...

Text file src/github.com/ory/x/configx/stub/benchmark/benchmark.yaml

Documentation: github.com/ory/x/configx/stub/benchmark

     1# Please find the documentation for this file at
     2# https://www.ory.sh/oathkeeper/docs/configuration
     3
     4log:
     5  level: debug
     6  format: json
     7
     8profiling: cpu
     9
    10serve:
    11  proxy:
    12    port: 1234
    13    host: 127.0.0.1
    14
    15    timeout:
    16      read: 1s
    17      write: 2s
    18      idle: 3s
    19
    20    cors:
    21      enabled: true
    22      allowed_origins:
    23        - https://example.com
    24        - https://*.example.com
    25      allowed_methods:
    26        - POST
    27        - GET
    28        - PUT
    29        - PATCH
    30        - DELETE
    31      allowed_headers:
    32        - Authorization
    33        - Content-Type
    34      exposed_headers:
    35        - Content-Type
    36      allow_credentials: true
    37      max_age: 10
    38      debug: true
    39    tls:
    40      key:
    41        path: /path/to/key.pem
    42        base64: LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLVxuTUlJRkRqQkFCZ2txaGtpRzl3MEJCUTB3...
    43      cert:
    44        path: /path/to/cert.pem
    45        base64: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...
    46
    47  api:
    48    port: 1235
    49    host: 127.0.0.2
    50
    51    timeout:
    52      read: 1s
    53      write: 2s
    54      idle: 3s
    55
    56    cors:
    57      enabled: true
    58      allowed_origins:
    59        - https://example.org
    60        - https://*.example.org
    61      allowed_methods:
    62        - GET
    63        - PUT
    64        - PATCH
    65        - DELETE
    66      allowed_headers:
    67        - Authorization
    68        - Content-Type
    69      exposed_headers:
    70        - Content-Type
    71      allow_credentials: true
    72      max_age: 10
    73      debug: true
    74    tls:
    75      key:
    76        path: /path/to/key.pem
    77        base64: LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLVxuTUlJRkRqQkFCZ2txaGtpRzl3MEJCUTB3...
    78      cert:
    79        path: /path/to/cert.pem
    80        base64: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...
    81
    82  prometheus:
    83    port: 9000
    84    host: localhost
    85    metrics_path: /metrics
    86    collapse_request_paths: true
    87
    88# Configures Access Rules
    89access_rules:
    90  # Locations (list of URLs) where access rules should be fetched from on boot.
    91  # It is expected that the documents at those locations return a JSON or YAML Array containing ORY Oathkeeper Access Rules.
    92  repositories:
    93    # If the URL Scheme is `file://`, the access rules (an array of access rules is expected) will be
    94    # fetched from the local file system.
    95    - file://path/to/rules.json
    96    # If the URL Scheme is `inline://`, the access rules (an array of access rules is expected)
    97    # are expected to be a base64 encoded (with padding!) JSON/YAML string (base64_encode(`[{"id":"foo-rule","authenticators":[....]}]`)):
    98    - inline://W3siaWQiOiJmb28tcnVsZSIsImF1dGhlbnRpY2F0b3JzIjpbXX1d
    99    # If the URL Scheme is `http://` or `https://`, the access rules (an array of access rules is expected) will be
   100    # fetched from the provided HTTP(s) location.
   101    - https://path-to-my-rules/rules.json
   102  # Optional fields describing matching strategy, defaults to "regexp".
   103  matching_strategy: glob
   104
   105errors:
   106  fallback:
   107    - json
   108  handlers:
   109    redirect:
   110      enabled: true
   111      config:
   112        to: http://path-to/redirect
   113    json:
   114      enabled: true
   115      config:
   116        verbose: true
   117        when:
   118          -
   119            error:
   120              - unauthorized
   121              - forbidden
   122              - internal_server_error
   123            request:
   124              header:
   125                content_type:
   126                  - application/json
   127                accept:
   128                  - application/json
   129              cidr:
   130                - 127.0.0.0/24
   131
   132# All authenticators can be configured under this configuration key
   133authenticators:
   134  # Configures the anonymous authenticator
   135  anonymous:
   136    # Set enabled to true if the authenticator should be enabled and false to disable the authenticator. Defaults to false.
   137    enabled: true
   138
   139    config:
   140
   141      # Sets the anonymous username. Defaults to "anonymous". Common names include "guest", "anon", "anonymous", "unknown".
   142      subject: guest
   143
   144  # Configures the cookie session authenticator
   145  cookie_session:
   146    # Set enabled to true if the authenticator should be enabled and false to disable the authenticator. Defaults to false.
   147    enabled: true
   148
   149    config:
   150
   151      # Sets the origin to proxy requests to. If the response is a 200 with body `{ "subject": "...", "extra": {} }`
   152      # The request will pass the subject through successfully, otherwise it will be marked as unauthorized
   153      check_session_url: https://session-store-host
   154
   155      # Sets a list of possible cookies to look for on incoming requests, and will fallthrough to the next authenticator if
   156      # none of the passed cookies are set on the request
   157      only:
   158        - sessionid
   159
   160  # Configures the jwt authenticator
   161  jwt:
   162    # Set enabled to true if the authenticator should be enabled and false to disable the authenticator. Defaults to false.
   163    enabled: true
   164
   165    config:
   166
   167      # REQUIRED IF ENABLED - The URL where ORY Oathkeeper can retrieve JSON Web Keys from for validating the JSON Web
   168      # Token. Usually something like "https://my-keys.com/.well-known/jwks.json". The response of that endpoint must
   169      # return a JSON Web Key Set (JWKS).
   170      jwks_urls:
   171        - https://my-website.com/.well-known/jwks.json
   172        - https://my-other-website.com/.well-known/jwks.json
   173        - file://path/to/local/jwks.json
   174
   175      # Sets the strategy to be used to validate/match the scope. Supports "hierarchic", "exact", "wildcard", "none". Defaults
   176      # to "none".
   177      scope_strategy: wildcard
   178
   179  # Configures the noop authenticator
   180  noop:
   181    # Set enabled to true if the authenticator should be enabled and false to disable the authenticator. Defaults to false.
   182    enabled: true
   183
   184  # Configures the oauth2_client_credentials authenticator
   185  oauth2_client_credentials:
   186    # Set enabled to true if the authenticator should be enabled and false to disable the authenticator. Defaults to false.
   187    enabled: true
   188
   189    config:
   190
   191      # REQUIRED IF ENABLED - The OAuth 2.0 Token Endpoint that will be used to validate the client credentials.
   192      token_url: https://my-website.com/oauth2/token
   193
   194  # Configures the oauth2_introspection authenticator
   195  oauth2_introspection:
   196    # Set enabled to true if the authenticator should be enabled and false to disable the authenticator. Defaults to false.
   197    enabled: true
   198
   199    config:
   200
   201      # REQUIRED IF ENABLED - The OAuth 2.0 Token Introspection endpoint.
   202      introspection_url: https://my-website.com/oauth2/introspection
   203
   204      # Sets the strategy to be used to validate/match the token scope. Supports "hierarchic", "exact", "wildcard", "none". Defaults
   205      # to "none".
   206      scope_strategy: exact
   207
   208      # Enable pre-authorization in cases where the OAuth 2.0 Token Introspection endpoint is protected by OAuth 2.0 Bearer
   209      # Tokens that can be retrieved using the OAuth 2.0 Client Credentials grant.
   210      pre_authorization:
   211        # Enable pre-authorization. Defaults to false.
   212        enabled: true
   213
   214        # REQUIRED IF ENABLED - The OAuth 2.0 Client ID to be used for the OAuth 2.0 Client Credentials Grant.
   215        client_id: some_id
   216
   217        # REQUIRED IF ENABLED - The OAuth 2.0 Client Secret to be used for the OAuth 2.0 Client Credentials Grant.
   218        client_secret: some_secret
   219
   220        # The OAuth 2.0 Scope to be requested during the OAuth 2.0 Client Credentials Grant.
   221        scope:
   222          - foo
   223          - bar
   224
   225        # REQUIRED IF ENABLED - The OAuth 2.0 Token Endpoint where the OAuth 2.0 Client Credentials Grant will be performed.
   226        token_url: https://my-website.com/oauth2/token
   227
   228  # Configures the unauthorized authenticator
   229  unauthorized:
   230    # Set enabled to true if the authenticator should be enabled and false to disable the authenticator. Defaults to false.
   231    enabled: true
   232
   233# All authorizers can be configured under this configuration key
   234authorizers:
   235  # Configures the allow authorizer
   236  allow:
   237    # Set enabled to true if the authorizer should be enabled and false to disable the authorizer. Defaults to false.
   238    enabled: true
   239
   240  # Configures the deny authorizer
   241  deny:
   242    # Set enabled to true if the authorizer should be enabled and false to disable the authorizer. Defaults to false.
   243    enabled: true
   244
   245  # Configures the keto_engine_acp_ory authorizer
   246  keto_engine_acp_ory:
   247    # Set enabled to true if the authorizer should be enabled and false to disable the authorizer. Defaults to false.
   248    enabled: true
   249
   250    config:
   251      # REQUIRED IF ENABLED - The base URL of ORY Keto, typically something like http(s)://<host>[:<port>]/
   252      base_url: http://my-keto/
   253      required_action: unknown
   254      required_resource: unknown
   255
   256  # Configures the remote authorizer
   257  remote:
   258    # Set enabled to true if the authorizer should be enabled and false to disable the authorizer. Defaults to false.
   259    enabled: true
   260
   261    config:
   262      remote: https://host/path
   263      headers: {}
   264
   265  # Configures the remote_json authorizer
   266  remote_json:
   267    # Set enabled to true if the authorizer should be enabled and false to disable the authorizer. Defaults to false.
   268    enabled: true
   269
   270    config:
   271      remote: https://host/path
   272      payload: "{}"
   273
   274# All mutators can be configured under this configuration key
   275mutators:
   276  header:
   277    enabled: true
   278    config:
   279      headers:
   280        foo: bar
   281
   282  # Configures the cookie mutator
   283  cookie:
   284    # Set enabled to true if the mutator should be enabled and false to disable the mutator. Defaults to false.
   285    enabled: true
   286    config:
   287      cookies:
   288        foo: bar
   289
   290  # Configures the hydrator mutator
   291  hydrator:
   292    # Set enabled to true if the mutator should be enabled and false to disable the mutator. Defaults to false.
   293    enabled: true
   294
   295    config:
   296      api:
   297        url: https://some-url/
   298
   299  # Configures the id_token mutator
   300  id_token:
   301    # Set enabled to true if the mutator should be enabled and false to disable the mutator. Defaults to false.
   302    enabled: true
   303    config:
   304      # REQUIRED IF ENABLED - Sets the "iss" value of the ID Token.
   305      issuer_url: https://my-oathkeeper/
   306      # REQUIRED IF ENABLED - Sets the URL where keys should be fetched from. Supports remote locations (http, https) as
   307      # well as local filesystem paths.
   308      jwks_url: https://fetch-keys/from/this/location.json
   309      # jwks_url: file:///from/this/absolute/location.json
   310      # jwks_url: file://../from/this/relative/location.json
   311
   312      # Sets the time-to-live of the ID token. Defaults to one minute. Valid time units are: s (second), m (minute), h (hour).
   313      ttl: 1h
   314
   315  # Configures the noop mutator
   316  noop:
   317    # Set enabled to true if the mutator should be enabled and false to disable the mutator. Defaults to false.
   318    enabled: true

View as plain text