Added comment regarding TLS support (related to Issue #31)

Signed-off-by: Phil Hunt <[email protected]>
hexa-org · Jun 10, 2024 · ca80e0b · ca80e0b
1 parent d505c2b
commit ca80e0b
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 7 deletions.
diff --git a/cmd/hexaAuthZen/README.md b/cmd/hexaAuthZen/README.md
@@ -180,8 +180,8 @@ The following IDQL policies are used:
 | PORT                  | The HTTP Port for all endpoints                                                                                                         |
 | AUTHZEN_BUNDLE_DIR    | The location of an OPA Bundle containing hexaPolicy.rego, and data.json containing the ToDo Application IDQL                            |
 | AUTHZEN_USERPIP_FILE  | The location of a JSON file containing the test users                                                                                   |
-| TKN_DIRECTORY | THe location of a directory that contains the JWT token issuer public key (file issuer-cert.pem)                                        |
-| TKN_MODE      | If set to "ANON", all access is unauthenticated, "BUNDLE", the bundle endpoint is protected. "ALL" (default) will enforce all endpoints |
-| TKN_ISSUER            | The key id (kid) of the issuer - used to match the kid in a JWT with the public key                                                     |
+| HEXA_TKN_DIRECTORY | THe location of a directory that contains the JWT token issuer public key (file issuer-cert.pem)                                        |
+| HEXA_TKN_MODE      | If set to "ANON", all access is unauthenticated, "BUNDLE", the bundle endpoint is protected. "ALL" (default) will enforce all endpoints |
+| HEXA_TKN_ISSUER            | The key id (kid) of the issuer - used to match the kid in a JWT with the public key                                                     |
 
 
diff --git a/cmd/hexaAuthZen/main.go b/cmd/hexaAuthZen/main.go
@@ -15,6 +15,7 @@ var mLog = config.ServerLog
 
 func main() {
 	mLog.Printf("Hexa AuthZen Server starting...")
+	mLog.Println("Note: This AuthZen demo server does not support TLS and should be deployed behind a TLS proxy terminator (e.g. Google App Engine).")
 	mLog.Printf(fmt.Sprintf("Version: %s", config.HexaAuthZenVersion))
 	port := "8080"
 	if found := os.Getenv("PORT"); found != "" {

diff --git a/cmd/hexaAuthZen/server_env.sh b/cmd/hexaAuthZen/server_env.sh
@@ -1,7 +1,7 @@
 export PORT=8080
 export AUTHZEN_BUNDLE_DIR=deployments/authZen/bundles
 export AUTHZEN_USERPIP_FILE=deployments/authZen/users.json
-export TKN_DIRECTORY=./.certs
-export TKN_PRIVKEYFILE=
-export TKN_MODE=ANON
-export TKN_ISSUER=authZen
+export HEXA_TKN_DIRECTORY=./.certs
+export HEXA_TKN_PRIVKEYFILE=
+export HEXA_TKN_MODE=ANON
+export HEXA_TKN_ISSUER=authZen