-
Notifications
You must be signed in to change notification settings - Fork 8
/
argus.yaml
171 lines (151 loc) · 5.49 KB
/
argus.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
prometheus:
defaultNamespace: xmidt
defaultSubsystem: argus
constLabels:
development: "true"
log:
file: stdout
level: DEBUG
health:
disableLogging: false
custom:
server: development
servers:
primary:
address: :6600
disableHTTPKeepAlives: true
header:
X-Midt-Server:
- argus
X-Midt-Version:
- development
metrics:
address: :6601
disableHTTPKeepAlives: true
header:
X-Midt-Server:
- argus
X-Midt-Version:
- development
health:
address: :6602
disableHTTPKeepAlives: true
header:
X-Midt-Server:
- argus
X-Midt-Version:
- development
#yugabyte:
# # hosts is and array of address and port used to connect to the cluster.
# hosts:
# - "localhost:9042"
# # database is the name of the database being connected to.
# database: "argus"
# # opTimeout is the timeout for database calls after argus is connected.
# # If the opTimeout is set to 0, it defaults to 10s.
# # (Optional) defaults to 10s
# opTimeout: 100ms
# # username is the username to use when connecting to the database.
# # (Optional)
# username: "cassandra"
#
# # password is the password to use when connecting to the database.
# # (Optional)
# password: "cassandra"
#
# # SSLRootCert is the root cert to use when connecting to the database.
# # The SSLKey and SSLCert must also be provided in order to connect securely.
# # (Optional)
# #sslRootCert: "/etc/argus/ca.crt"
#
# # SSLKey is the SSL key to use when connecting to the database. The
# # SSLRootCert and SSLCert must also be provided in order to connect securely.
# # (Optional)
# #sslKey: "/etc/argus/node.0.0.0.0.key"
#
# # SSLCert is the SSL cert to use when connecting to the database. The SSLKey
# # and SSLRootCert must also be provided in order to connect securely.
# # (Optional)
# #sslCert: "/etc/argus/node.0.0.0.0.crt"
#
# # If you want to verify the hostname and server cert (like a wildcard for cass cluster) then you should turn this on
# # This option is basically the inverse of InSecureSkipVerify
# # See InSecureSkipVerify in http://golang.org/pkg/crypto/tls/ for more info
# # (Optional) defaults to false
# #enableHostVerification: false
# dyanmo is the configuration block to communicate with dynamoDB.
dynamo:
# endpoint is used to set a custom aws endpoint.
# (Optional)
endpoint: "http://localhost:8000"
# table is the name of the table that is already configured with bucket and id as the key.
table: "gifnoc"
# region is where request should go to.
region: "us-east-2"
# maxRetires is the maximum times the application will retry the request to the db.
# (Optional) default: 3
maxRetries: 3
# accessKey is the AWS accessKey to access dynamodb.
accessKey: "accessKey"
# secretKey is the AWS secretKey to go with the accessKey to access dynamodb.
secretKey: "secretKey"
# itemTTL configures the default time based ttls for each item.
itemTTL:
# maxTTL is limit the maxTTL provided via the api.
# refer to https://golang.org/pkg/time/#ParseDuration for valid strings.
# (Optional) default: 1y
maxTTL: "1d"
##############################################################################
# Authorization Credentials
##############################################################################
# authHeader is a list of Basic Auth credentials intended to be used for local testing purposes
# WARNING! Be sure to remove this from your production config
authHeader: ["dXNlcjpwYXNz"]
# request is a config section related to operation authorization
# and request validation.
request:
authorization:
# adminToken serves as a master key which allows performing operations on any
# item regardless of their ownership status.
adminToken: "Hzu1WpIe7S8G"
validation:
# maxTTL specifies the cap for the TTL of items when values are specified.
maxTTL: "24h"
# jwtValidator provides Bearer auth configuration
jwtValidator:
keys:
factory:
uri: "http://sample-jwt-validator-uri/{keyId}"
purpose: 0
updateInterval: 604800000000000
# capabilityCheck provides the details needed for checking an incoming JWT's
# capabilities. If the type of check isn't provided, no checking is done. The
# type can be "monitor" or "enforce". If it is empty or a different value, no
# checking is done. If "monitor" is provided, the capabilities are checked but
# the request isn't rejected when there isn't a valid capability for the
# request. Instead, a message is logged. When "enforce" is provided, a request
# that doesn't have the needed capability is rejected.
#
# The capability is expected to have the format:
#
# {prefix}{endpoint}:{method}
#
# The prefix can be a regular expression. If it's empty, no capability check
# is done. The endpoint is a regular expression that should match the endpoint
# the request was sent to. The method is usually the method of the request, such as
# GET. The accept all method is a catchall string that indicates the capability
# is approved for all methods.
# (Optional)
#capabilityCheck:
# # type provides the mode for capability checking.
# type: "monitor"
# # prefix provides the regex to match the capability before the endpoint.
# prefix: "xmidt"
# # acceptAllMethod provides a way to have a capability that allows all
# # methods for a specific endpoint.
# acceptAllMethod: "all"
# # endpointBuckets provides regular expressions to use against the request
# # endpoint in order to group requests for a metric label.
# endpointBuckets:
# - "store\\b"
# - "store/.*\\b"