CERT: ${AM_DOMAINS_GRPC_CLIENT_CERT}
       AM_DOMAINS_GRPC_CLIENT_KEY: ${AM_DOMAINS_GRPC_CLIENT_KEY}
       AM_DOMAINS_GRPC_SERVER_CA_CERTS: ${AM_DOMAINS_GRPC_SERVER_CA_CERTS}
-    networks:
+    networks: !override
       - supermq-base-net
 
   certs-db:
-    networks:
+    networks: !override
       - supermq-base-net
 
   openbao:
-    networks:
+    networks: !override
       - supermq-base-net