|
| 1 | += spicedb_watch |
| 2 | +:type: input |
| 3 | +:status: stable |
| 4 | +:categories: ["Services","SpiceDB"] |
| 5 | + |
| 6 | + |
| 7 | + |
| 8 | +//// |
| 9 | + THIS FILE IS AUTOGENERATED! |
| 10 | + |
| 11 | + To make changes, edit the corresponding source file under: |
| 12 | + |
| 13 | + https://github.com/redpanda-data/connect/tree/main/internal/impl/<provider>. |
| 14 | + |
| 15 | + And: |
| 16 | + |
| 17 | + https://github.com/redpanda-data/connect/tree/main/cmd/tools/docs_gen/templates/plugin.adoc.tmpl |
| 18 | +//// |
| 19 | +
|
| 20 | +// © 2024 Redpanda Data Inc. |
| 21 | +
|
| 22 | +
|
| 23 | +component_type_dropdown::[] |
| 24 | +
|
| 25 | +
|
| 26 | +Consume messages from the Watch API from SpiceDB. |
| 27 | +
|
| 28 | +
|
| 29 | +[tabs] |
| 30 | +====== |
| 31 | +Common:: |
| 32 | ++ |
| 33 | +-- |
| 34 | +
|
| 35 | +```yml |
| 36 | +# Common config fields, showing default values |
| 37 | +input: |
| 38 | + label: "" |
| 39 | + spicedb_watch: |
| 40 | + endpoint: grpc.authzed.com:443 # No default (required) |
| 41 | + bearer_token: "" |
| 42 | + cache: "" # No default (required) |
| 43 | +``` |
| 44 | +
|
| 45 | +-- |
| 46 | +Advanced:: |
| 47 | ++ |
| 48 | +-- |
| 49 | +
|
| 50 | +```yml |
| 51 | +# All config fields, showing default values |
| 52 | +input: |
| 53 | + label: "" |
| 54 | + spicedb_watch: |
| 55 | + endpoint: grpc.authzed.com:443 # No default (required) |
| 56 | + bearer_token: "" |
| 57 | + max_receive_message_bytes: 4MB |
| 58 | + cache: "" # No default (required) |
| 59 | + cache_key: authzed.com/spicedb/watch/last_zed_token |
| 60 | + tls: |
| 61 | + enabled: false |
| 62 | + skip_cert_verify: false |
| 63 | + enable_renegotiation: false |
| 64 | + root_cas: "" |
| 65 | + root_cas_file: "" |
| 66 | + client_certs: [] |
| 67 | +``` |
| 68 | +
|
| 69 | +-- |
| 70 | +====== |
| 71 | +
|
| 72 | +The SpiceDB input allows you to consume messages from the Watch API of a SpiceDB instance. |
| 73 | +This input is useful for applications that need to react to changes in the data managed by SpiceDB in real-time. |
| 74 | +
|
| 75 | +== Credentials |
| 76 | +
|
| 77 | +You need to provide the endpoint of your SpiceDB instance and a Bearer token for authentication. |
| 78 | +
|
| 79 | +== Cache |
| 80 | +
|
| 81 | +The zed token of the newest update consumed and acked is stored in a cache in order to start reading from it each time the input is initialised. |
| 82 | +Ideally this cache should be persisted across restarts. |
| 83 | +
|
| 84 | +
|
| 85 | +== Fields |
| 86 | +
|
| 87 | +=== `endpoint` |
| 88 | +
|
| 89 | +The SpiceDB endpoint. |
| 90 | +
|
| 91 | +
|
| 92 | +*Type*: `string` |
| 93 | +
|
| 94 | +
|
| 95 | +```yml |
| 96 | +# Examples |
| 97 | +
|
| 98 | +endpoint: grpc.authzed.com:443 |
| 99 | +``` |
| 100 | +
|
| 101 | +=== `bearer_token` |
| 102 | +
|
| 103 | +The SpiceDB Bearer token used to authenticate against the SpiceDB instance. |
| 104 | +[CAUTION] |
| 105 | +==== |
| 106 | +This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. |
| 107 | +==== |
| 108 | +
|
| 109 | +
|
| 110 | +
|
| 111 | +*Type*: `string` |
| 112 | +
|
| 113 | +*Default*: `""` |
| 114 | +
|
| 115 | +```yml |
| 116 | +# Examples |
| 117 | +
|
| 118 | +bearer_token: t_your_token_here_1234567deadbeef |
| 119 | +``` |
| 120 | +
|
| 121 | +=== `max_receive_message_bytes` |
| 122 | +
|
| 123 | +Maximum message size in bytes the SpiceDB client can receive. |
| 124 | +
|
| 125 | +
|
| 126 | +*Type*: `string` |
| 127 | +
|
| 128 | +*Default*: `"4MB"` |
| 129 | +
|
| 130 | +```yml |
| 131 | +# Examples |
| 132 | +
|
| 133 | +max_receive_message_bytes: 100MB |
| 134 | +
|
| 135 | +max_receive_message_bytes: 50mib |
| 136 | +``` |
| 137 | +
|
| 138 | +=== `cache` |
| 139 | +
|
| 140 | +A cache resource to use for performing unread message backfills, the ID of the last message received will be stored in this cache and used for subsequent requests. |
| 141 | +
|
| 142 | +
|
| 143 | +*Type*: `string` |
| 144 | +
|
| 145 | +
|
| 146 | +=== `cache_key` |
| 147 | +
|
| 148 | +The key identifier used when storing the ID of the last message received. |
| 149 | +
|
| 150 | +
|
| 151 | +*Type*: `string` |
| 152 | +
|
| 153 | +*Default*: `"authzed.com/spicedb/watch/last_zed_token"` |
| 154 | +
|
| 155 | +=== `tls` |
| 156 | +
|
| 157 | +Custom TLS settings can be used to override system defaults. |
| 158 | +
|
| 159 | +
|
| 160 | +*Type*: `object` |
| 161 | +
|
| 162 | +
|
| 163 | +=== `tls.enabled` |
| 164 | +
|
| 165 | +Whether custom TLS settings are enabled. |
| 166 | +
|
| 167 | +
|
| 168 | +*Type*: `bool` |
| 169 | +
|
| 170 | +*Default*: `false` |
| 171 | +
|
| 172 | +=== `tls.skip_cert_verify` |
| 173 | +
|
| 174 | +Whether to skip server side certificate verification. |
| 175 | +
|
| 176 | +
|
| 177 | +*Type*: `bool` |
| 178 | +
|
| 179 | +*Default*: `false` |
| 180 | +
|
| 181 | +=== `tls.enable_renegotiation` |
| 182 | +
|
| 183 | +Whether to allow the remote server to repeatedly request renegotiation. Enable this option if you're seeing the error message `local error: tls: no renegotiation`. |
| 184 | +
|
| 185 | +
|
| 186 | +*Type*: `bool` |
| 187 | +
|
| 188 | +*Default*: `false` |
| 189 | +Requires version 3.45.0 or newer |
| 190 | +
|
| 191 | +=== `tls.root_cas` |
| 192 | +
|
| 193 | +An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. |
| 194 | +[CAUTION] |
| 195 | +==== |
| 196 | +This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. |
| 197 | +==== |
| 198 | +
|
| 199 | +
|
| 200 | +
|
| 201 | +*Type*: `string` |
| 202 | +
|
| 203 | +*Default*: `""` |
| 204 | +
|
| 205 | +```yml |
| 206 | +# Examples |
| 207 | +
|
| 208 | +root_cas: |- |
| 209 | + -----BEGIN CERTIFICATE----- |
| 210 | + ... |
| 211 | + -----END CERTIFICATE----- |
| 212 | +``` |
| 213 | +
|
| 214 | +=== `tls.root_cas_file` |
| 215 | +
|
| 216 | +An optional path of a root certificate authority file to use. This is a file, often with a .pem extension, containing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. |
| 217 | +
|
| 218 | +
|
| 219 | +*Type*: `string` |
| 220 | +
|
| 221 | +*Default*: `""` |
| 222 | +
|
| 223 | +```yml |
| 224 | +# Examples |
| 225 | +
|
| 226 | +root_cas_file: ./root_cas.pem |
| 227 | +``` |
| 228 | +
|
| 229 | +=== `tls.client_certs` |
| 230 | +
|
| 231 | +A list of client certificates to use. For each certificate either the fields `cert` and `key`, or `cert_file` and `key_file` should be specified, but not both. |
| 232 | +
|
| 233 | +
|
| 234 | +*Type*: `array` |
| 235 | +
|
| 236 | +*Default*: `[]` |
| 237 | +
|
| 238 | +```yml |
| 239 | +# Examples |
| 240 | +
|
| 241 | +client_certs: |
| 242 | + - cert: foo |
| 243 | + key: bar |
| 244 | +
|
| 245 | +client_certs: |
| 246 | + - cert_file: ./example.pem |
| 247 | + key_file: ./example.key |
| 248 | +``` |
| 249 | +
|
| 250 | +=== `tls.client_certs[].cert` |
| 251 | +
|
| 252 | +A plain text certificate to use. |
| 253 | +
|
| 254 | +
|
| 255 | +*Type*: `string` |
| 256 | +
|
| 257 | +*Default*: `""` |
| 258 | +
|
| 259 | +=== `tls.client_certs[].key` |
| 260 | +
|
| 261 | +A plain text certificate key to use. |
| 262 | +[CAUTION] |
| 263 | +==== |
| 264 | +This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. |
| 265 | +==== |
| 266 | +
|
| 267 | +
|
| 268 | +
|
| 269 | +*Type*: `string` |
| 270 | +
|
| 271 | +*Default*: `""` |
| 272 | +
|
| 273 | +=== `tls.client_certs[].cert_file` |
| 274 | +
|
| 275 | +The path of a certificate to use. |
| 276 | +
|
| 277 | +
|
| 278 | +*Type*: `string` |
| 279 | +
|
| 280 | +*Default*: `""` |
| 281 | +
|
| 282 | +=== `tls.client_certs[].key_file` |
| 283 | +
|
| 284 | +The path of a certificate key to use. |
| 285 | +
|
| 286 | +
|
| 287 | +*Type*: `string` |
| 288 | +
|
| 289 | +*Default*: `""` |
| 290 | +
|
| 291 | +=== `tls.client_certs[].password` |
| 292 | +
|
| 293 | +A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. |
| 294 | +
|
| 295 | +Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. |
| 296 | +[CAUTION] |
| 297 | +==== |
| 298 | +This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. |
| 299 | +==== |
| 300 | +
|
| 301 | +
|
| 302 | +
|
| 303 | +*Type*: `string` |
| 304 | +
|
| 305 | +*Default*: `""` |
| 306 | +
|
| 307 | +```yml |
| 308 | +# Examples |
| 309 | +
|
| 310 | +password: foo |
| 311 | +
|
| 312 | +password: ${KEY_PASSWORD} |
| 313 | +``` |
| 314 | +
|
| 315 | +
|
0 commit comments