Skip to content

chore(plugins): release develop to main#1192

Merged
ferr3ira-gabriel merged 86 commits intomainfrom
develop
Apr 16, 2026
Merged

chore(plugins): release develop to main#1192
ferr3ira-gabriel merged 86 commits intomainfrom
develop

Conversation

@guimoreirar
Copy link
Copy Markdown
Member

@guimoreirar guimoreirar commented Apr 13, 2026
edited by ferr3ira-gabriel
Loading

Summary

Release develop branch to main with multiple chart updates and new features.

Chart Version Updates

Chart Version
midaz-helm 6.0.0-beta.6
reporter-helm 2.1.0-beta.8
fetcher-helm 2.1.0-beta.8
plugin-fees 5.0.0-beta.4
plugin-access-manager 6.2.0-beta.2
plugin-br-pix-indirect-btg 2.2.0-beta.3
plugin-br-pix-direct-jd 2.0.0-beta.3
plugin-br-bank-transfer 2.0.0-beta.1
plugin-crm 2.1.0-beta.5
product-console 2.1.0-beta.3
flowker 1.2.0-beta.1
underwriter 2.0.0-beta.1
matcher 2.0.0-beta.1

App Version Updates

App Version
midaz-ledger 3.6.1
midaz-crm 3.6.0
reporter 1.2.0
fetcher 1.3.0
plugin-fees 3.1.0
plugin-access-manager 2.6.1

Key Changes

New Features

  • Bootstrap MongoDB: Added idempotent MongoDB user/database provisioning job to multiple charts (midaz, reporter, fetcher, plugin-fees, plugin-br-pix-indirect-btg, product-console, flowker)
  • Rate Limiting: Added rate limit configuration env vars to midaz, reporter, and fetcher charts (RATE_LIMIT_, AGGRESSIVE_RATE_LIMIT_, RELAXED_RATE_LIMIT_*)
  • IRSA Support: Added ServiceAccount annotations support for AWS IRSA in reporter and fetcher charts
  • NEU App Env Vars: Added missing environment variables for fetcher integration, multi-tenant mode, MongoDB TLS support

Improvements

  • VERSION Standardization: All charts now consistently set VERSION and OTEL_RESOURCE_SERVICE_VERSION from image.tag
  • Fetcher Chart: Removed common secret pattern to match reporter chart structure
  • Plugin Fees: Added new env vars for v3.1.0

Fixes

  • Fixed bootstrap-mongodb to use name helpers instead of hardcoded names
  • Fixed duplicate reporter-manager/secret.yaml with incorrect template references
  • Fixed plugin-access-manager image tag to 2.6.1

Pending Changes (in separate PR to develop)

  • Removal of deprecated onboarding and transaction templates from midaz chart

Files Changed

75 files changed, 1562 insertions(+), 383 deletions(-)

bedatty and others added 26 commits April 10, 2026 10:00
@bedatty
feat: add bootstrap-mongodb.yaml for idempotent MongoDB user/db provi…
c36e378 
…sioning

Add bootstrap Job templates for MongoDB following the same pattern as
existing bootstrap-postgres.yaml. The Jobs create app users and grant
readWrite roles on each chart's databases using mongosh, running
idempotently on every ArgoCD sync.

Charts: midaz, fetcher, flowker, plugin-br-pix-indirect-btg, plugin-fees,
product-console, reporter.

Controlled by global.externalMongoDefinitions.enabled (default: false).
Supports useExistingSecret for Vault-managed credentials.
@bedatty
fix(bootstrap-mongodb): use /bin/bash instead of /bin/sh for mongosh …
b956943 
…container

The mongo:8 image uses dash as /bin/sh which does not support
set -o pipefail. Switch to /bin/bash for the mongosh container command.

Tested end-to-end on minikube: user creation, idempotent re-run, and
password rotation all verified successfully.
@bedatty
Merge pull request #1181 from LerianStudio/feature/bootstrap-mongodb
1a04a75 
feat(templates): add bootstrap-mongodb Jobs for idempotent MongoDB provisioning
@lerian-studio
chore(release): 2.1.0-beta.1
dd86a2f 
##  (2026-04-10)

### Features

* add bootstrap-mongodb.yaml for idempotent MongoDB user/db provisioning ([c36e378](c36e378))
* **product-console:** add dynamic OTEL host injection support ([4f473e9](4f473e9))
* **plugin-br-pix-indirect-btg:** add missing inbound webhook entity envs and security tier config ([ca62f49](ca62f49))
* **product-console:** add MONGO_PARAMETERS env var for TLS/auth options ([164468c](164468c))
* **plugin-br-bank-transfer:** move CLIENT_IDs to secrets ([d3e36c0](d3e36c0))
* **product-console:** update image tag to 1.5.0 and add upgrade guide ([a289f8c](a289f8c))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.5.0, plugin-br-pix-indirect-btg-worker-reconciliation@1.5.0, plugin-br-pix-indirect-btg-worker-inbound@1.5.0, plugin-br-pix-indirect-btg-worker-outbound@1.5.0 - new env vars ([80fe4fc](80fe4fc))

### Bug Fixes

* **matcher:** add missing env vars for systemplane and multi-tenant ([965da94](965da94))
* **plugin-access-manager:** add new configuration options for logging, rate limiting, and MFA in configmap.yaml ([d1e83b2](d1e83b2))
* **plugin-br-pix-indirect-btg:** add WEBHOOK_DEFAULT_URL to outbound configmap ([0dd6d81](0dd6d81))
* **matcher:** align default securityContext with distroless nonroot UID ([87f0c59](87f0c59))
* clean dead OTEL defaults and fix SWAGGER_HOST service names ([76909b8](76909b8))
* **bank-transfer:** correct encryption key env var names ([fb79deb](fb79deb))
* **plugin-access-manager:** remove imagePullSecrets from values.yaml for identity and auth sections ([238ca51](238ca51))
* **plugin-br-bank-transfer:** rename chart to include -helm suffix ([f393e35](f393e35))
* **bank-transfer:** rename MULTI_TENANT_INFRA_ENABLED to MULTI_TENANT_ENABLED for consistency ([0fb14a6](0fb14a6))
* **plugin-access-manager:** update image tags and add CORS, rate limiting, multi-tenancy, and circuit breaker configurations ([628ad1d](628ad1d))
* **plugin-access-manager:** update plugin-auth@2.6.0 ([6b5b3d8](6b5b3d8))
* **plugin-br-bank-transfer:** update plugin-br-bank-transfer@2.1.0 ([3e29c6c](3e29c6c))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.5.1, plugin-br-pix-indirect-btg-worker-reconciliation@1.5.1, plugin-br-pix-indirect-btg-worker-inbound@1.5.1, plugin-br-pix-indirect-btg-worker-outbound@1.5.1 ([226f506](226f506))
* **plugin-access-manager:** update plugin-identity@2.4.2 ([8b01a14](8b01a14))
* **matcher:** update securityContext to run as root ([8de4a13](8de4a13))
* **plugin-br-bank-transfer:** update service port and server address to 4027 in configuration files ([dd4e2a0](dd4e2a0))
* **bootstrap-mongodb:** use /bin/bash instead of /bin/sh for mongosh container ([b956943](b956943))
* **matcher:** use configmap value for OBJECT_STORAGE_ENDPOINT with IAM Roles Anywhere ([c0f19a4](c0f19a4))
@lerian-studio
chore(release): 2.0.0-beta.1
a7e96a6 
##  (2026-04-10)

### ⚠ BREAKING CHANGES

* **plugin-access-manager:** Values path changed from 'auth.backend.migrations.image'
(string) to 'auth.backend.migrations.image.repository' + '.tag' (object).
Same for 'auth.initUser.image' and 'auth.initUser.imagePullPolicy'.
Existing values overrides using the old string format will need updating.

### Features

* add bootstrap-mongodb.yaml for idempotent MongoDB user/db provisioning ([c36e378](c36e378))
* **product-console:** add dynamic OTEL host injection support ([4f473e9](4f473e9))
* add Helm chart for plugin-br-bank-transfer-jd ([2ee97b9](2ee97b9))
* add IAM Roles Anywhere sidecar support for fetcher and matcher ([a67b756](a67b756))
* **reporter:** add IAM Roles Anywhere sidecar support ([2b76810](2b76810))
* **underwriter:** add initial Helm chart for Underwriter service ([7bbba1a](7bbba1a))
* **matcher:** add missing env vars for matcher v1.0.0+ ([0bf1e7f](0bf1e7f))
* **plugin-br-pix-indirect-btg:** add missing inbound webhook entity envs and security tier config ([ca62f49](ca62f49))
* **product-console:** add MONGO_PARAMETERS env var for TLS/auth options ([164468c](164468c))
* **plugin-access-manager:** make createDatabase configurable ([1574601](1574601))
* **plugin-br-bank-transfer:** move CLIENT_IDs to secrets ([d3e36c0](d3e36c0))
* **fetcher:** update fetcher-manager@1.1.0, fetcher-worker@1.1.0 - new env vars ([345798a](345798a))
* **fetcher:** update fetcher-manager@1.2.0, fetcher-worker@1.2.0 - new env vars ([47785ab](47785ab))
* **product-console:** update image tag to 1.5.0 and add upgrade guide ([a289f8c](a289f8c))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.5.0, plugin-br-pix-indirect-btg-worker-reconciliation@1.5.0, plugin-br-pix-indirect-btg-worker-inbound@1.5.0, plugin-br-pix-indirect-btg-worker-outbound@1.5.0 - new env vars ([80fe4fc](80fe4fc))

### Bug Fixes

* **charts:** add http:// prefix to OTEL_EXPORTER_OTLP_ENDPOINT ([33adde3](33adde3))
* **charts:** add http:// prefix to OTEL_EXPORTER_OTLP_ENDPOINT ([5f8ca7b](5f8ca7b))
* add kindIs guard for backward compat with string image values ([313d9f6](313d9f6))
* **matcher:** add missing env vars for systemplane and multi-tenant ([965da94](965da94))
* add missing MONGO_HOST/MONGO_PORT and align MONGODB_DB_NAME ([0725fa2](0725fa2))
* **product-console:** add MongoDB connection info to NOTES.txt ([b4d6557](b4d6557))
* **product-console:** add mongodb.enabled flag to values-template ([7024d9d](7024d9d))
* **plugin-access-manager:** add new configuration options for logging, rate limiting, and MFA in configmap.yaml ([d1e83b2](d1e83b2))
* add plugin-br-bank-transfer-jd section to README version matrix ([ccd19ac](ccd19ac))
* **fetcher:** add RabbitMQ and storage configuration options, remove unused secret template ([865613d](865613d))
* add required validation for Roles Anywhere ARNs and README migration note ([50e4718](50e4718)), closes [#1](#1) [#3](#3) [#1113](#1113)
* **plugin-br-pix-indirect-btg:** add WEBHOOK_DEFAULT_URL to outbound configmap ([0dd6d81](0dd6d81))
* address CodeRabbit CLI review findings ([974bbb8](974bbb8))
* **product-console:** address CodeRabbit review on NOTES.txt ([e8cf8d7](e8cf8d7))
* address CodeRabbit security and quality issues ([eb80852](eb80852))
* address remaining CodeRabbit review comments ([6f26a8b](6f26a8b))
* align comment with actual template keys per CodeRabbit review ([338e19c](338e19c))
* **matcher:** align default securityContext with distroless nonroot UID ([87f0c59](87f0c59))
* clean dead OTEL defaults and fix SWAGGER_HOST service names ([76909b8](76909b8))
* **bank-transfer:** correct encryption key env var names ([fb79deb](fb79deb))
* **product-console:** derive MongoDB service name dynamically in NOTES.txt ([4bbf749](4bbf749))
* **matcher:** fix configmap archival condition and S3 endpoint for IAM Roles Anywhere ([53232ae](53232ae))
* move MONGO_URI to secrets and support JD sandbox mode ([6d41468](6d41468))
* **reporter:** prevent null env in manager and worker deployments ([51a72c6](51a72c6))
* **reporter:** prevent null env in ScaledJob when no env vars are configured ([7fa29b4](7fa29b4))
* remove hardcoded namespaceOverride to use release namespace ([f650315](f650315))
* **plugin-access-manager:** remove imagePullSecrets from values.yaml for identity and auth sections ([238ca51](238ca51))
* **plugin-br-bank-transfer:** rename chart to include -helm suffix ([f393e35](f393e35))
* **bank-transfer:** rename MULTI_TENANT_INFRA_ENABLED to MULTI_TENANT_ENABLED for consistency ([0fb14a6](0fb14a6))
* **product-console:** set image tag to 1.3.0 in values.yaml ([a535b88](a535b88))
* **plugin-access-manager:** split migrations and initUser image into repository/tag fields ([5be206a](5be206a))
* **product-console:** update appVersion to 1.3.0 ([c708e76](c708e76))
* **plugin-access-manager:** update image tags and add CORS, rate limiting, multi-tenancy, and circuit breaker configurations ([628ad1d](628ad1d))
* **plugin-access-manager:** update plugin-auth@2.6.0 ([6b5b3d8](6b5b3d8))
* **plugin-br-bank-transfer-jd:** update plugin-br-bank-transfer-jd@1.0.0 ([afcdded](afcdded))
* **plugin-br-bank-transfer:** update plugin-br-bank-transfer@2.1.0 ([3e29c6c](3e29c6c))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.2.3 ([e08d78a](e08d78a))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.2.4 ([a42a959](a42a959))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.2.6 ([fe3749c](fe3749c))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.2.7 ([793be45](793be45))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.2.8 ([55681de](55681de))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.3.0 ([35c27d1](35c27d1))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.4.1, plugin-br-pix-indirect-btg-worker-reconciliation@1.4.1, plugin-br-pix-indirect-btg-worker-inbound@1.4.1, plugin-br-pix-indirect-btg-worker-outbound@1.4.1 ([3c6970f](3c6970f))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.5.1, plugin-br-pix-indirect-btg-worker-reconciliation@1.5.1, plugin-br-pix-indirect-btg-worker-inbound@1.5.1, plugin-br-pix-indirect-btg-worker-outbound@1.5.1 ([226f506](226f506))
* **plugin-fees:** update plugin-fees@3.0.7 ([844537d](844537d))
* **plugin-fees:** update plugin-fees@3.0.8 ([8c5579c](8c5579c))
* **plugin-access-manager:** update plugin-identity@2.4.2 ([8b01a14](8b01a14))
* **reporter:** update reporter-manager@1.1.1 ([4f98acf](4f98acf))
* **matcher:** update securityContext to run as root ([8de4a13](8de4a13))
* **plugin-br-bank-transfer:** update service port and server address to 4027 in configuration files ([dd4e2a0](dd4e2a0))
* **reporter:** update worker default image tag to match latest stable release ([147ed4c](147ed4c))
* **bootstrap-mongodb:** use /bin/bash instead of /bin/sh for mongosh container ([b956943](b956943))
* **matcher:** use configmap value for OBJECT_STORAGE_ENDPOINT with IAM Roles Anywhere ([c0f19a4](c0f19a4))
* use dynamic service names based on release name ([cc9e734](cc9e734))
* **plugin-access-manager:** use separate repository and tag for auth backend image ([01b9a5c](01b9a5c))
* **reporter:** use unique names for cluster-scoped resources ([5cdaa80](5cdaa80))
@lerian-studio
chore(release): 6.0.0-beta.1
5fb4f9e 
##  (2026-04-10)

### ⚠ BREAKING CHANGES

* **plugin-access-manager:** Values path changed from 'auth.backend.migrations.image'
(string) to 'auth.backend.migrations.image.repository' + '.tag' (object).
Same for 'auth.initUser.image' and 'auth.initUser.imagePullPolicy'.
Existing values overrides using the old string format will need updating.

### Features

* add bootstrap-mongodb.yaml for idempotent MongoDB user/db provisioning ([c36e378](c36e378))
* **product-console:** add dynamic OTEL host injection support ([4f473e9](4f473e9))
* add IAM Roles Anywhere sidecar support for fetcher and matcher ([a67b756](a67b756))
* **plugin-br-pix-indirect-btg:** add missing inbound webhook entity envs and security tier config ([ca62f49](ca62f49))
* **product-console:** add MONGO_PARAMETERS env var for TLS/auth options ([164468c](164468c))
* **plugin-br-bank-transfer:** move CLIENT_IDs to secrets ([d3e36c0](d3e36c0))
* **product-console:** update image tag to 1.5.0 and add upgrade guide ([a289f8c](a289f8c))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.5.0, plugin-br-pix-indirect-btg-worker-reconciliation@1.5.0, plugin-br-pix-indirect-btg-worker-inbound@1.5.0, plugin-br-pix-indirect-btg-worker-outbound@1.5.0 - new env vars ([80fe4fc](80fe4fc))

### Bug Fixes

* **charts:** add http:// prefix to OTEL_EXPORTER_OTLP_ENDPOINT ([33adde3](33adde3))
* **charts:** add http:// prefix to OTEL_EXPORTER_OTLP_ENDPOINT ([5f8ca7b](5f8ca7b))
* add kindIs guard for backward compat with string image values ([313d9f6](313d9f6))
* **matcher:** add missing env vars for systemplane and multi-tenant ([965da94](965da94))
* add missing MONGO_HOST/MONGO_PORT and align MONGODB_DB_NAME ([0725fa2](0725fa2))
* **product-console:** add MongoDB connection info to NOTES.txt ([b4d6557](b4d6557))
* **product-console:** add mongodb.enabled flag to values-template ([7024d9d](7024d9d))
* **plugin-access-manager:** add new configuration options for logging, rate limiting, and MFA in configmap.yaml ([d1e83b2](d1e83b2))
* add required validation for Roles Anywhere ARNs and README migration note ([50e4718](50e4718)), closes [#1](#1) [#3](#3) [#1113](#1113)
* **plugin-br-pix-indirect-btg:** add WEBHOOK_DEFAULT_URL to outbound configmap ([0dd6d81](0dd6d81))
* **product-console:** address CodeRabbit review on NOTES.txt ([e8cf8d7](e8cf8d7))
* align comment with actual template keys per CodeRabbit review ([338e19c](338e19c))
* **matcher:** align default securityContext with distroless nonroot UID ([87f0c59](87f0c59))
* clean dead OTEL defaults and fix SWAGGER_HOST service names ([76909b8](76909b8))
* **bank-transfer:** correct encryption key env var names ([fb79deb](fb79deb))
* **product-console:** derive MongoDB service name dynamically in NOTES.txt ([4bbf749](4bbf749))
* **matcher:** fix configmap archival condition and S3 endpoint for IAM Roles Anywhere ([53232ae](53232ae))
* **reporter:** prevent null env in manager and worker deployments ([51a72c6](51a72c6))
* **reporter:** prevent null env in ScaledJob when no env vars are configured ([7fa29b4](7fa29b4))
* **plugin-access-manager:** remove imagePullSecrets from values.yaml for identity and auth sections ([238ca51](238ca51))
* **plugin-br-bank-transfer:** rename chart to include -helm suffix ([f393e35](f393e35))
* **bank-transfer:** rename MULTI_TENANT_INFRA_ENABLED to MULTI_TENANT_ENABLED for consistency ([0fb14a6](0fb14a6))
* **product-console:** set image tag to 1.3.0 in values.yaml ([a535b88](a535b88))
* **plugin-access-manager:** split migrations and initUser image into repository/tag fields ([5be206a](5be206a))
* **product-console:** update appVersion to 1.3.0 ([c708e76](c708e76))
* **plugin-access-manager:** update image tags and add CORS, rate limiting, multi-tenancy, and circuit breaker configurations ([628ad1d](628ad1d))
* **plugin-access-manager:** update plugin-auth@2.6.0 ([6b5b3d8](6b5b3d8))
* **plugin-br-bank-transfer:** update plugin-br-bank-transfer@2.1.0 ([3e29c6c](3e29c6c))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.4.1, plugin-br-pix-indirect-btg-worker-reconciliation@1.4.1, plugin-br-pix-indirect-btg-worker-inbound@1.4.1, plugin-br-pix-indirect-btg-worker-outbound@1.4.1 ([3c6970f](3c6970f))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.5.1, plugin-br-pix-indirect-btg-worker-reconciliation@1.5.1, plugin-br-pix-indirect-btg-worker-inbound@1.5.1, plugin-br-pix-indirect-btg-worker-outbound@1.5.1 ([226f506](226f506))
* **plugin-access-manager:** update plugin-identity@2.4.2 ([8b01a14](8b01a14))
* **matcher:** update securityContext to run as root ([8de4a13](8de4a13))
* **plugin-br-bank-transfer:** update service port and server address to 4027 in configuration files ([dd4e2a0](dd4e2a0))
* **reporter:** update worker default image tag to match latest stable release ([147ed4c](147ed4c))
* **bootstrap-mongodb:** use /bin/bash instead of /bin/sh for mongosh container ([b956943](b956943))
* **matcher:** use configmap value for OBJECT_STORAGE_ENDPOINT with IAM Roles Anywhere ([c0f19a4](c0f19a4))
* **reporter:** use unique names for cluster-scoped resources ([5cdaa80](5cdaa80))
@lerian-studio
chore(release): 2.2.0-beta.1
b986250 
##  (2026-04-10)

### Features

* add bootstrap-mongodb.yaml for idempotent MongoDB user/db provisioning ([c36e378](c36e378))
* **product-console:** add dynamic OTEL host injection support ([4f473e9](4f473e9))
* **product-console:** add MONGO_PARAMETERS env var for TLS/auth options ([164468c](164468c))
* **product-console:** update image tag to 1.5.0 and add upgrade guide ([a289f8c](a289f8c))

### Bug Fixes

* **plugin-access-manager:** add new configuration options for logging, rate limiting, and MFA in configmap.yaml ([d1e83b2](d1e83b2))
* clean dead OTEL defaults and fix SWAGGER_HOST service names ([76909b8](76909b8))
* **bank-transfer:** correct encryption key env var names ([fb79deb](fb79deb))
* **plugin-access-manager:** remove imagePullSecrets from values.yaml for identity and auth sections ([238ca51](238ca51))
* **bank-transfer:** rename MULTI_TENANT_INFRA_ENABLED to MULTI_TENANT_ENABLED for consistency ([0fb14a6](0fb14a6))
* **plugin-access-manager:** update image tags and add CORS, rate limiting, multi-tenancy, and circuit breaker configurations ([628ad1d](628ad1d))
* **plugin-access-manager:** update plugin-auth@2.6.0 ([6b5b3d8](6b5b3d8))
* **plugin-br-bank-transfer:** update plugin-br-bank-transfer@2.1.0 ([3e29c6c](3e29c6c))
* **plugin-access-manager:** update plugin-identity@2.4.2 ([8b01a14](8b01a14))
* **plugin-br-bank-transfer:** update service port and server address to 4027 in configuration files ([dd4e2a0](dd4e2a0))
* **bootstrap-mongodb:** use /bin/bash instead of /bin/sh for mongosh container ([b956943](b956943))
@lerian-studio
chore(release): 5.0.0-beta.1
a305300 
##  (2026-04-10)

### ⚠ BREAKING CHANGES

* **plugin-access-manager:** Values path changed from 'auth.backend.migrations.image'
(string) to 'auth.backend.migrations.image.repository' + '.tag' (object).
Same for 'auth.initUser.image' and 'auth.initUser.imagePullPolicy'.
Existing values overrides using the old string format will need updating.

### Features

* add bootstrap-mongodb.yaml for idempotent MongoDB user/db provisioning ([c36e378](c36e378))
* **product-console:** add dynamic OTEL host injection support ([4f473e9](4f473e9))
* add Helm chart for plugin-br-bank-transfer-jd ([2ee97b9](2ee97b9))
* add IAM Roles Anywhere sidecar support for fetcher and matcher ([a67b756](a67b756))
* **reporter:** add IAM Roles Anywhere sidecar support ([2b76810](2b76810))
* **matcher:** add missing env vars for matcher v1.0.0+ ([0bf1e7f](0bf1e7f))
* **plugin-br-pix-indirect-btg:** add missing inbound webhook entity envs and security tier config ([ca62f49](ca62f49))
* **product-console:** add MONGO_PARAMETERS env var for TLS/auth options ([164468c](164468c))
* **plugin-access-manager:** make createDatabase configurable ([1574601](1574601))
* **plugin-br-bank-transfer:** move CLIENT_IDs to secrets ([d3e36c0](d3e36c0))
* **fetcher:** update fetcher-manager@1.1.0, fetcher-worker@1.1.0 - new env vars ([345798a](345798a))
* **fetcher:** update fetcher-manager@1.2.0, fetcher-worker@1.2.0 - new env vars ([47785ab](47785ab))
* **product-console:** update image tag to 1.5.0 and add upgrade guide ([a289f8c](a289f8c))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.5.0, plugin-br-pix-indirect-btg-worker-reconciliation@1.5.0, plugin-br-pix-indirect-btg-worker-inbound@1.5.0, plugin-br-pix-indirect-btg-worker-outbound@1.5.0 - new env vars ([80fe4fc](80fe4fc))

### Bug Fixes

* **charts:** add http:// prefix to OTEL_EXPORTER_OTLP_ENDPOINT ([33adde3](33adde3))
* **charts:** add http:// prefix to OTEL_EXPORTER_OTLP_ENDPOINT ([5f8ca7b](5f8ca7b))
* add kindIs guard for backward compat with string image values ([313d9f6](313d9f6))
* **matcher:** add missing env vars for systemplane and multi-tenant ([965da94](965da94))
* add missing MONGO_HOST/MONGO_PORT and align MONGODB_DB_NAME ([0725fa2](0725fa2))
* **product-console:** add MongoDB connection info to NOTES.txt ([b4d6557](b4d6557))
* **product-console:** add mongodb.enabled flag to values-template ([7024d9d](7024d9d))
* **plugin-access-manager:** add new configuration options for logging, rate limiting, and MFA in configmap.yaml ([d1e83b2](d1e83b2))
* add plugin-br-bank-transfer-jd section to README version matrix ([ccd19ac](ccd19ac))
* **fetcher:** add RabbitMQ and storage configuration options, remove unused secret template ([865613d](865613d))
* add required validation for Roles Anywhere ARNs and README migration note ([50e4718](50e4718)), closes [#1](#1) [#3](#3) [#1113](#1113)
* **plugin-br-pix-indirect-btg:** add WEBHOOK_DEFAULT_URL to outbound configmap ([0dd6d81](0dd6d81))
* address CodeRabbit CLI review findings ([974bbb8](974bbb8))
* **product-console:** address CodeRabbit review on NOTES.txt ([e8cf8d7](e8cf8d7))
* address CodeRabbit security and quality issues ([eb80852](eb80852))
* address remaining CodeRabbit review comments ([6f26a8b](6f26a8b))
* align comment with actual template keys per CodeRabbit review ([338e19c](338e19c))
* **matcher:** align default securityContext with distroless nonroot UID ([87f0c59](87f0c59))
* clean dead OTEL defaults and fix SWAGGER_HOST service names ([76909b8](76909b8))
* **bank-transfer:** correct encryption key env var names ([fb79deb](fb79deb))
* **product-console:** derive MongoDB service name dynamically in NOTES.txt ([4bbf749](4bbf749))
* **matcher:** fix configmap archival condition and S3 endpoint for IAM Roles Anywhere ([53232ae](53232ae))
* move MONGO_URI to secrets and support JD sandbox mode ([6d41468](6d41468))
* **reporter:** prevent null env in manager and worker deployments ([51a72c6](51a72c6))
* **reporter:** prevent null env in ScaledJob when no env vars are configured ([7fa29b4](7fa29b4))
* remove hardcoded namespaceOverride to use release namespace ([f650315](f650315))
* **plugin-access-manager:** remove imagePullSecrets from values.yaml for identity and auth sections ([238ca51](238ca51))
* **plugin-br-bank-transfer:** rename chart to include -helm suffix ([f393e35](f393e35))
* **bank-transfer:** rename MULTI_TENANT_INFRA_ENABLED to MULTI_TENANT_ENABLED for consistency ([0fb14a6](0fb14a6))
* **product-console:** set image tag to 1.3.0 in values.yaml ([a535b88](a535b88))
* **plugin-access-manager:** split migrations and initUser image into repository/tag fields ([5be206a](5be206a))
* **product-console:** update appVersion to 1.3.0 ([c708e76](c708e76))
* **plugin-access-manager:** update image tags and add CORS, rate limiting, multi-tenancy, and circuit breaker configurations ([628ad1d](628ad1d))
* **plugin-access-manager:** update plugin-auth@2.6.0 ([6b5b3d8](6b5b3d8))
* **plugin-br-bank-transfer-jd:** update plugin-br-bank-transfer-jd@1.0.0 ([afcdded](afcdded))
* **plugin-br-bank-transfer:** update plugin-br-bank-transfer@2.1.0 ([3e29c6c](3e29c6c))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.2.6 ([fe3749c](fe3749c))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.2.7 ([793be45](793be45))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.2.8 ([55681de](55681de))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.3.0 ([35c27d1](35c27d1))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.4.1, plugin-br-pix-indirect-btg-worker-reconciliation@1.4.1, plugin-br-pix-indirect-btg-worker-inbound@1.4.1, plugin-br-pix-indirect-btg-worker-outbound@1.4.1 ([3c6970f](3c6970f))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.5.1, plugin-br-pix-indirect-btg-worker-reconciliation@1.5.1, plugin-br-pix-indirect-btg-worker-inbound@1.5.1, plugin-br-pix-indirect-btg-worker-outbound@1.5.1 ([226f506](226f506))
* **plugin-access-manager:** update plugin-identity@2.4.2 ([8b01a14](8b01a14))
* **reporter:** update reporter-manager@1.1.1 ([4f98acf](4f98acf))
* **matcher:** update securityContext to run as root ([8de4a13](8de4a13))
* **plugin-br-bank-transfer:** update service port and server address to 4027 in configuration files ([dd4e2a0](dd4e2a0))
* **reporter:** update worker default image tag to match latest stable release ([147ed4c](147ed4c))
* **bootstrap-mongodb:** use /bin/bash instead of /bin/sh for mongosh container ([b956943](b956943))
* **matcher:** use configmap value for OBJECT_STORAGE_ENDPOINT with IAM Roles Anywhere ([c0f19a4](c0f19a4))
* use dynamic service names based on release name ([cc9e734](cc9e734))
* **plugin-access-manager:** use separate repository and tag for auth backend image ([01b9a5c](01b9a5c))
* **reporter:** use unique names for cluster-scoped resources ([5cdaa80](5cdaa80))
@lerian-studio
chore(release): 2.1.0-beta.1
f664ffe 
##  (2026-04-10)

### Features

* add bootstrap-mongodb.yaml for idempotent MongoDB user/db provisioning ([c36e378](c36e378))

### Bug Fixes

* **plugin-access-manager:** add new configuration options for logging, rate limiting, and MFA in configmap.yaml ([d1e83b2](d1e83b2))
* **bank-transfer:** correct encryption key env var names ([fb79deb](fb79deb))
* **plugin-access-manager:** remove imagePullSecrets from values.yaml for identity and auth sections ([238ca51](238ca51))
* **bank-transfer:** rename MULTI_TENANT_INFRA_ENABLED to MULTI_TENANT_ENABLED for consistency ([0fb14a6](0fb14a6))
* **plugin-access-manager:** update image tags and add CORS, rate limiting, multi-tenancy, and circuit breaker configurations ([628ad1d](628ad1d))
* **plugin-access-manager:** update plugin-auth@2.6.0 ([6b5b3d8](6b5b3d8))
* **plugin-access-manager:** update plugin-identity@2.4.2 ([8b01a14](8b01a14))
* **plugin-br-bank-transfer:** update service port and server address to 4027 in configuration files ([dd4e2a0](dd4e2a0))
* **bootstrap-mongodb:** use /bin/bash instead of /bin/sh for mongosh container ([b956943](b956943))
@lerian-studio
chore(release): 2.1.0-beta.1
ec468c5 
##  (2026-04-10)

### Features

* add bootstrap-mongodb.yaml for idempotent MongoDB user/db provisioning ([c36e378](c36e378))
* **product-console:** add dynamic OTEL host injection support ([4f473e9](4f473e9))
* **plugin-br-pix-indirect-btg:** add missing inbound webhook entity envs and security tier config ([ca62f49](ca62f49))
* **product-console:** add MONGO_PARAMETERS env var for TLS/auth options ([164468c](164468c))
* **plugin-br-bank-transfer:** move CLIENT_IDs to secrets ([d3e36c0](d3e36c0))
* **product-console:** update image tag to 1.5.0 and add upgrade guide ([a289f8c](a289f8c))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.5.0, plugin-br-pix-indirect-btg-worker-reconciliation@1.5.0, plugin-br-pix-indirect-btg-worker-inbound@1.5.0, plugin-br-pix-indirect-btg-worker-outbound@1.5.0 - new env vars ([80fe4fc](80fe4fc))

### Bug Fixes

* **matcher:** add missing env vars for systemplane and multi-tenant ([965da94](965da94))
* **plugin-access-manager:** add new configuration options for logging, rate limiting, and MFA in configmap.yaml ([d1e83b2](d1e83b2))
* **plugin-br-pix-indirect-btg:** add WEBHOOK_DEFAULT_URL to outbound configmap ([0dd6d81](0dd6d81))
* clean dead OTEL defaults and fix SWAGGER_HOST service names ([76909b8](76909b8))
* **bank-transfer:** correct encryption key env var names ([fb79deb](fb79deb))
* **plugin-access-manager:** remove imagePullSecrets from values.yaml for identity and auth sections ([238ca51](238ca51))
* **plugin-br-bank-transfer:** rename chart to include -helm suffix ([f393e35](f393e35))
* **bank-transfer:** rename MULTI_TENANT_INFRA_ENABLED to MULTI_TENANT_ENABLED for consistency ([0fb14a6](0fb14a6))
* **plugin-access-manager:** update image tags and add CORS, rate limiting, multi-tenancy, and circuit breaker configurations ([628ad1d](628ad1d))
* **plugin-access-manager:** update plugin-auth@2.6.0 ([6b5b3d8](6b5b3d8))
* **plugin-br-bank-transfer:** update plugin-br-bank-transfer@2.1.0 ([3e29c6c](3e29c6c))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.5.1, plugin-br-pix-indirect-btg-worker-reconciliation@1.5.1, plugin-br-pix-indirect-btg-worker-inbound@1.5.1, plugin-br-pix-indirect-btg-worker-outbound@1.5.1 ([226f506](226f506))
* **plugin-access-manager:** update plugin-identity@2.4.2 ([8b01a14](8b01a14))
* **plugin-br-bank-transfer:** update service port and server address to 4027 in configuration files ([dd4e2a0](dd4e2a0))
* **bootstrap-mongodb:** use /bin/bash instead of /bin/sh for mongosh container ([b956943](b956943))
* **matcher:** use configmap value for OBJECT_STORAGE_ENDPOINT with IAM Roles Anywhere ([c0f19a4](c0f19a4))
@lerian-studio
chore: back merge main into develop [skip ci]
4e3dc9f
@lerian-studio
chore: back merge main into develop [skip ci]
7fe6bf4
@bedatty
feat(bootstrap-mongodb): make app user and roles configurable via values
5a37252 
Refactor bootstrap-mongodb templates so the app username and roles
list become parameters in values.yaml instead of hardcoded values
in the script.

Adds two new fields to each chart's <chart>Credentials block:
  - username: app user to create (was hardcoded in the script)
  - roles: list of {role, db} objects to grant (was hardcoded)

This unblocks gitops environments that need different users/roles
than the chart defaults (e.g. plugin-br-pix-indirect-btg with custom
multi-role config across plugin-br-pix-indirect-btg-db, plugin_pix
and pix_btg databases).

Defaults preserve the previous hardcoded behavior for all 7 charts.
Tested end-to-end on minikube with plugin-br-pix-indirect-btg using
6 roles (readWrite + dbAdmin in 3 databases): user creation,
idempotent re-run with password rotation, and authentication all
verified successfully.
@lerian-studio
chore: back merge main into develop [skip ci]
9839d99
@bedatty
fix(bootstrap-mongodb): use updateUser + process.env for safer reconc…
13ee1dc 
…iliation

Address CodeRabbit review feedback on PR #1187:

1. Replace changeUserPassword + grantRolesToUser (which only adds roles)
   with a single updateUser({pwd, roles}) call. This makes role removals
   from values.yaml authoritative — previously, roles dropped from the
   chart values would silently remain granted to the user.

2. Render the roles array via Helm's toJson and read it inside mongosh
   via JSON.parse(process.env.ROLES_JSON). Read MONGO_APP_USER and
   MONGO_APP_PASSWORD via process.env in single-quoted --eval scripts
   instead of interpolating shell variables into JS strings. This
   eliminates a class of injection / syntax-break bugs when usernames,
   passwords, role names, or db names contain special characters
   (apostrophes, backslashes, etc).

Tested end-to-end on minikube:
- plugin-br-pix-indirect-btg with custom user + 6 roles created OK
- Reduced roles from 6 to 3 via upgrade — confirmed dbAdmin roles
  were effectively revoked (was the bug grantRolesToUser couldn't
  fix)
- midaz with default 3 roles created OK and authenticated
@lerian-studio
fix(plugin-access-manager): update plugin-auth@2.6.1
253b5e8
@guimoreirar
Merge pull request #1191 from LerianStudio/update/plugin-access-manag…
276d4b9 
…er/v2.6.1-20260413153252

fix(plugin-access-manager): update plugin-auth@2.6.1
@lerian-studio
chore(release): 6.2.0-beta.1
2dd674d 
##  (2026-04-13)

### Features

* add bootstrap-mongodb.yaml for idempotent MongoDB user/db provisioning ([c36e378](c36e378))

### Bug Fixes

* **new:** add DEFAULT_MIDAZ_ORGANIZATION_ID to configmap for enhanced multi-tenancy support ([d7b66a0](d7b66a0))
* **bank-transfer:** update DEFAULT_TENANT_ID to allow empty default value in configmap ([10ea45e](10ea45e))
* **plugin-access-manager:** update plugin-auth@2.6.1 ([253b5e8](253b5e8))
* **bootstrap-mongodb:** use /bin/bash instead of /bin/sh for mongosh container ([b956943](b956943))
@guimoreirar
Merge pull request #1187 from LerianStudio/feature/bootstrap-mongodb-…
4320159 
…configurable

feat(templates): make app user and roles configurable
@lerian-studio
chore(release): 2.1.0-beta.2
67b4a21 
##  (2026-04-13)

### Features

* **bootstrap-mongodb:** make app user and roles configurable via values ([5a37252](5a37252))

### Bug Fixes

* **new:** add DEFAULT_MIDAZ_ORGANIZATION_ID to configmap for enhanced multi-tenancy support ([d7b66a0](d7b66a0))
* **bank-transfer:** update DEFAULT_TENANT_ID to allow empty default value in configmap ([10ea45e](10ea45e))
* **plugin-access-manager:** update plugin-auth@2.6.1 ([253b5e8](253b5e8))
* **bootstrap-mongodb:** use updateUser + process.env for safer reconciliation ([13ee1dc](13ee1dc)), closes [#1187](#1187)
@lerian-studio
chore(release): 2.0.0-beta.2
a93ca56 
##  (2026-04-13)

### Features

* **bootstrap-mongodb:** make app user and roles configurable via values ([5a37252](5a37252))

### Bug Fixes

* **new:** add DEFAULT_MIDAZ_ORGANIZATION_ID to configmap for enhanced multi-tenancy support ([d7b66a0](d7b66a0))
* **bank-transfer:** update DEFAULT_TENANT_ID to allow empty default value in configmap ([10ea45e](10ea45e))
* **plugin-access-manager:** update plugin-auth@2.6.1 ([253b5e8](253b5e8))
* **bootstrap-mongodb:** use updateUser + process.env for safer reconciliation ([13ee1dc](13ee1dc)), closes [#1187](#1187)
@lerian-studio
chore(release): 6.0.0-beta.2
dbbaa6a 
##  (2026-04-13)

### Features

* **bootstrap-mongodb:** make app user and roles configurable via values ([5a37252](5a37252))

### Bug Fixes

* **new:** add DEFAULT_MIDAZ_ORGANIZATION_ID to configmap for enhanced multi-tenancy support ([d7b66a0](d7b66a0))
* **bank-transfer:** update DEFAULT_TENANT_ID to allow empty default value in configmap ([10ea45e](10ea45e))
* **plugin-access-manager:** update plugin-auth@2.6.1 ([253b5e8](253b5e8))
* **bootstrap-mongodb:** use updateUser + process.env for safer reconciliation ([13ee1dc](13ee1dc)), closes [#1187](#1187)
@lerian-studio
chore(release): 2.2.0-beta.2
a4528da 
##  (2026-04-13)

### Features

* **bootstrap-mongodb:** make app user and roles configurable via values ([5a37252](5a37252))

### Bug Fixes

* **new:** add DEFAULT_MIDAZ_ORGANIZATION_ID to configmap for enhanced multi-tenancy support ([d7b66a0](d7b66a0))
* **bank-transfer:** update DEFAULT_TENANT_ID to allow empty default value in configmap ([10ea45e](10ea45e))
* **plugin-access-manager:** update plugin-auth@2.6.1 ([253b5e8](253b5e8))
* **bootstrap-mongodb:** use updateUser + process.env for safer reconciliation ([13ee1dc](13ee1dc)), closes [#1187](#1187)
@lerian-studio
chore(release): 5.0.0-beta.2
9d8edad 
##  (2026-04-13)

### Features

* **bootstrap-mongodb:** make app user and roles configurable via values ([5a37252](5a37252))

### Bug Fixes

* **new:** add DEFAULT_MIDAZ_ORGANIZATION_ID to configmap for enhanced multi-tenancy support ([d7b66a0](d7b66a0))
* **bank-transfer:** update DEFAULT_TENANT_ID to allow empty default value in configmap ([10ea45e](10ea45e))
* **plugin-access-manager:** update plugin-auth@2.6.1 ([253b5e8](253b5e8))
* **bootstrap-mongodb:** use updateUser + process.env for safer reconciliation ([13ee1dc](13ee1dc)), closes [#1187](#1187)
@lerian-studio
chore(release): 2.1.0-beta.2
67fdb3b 
##  (2026-04-13)

### Features

* **bootstrap-mongodb:** make app user and roles configurable via values ([5a37252](5a37252))

### Bug Fixes

* **new:** add DEFAULT_MIDAZ_ORGANIZATION_ID to configmap for enhanced multi-tenancy support ([d7b66a0](d7b66a0))
* **bank-transfer:** update DEFAULT_TENANT_ID to allow empty default value in configmap ([10ea45e](10ea45e))
* **plugin-access-manager:** update plugin-auth@2.6.1 ([253b5e8](253b5e8))
* **bootstrap-mongodb:** use updateUser + process.env for safer reconciliation ([13ee1dc](13ee1dc)), closes [#1187](#1187)
@lerian-studio
chore(release): 2.1.0-beta.2
e39dc2d 
##  (2026-04-13)

### Features

* **bootstrap-mongodb:** make app user and roles configurable via values ([5a37252](5a37252))

### Bug Fixes

* **new:** add DEFAULT_MIDAZ_ORGANIZATION_ID to configmap for enhanced multi-tenancy support ([d7b66a0](d7b66a0))
* **bank-transfer:** update DEFAULT_TENANT_ID to allow empty default value in configmap ([10ea45e](10ea45e))
* **plugin-access-manager:** update plugin-auth@2.6.1 ([253b5e8](253b5e8))
* **bootstrap-mongodb:** use updateUser + process.env for safer reconciliation ([13ee1dc](13ee1dc)), closes [#1187](#1187)
@guimoreirar guimoreirar requested a review from a team as a code owner April 13, 2026 15:52
lerian-studio and others added 22 commits April 15, 2026 12:57
@lerian-studio
chore(release): 2.1.0-beta.3
8b5ebae 
##  (2026-04-15)

### Features

* **plugin-fees:** add new env vars for v3.1.0 ([f824431](f824431)), closes [#1195](#1195)
* **reporter:** add ServiceAccount annotations support for IRSA ([3685103](3685103))
* **fetcher:** add ServiceAccount support for worker ([aa616c7](aa616c7))
* **reporter,fetcher:** auto-set VERSION and OTEL_RESOURCE_SERVICE_VERSION from image tag ([bcc28f1](bcc28f1))
* **plugin-fees:** update plugin-fees@3.1.0 - new env vars ([0111ef7](0111ef7))

### Bug Fixes

* always set VERSION and OTEL_RESOURCE_SERVICE_VERSION from image.tag ([56bfc66](56bfc66))
* complete standardization of VERSION across all remaining charts ([63adbb9](63adbb9))
* **fetcher:** remove common secret to match reporter pattern ([37050a0](37050a0))
* **plugin-fees:** revert MIDAZ_TRANSACTION_URL to midaz-transaction default ([0871187](0871187))
* standardize VERSION/OTEL_RESOURCE_SERVICE_VERSION in remaining charts ([4172495](4172495))
* update plugin-br-pix-indirect-btg pix OTEL_RESOURCE_SERVICE_VERSION ([4fa8d3f](4fa8d3f))
* **plugin-fees:** use midaz-ledger service for MIDAZ_TRANSACTION_URL default ([9515b35](9515b35))
* **bootstrap-mongodb:** use name helpers instead of hardcoded names ([d932f48](d932f48))
@lerian-studio
chore(release): 2.1.0-beta.5
fa6be0d 
##  (2026-04-15)

### Features

* **fetcher:** add ServiceAccount support for worker ([aa616c7](aa616c7))
* **reporter,fetcher:** auto-set VERSION and OTEL_RESOURCE_SERVICE_VERSION from image tag ([bcc28f1](bcc28f1))

### Bug Fixes

* always set VERSION and OTEL_RESOURCE_SERVICE_VERSION from image.tag ([56bfc66](56bfc66))
* complete standardization of VERSION across all remaining charts ([63adbb9](63adbb9))
* standardize VERSION/OTEL_RESOURCE_SERVICE_VERSION in remaining charts ([4172495](4172495))
* update plugin-br-pix-indirect-btg pix OTEL_RESOURCE_SERVICE_VERSION ([4fa8d3f](4fa8d3f))
@lerian-studio
chore(release): 2.0.0-beta.1
c5c68bc 
##  (2026-04-15)

### ⚠ BREAKING CHANGES

* **plugin-access-manager:** Values path changed from 'auth.backend.migrations.image'
(string) to 'auth.backend.migrations.image.repository' + '.tag' (object).
Same for 'auth.initUser.image' and 'auth.initUser.imagePullPolicy'.
Existing values overrides using the old string format will need updating.

### Features

* add bootstrap-mongodb.yaml for idempotent MongoDB user/db provisioning ([c36e378](c36e378))
* **product-console:** add dynamic OTEL host injection support ([4f473e9](4f473e9))
* add Helm chart for plugin-br-bank-transfer-jd ([2ee97b9](2ee97b9))
* add IAM Roles Anywhere sidecar support for fetcher and matcher ([a67b756](a67b756))
* **reporter:** add IAM Roles Anywhere sidecar support ([2b76810](2b76810))
* **matcher:** add missing env vars for matcher v1.0.0+ ([0bf1e7f](0bf1e7f))
* **plugin-br-pix-indirect-btg:** add missing inbound webhook entity envs and security tier config ([ca62f49](ca62f49))
* **product-console:** add MONGO_PARAMETERS env var for TLS/auth options ([164468c](164468c))
* **plugin-fees:** add new env vars for v3.1.0 ([f824431](f824431)), closes [#1195](#1195)
* **reporter:** add ServiceAccount annotations support for IRSA ([3685103](3685103))
* **fetcher:** add ServiceAccount support for worker ([aa616c7](aa616c7))
* **reporter,fetcher:** auto-set VERSION and OTEL_RESOURCE_SERVICE_VERSION from image tag ([bcc28f1](bcc28f1))
* **bootstrap-mongodb:** make app user and roles configurable via values ([5a37252](5a37252))
* **plugin-access-manager:** make createDatabase configurable ([1574601](1574601))
* **plugin-br-bank-transfer:** move CLIENT_IDs to secrets ([d3e36c0](d3e36c0))
* **fetcher:** update fetcher-manager@1.1.0, fetcher-worker@1.1.0 - new env vars ([345798a](345798a))
* **fetcher:** update fetcher-manager@1.2.0, fetcher-worker@1.2.0 - new env vars ([47785ab](47785ab))
* **product-console:** update image tag to 1.5.0 and add upgrade guide ([a289f8c](a289f8c))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.5.0, plugin-br-pix-indirect-btg-worker-reconciliation@1.5.0, plugin-br-pix-indirect-btg-worker-inbound@1.5.0, plugin-br-pix-indirect-btg-worker-outbound@1.5.0 - new env vars ([80fe4fc](80fe4fc))
* **plugin-fees:** update plugin-fees@3.1.0 - new env vars ([0111ef7](0111ef7))

### Bug Fixes

* **new:** add DEFAULT_MIDAZ_ORGANIZATION_ID to configmap for enhanced multi-tenancy support ([d7b66a0](d7b66a0))
* **charts:** add http:// prefix to OTEL_EXPORTER_OTLP_ENDPOINT ([33adde3](33adde3))
* **charts:** add http:// prefix to OTEL_EXPORTER_OTLP_ENDPOINT ([5f8ca7b](5f8ca7b))
* add kindIs guard for backward compat with string image values ([313d9f6](313d9f6))
* **matcher:** add missing env vars for systemplane and multi-tenant ([965da94](965da94))
* add missing MONGO_HOST/MONGO_PORT and align MONGODB_DB_NAME ([0725fa2](0725fa2))
* **product-console:** add MongoDB connection info to NOTES.txt ([b4d6557](b4d6557))
* **product-console:** add mongodb.enabled flag to values-template ([7024d9d](7024d9d))
* **plugin-access-manager:** add new configuration options for logging, rate limiting, and MFA in configmap.yaml ([d1e83b2](d1e83b2))
* add plugin-br-bank-transfer-jd section to README version matrix ([ccd19ac](ccd19ac))
* **fetcher:** add RabbitMQ and storage configuration options, remove unused secret template ([865613d](865613d))
* add required validation for Roles Anywhere ARNs and README migration note ([50e4718](50e4718)), closes [#1](#1) [#3](#3) [#1113](#1113)
* **plugin-br-pix-indirect-btg:** add WEBHOOK_DEFAULT_URL to outbound configmap ([0dd6d81](0dd6d81))
* address CodeRabbit CLI review findings ([974bbb8](974bbb8))
* **product-console:** address CodeRabbit review on NOTES.txt ([e8cf8d7](e8cf8d7))
* address CodeRabbit security and quality issues ([eb80852](eb80852))
* address remaining CodeRabbit review comments ([6f26a8b](6f26a8b))
* align comment with actual template keys per CodeRabbit review ([338e19c](338e19c))
* **matcher:** align default securityContext with distroless nonroot UID ([87f0c59](87f0c59))
* always set VERSION and OTEL_RESOURCE_SERVICE_VERSION from image.tag ([56bfc66](56bfc66))
* clean dead OTEL defaults and fix SWAGGER_HOST service names ([76909b8](76909b8))
* complete standardization of VERSION across all remaining charts ([63adbb9](63adbb9))
* **bank-transfer:** correct encryption key env var names ([fb79deb](fb79deb))
* **product-console:** derive MongoDB service name dynamically in NOTES.txt ([4bbf749](4bbf749))
* **matcher:** fix configmap archival condition and S3 endpoint for IAM Roles Anywhere ([53232ae](53232ae))
* move MONGO_URI to secrets and support JD sandbox mode ([6d41468](6d41468))
* **reporter:** prevent null env in manager and worker deployments ([51a72c6](51a72c6))
* **reporter:** prevent null env in ScaledJob when no env vars are configured ([7fa29b4](7fa29b4))
* **fetcher:** remove common secret to match reporter pattern ([37050a0](37050a0))
* remove hardcoded namespaceOverride to use release namespace ([f650315](f650315))
* **plugin-access-manager:** remove imagePullSecrets from values.yaml for identity and auth sections ([238ca51](238ca51))
* **plugin-br-bank-transfer:** rename chart to include -helm suffix ([f393e35](f393e35))
* **bank-transfer:** rename MULTI_TENANT_INFRA_ENABLED to MULTI_TENANT_ENABLED for consistency ([0fb14a6](0fb14a6))
* **plugin-fees:** revert MIDAZ_TRANSACTION_URL to midaz-transaction default ([0871187](0871187))
* **product-console:** set image tag to 1.3.0 in values.yaml ([a535b88](a535b88))
* **plugin-access-manager:** split migrations and initUser image into repository/tag fields ([5be206a](5be206a))
* standardize VERSION/OTEL_RESOURCE_SERVICE_VERSION in remaining charts ([4172495](4172495))
* **product-console:** update appVersion to 1.3.0 ([c708e76](c708e76))
* **bank-transfer:** update DEFAULT_TENANT_ID to allow empty default value in configmap ([10ea45e](10ea45e))
* **plugin-access-manager:** update image tags and add CORS, rate limiting, multi-tenancy, and circuit breaker configurations ([628ad1d](628ad1d))
* **plugin-access-manager:** update plugin-auth@2.6.0 ([6b5b3d8](6b5b3d8))
* **plugin-access-manager:** update plugin-auth@2.6.1 ([253b5e8](253b5e8))
* **plugin-br-bank-transfer-jd:** update plugin-br-bank-transfer-jd@1.0.0 ([afcdded](afcdded))
* **plugin-br-bank-transfer:** update plugin-br-bank-transfer@2.1.0 ([3e29c6c](3e29c6c))
* update plugin-br-pix-indirect-btg pix OTEL_RESOURCE_SERVICE_VERSION ([4fa8d3f](4fa8d3f))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.2.6 ([fe3749c](fe3749c))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.2.7 ([793be45](793be45))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.2.8 ([55681de](55681de))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.3.0 ([35c27d1](35c27d1))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.4.1, plugin-br-pix-indirect-btg-worker-reconciliation@1.4.1, plugin-br-pix-indirect-btg-worker-inbound@1.4.1, plugin-br-pix-indirect-btg-worker-outbound@1.4.1 ([3c6970f](3c6970f))
* **plugin-br-pix-indirect-btg:** update plugin-br-pix-indirect-btg@1.5.1, plugin-br-pix-indirect-btg-worker-reconciliation@1.5.1, plugin-br-pix-indirect-btg-worker-inbound@1.5.1, plugin-br-pix-indirect-btg-worker-outbound@1.5.1 ([226f506](226f506))
* **plugin-fees:** update plugin-fees@3.0.8 ([8c5579c](8c5579c))
* **plugin-access-manager:** update plugin-identity@2.4.2 ([8b01a14](8b01a14))
* **reporter:** update reporter-manager@1.1.1 ([4f98acf](4f98acf))
* **matcher:** update securityContext to run as root ([8de4a13](8de4a13))
* **plugin-br-bank-transfer:** update service port and server address to 4027 in configuration files ([dd4e2a0](dd4e2a0))
* **reporter:** update worker default image tag to match latest stable release ([147ed4c](147ed4c))
* **bootstrap-mongodb:** use /bin/bash instead of /bin/sh for mongosh container ([b956943](b956943))
* **matcher:** use configmap value for OBJECT_STORAGE_ENDPOINT with IAM Roles Anywhere ([c0f19a4](c0f19a4))
* use dynamic service names based on release name ([cc9e734](cc9e734))
* **plugin-fees:** use midaz-ledger service for MIDAZ_TRANSACTION_URL default ([9515b35](9515b35))
* **bootstrap-mongodb:** use name helpers instead of hardcoded names ([d932f48](d932f48))
* **plugin-access-manager:** use separate repository and tag for auth backend image ([01b9a5c](01b9a5c))
* **reporter:** use unique names for cluster-scoped resources ([5cdaa80](5cdaa80))
* **bootstrap-mongodb:** use updateUser + process.env for safer reconciliation ([13ee1dc](13ee1dc)), closes [#1187](#1187)
@lerian-studio
feat(reporter): update reporter-manager@1.2.0, reporter-worker@1.2.0 …
624ec97 
…- new env vars
@lerian-studio
feat(fetcher): update fetcher-manager@1.3.0, fetcher-worker@1.3.0 - n…
679fd73 
…ew env vars
@ferr3ira-gabriel @factory-droid
feat: add rate limit configuration to midaz, fetcher, and reporter ch…
db2ec46 
…arts

Add rate limiting environment variables following lib-commons .env.reference:
- RATE_LIMIT_ENABLED (default: true)
- RATE_LIMIT_MAX (default: 500)
- RATE_LIMIT_WINDOW_SEC (default: 60)
- AGGRESSIVE_RATE_LIMIT_MAX (default: 100)
- AGGRESSIVE_RATE_LIMIT_WINDOW_SEC (default: 60)
- RELAXED_RATE_LIMIT_MAX (default: 1000)
- RELAXED_RATE_LIMIT_WINDOW_SEC (default: 60)
- RATE_LIMIT_REDIS_TIMEOUT_MS (default: 500)
- ALLOW_RATELIMIT_DISABLED (opt-out with reason)
- ALLOW_RATELIMIT_FAIL_OPEN (opt-out with reason)

Charts updated:
- midaz: onboarding, transaction, ledger, crm
- fetcher: manager, worker
- reporter: manager, worker

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
@ferr3ira-gabriel
Merge pull request #1209 from LerianStudio/update/fetcher/v1.3.0-2026…
6440e5c 
…0415212002

feat(fetcher): update fetcher-manager@1.3.0, fetcher-worker@1.3.0
@lerian-studio
chore(release): 2.1.0-beta.6
09dbee7 
##  (2026-04-16)

### Features

* **fetcher:** update fetcher-manager@1.3.0, fetcher-worker@1.3.0 - new env vars ([679fd73](679fd73))
@ferr3ira-gabriel
Merge pull request #1208 from LerianStudio/update/reporter/v1.2.0-202…
b936e5d 
…60415211824

feat(reporter): update reporter-manager@1.2.0, reporter-worker@1.2.0
@ferr3ira-gabriel @factory-droid
fix: remove duplicate reporter-manager/secret.yaml with incorrect tem…
e8cc8b6 
…plate references

The file was using non-existent templates (reporter-helm.fullname, reporter-helm.labels)
instead of the correct ones (plugin-manager.fullname, plugin-manager.labels).

A proper secret template already exists at templates/manager/secrets.yml.

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
@lerian-studio
chore(release): 2.1.0-beta.6
d2d4a75 
##  (2026-04-16)

### Features

* **fetcher:** update fetcher-manager@1.3.0, fetcher-worker@1.3.0 - new env vars ([679fd73](679fd73))
* **reporter:** update reporter-manager@1.2.0, reporter-worker@1.2.0 - new env vars ([624ec97](624ec97))

### Bug Fixes

* remove duplicate reporter-manager/secret.yaml with incorrect template references ([e8cc8b6](e8cc8b6))
@ferr3ira-gabriel
Merge pull request #1210 from LerianStudio/feat/add-ratelimit-config-…
4eb2006 
…midaz-fetcher-reporter

feat: add rate limit configuration to midaz, fetcher, and reporter charts
@lerian-studio
chore(release): 2.1.0-beta.7
cd4c865 
##  (2026-04-16)

### Features

* add rate limit configuration to midaz, fetcher, and reporter charts ([db2ec46](db2ec46))
* **reporter:** update reporter-manager@1.2.0, reporter-worker@1.2.0 - new env vars ([624ec97](624ec97))

### Bug Fixes

* remove duplicate reporter-manager/secret.yaml with incorrect template references ([e8cc8b6](e8cc8b6))
@lerian-studio
chore(release): 6.0.0-beta.5
8b9f2e0 
##  (2026-04-16)

### Features

* add rate limit configuration to midaz, fetcher, and reporter charts ([db2ec46](db2ec46))
* **fetcher:** update fetcher-manager@1.3.0, fetcher-worker@1.3.0 - new env vars ([679fd73](679fd73))
* **reporter:** update reporter-manager@1.2.0, reporter-worker@1.2.0 - new env vars ([624ec97](624ec97))

### Bug Fixes

* remove duplicate reporter-manager/secret.yaml with incorrect template references ([e8cc8b6](e8cc8b6))
@lerian-studio
chore(release): 2.1.0-beta.7
d329045 
##  (2026-04-16)

### Features

* add rate limit configuration to midaz, fetcher, and reporter charts ([db2ec46](db2ec46))
@ferr3ira-gabriel @factory-droid
feat(charts): add missing NEU app env vars to reporter and fetcher
8d4db13 
Reporter chart (7 new env vars):
- APP_ENC_KEY (secrets) - Base64 encoded 32-byte encryption key
- FETCHER_ENABLED (common.configmap) - Enable fetcher integration
- FETCHER_URL (common.configmap) - Fetcher service URL
- MONGO_TLS_CA_CERT (common.configmap) - MongoDB TLS CA certificate
- MULTI_TENANT_ENABLED (common.configmap) - Enable multi-tenant mode
- OTEL_INSECURE_EXPORTER (common.configmap) - Insecure OTEL exporter
- MONGO_PARAMETERS (common.configmap) - MongoDB connection parameters

Fetcher chart (3 new env vars):
- MONGO_TLS_CA_CERT (common.configmap) - MongoDB TLS CA certificate
- OTEL_INSECURE_EXPORTER (common.configmap) - Insecure OTEL exporter
- MONGO_PARAMETERS (common.configmap) - MongoDB connection parameters

Bumped chart versions to 2.1.0-beta.8

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
@ferr3ira-gabriel
Merge pull request #1211 from LerianStudio/feat/add-neu-app-env-vars
c1d673f 
feat(charts): add missing NEU app env vars to reporter and fetcher
@lerian-studio
chore(release): 2.1.0-beta.8
df3a48a 
##  (2026-04-16)

### Features

* **charts:** add missing NEU app env vars to reporter and fetcher ([8d4db13](8d4db13))
@lerian-studio
chore(release): 2.1.0-beta.8
38586ef 
##  (2026-04-16)

### Features

* **charts:** add missing NEU app env vars to reporter and fetcher ([8d4db13](8d4db13))
@ferr3ira-gabriel @factory-droid
chore(midaz): update appVersion to 3.6.1, ledger to 3.6.1, crm to 3.6.0
270ad70 
- appVersion: 3.5.3 -> 3.6.1
- midaz-ledger image tag: 3.5.3 -> 3.6.1
- midaz-crm image tag: 3.5.3 -> 3.6.0
- onboarding and transaction unchanged (deprecated)

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
@ferr3ira-gabriel
Merge pull request #1212 from LerianStudio/chore/update-midaz-appvers…
949e282 
…ion-3.6.1

chore(midaz): update appVersion and image tags to 3.6.1
@lerian-studio
chore(release): 6.0.0-beta.6
6f50f76 
##  (2026-04-16)

### Features

* **charts:** add missing NEU app env vars to reporter and fetcher ([8d4db13](8d4db13))
@ferr3ira-gabriel ferr3ira-gabriel changed the title chore(new): add mongodb bootstrap to all charts chore(plugins): release develop to main Apr 16, 2026
@ferr3ira-gabriel ferr3ira-gabriel merged commit 29459c6 into main Apr 16, 2026
4 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] requested changes

@ferr3ira-gabriel ferr3ira-gabriel ferr3ira-gabriel approved these changes

@bedatty bedatty bedatty approved these changes

@gandalf-at-lerian gandalf-at-lerian gandalf-at-lerian approved these changes

Assignees

@guimoreirar guimoreirar

@ferr3ira-gabriel ferr3ira-gabriel

@bedatty bedatty

Labels

doc fetcher flowker matcher midaz plugin-access-manager plugin-br-pix-direct-jd plugin-br-pix-indirect-btg plugin-crm plugin-fees product-console reporter underwriter

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@guimoreirar @ferr3ira-gabriel @bedatty @gandalf-at-lerian @lerian-studio @arthurkz