forked from taskcluster/taskcluster
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.yml
140 lines (118 loc) · 4.96 KB
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
defaults:
taskcluster:
rootUrl: !env TASKCLUSTER_ROOT_URL
app:
# Name of component in statistics
statsComponent: auth
# Static clients, these clients are built-in from start, and can't be
# modified or deleted at runtime. Useful for granting clientIds to other
# services and boostrapping with a root client.
# Each entry must have: clientId, accessToken, description, scopes
# where clientId MUST start with 'static/', by convention these namespaced:
# static/<project>/<name>
staticClients: !env:json STATIC_CLIENTS
# Accounts that auth can delegate access to, as JSON
azureAccounts: !env:json AZURE_ACCOUNTS
# Maximum before updating lastUsed, MUST be negative
# A sane value is something like 6 hours as all nodes will race to update
# this value, and it's really only a best effort service.
maxLastUsedDelay: '- 6 hours'
# Sentry configuration
# The authToken _must_ have at least project:{read,write,admin} and org:read
sentry:
organization: !env:optional SENTRY_ORGANIZATION
hostname: !env:optional SENTRY_HOST
authToken: !env:optional SENTRY_AUTH_TOKEN
initialTeam: !env:optional SENTRY_TEAM
keyPrefix: !env:optional SENTRY_KEY_PREFIX
# Delay before expiring sentry keys, this should be negative!
sentryExpirationDelay: '- 15 minutes'
# Similarly, delay before deleting expired clients
clientExpirationDelay: '-1 hour'
websocktunnel:
secret: !env:optional WEBSOCKTUNNEL_SECRET
# Overrides of s3 buckets for redeployability
# Leave unset if running inside Heroku
buckets:
docs: !env:optional DOCS_BUCKET
schemas: !env:optional SCHEMAS_BUCKET
references: !env:optional REFS_BUCKET
# Name of a kinesis firehose stream to write audit logs to
auditLog: !env:optional AUDIT_LOG
monitoring:
level: !env:optional LEVEL
errorConfig: !env:json:optional ERROR_CONFIG
server:
# Port to listen for requests on
port: !env:number PORT
# Environment 'development' or 'production'
env: !env NODE_ENV
development: false
# Force SSL, not useful when runnning locally
forceSSL: !env:bool FORCE_SSL
# Trust a forwarding proxy
trustProxy: !env:bool TRUST_PROXY
azure:
# deprecated way of specifying an encryption key
cryptoKey: !env:optional AZURE_CRYPTO_KEY
postgres:
readDbUrl: !env READ_DB_URL
writeDbUrl: !env WRITE_DB_URL
dbCryptoKeys: !env:json:optional DB_CRYPTO_KEYS
pulse:
username: !env PULSE_USERNAME
password: !env PULSE_PASSWORD
hostname: !env PULSE_HOSTNAME
vhost: !env PULSE_VHOST
awsCredentials:
# Configuration for the AWS credentials used for the awsS3Credentials. The
# method looks up the credentials by bucket name. Each array element has
# the form
# - accessKeyId: ..
# secretAccessKey: ..
# buckets: [bucket1, bucket2, ..]
allowedBuckets: !env:json:optional AWS_CREDENTIALS_ALLOWED_BUCKETS
# Configuration for the GCP serviceAccounts to which the `gcpCredentials`
# endpoint can grant access.
gcpCredentials:
# This has the form {
# "projectName": {
# # credentials for a serviceAccount in this project that has
# # roles/iam.serviceAccountTokenCreator.
# "credentials": {
# "type": ..,
# "project_id": ..,
# ..
# },
# # allowed service accounts in this project
# "allowedServiceAccounts": ["accountName1", ..]
# }, ..
# }
# If omitted, it defaults to {}
allowedProjects: !env:json:optional GCP_CREDENTIALS_ALLOWED_PROJECTS
# new relic config (processed in services/prelude.js)
newRelic: !env:json:optional NEW_RELIC
test:
app:
statsComponent: auth-tests
staticClients: # overridden in helper.js
# Special value for tests, as we don't want to wait forever
maxLastUsedDelay: '- 3 seconds'
sentry:
organization: operations
hostname: sentry.prod.mozaws.net
authToken: whatever
initialTeam: taskcluster
keyPrefix: auth-test
websocktunnel:
secret: 'test-secret'
azure:
cryptoKey: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
server:
forceSSL: false
port: 60552
env: development
development: true
trustProxy: true
taskcluster:
rootUrl: "https://tc.example.com"