Configuration
Topaz requires a configuration file to run. By default, the location of the config file is $HOME/.config/topaz/cfg/config.yaml
.
Below is an annotated sample of a config.yaml
file.
---
logging:
prod: true
log_level: info
directory_service:
edge:
# path to embedded database file
db_path: /db/directory.db
# seed the object type and relation type metadata
seed_metadata: true
# endpoint for directory service
# can be set to a remote directory, like directory.prod.aserto.com:8443
remote:
address: "0.0.0.0:9292"
insecure: true
# set up API endpoints: gRPC on :8282, REST on :8383
# set up certs for gRPC and HTTPS gateway. this will be generated on first run.
api:
grpc:
connection_timeout_seconds: 2
listen_address: "0.0.0.0:8282"
certs:
tls_key_path: "/certs/grpc.key"
tls_cert_path: "/certs/grpc.crt"
tls_ca_cert_path: "/certs/grpc-ca.crt"
gateway:
listen_address: "0.0.0.0:8383"
allowed_origins:
- https://*.aserto.com
- https://*aserto-console.netlify.app
- https://*localhost
certs:
tls_key_path: "/certs/gateway.key"
tls_cert_path: "/certs/gateway.crt"
tls_ca_cert_path: "/certs/gateway-ca.crt"
health:
listen_address: "0.0.0.0:8484"
# set up OPA config
opa:
instance_id: "-"
graceful_shutdown_period_seconds: 2
# configure local bundle directory (empty here)
local_bundles:
paths: []
skip_verification: true
config:
services:
# configure the GitHub Container Registry as a bundle source
ghcr:
url: https://ghcr.io/
type: "oci"
response_header_timeout_seconds: 5
bundles:
# configure the "todo" bundle
todo:
service: ghcr
# OCI image path
resource: "ghcr.io/aserto-policies/policy-todo-rebac:latest"
persist: false
config:
# how often to poll for a new image version
polling:
min_delay_seconds: 60
max_delay_seconds: 120