diff --git a/static/schema/config.json b/static/schema/config.json index f7abf19..0f04cd4 100644 --- a/static/schema/config.json +++ b/static/schema/config.json @@ -14,6 +14,9 @@ "logging": { "$ref": "#/definitions/Logging" }, + "debug": { + "$ref": "#/definitions/Debug" + }, "directory": { "$ref": "#definitions/Directory" }, @@ -21,10 +24,19 @@ "$ref": "#definitions/RemoteDirectory" }, "jwt": { - "#ref": "#definitions/JSONWebToken" + "$ref": "#definitions/JSONWebToken" + }, + "auth": { + "$ref": "#definitions/Authentication" }, "api": { - "$ref": "#definitions/Services" + "$ref": "#definitions/API" + }, + "controller": { + "$ref": "#definitions/Controller" + }, + "decision_logger": { + "$ref": "#definitions/DecisionLogger" }, "opa": { "$ref": "#definitions/OpenPolicyAgent" @@ -67,7 +79,7 @@ }, "grpc_log_level": { "type": "string", - "description": "gRPC log level, when not specified the `log_level` value is used", + "description": "gRPC log level [trace|debug|info|warning|error], when not specified the `log_level` value is used", "enum": [ "trace", "debug", @@ -79,6 +91,28 @@ } } }, + "Debug": { + "description": "debug setting", + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "description": "enable debug service", + "default": "false" + }, + "listen_address": { + "type": "string", + "description": "debug service listen address", + "default": "http://localhost:6060" + }, + "shutdown_timeout": { + "type": "integer", + "description": "delay debugger shutdown", + "default": 0 + } + } + }, "Directory": { "description": "edge directory config", "type": "object", @@ -87,22 +121,12 @@ "db_path": { "type": "string", "description": "file path of edge directory database file", - "default": "${TOPAZ_DIR}/db/directory.db" + "default": "${TOPAZ_DB_DIR}/directory.db" }, "request_timeout": { "type": "string", "description": "edge directory request timeout in seconds", "default": "5s" - }, - "seed_metadata": { - "type": "boolean", - "description": "seed edge directory with the default metadata objects (OBSOLETE)", - "default": "false" - }, - "enable_v2": { - "type": "boolean", - "description": "enable directory version 2 services for backward compatibility", - "default": "false" } } }, @@ -135,6 +159,10 @@ "type": "string", "description": "path to gRPC key file" }, + "ca_cert_path": { + "type": "string", + "description": "path to CA certificate file" + }, "timeout_in_seconds": { "type": "integer", "description": "gRPC connection timeout in seconds" @@ -147,32 +175,161 @@ "headers": { "type": "object", "description": "map of additional gRPC headers", + "additionalProperties": { + "description": "header key : value", + "type":"string" + }, "examples": [ { - "aserto-account-id": "a192e882-b648-4a57-89a4-029cfb1b7289" + "aserto-account-id": "00000000-1111-2222-3333-444455556666" } ] } } }, "JSONWebToken": { - "type": "object", - "description": "JWT config", + "description": "JWT validation configuration", + "type":"object", "additionalProperties": false, "properties": { "acceptable_time_skew_seconds": { "type": "integer", "description": "allowed skew", + "default": 5, "minimum": 0, "maximum": 60 } } }, + "Authentication": { + "description": "Authentication configuration", + "type": "object", + "additionalProperties": false, + "properties": { + "api_keys": { + "description": "map of api key to identity", + "type": "object", + "additionalProperties": { + "description": "key -> identity", + "type": "string" + } + }, + "options": { + "description": "options", + "type": "object", + "properties": { + "default": { + "description": "default settings", + "type": "object", + "additionalProperties": false, + "properties": { + "enable_api_key":{ + "description": "enable API key access", + "type": "boolean" + }, + "enable_anonymous": { + "description": "enable anonymous access", + "type": "boolean" + } + } + }, + "overrides": { + "description": "overrides", + "type": "object", + "properties": { + "paths": { + "description": "paths", + "type":"array", + "items": { + "description": "path to override", + "type": "string" + } + }, + "override": { + "description": "override", + "type": "object", + "additionalProperties": false, + "properties": { + "enable_api_key":{ + "description": "enable API key access", + "type": "boolean" + }, + "enable_anonymous": { + "description": "enable anonymous access", + "type": "boolean" + } + } + } + } + } + } + } + } + }, + "API":{ + "type": "object", + "description": "API services", + "additionalProperties": false, + "properties": { + "health":{ + "$ref": "#definitions/Health" + }, + "metrics": { + "$ref": "#definitions/Metrics" + }, + "services": { + "$ref": "#definitions/Services" + } + } + }, + "Health": { + "type": "object", + "description": "Health service", + "additionalProperties": false, + "properties": { + "listen_address": { + "description": "host address and port", + "type": "string" + }, + "certs": { + "description": "TLS certificate configuration", + "$ref": "#/definitions/ServiceTLSCertificates" + } + } + }, + "Metrics": { + "type": "object", + "description": "Metrics service", + "additionalProperties": false, + "properties": { + "listen_address": { + "description": "host address and port", + "type": "string" + }, + "certs": { + "description": "TLS certificate configuration", + "$ref": "#/definitions/ServiceTLSCertificates" + }, + "zpages": { + "description": "enable zPages trace & metric endpoint", + "type": "boolean", + "default": "false" + } + } + }, "Services": { "type": "object", "description": "Services type config", "uniqueItems": true, "properties": { + "console": { + "description": "console service", + "$ref": "#/definitions/ServiceInstance" + }, + "model": { + "description": "directory model service", + "$ref": "#/definitions/ServiceInstance" + }, "reader": { "description": "directory reader service", "$ref": "#/definitions/ServiceInstance" @@ -189,10 +346,6 @@ "description": "directory exporter service", "$ref": "#/definitions/ServiceInstance" }, - "model": { - "description": "directory model service", - "$ref": "#/definitions/ServiceInstance" - }, "authorizer": { "description": "authorizer service", "$ref": "#/definitions/ServiceInstance" @@ -213,14 +366,6 @@ "gateway": { "description": "Service REST gateway endpoint configuration", "$ref": "#/definitions/ServiceGateway" - }, - "health": { - "description": "Service health endpoint configuration", - "$ref": "#/definitions/ServiceHealth" - }, - "metrics": { - "description": "Service metrics endpoint configuration", - "$ref": "#/definitions/ServiceMetrics" } } }, @@ -230,6 +375,10 @@ }, "ServiceGRPC": { "properties": { + "fqdn": { + "description": "fully qualified domain name", + "type": "string" + }, "listen_address": { "description": "gRPC host address and port", "type": "string" @@ -246,18 +395,42 @@ }, "ServiceGateway": { "properties": { + "fqdn": { + "description": "fully qualified domain name", + "type": "string" + }, "listen_address": { "description": "REST gateway host address and port", "type": "string" }, + "certs": { + "description": "REST gateway TLS certificate configuration", + "$ref": "#/definitions/ServiceTLSCertificates" + }, "allowed_origins":{ "description": "allowed CORS origins", "type": "array", + "items": { + "description": "URL path of allowed origin", + "type": "string" + }, "uniqueItems": true }, - "certs": { - "description": "REST gateway TLS certificate configuration", - "$ref": "#/definitions/ServiceTLSCertificates" + "allowed_headers": { + "description": "allowed headers", + "type": "array", + "items": { + "description": "header name", + "type": "string" + } + }, + "allowed_methods": { + "description": "allowed HTTP methods", + "type": "array", + "items": { + "description": "HTTP method name", + "type": "string" + } }, "http": { "description": "allow HTTP traffic", @@ -290,22 +463,6 @@ } } }, - "ServiceHealth": { - "properties": { - "listen_address": { - "description": "health host address and port", - "type": "string" - } - } - }, - "ServiceMetrics": { - "properties": { - "listen_address": { - "description": "metrics host address and port", - "type": "string" - } - } - }, "ServiceTLSCertificates": { "properties": { "tls_cert_path": { @@ -350,6 +507,149 @@ }, "OpenPolicyAgentConfig": { "description": "OPA config block" + }, + "Controller": { + "description": "Control plane configuration", + "properties": { + "enabled": { + "description": "enable connection to control plane", + "type": "boolean" + }, + "server": { + "description":"control plane service configuration", + "type": "object", + "properties": { + "address": { + "description": "address of relay service", + "type": "string", + "examples": [ + "relay.prod.aserto.com:8443" + ] + }, + "api_key": { + "description": "API key", + "type": "string" + }, + "client_cert_path": { + "description": "mTLS control plane cert path", + "type": "string" + }, + "client_key_path": { + "description": "mTLS control plane key path", + "type": "string" + } + } + } + } + }, + "DecisionLogger": { + "description": "Decision Logger configuration", + "properties": { + "type": { + "description": "decision log plugin name", + "type": "string" + }, + "config": { + "description": "decision log plugin configuration", + "type": "object", + "properties": { + "store_directory": { + "description": "path to mount point for decision logs buffer storage", + "type": "string", + "examples": ["/decisions"] + }, + "scribe": { + "description": "Scribe configuration", + "type": "object", + "properties": { + "address": { + "description": "address of scribe service", + "type": "string", + "default": "" + }, + "client_cert_path": { + "description": "mTLS scribe cert path", + "type": "string" + }, + "client_key_path": { + "description": "mTLS scribe key path", + "type": "string" + }, + "headers": { + "description": "map of additional gRPC headers", + "type": "object", + "additionalProperties": { + "description": "header key : value", + "type":"string" + }, + "examples": [ + { + "aserto-tenant-id": "00000000-1111-2222-3333-444455556666" + } + ] + }, + "max_inflight_batches": { + "description": "", + "type": "integer" + }, + "ack_wait_seconds": { + "description": "", + "type": "integer", + "default": 10 + }, + "disable_tls": { + "description": "disable TLS verification", + "type": "boolean" + } + } + }, + "shipper": { + "description": "Shipper configuration", + "type": "object", + "$comment": "https://github.com/aserto-dev/self-decision-logger/blob/main/shipper/config.go", + "properties": { + "max_bytes": { + "description": "max message size 100mb (100*1024*1024)", + "type": "integer", + "default": 104857600 + }, + "max_batch_size": { + "description": "max batch size in messages", + "type": "integer", + "default": 512 + }, + "publish_timeout_seconds": { + "description": "publish timeout in seconds", + "type": "integer", + "default": 10 + }, + "max_inflight_batches": { + "description": "max number of inflight batches", + "type": "integer", + "default": 10 + }, + "ack_wait_seconds": { + "description": "ack wait time in seconds", + "type": "integer", + "default": 60 + }, + "delete_stream_on_done": { + "description": "delete stream when done", + "type": "boolean", + "default": false + }, + "backoff_seconds": { + "description": "backoff in seconds", + "type": "array", + "default": [ + 5, 10, 30, 60, 120, 300 + ] + } + } + } + } + } + } } } }