forked from RedHatInsights/authz
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig.yaml
executable file
·70 lines (67 loc) · 2.36 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# Minimum required configuration:
# auth:
# - enabled: true
# audience: <audience>
# discoveryEndpoint: <discoveryEndpoint>
# cors:
# allowedOrigins:
# - <origin>
# store:
# endpoint: <spicedb endpoint>
# tokenFile: <path to file containing spicedb preshared key>
#grpcPort: 50051 # GRPC port of the AuthZ service
httpPort: 8081 # HTTP port of the Authz Service. Defaults to 8080
#httpsPort: 8443 # HTTPS port of the AuthZ service
logRequests: true # Request logging midddleware on/off - true/false. Defaults to false
auth:
- enabled: false # Recommended for local dev, when there is no AuthN server integration, no checks for the tokens.
audience: cloud-services # Used when auth in enabled, audience of the token
discoveryEndpoint: http://localhost:8180/idp/.well-known/openid-configuration # Used when auth in enabled, discovery endpoint of the token issuer
requiredScope: openid # used when auth in enabled, the required scopes to validate for in the given token
authz: #
licenseImportAllowlist: # List of authorized/allowed subject IDs that can Entitle/Import Orgs
# - subjectID1
# - SubjectID2
cors: # (Refer to https://github.com/rs/cors for settings)
#allowCredentials: false
allowedOrigins:
- '*'
#allowedHeaders:
# - Accept
# - ResponseType
# - Content-Length
# - Accept-Encoding
# - Accept-Language
# - Authorization
# - Content-Type
# - User-Agent
#allowedMethods:
# - HEAD
# - GET
# - POST
# - PATCH
# - PUT
# - DELETE
# - OPTIONS
debug: true #Default: false
#maxAge: 300
store:
endpoint: localhost:60000 # End point where the spiceDB store runs, GRPC endpoint
# kind: spicedb # for now only "spicedb" is possible
tokenFile: .secrets/spice-db-local # Needed for store=spicedb, path to the pre-shared token
useTLS: false # TLS enabled/disabled between authz service and store (spiceDB) Defaults to true
userservice:
url: ""
userServiceClientCertFile: ""
userServiceClientKeyFile: ""
optionalRootCA: ""
disableCAVerification: false
umb:
enabled: false
url:
umbClientCertFile:
umbClientCertKey:
topicName:
#tls:
# certFile: /etc/tls/tls.crt # TLS Certificate path
# keyFile: /etc/tls/tls.key # TLS key path