up
Some checks failed
Build Test Deploy / build-test (push) Has been cancelled
Build Test Deploy / authority-container (push) Has been cancelled
Build Test Deploy / docs (push) Has been cancelled
Build Test Deploy / deploy (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Build Test Deploy / build-test (push) Has been cancelled
Build Test Deploy / authority-container (push) Has been cancelled
Build Test Deploy / docs (push) Has been cancelled
Build Test Deploy / deploy (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
This commit is contained in:
root
71
etc/authority.yaml.sample
Normal file
71
etc/authority.yaml.sample
Normal file
@@ -0,0 +1,71 @@
|
||||
# StellaOps Authority configuration template.
|
||||
# Copy to ../etc/authority.yaml (relative to the Authority content root)
|
||||
# and adjust values to fit your environment. Environment variables
|
||||
# prefixed with STELLAOPS_AUTHORITY_ override these values at runtime.
|
||||
# Example: STELLAOPS_AUTHORITY__ISSUER=https://authority.example.com
|
||||
|
||||
schemaVersion: 1
|
||||
|
||||
# Absolute issuer URI advertised to clients. Use HTTPS for anything
|
||||
# beyond loopback development.
|
||||
issuer: "https://authority.stella-ops.local"
|
||||
|
||||
# Token lifetimes expressed as HH:MM:SS or DD.HH:MM:SS.
|
||||
accessTokenLifetime: "00:15:00"
|
||||
refreshTokenLifetime: "30.00:00:00"
|
||||
identityTokenLifetime: "00:05:00"
|
||||
authorizationCodeLifetime: "00:05:00"
|
||||
deviceCodeLifetime: "00:15:00"
|
||||
|
||||
# MongoDB storage connection details.
|
||||
storage:
|
||||
connectionString: "mongodb://localhost:27017/stellaops-authority"
|
||||
# databaseName: "stellaops_authority"
|
||||
commandTimeout: "00:00:30"
|
||||
|
||||
# Bootstrap administrative endpoints (initial provisioning).
|
||||
bootstrap:
|
||||
enabled: false
|
||||
apiKey: "change-me"
|
||||
defaultIdentityProvider: "standard"
|
||||
|
||||
# Directories scanned for Authority plug-ins. Relative paths resolve
|
||||
# against the application content root, enabling air-gapped deployments
|
||||
# that package plug-ins alongside binaries.
|
||||
pluginDirectories:
|
||||
- "../PluginBinaries/Authority"
|
||||
# "/var/lib/stellaops/authority/plugins"
|
||||
|
||||
# Plug-in manifests live in descriptors below; per-plugin settings are stored
|
||||
# in the configurationDirectory (YAML files). Authority will load any enabled
|
||||
# plugins and surface their metadata/capabilities to the host.
|
||||
plugins:
|
||||
configurationDirectory: "../etc/authority.plugins"
|
||||
descriptors:
|
||||
standard:
|
||||
type: "standard"
|
||||
assemblyName: "StellaOps.Authority.Plugin.Standard"
|
||||
enabled: true
|
||||
configFile: "standard.yaml"
|
||||
capabilities:
|
||||
- password
|
||||
- bootstrap
|
||||
- clientProvisioning
|
||||
metadata:
|
||||
defaultRole: "operators"
|
||||
# Example for an external identity provider plugin. Leave disabled unless
|
||||
# the plug-in package exists under PluginBinaries/Authority.
|
||||
ldap:
|
||||
type: "ldap"
|
||||
assemblyName: "StellaOps.Authority.Plugin.Ldap"
|
||||
enabled: false
|
||||
configFile: "ldap.yaml"
|
||||
capabilities:
|
||||
- password
|
||||
- mfa
|
||||
|
||||
# CIDR ranges that bypass network-sensitive policies (e.g. on-host cron jobs).
|
||||
# Keep the list tight: localhost is sufficient for most air-gapped installs.
|
||||
bypassNetworks:
|
||||
- "127.0.0.1/32"
|
||||
- "::1/128"
|
||||
Reference in New Issue
Block a user