forked from raystack/guardian
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathconfig.yaml
64 lines (61 loc) · 1.57 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# GOTO Guardian Configuration
#
#
# !!WARNING!!
# This configuration file is for documentation purposes only. Do not use it in production.
#
# Guardian can be configured using a configuration file and passing the file location using `--config path/to/config.yaml`.
# Per default, Guardian will look up and load file ~/config.yaml. All configuration keys can be set using environment
# variables as well.
#
PORT: 3000
GRPC:
TIMEOUT_IN_SECONDS: 5
MAX_CALL_RECV_MSG_SIZE: 33554432
MAX_CALL_SEND_MSG_SIZE: 33554432
ENCRYPTION_SECRET_KEY:
AUTHENTICATED_USER_HEADER_KEY: X-Auth-Email
LOG:
LEVEL: info
DB:
HOST: localhost
USER:
PASSWORD:
NAME:
PORT: 5432
SSLMODE: disable
NOTIFIER:
PROVIDER: slack
ACCESS_TOKEN:
TIMEOUT_IN_SECONDS: 10
MAX_RETRY_COUNT: 3
WORKSPACES:
- WORKSPACE: goto
ACCESS_TOKEN:
CRITERIA: "email contains '@goto'"
JOBS:
REVOKE_GRANTS_BY_USER_CRITERIA:
CONFIG:
IAM:
PROVIDER: http
CONFIG:
URL: http://example.com/users/{user_id}
USER_CRITERIA: '$user.is_active == true'
REASSIGN_OWNERSHIP_TO: '$user.manager_email'
TELEMETRY:
ENABLED: true
SERVICE_NAME: "guardian"
# Example for new relic
EXPORTER: otlp
OTLP:
HEADERS:
api-key: <YOUR-LICENSE-KEY>
ENDPOINT: "otlp.nr-data.net:4317"
AUTH:
PROVIDER: default # can be "default" or "oidc"
DEFAULT:
# AUTHENTICATED_USER_HEADER_KEY takes priority for backward-compatibility
HEADER_KEY: X-Auth-Email
OIDC:
AUDIENCE: "some-kind-of-audience.com"
ELIGIBLE_EMAIL_DOMAINS: "emaildomain1.com,emaildomain2.com"