forked from kartverket/kartverket.dev
-
Notifications
You must be signed in to change notification settings - Fork 0
/
app-config.production.yaml
105 lines (96 loc) · 3.31 KB
/
app-config.production.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
app:
# Should be the same as backend.baseUrl when using the `app-backend` plugin.
baseUrl: ${BASE_URL}
backend:
# Note that the baseUrl should be the URL that the browser and other clients
# should use when communicating with the backend, i.e. it needs to be
# reachable not just from within the backend host, but from all of your
# callers. When its value is "http://localhost:7007", it's strictly private
# and can't be reached by others.
baseUrl: ${BASE_URL}
# The listener can also be expressed as a single <host>:<port> string. In this case we bind to
# all interfaces, the most permissive setting. The right value depends on your specific deployment.
listen:
port: 7007
# config options: https://node-postgres.com/api/client
database:
client: pg
connection:
database: ${POSTGRES_DB}
host: ${POSTGRES_HOST}
port: ${POSTGRES_PORT}
user: ${POSTGRES_USER}
password: ${POSTGRES_PASSWORD}
ssl:
require: true
rejectUnauthorized: false
pluginDivisionMode: schema
auth:
keys:
- secret: 56fYRaW0m6JWh6vZLbetkmXhUehJrCf1
externalAccess:
- type: jwks
options:
url: https://login.microsoftonline.com/${ENTRA_TENANT_ID}/discovery/v2.0/keys
issuer: https://login.microsoftonline.com/${ENTRA_TENANT_ID}/v2.0
audience: ${ENTRA_WEB_APP_ID}
integrations:
github:
- host: github.com
# In production we use an app for secure auth
apps:
- $include: github-secrets/github-app-backstage-skip-credentials.yaml
proxy:
endpoints:
'/xkcd-proxy':
target: https://xkcd.com/
'/lighthouse':
target: http://lighthouse-audit-service.lighthouse-audit-service.svc.cluster.local:3003
'/risc-proxy':
target: http://ros-plugin-backend.ros-plugin-main:8080
allowedHeaders: ['Authorization', 'GCP-Access-Token', 'GitHub-Access-Token']
'/opencost-cacher':
target: http://opencost-cacher:8080
credentials: forward
changeOrigin: true
lighthouse:
baseUrl: /api/proxy/lighthouse
catalog:
providers:
microsoftGraphOrg:
default:
tenantId: 7f74c8a2-43ce-46b2-b0e8-b6306cba73a3
queryMode: 'advanced'
user:
filter: accountEnabled eq true and userType eq 'member' and startsWith(companyName, 'Staten')
select: ['accountEnabled', 'displayName', 'givenName', 'id', 'mail', 'mailNickname', 'userPrincipalName', 'surname', 'companyName', 'userType']
group:
filter: >
startswith(displayName, 'AAD - TF')
schedule:
frequency: PT1H
timeout: PT50M
clientId: ${ENTRA_ID_SP_APP_ID}
clientSecret: ${ENTRA_ID_SP_CLIENT_SECRET}
auth:
environment: production
providers:
google:
production:
clientId: ${GOOGLE_OAUTH_CLIENT_ID}
clientSecret: ${GOOGLE_OAUTH_CLIENT_SECRET}
microsoft:
production:
clientId: ${ENTRA_WEB_APP_ID}
clientSecret: ${ENTRA_WEB_CLIENT_SECRET}
tenantId: ${ENTRA_TENANT_ID}
github:
production:
clientId: ${RISC_GITHUB_APP_CLIENT_ID}
clientSecret: ${RISC_GITHUB_APP_CLIENT_SECRET}
cors:
origin: ${BASE_URL}
sikkerhetsmetrikker:
enable: true
baseUrl: http://sikkerhetsmetrikker.sikkerhetsmetrikker-main:8080
clientId: ${SIKKERHETSMETRIKKER_CLIENT_ID}