docs consolidation work
This commit is contained in:
StellaOps Bot
@@ -13,17 +13,17 @@ authorizationCodeLifetime: "00:05:00"
|
||||
deviceCodeLifetime: "00:15:00"
|
||||
|
||||
storage:
|
||||
connectionString: "mongodb://stellaops:stellaops@mongo:27017/stellaops_authority"
|
||||
databaseName: "stellaops_authority"
|
||||
driver: "postgres"
|
||||
connectionString: "Host=postgres;Port=5432;Database=stellaops_platform;Username=stellaops;Password=stellaops"
|
||||
commandTimeout: "00:00:30"
|
||||
|
||||
signing:
|
||||
enabled: true
|
||||
activeKeyId: "authority-signing-dev"
|
||||
keyPath: "../certificates/authority-signing-dev.pem"
|
||||
algorithm: "ES256"
|
||||
keySource: "file"
|
||||
jwksCacheLifetime: "00:05:00"
|
||||
signing:
|
||||
enabled: true
|
||||
activeKeyId: "authority-signing-dev"
|
||||
keyPath: "../certificates/authority-signing-dev.pem"
|
||||
algorithm: "ES256"
|
||||
keySource: "file"
|
||||
jwksCacheLifetime: "00:05:00"
|
||||
|
||||
bootstrap:
|
||||
enabled: false
|
||||
@@ -152,15 +152,15 @@ clients:
|
||||
|
||||
tenants:
|
||||
- name: "tenant-default"
|
||||
roles:
|
||||
orch-viewer:
|
||||
scopes: [ "orch:read" ]
|
||||
orch-operator:
|
||||
scopes: [ "orch:read", "orch:operate" ]
|
||||
orch-admin:
|
||||
scopes: [ "orch:read", "orch:operate", "orch:quota", "orch:backfill" ]
|
||||
export-viewer:
|
||||
scopes: [ "export.viewer" ]
|
||||
roles:
|
||||
orch-viewer:
|
||||
scopes: [ "orch:read" ]
|
||||
orch-operator:
|
||||
scopes: [ "orch:read", "orch:operate" ]
|
||||
orch-admin:
|
||||
scopes: [ "orch:read", "orch:operate", "orch:quota", "orch:backfill" ]
|
||||
export-viewer:
|
||||
scopes: [ "export.viewer" ]
|
||||
export-operator:
|
||||
scopes: [ "export.viewer", "export.operator" ]
|
||||
export-admin:
|
||||
@@ -171,34 +171,34 @@ tenants:
|
||||
scopes: [ "policy:review", "policy:read", "policy:simulate", "findings:read" ]
|
||||
policy-approver:
|
||||
scopes: [ "policy:approve", "policy:review", "policy:read", "policy:simulate", "findings:read" ]
|
||||
policy-operator:
|
||||
scopes: [ "policy:operate", "policy:run", "policy:activate", "policy:read", "policy:simulate", "findings:read" ]
|
||||
policy-auditor:
|
||||
scopes: [ "policy:audit", "policy:read", "policy:simulate", "findings:read" ]
|
||||
pack-viewer:
|
||||
scopes: [ "packs.read" ]
|
||||
pack-operator:
|
||||
scopes: [ "packs.read", "packs.run" ]
|
||||
pack-publisher:
|
||||
scopes: [ "packs.read", "packs.write" ]
|
||||
pack-approver:
|
||||
scopes: [ "packs.read", "packs.approve" ]
|
||||
pack-admin:
|
||||
scopes: [ "packs.read", "packs.write", "packs.run", "packs.approve" ]
|
||||
advisory-ai-viewer:
|
||||
scopes: [ "advisory-ai:view" ]
|
||||
advisory-ai-operator:
|
||||
scopes: [ "advisory-ai:view", "advisory-ai:operate" ]
|
||||
advisory-ai-admin:
|
||||
scopes: [ "advisory-ai:view", "advisory-ai:operate", "advisory-ai:admin" ]
|
||||
observability-viewer:
|
||||
scopes: [ "obs:read", "timeline:read", "evidence:read", "attest:read" ]
|
||||
observability-investigator:
|
||||
scopes: [ "obs:read", "timeline:read", "timeline:write", "evidence:read", "evidence:create", "attest:read" ]
|
||||
observability-legal:
|
||||
scopes: [ "evidence:read", "evidence:hold" ]
|
||||
observability-incident-commander:
|
||||
scopes: [ "obs:read", "obs:incident", "timeline:read", "timeline:write", "evidence:create", "evidence:read", "attest:read" ]
|
||||
policy-operator:
|
||||
scopes: [ "policy:operate", "policy:run", "policy:activate", "policy:read", "policy:simulate", "findings:read" ]
|
||||
policy-auditor:
|
||||
scopes: [ "policy:audit", "policy:read", "policy:simulate", "findings:read" ]
|
||||
pack-viewer:
|
||||
scopes: [ "packs.read" ]
|
||||
pack-operator:
|
||||
scopes: [ "packs.read", "packs.run" ]
|
||||
pack-publisher:
|
||||
scopes: [ "packs.read", "packs.write" ]
|
||||
pack-approver:
|
||||
scopes: [ "packs.read", "packs.approve" ]
|
||||
pack-admin:
|
||||
scopes: [ "packs.read", "packs.write", "packs.run", "packs.approve" ]
|
||||
advisory-ai-viewer:
|
||||
scopes: [ "advisory-ai:view" ]
|
||||
advisory-ai-operator:
|
||||
scopes: [ "advisory-ai:view", "advisory-ai:operate" ]
|
||||
advisory-ai-admin:
|
||||
scopes: [ "advisory-ai:view", "advisory-ai:operate", "advisory-ai:admin" ]
|
||||
observability-viewer:
|
||||
scopes: [ "obs:read", "timeline:read", "evidence:read", "attest:read" ]
|
||||
observability-investigator:
|
||||
scopes: [ "obs:read", "timeline:read", "timeline:write", "evidence:read", "evidence:create", "attest:read" ]
|
||||
observability-legal:
|
||||
scopes: [ "evidence:read", "evidence:hold" ]
|
||||
observability-incident-commander:
|
||||
scopes: [ "obs:read", "obs:incident", "timeline:read", "timeline:write", "evidence:create", "evidence:read", "attest:read" ]
|
||||
|
||||
security:
|
||||
rateLimiting:
|
||||
@@ -217,23 +217,23 @@ security:
|
||||
memorySizeInKib: 19456
|
||||
iterations: 2
|
||||
parallelism: 1
|
||||
senderConstraints:
|
||||
dpop:
|
||||
enabled: true
|
||||
proofLifetime: "00:05:00"
|
||||
allowedClockSkew: "00:00:10"
|
||||
replayWindow: "00:10:00"
|
||||
nonce:
|
||||
enabled: false
|
||||
mtls:
|
||||
enabled: false
|
||||
|
||||
advisoryAi:
|
||||
remoteInference:
|
||||
enabled: false
|
||||
requireTenantConsent: true
|
||||
allowedProfiles: []
|
||||
|
||||
bypassNetworks:
|
||||
- "127.0.0.1/32"
|
||||
- "::1/128"
|
||||
senderConstraints:
|
||||
dpop:
|
||||
enabled: true
|
||||
proofLifetime: "00:05:00"
|
||||
allowedClockSkew: "00:00:10"
|
||||
replayWindow: "00:10:00"
|
||||
nonce:
|
||||
enabled: false
|
||||
mtls:
|
||||
enabled: false
|
||||
|
||||
advisoryAi:
|
||||
remoteInference:
|
||||
enabled: false
|
||||
requireTenantConsent: true
|
||||
allowedProfiles: []
|
||||
|
||||
bypassNetworks:
|
||||
- "127.0.0.1/32"
|
||||
- "::1/128"
|
||||
|
||||
Reference in New Issue
Block a user