Restructure solution layout by module
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
This commit is contained in:
root
@@ -1,119 +1,119 @@
|
||||
# Concelier configuration template for StellaOps deployments.
|
||||
# Copy to ../etc/concelier.yaml (relative to the web service content root)
|
||||
# and adjust the values to match your environment. Environment variables
|
||||
# (prefixed with CONCELIER_) override these settings at runtime.
|
||||
|
||||
storage:
|
||||
driver: mongo
|
||||
# Mongo connection string. Use SRV URI or standard connection string.
|
||||
dsn: "mongodb://concelier:concelier@mongo:27017/concelier?authSource=admin"
|
||||
# Optional database name; defaults to the name embedded in the DSN or 'concelier'.
|
||||
database: "concelier"
|
||||
# Mongo command timeout in seconds.
|
||||
commandTimeoutSeconds: 30
|
||||
|
||||
plugins:
|
||||
# Concelier resolves plug-ins relative to the content root; override as needed.
|
||||
baseDirectory: ".."
|
||||
directory: "StellaOps.Concelier.PluginBinaries"
|
||||
searchPatterns:
|
||||
- "StellaOps.Concelier.Plugin.*.dll"
|
||||
|
||||
telemetry:
|
||||
enabled: true
|
||||
enableTracing: false
|
||||
enableMetrics: false
|
||||
enableLogging: true
|
||||
minimumLogLevel: "Information"
|
||||
serviceName: "stellaops-concelier"
|
||||
# Configure OTLP endpoint when shipping traces/metrics/logs out-of-band.
|
||||
otlpEndpoint: ""
|
||||
# Optional headers for OTLP exporters, for example authentication tokens.
|
||||
otlpHeaders: {}
|
||||
# Attach additional resource attributes to telemetry exports.
|
||||
resourceAttributes:
|
||||
deployment.environment: "local"
|
||||
# Emit console exporters for local debugging.
|
||||
exportConsole: true
|
||||
|
||||
authority:
|
||||
enabled: false
|
||||
# Temporary rollout flag. When true, Concelier logs anonymous access but does not fail requests
|
||||
# without tokens. Set to false before 2025-12-31 UTC to enforce authentication fully.
|
||||
allowAnonymousFallback: true
|
||||
# Issuer advertised by StellaOps Authority (e.g. https://authority.stella-ops.local).
|
||||
issuer: "https://authority.stella-ops.local"
|
||||
# Optional explicit metadata address; defaults to {issuer}/.well-known/openid-configuration.
|
||||
metadataAddress: ""
|
||||
requireHttpsMetadata: true
|
||||
backchannelTimeoutSeconds: 30
|
||||
tokenClockSkewSeconds: 60
|
||||
audiences:
|
||||
- "api://concelier"
|
||||
requiredScopes:
|
||||
- "concelier.jobs.trigger"
|
||||
- "advisory:read"
|
||||
- "advisory:ingest"
|
||||
requiredTenants:
|
||||
- "tenant-default"
|
||||
# Outbound credentials Concelier can use to call Authority (client credentials flow).
|
||||
clientId: "concelier-jobs"
|
||||
# Prefer storing the secret outside of the config file. Provide either clientSecret or clientSecretFile.
|
||||
clientSecret: ""
|
||||
clientSecretFile: ""
|
||||
clientScopes:
|
||||
- "concelier.jobs.trigger"
|
||||
- "advisory:read"
|
||||
- "advisory:ingest"
|
||||
resilience:
|
||||
# Enable deterministic retry/backoff when Authority is briefly unavailable.
|
||||
enableRetries: true
|
||||
retryDelays:
|
||||
- "00:00:01"
|
||||
- "00:00:02"
|
||||
- "00:00:05"
|
||||
# Allow stale discovery/JWKS responses when Authority is offline (extend tolerance as needed for air-gapped mirrors).
|
||||
allowOfflineCacheFallback: true
|
||||
offlineCacheTolerance: "00:10:00"
|
||||
# Networks allowed to bypass authentication (loopback by default for on-host cron jobs).
|
||||
bypassNetworks:
|
||||
- "127.0.0.1/32"
|
||||
- "::1/128"
|
||||
|
||||
mirror:
|
||||
enabled: false
|
||||
# Directory containing JSON exporter outputs (absolute or relative to content root).
|
||||
exportRoot: "exports/json"
|
||||
# Optional explicit export identifier; defaults to `latest` symlink or most recent export.
|
||||
activeExportId: ""
|
||||
latestDirectoryName: "latest"
|
||||
mirrorDirectoryName: "mirror"
|
||||
requireAuthentication: false
|
||||
maxIndexRequestsPerHour: 600
|
||||
domains:
|
||||
- id: "primary"
|
||||
displayName: "Primary Mirror"
|
||||
requireAuthentication: false
|
||||
maxDownloadRequestsPerHour: 1200
|
||||
|
||||
sources:
|
||||
ghsa:
|
||||
apiToken: "${GITHUB_PAT}"
|
||||
pageSize: 50
|
||||
maxPagesPerFetch: 5
|
||||
requestDelay: "00:00:00.200"
|
||||
failureBackoff: "00:05:00"
|
||||
rateLimitWarningThreshold: 500
|
||||
secondaryRateLimitBackoff: "00:02:00"
|
||||
cve:
|
||||
baseEndpoint: "https://cveawg.mitre.org/api/"
|
||||
apiOrg: ""
|
||||
apiUser: ""
|
||||
apiKey: ""
|
||||
# Optional mirror used when credentials are unavailable.
|
||||
seedDirectory: "./seed-data/cve"
|
||||
pageSize: 200
|
||||
maxPagesPerFetch: 5
|
||||
initialBackfill: "30.00:00:00"
|
||||
requestDelay: "00:00:00.250"
|
||||
failureBackoff: "00:10:00"
|
||||
# Concelier configuration template for StellaOps deployments.
|
||||
# Copy to ../etc/concelier.yaml (relative to the web service content root)
|
||||
# and adjust the values to match your environment. Environment variables
|
||||
# (prefixed with CONCELIER_) override these settings at runtime.
|
||||
|
||||
storage:
|
||||
driver: mongo
|
||||
# Mongo connection string. Use SRV URI or standard connection string.
|
||||
dsn: "mongodb://concelier:concelier@mongo:27017/concelier?authSource=admin"
|
||||
# Optional database name; defaults to the name embedded in the DSN or 'concelier'.
|
||||
database: "concelier"
|
||||
# Mongo command timeout in seconds.
|
||||
commandTimeoutSeconds: 30
|
||||
|
||||
plugins:
|
||||
# Concelier resolves plug-ins relative to the content root; override as needed.
|
||||
baseDirectory: ".."
|
||||
directory: "StellaOps.Concelier.PluginBinaries"
|
||||
searchPatterns:
|
||||
- "StellaOps.Concelier.Plugin.*.dll"
|
||||
|
||||
telemetry:
|
||||
enabled: true
|
||||
enableTracing: false
|
||||
enableMetrics: false
|
||||
enableLogging: true
|
||||
minimumLogLevel: "Information"
|
||||
serviceName: "stellaops-concelier"
|
||||
# Configure OTLP endpoint when shipping traces/metrics/logs out-of-band.
|
||||
otlpEndpoint: ""
|
||||
# Optional headers for OTLP exporters, for example authentication tokens.
|
||||
otlpHeaders: {}
|
||||
# Attach additional resource attributes to telemetry exports.
|
||||
resourceAttributes:
|
||||
deployment.environment: "local"
|
||||
# Emit console exporters for local debugging.
|
||||
exportConsole: true
|
||||
|
||||
authority:
|
||||
enabled: false
|
||||
# Temporary rollout flag. When true, Concelier logs anonymous access but does not fail requests
|
||||
# without tokens. Set to false before 2025-12-31 UTC to enforce authentication fully.
|
||||
allowAnonymousFallback: true
|
||||
# Issuer advertised by StellaOps Authority (e.g. https://authority.stella-ops.local).
|
||||
issuer: "https://authority.stella-ops.local"
|
||||
# Optional explicit metadata address; defaults to {issuer}/.well-known/openid-configuration.
|
||||
metadataAddress: ""
|
||||
requireHttpsMetadata: true
|
||||
backchannelTimeoutSeconds: 30
|
||||
tokenClockSkewSeconds: 60
|
||||
audiences:
|
||||
- "api://concelier"
|
||||
requiredScopes:
|
||||
- "concelier.jobs.trigger"
|
||||
- "advisory:read"
|
||||
- "advisory:ingest"
|
||||
requiredTenants:
|
||||
- "tenant-default"
|
||||
# Outbound credentials Concelier can use to call Authority (client credentials flow).
|
||||
clientId: "concelier-jobs"
|
||||
# Prefer storing the secret outside of the config file. Provide either clientSecret or clientSecretFile.
|
||||
clientSecret: ""
|
||||
clientSecretFile: ""
|
||||
clientScopes:
|
||||
- "concelier.jobs.trigger"
|
||||
- "advisory:read"
|
||||
- "advisory:ingest"
|
||||
resilience:
|
||||
# Enable deterministic retry/backoff when Authority is briefly unavailable.
|
||||
enableRetries: true
|
||||
retryDelays:
|
||||
- "00:00:01"
|
||||
- "00:00:02"
|
||||
- "00:00:05"
|
||||
# Allow stale discovery/JWKS responses when Authority is offline (extend tolerance as needed for air-gapped mirrors).
|
||||
allowOfflineCacheFallback: true
|
||||
offlineCacheTolerance: "00:10:00"
|
||||
# Networks allowed to bypass authentication (loopback by default for on-host cron jobs).
|
||||
bypassNetworks:
|
||||
- "127.0.0.1/32"
|
||||
- "::1/128"
|
||||
|
||||
mirror:
|
||||
enabled: false
|
||||
# Directory containing JSON exporter outputs (absolute or relative to content root).
|
||||
exportRoot: "exports/json"
|
||||
# Optional explicit export identifier; defaults to `latest` symlink or most recent export.
|
||||
activeExportId: ""
|
||||
latestDirectoryName: "latest"
|
||||
mirrorDirectoryName: "mirror"
|
||||
requireAuthentication: false
|
||||
maxIndexRequestsPerHour: 600
|
||||
domains:
|
||||
- id: "primary"
|
||||
displayName: "Primary Mirror"
|
||||
requireAuthentication: false
|
||||
maxDownloadRequestsPerHour: 1200
|
||||
|
||||
sources:
|
||||
ghsa:
|
||||
apiToken: "${GITHUB_PAT}"
|
||||
pageSize: 50
|
||||
maxPagesPerFetch: 5
|
||||
requestDelay: "00:00:00.200"
|
||||
failureBackoff: "00:05:00"
|
||||
rateLimitWarningThreshold: 500
|
||||
secondaryRateLimitBackoff: "00:02:00"
|
||||
cve:
|
||||
baseEndpoint: "https://cveawg.mitre.org/api/"
|
||||
apiOrg: ""
|
||||
apiUser: ""
|
||||
apiKey: ""
|
||||
# Optional mirror used when credentials are unavailable.
|
||||
seedDirectory: "./seed-data/cve"
|
||||
pageSize: 200
|
||||
maxPagesPerFetch: 5
|
||||
initialBackfill: "30.00:00:00"
|
||||
requestDelay: "00:00:00.250"
|
||||
failureBackoff: "00:10:00"
|
||||
|
||||
Reference in New Issue
Block a user