forked from openfga/openfga
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.config-schema.json
238 lines (237 loc) · 8.97 KB
/
.config-schema.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
{
"properties": {
"maxTuplesPerWrite": {
"description": "The maximum allowed number of tuples per Write transaction.",
"type": "integer",
"default": 100
},
"maxTypesPerAuthorizationModel": {
"description": "The maximum allowed number of type definitions per authorization model.",
"type": "integer",
"default": 100
},
"changelogHorizonOffset": {
"description": "The offset (in minutes) from the current time. Changes that occur after this offset will not be included in the response of ReadChanges.",
"type": "integer",
"default": 0
},
"resolveNodeLimit": {
"description": "Defines how deeply nested an authorization model can be.",
"type": "integer",
"default": 25
},
"listObjectsDeadline": {
"description": "The timeout deadline for serving ListObjects requests",
"type": "string",
"format": "duration",
"default": "3s"
},
"listObjectsMaxResults": {
"description": "The maximum results to return in ListObjects responses",
"type": "integer",
"minimum": 0,
"default": 1000
},
"playground": {
"type": "object",
"properties": {
"enabled": {
"description": "Enable/disable the OpenFGA Playground.",
"type": "boolean",
"default": true
},
"port": {
"description": "The port to serve the local OpenFGA Playground on.",
"type": "integer",
"default": 3000
}
}
},
"profiler": {
"type": "object",
"properties": {
"enabled": {
"description": "Enabled/disable pprof profiling.",
"type": "boolean",
"default": false
},
"addr": {
"description": "The host:port address to serve the pprof profiler server on.",
"type": "string",
"default": ":3001"
}
}
},
"datastore": {
"type": "object",
"properties": {
"engine": {
"description": "The datastore engine that will be used for persistence.",
"type": "string",
"enum": ["memory", "postgres", "mysql"],
"default": "memory"
},
"uri": {
"description": "The connection uri to use to connect to the datastore (for any engine other than 'memory').",
"type": "string",
"examples": [
"postgres://user:pass@host:port/datastore?opts",
"user:pass@tcp(mysql-host:port)/datastore?parseTime=true&other-opts"
]
},
"maxCacheSize": {
"description": "The maximum number of cache keys that the storage cache can store before evicting old keys.",
"type": "integer",
"default": 100000
},
"maxOpenConns": {
"description": "The maximum number of open connections to the datastore.",
"type": "integer",
"default": "unlimited - database/sql default"
},
"maxIdleConns": {
"description": "the maximum number of connections to the datastore in the idle connection pool.",
"type": "integer",
"default": "2 - database/sql default"
},
"connMaxIdleTime": {
"description": "the maximum amount of time a connection to the datastore may be idle",
"type": "duration",
"default": "connections are not closed due to idle time - database/sql default"
},
"connMaxLifetime": {
"description": "the maximum amount of time a connection to the datastore may be reused",
"type": "duration",
"default": "connections are not closed due to connection's age - database/sql default"
}
}
},
"authn": {
"type": "object",
"properties": {
"method": {
"description": "The authentication method to use.",
"type": "string",
"enum": ["none", "preshared", "oidc"],
"default": "none"
},
"preshared": {
"description": "One or more preshared keys to use for authentication. This must be set if `authn.method=preshared'.",
"$ref": "#/definitions/preshared"
},
"oidc": {
"description": "The OIDC provider specific settings. This must be set if 'authn.method=oidc'.",
"$ref": "#/definitions/oidc"
}
}
},
"grpc": {
"type": "object",
"properties": {
"addr": {
"description": "The host:port address to serve the grpc server on.",
"type": "string",
"default": "0.0.0.0:8081"
},
"tls": {
"$ref": "#/definitions/tls"
}
}
},
"http": {
"type": "object",
"properties": {
"enabled": {
"description": "Enables or disables the OpenFGA HTTP server. If this is set to true then 'grpc.enabled' must be set to true.",
"type": "boolean",
"default": true
},
"addr": {
"description": "The host:port address to serve the HTTP server on.",
"type": "string",
"default": "0.0.0.0:8080"
},
"tls": {
"$ref": "#/definitions/tls"
},
"upstreamTimeout": {
"description": "The timeout duration for proxying HTTP requests upstream to the grpc endpoint.",
"type": "string",
"default": "3s"
},
"corsAllowedOrigins": {
"type": "array",
"items": {
"type": "string"
},
"default": ["*"]
},
"corsAllowedHeaders": {
"type": "array",
"items": {
"type": "string"
},
"default": ["*"]
}
}
},
"log": {
"type": "object",
"properties": {
"format": {
"description": "The log format to output logs in. For production we recommend 'json' format.",
"type": "string",
"enum": ["text", "json"],
"default": "text"
}
}
}
},
"definitions": {
"tls": {
"type": "object",
"properties": {
"enabled": {
"description": "Enables or disables transport layer security (TLS).",
"type": "boolean",
"default": false
},
"cert": {
"description": "The (absolute) file path of the certificate to use for the TLS connection.",
"type": "string"
},
"key": {
"description": "The (absolute) file path of the TLS key that should be used for the TLS connection."
}
},
"required": ["enabled", "cert", "key"]
},
"oidc": {
"type": "object",
"properties": {
"issuer": {
"description": "The OIDC issuer (authorization server) signing the tokens.",
"type": "string"
},
"audience": {
"description": "The OIDC audience of the tokens being signed by the authorization server.",
"type": "string"
}
},
"required": ["issuer", "audience"]
},
"preshared": {
"type": "object",
"properties": {
"keys": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
}
},
"required": ["keys"]
}
}
}