This commit is contained in:
@@ -6,7 +6,7 @@ schemaVersion: 1
|
||||
|
||||
issuer: "https://authority.localtest.me"
|
||||
|
||||
accessTokenLifetime: "00:15:00"
|
||||
accessTokenLifetime: "00:02:00"
|
||||
refreshTokenLifetime: "30.00:00:00"
|
||||
identityTokenLifetime: "00:05:00"
|
||||
authorizationCodeLifetime: "00:05:00"
|
||||
@@ -61,6 +61,17 @@ clients:
|
||||
type: "client_secret"
|
||||
secretFile: "../secrets/policy-engine.secret"
|
||||
|
||||
- clientId: "policy-cli"
|
||||
displayName: "Policy Automation CLI"
|
||||
grantTypes: [ "client_credentials" ]
|
||||
audiences: [ "api://policy-engine" ]
|
||||
scopes: [ "policy:read", "policy:author", "policy:review", "policy:simulate", "findings:read" ]
|
||||
tenant: "tenant-default"
|
||||
senderConstraint: "dpop"
|
||||
auth:
|
||||
type: "client_secret"
|
||||
secretFile: "../secrets/policy-cli.secret"
|
||||
|
||||
- clientId: "cartographer-service"
|
||||
displayName: "Cartographer Service"
|
||||
grantTypes: [ "client_credentials" ]
|
||||
@@ -84,6 +95,26 @@ clients:
|
||||
auth:
|
||||
type: "client_secret"
|
||||
secretFile: "../secrets/graph-api.secret"
|
||||
- clientId: "export-center-operator"
|
||||
displayName: "Export Center Operator"
|
||||
grantTypes: [ "client_credentials" ]
|
||||
audiences: [ "api://export-center" ]
|
||||
scopes: [ "export.viewer", "export.operator" ]
|
||||
tenant: "tenant-default"
|
||||
senderConstraint: "dpop"
|
||||
auth:
|
||||
type: "client_secret"
|
||||
secretFile: "../secrets/export-center-operator.secret"
|
||||
- clientId: "export-center-admin"
|
||||
displayName: "Export Center Admin"
|
||||
grantTypes: [ "client_credentials" ]
|
||||
audiences: [ "api://export-center" ]
|
||||
scopes: [ "export.viewer", "export.operator", "export.admin" ]
|
||||
tenant: "tenant-default"
|
||||
senderConstraint: "dpop"
|
||||
auth:
|
||||
type: "client_secret"
|
||||
secretFile: "../secrets/export-center-admin.secret"
|
||||
|
||||
- clientId: "concelier-ingest"
|
||||
displayName: "Concelier Ingestion"
|
||||
@@ -118,6 +149,30 @@ clients:
|
||||
type: "client_secret"
|
||||
secretFile: "../secrets/graph-api-cli.secret"
|
||||
|
||||
tenants:
|
||||
- name: "tenant-default"
|
||||
roles:
|
||||
orch-viewer:
|
||||
scopes: [ "orch:read" ]
|
||||
orch-operator:
|
||||
scopes: [ "orch:read", "orch:operate" ]
|
||||
export-viewer:
|
||||
scopes: [ "export.viewer" ]
|
||||
export-operator:
|
||||
scopes: [ "export.viewer", "export.operator" ]
|
||||
export-admin:
|
||||
scopes: [ "export.viewer", "export.operator", "export.admin" ]
|
||||
policy-author:
|
||||
scopes: [ "policy:author", "policy:read", "policy:simulate", "findings:read" ]
|
||||
policy-reviewer:
|
||||
scopes: [ "policy:review", "policy:read", "policy:simulate", "findings:read" ]
|
||||
policy-approver:
|
||||
scopes: [ "policy:approve", "policy:review", "policy:read", "policy:simulate", "findings:read" ]
|
||||
policy-operator:
|
||||
scopes: [ "policy:operate", "policy:run", "policy:activate", "policy:read", "policy:simulate", "findings:read" ]
|
||||
policy-auditor:
|
||||
scopes: [ "policy:audit", "policy:read", "policy:simulate", "findings:read" ]
|
||||
|
||||
security:
|
||||
rateLimiting:
|
||||
token:
|
||||
|
||||
Reference in New Issue
Block a user