-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.proto
183 lines (155 loc) · 6.31 KB
/
config.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
syntax = "proto3";
package ai.traceable.agent.config.v1;
import "google/protobuf/wrappers.proto";
option go_package = "github.com/Traceableai/agent-config/gen/go/v1";
message AgentConfig {
Opa opa = 1 [deprecated = true];
BlockingConfig blocking_config = 2;
google.protobuf.BoolValue debug_log = 3 [deprecated = true];
RemoteConfig remote_config = 4;
ApiDiscoveryConfig api_discovery = 5 [deprecated = true];
SamplingConfig sampling = 6;
// javaagent has the configs specific to javaagent
Javaagent javaagent = 7;
LogConfig logging = 8;
MetricsConfig metrics_config = 9;
// represents the environment name of agent
google.protobuf.StringValue environment = 10;
}
// Opa covers the options related to the mechanics for getting Open Policy Agent configuration file.
// The client should use secure and token option from reporting settings.
message Opa {
// when `true` Open Policy Agent evaluation is enabled to block request
google.protobuf.BoolValue enabled = 1;
// endpoint represents the endpoint for polling OPA config file e.g. http://opa.traceableai:8181/
google.protobuf.StringValue endpoint = 2;
// poll period in seconds to query OPA service
google.protobuf.Int32Value poll_period_seconds = 3;
// Certificate filename containing the CA to verify the server's certificate.
// If this is non-empty, you shoulds `https` for the protocol in `endpoint` above.
google.protobuf.StringValue cert_file = 4;
// set this flag to use https connection when the provided certificate path is empty
google.protobuf.BoolValue use_secure_connection = 5;
}
// Blocking config
message BlockingConfig {
google.protobuf.BoolValue enabled = 1;
// debug_log has moved to top level
google.protobuf.BoolValue debug_log = 2 [deprecated = true];
ModsecurityConfig modsecurity = 3;
google.protobuf.BoolValue evaluate_body = 4;
RegionBlockingConfig region_blocking = 5;
// remote_config has moved to top level
RemoteConfig remote_config = 6 [deprecated = true];
// when `true`, blocking evaluation will be skipped for internal requests i.e. requests coming
// from private IPs
google.protobuf.BoolValue skip_internal_request = 7;
// Allows user to set a custom blocking status code value
google.protobuf.Int32Value response_status_code = 8;
// setting a maximum allowed depth for recursion while parsing combination policies
google.protobuf.Int32Value max_recursion_depth = 9;
// Allows user to set a custom blocking message
google.protobuf.StringValue response_message = 10;
}
message ModsecurityConfig {
google.protobuf.BoolValue enabled = 1;
}
message RegionBlockingConfig {
google.protobuf.BoolValue enabled = 1;
}
// RemoteConfig defines the remote endpoint where the config is fetched from
message RemoteConfig {
// enabled denotes if config needs to be fetched from remote or not
google.protobuf.BoolValue enabled = 1;
// endpoint denotes the agentmanager endpoint to connect to for config. eg: localhost:5441
google.protobuf.StringValue endpoint = 2;
// poll period in seconds to query for config updates
google.protobuf.Int32Value poll_period_seconds = 3;
// Certificate filename containing the CA to verify the server's certificate.
google.protobuf.StringValue cert_file = 4;
google.protobuf.Int32Value grpc_max_call_recv_msg_size = 5;
// set this flag to use https connection when the provided certificate path is empty
google.protobuf.BoolValue use_secure_connection = 6;
}
message ApiDiscoveryConfig {
google.protobuf.BoolValue enabled = 1;
}
message SamplingConfig {
google.protobuf.BoolValue enabled = 1;
RateLimitConfig default_rate_limit_config = 2;
}
message Javaagent {
// set this flag to export certificates configured in JKS to libtraceable for making HTTPS connection to TPA.
google.protobuf.BoolValue import_jks_certs = 1;
}
enum LogMode {
LOG_MODE_UNSPECIFIED = 0;
LOG_MODE_NONE = 1;
LOG_MODE_STDOUT = 2;
LOG_MODE_FILE = 3;
}
enum LogLevel {
LOG_LEVEL_UNSPECIFIED = 0;
LOG_LEVEL_TRACE = 1;
LOG_LEVEL_DEBUG = 2;
LOG_LEVEL_INFO = 3;
LOG_LEVEL_WARN = 4;
LOG_LEVEL_ERROR = 5;
LOG_LEVEL_CRITICAL = 6;
}
message LogConfig {
LogMode log_mode = 1;
LogLevel log_level = 2;
// if mode is LOG_MODE_FILE, provide this additional configuration
LogFileConfig log_file = 3;
}
message LogFileConfig {
// maximum number of log files to keep
google.protobuf.Int32Value max_files = 1;
// maximum file size of the log files. Default value is 10485760 (10MB).
google.protobuf.Int32Value max_file_size = 2;
// file path for the log file. Default value is /var/traceable/log/libtraceable.log
google.protobuf.StringValue file_path = 3;
}
message MetricsLogConfig {
// set this flag to print metrics in logs
google.protobuf.BoolValue enabled = 1;
// set the frequency at which metrics should be printed. Examples are '1s', '2m', '3h'. Default value is 30m
google.protobuf.StringValue frequency = 2;
}
message EndpointMetricsConfig {
// set this flag to enable endpoint level metrics
google.protobuf.BoolValue enabled = 1;
// set the max number of endpoints to track
google.protobuf.Int32Value max_endpoints = 2;
// config for printing endpoint metrics in logs
MetricsLogConfig logging = 3;
}
message MetricsConfig {
// set this flag to enable metrics
google.protobuf.BoolValue enabled = 1;
// endpoint level configuration
EndpointMetricsConfig endpoint_config = 2;
// config for printing metrics in logs
MetricsLogConfig logging = 3;
}
enum SpanType {
SPAN_TYPE_UNSPECIFIED = 0;
SPAN_TYPE_NO_SPAN = 1;
SPAN_TYPE_BARE_SPAN = 2;
SPAN_TYPE_FULL_SPAN = 3;
}
message RateLimitConfig {
// set this flag to enable rate limiter
google.protobuf.BoolValue enabled = 1;
// total number of requests to be rate limited in a given time window
google.protobuf.Int64Value max_count_global = 2;
// number of requests per endpoint to be rate limited in a given time window
google.protobuf.Int64Value max_count_per_endpoint = 3;
// set the interval for rate limiter buckets to be reset. Examples are '1s', '2m', '3h'.
google.protobuf.StringValue refresh_period = 4;
// set the interval for rate limiter cache to be reset. Examples are '1s', '2m', '3h'.
google.protobuf.StringValue value_expiration_period = 5;
// set the span type for rate limited spans
SpanType span_type = 6;
}