@nsshunt/stsconfig 1.14.0 → 1.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/dependabot.yml +1 -1
- package/package.json +1 -1
- package/stsconfig.js +49 -3
package/.github/dependabot.yml
CHANGED
package/package.json
CHANGED
package/stsconfig.js
CHANGED
|
@@ -72,6 +72,12 @@ const defconfig =
|
|
|
72
72
|
,rest01port: (process.env.REST01_PORT === undefined ? "3003" : process.env.REST01_PORT)
|
|
73
73
|
// STSREST01 Server endpoint
|
|
74
74
|
,rest01apiroot: (process.env.REST01_APIROOT === undefined ? "/stsrest01/v1" : process.env.REST01_APIROOT)
|
|
75
|
+
// STSREST01 API Identifier. This value will be used as the audience parameter on authorization calls (OAuth2 client credentials flow).
|
|
76
|
+
,rest01apiidentifier: process.env.REST01_API_IDENTIFIER
|
|
77
|
+
// STSREST01 API Identifier file. This value will be used as the audience parameter on authorization calls (OAuth2 client credentials flow).
|
|
78
|
+
,rest01apiidentifierfile: process.env.REST01_API_IDENTIFIER_FILE
|
|
79
|
+
// STSREST01 API Permissions file. These are all the permissions (scopes) that this API uses. Format is JSON.
|
|
80
|
+
,rest01apipermissionsfile: process.env.REST01_API_PERMISSIONS_FILE
|
|
75
81
|
// STSREST01 Prometheus metric support
|
|
76
82
|
,rest01prometheussupport: (process.env.REST01_PROM_SUPPORT === undefined ? true : (process.env.REST01_PROM_SUPPORT === "true" ? true : false))
|
|
77
83
|
// STSREST01 Cluster Server port (port used for cluster prometheus scrapes). Service will listen on this port at mount point /metrics
|
|
@@ -88,6 +94,14 @@ const defconfig =
|
|
|
88
94
|
,rest01password: (process.env.REST01_PASSWORD === undefined ? "STSREST01ServiceUserPassword" : process.env.REST01_PASSWORD)
|
|
89
95
|
// STSREST01 Server username password file
|
|
90
96
|
,rest01passwordfile: process.env.REST01_PASSWORD_FILE
|
|
97
|
+
// STSREST01 Server client ID. Used for oauth2 client credentials flow.
|
|
98
|
+
// Ref: https://auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow
|
|
99
|
+
// Ref: https://auth0.com/docs/get-started/authentication-and-authorization-flow/call-your-api-using-the-client-credentials-flow
|
|
100
|
+
,rest01clientid: process.env.REST01_CLIENT_ID
|
|
101
|
+
// STSREST01 Server client ID file. Used for oauth2 client credentials flow.
|
|
102
|
+
,rest01clientidfile: process.env.REST01_CLIENT_ID_FILE
|
|
103
|
+
// STSREST01 Server client secret file. Used for oauth2 client credentials flow.
|
|
104
|
+
,rest01clientsecretfile: process.env.REST01_CLIENT_SECRET_PASSWORD_FILE
|
|
91
105
|
|
|
92
106
|
// STS Instrument Manager Service endpoint
|
|
93
107
|
,imendpoint: (process.env.IM_ENDPOINT === undefined ? "http://localhost" : process.env.IM_ENDPOINT)
|
|
@@ -139,6 +153,10 @@ const defconfig =
|
|
|
139
153
|
// STS Test Orchestrator Service username password file
|
|
140
154
|
,topasswordfile: process.env.TO_PASSWORD_FILE
|
|
141
155
|
|
|
156
|
+
// STS Auth Server
|
|
157
|
+
// ---------------
|
|
158
|
+
// The auth server assumes the roles as an Identify Provider ([TODO]) and Token Server (OAuth2.0).
|
|
159
|
+
//
|
|
142
160
|
// Auth Server endpoint
|
|
143
161
|
,asendpoint: (process.env.AS_ENDPOINT === undefined ? "http://localhost" : process.env.AS_ENDPOINT)
|
|
144
162
|
// Auth Server host port (listen port for the service)
|
|
@@ -163,11 +181,37 @@ const defconfig =
|
|
|
163
181
|
,aspassword: (process.env.AS_PASSWORD === undefined ? "STSAuthServiceUserPassword" : process.env.AS_PASSWORD)
|
|
164
182
|
// Auth Server username password file
|
|
165
183
|
,aspasswordfile: process.env.AS_PASSWORD_FILE
|
|
166
|
-
|
|
184
|
+
|
|
185
|
+
// Auth Server client ID. Used for oauth2 client credentials flow.
|
|
186
|
+
// Ref: https://auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow
|
|
187
|
+
// Ref: https://auth0.com/docs/get-started/authentication-and-authorization-flow/call-your-api-using-the-client-credentials-flow
|
|
188
|
+
,asclientid: process.env.AS_CLIENT_ID
|
|
189
|
+
// Auth Server client ID file. Used for oauth2 client credentials flow.
|
|
190
|
+
,asclientidfile: process.env.AS_CLIENT_ID_FILE
|
|
191
|
+
// Auth Server client secret file. Used for oauth2 client credentials flow.
|
|
192
|
+
,asclientsecretfile: process.env.AS_CLIENT_SECRET_PASSWORD_FILE
|
|
193
|
+
|
|
194
|
+
// Auth Server - JWKS Public End Point.
|
|
195
|
+
,asjwksjsonpath: (process.env.AS_JWKS_JSON_PATH === undefined ? "/.well-known/jwks.json" : process.env.AS_JWKS_JSON_PATH)
|
|
196
|
+
// Auth Server - JWKS File Store. Auth server side private JWKS storage file.
|
|
197
|
+
,asjwksfilestore: (process.env.AS_JWKS_FILE_STORE === undefined ? "/run/secrets/jwks_store" : process.env.AS_JWKS_FILE_STORE)
|
|
198
|
+
// Auth Server - JWKS key rotation time (seconds).
|
|
199
|
+
,asjwkskeyrotationtime: (process.env.AS_JWKS_KEY_ROTATION_TIME === undefined ? 86400 : process.env.AS_JWKS_KEY_ROTATION_TIME) // 24 Hour default
|
|
200
|
+
// Auth Server - JWKS key purge time offset (seconds). Old keys (current keys are considered 'old' immediately after a key rotation) will be kept
|
|
201
|
+
// for asaccesstokenexpire + asjwkskeypurgetimeoffset seconds before purging from the JWKS.
|
|
202
|
+
,asjwkskeypurgetimeoffset: (process.env.AS_JWKS_KEY_PURGE_TIME_OFFSET === undefined ? 300 : process.env.AS_JWKS_KEY_PURGE_TIME_OFFSET) // 5 Minutes
|
|
203
|
+
// Auth Server - JWKS key count. Defines the number of active keys within the JWKS. Note that the actual key count may be double this value as current
|
|
204
|
+
// keys are rotated to old keys prior to old key purge. Old keys will be kept for asaccesstokenexpire + asjwkskeypurgetimeoffset seconds before removal from the JWKS.
|
|
205
|
+
// This is to ensure that any tokens signed by a current key that is then expired can still be validated within the life of the issued token.
|
|
206
|
+
,asjwkskeycount: (process.env.AS_JWKS_KEY_COUNT === undefined ? 4 : process.env.AS_JWKS_KEY_COUNT)
|
|
207
|
+
// Auth Server - JWKS Access token timeout.
|
|
208
|
+
,asaccesstokenexpire: (process.env.AS_ACCESS_TOKEN_EXPIRE === undefined ? 43200 : process.env.AS_ACCESS_TOKEN_EXPIRE) // 12 Hour default
|
|
209
|
+
|
|
210
|
+
// Auth Server - [DEPRECATED] Private Key (when using JWT)
|
|
167
211
|
,asprivatekeypath: (process.env.AS_PRIVATE_KEY_PATH === undefined ? "/var/lib/sts/stsglobalresources/keys/private.key" : process.env.AS_PRIVATE_KEY_PATH)
|
|
168
|
-
// Auth Server - Public Key (when using JWT)
|
|
212
|
+
// Auth Server - [DEPRECATED] Public Key (when using JWT)
|
|
169
213
|
,aspublickeypath: (process.env.AS_PUBLIC_KEY_PATH === undefined ? "/var/lib/sts/stsglobalresources/keys/public.key" : process.env.AS_PUBLIC_KEY_PATH)
|
|
170
|
-
|
|
214
|
+
|
|
171
215
|
// STS Test Runner Prometheus metric support
|
|
172
216
|
,trprometheussupport: (process.env.TR_PROM_SUPPORT === undefined ? true : (process.env.TR_PROM_SUPPORT === "true" ? true : false ))
|
|
173
217
|
// STS Test Runner Cluster Server port (port used for cluster prometheus scrapes)
|
|
@@ -302,6 +346,8 @@ const ReadPasswordFile = (passwordFile) => {
|
|
|
302
346
|
}
|
|
303
347
|
}
|
|
304
348
|
|
|
349
|
+
// File based configuration settings. If a file is specified for a setting, this will be used. The non file version (if specified) will be ignored.
|
|
350
|
+
|
|
305
351
|
// Database password file
|
|
306
352
|
if (defconfig.dbpasswordfile !== undefined) {
|
|
307
353
|
defconfig.dbpassword = ReadPasswordFile(defconfig.dbpasswordfile);
|