xref: /OpenGrok/opengrok-indexer/src/test/resources/analysis/hcl/sample.hcl (revision 1e5c8487176cdb2a165a031f8bfccef6638ba8e4) 
1*1e5c8487SChris Fraire/*
2*1e5c8487SChris Fraire * This Source Code Form is subject to the terms of the Mozilla Public
3*1e5c8487SChris Fraire * License, v. 2.0. If a copy of the MPL was not distributed with this
4*1e5c8487SChris Fraire * file, You can obtain one at http://mozilla.org/MPL/2.0/.
5*1e5c8487SChris Fraire */
6*1e5c8487SChris Fraire
7*1e5c8487SChris Fraire/*
8*1e5c8487SChris Fraire * This is derived from Caiyeon goldfish/config/sample.hcl just for testing
9*1e5c8487SChris Fraire * OpenGrok's HCL handling and modified arbitrarily to test other HCL syntax.
10*1e5c8487SChris Fraire */
11*1e5c8487SChris Fraire
12*1e5c8487SChris Fraire# [Required] listener defines how goldfish will listen to incoming connections
13*1e5c8487SChris Frairelistener "tcp" {
14*1e5c8487SChris Fraire	# [Required] [Format: "address", "address:port", or ":port"]
15*1e5c8487SChris Fraire	# goldfish's listening address and/or port. Simply ":443" would suffice.
16*1e5c8487SChris Fraire	address          = ":8000"
17*1e5c8487SChris Fraire
18*1e5c8487SChris Fraire	# [Optional] [Default: 0] [Allowed values: 0, 1]
19*1e5c8487SChris Fraire	# set to 1 to disable tls & https
20*1e5c8487SChris Fraire	tls_disable      = 1
21*1e5c8487SChris Fraire
22*1e5c8487SChris Fraire	# [Optional] [Default: 0] [Allowed values: 0, 1]
23*1e5c8487SChris Fraire	# set to 1 to redirect port 80 to 443 (hard-coded port numbers)
24*1e5c8487SChris Fraire	tls_autoredirect = 0
25*1e5c8487SChris Fraire
26*1e5c8487SChris Fraire	# Option 1: local certificate
27*1e5c8487SChris Fraire	certificate "local" {
28*1e5c8487SChris Fraire		cert_file = "/path/to/certificate.cert"
29*1e5c8487SChris Fraire		key_file  = "/path/to/keyfile.pem"
30*1e5c8487SChris Fraire	}
31*1e5c8487SChris Fraire
32*1e5c8487SChris Fraire	# Option 2: using Vault's PKI backend [Requires vault_token at launch time]
33*1e5c8487SChris Fraire	# goldfish will request new certificates at half-life and hot-reload,
34*1e5c8487SChris Fraire	pki_certificate "pki" {
35*1e5c8487SChris Fraire		# [Required]
36*1e5c8487SChris Fraire		pki_path    = "pki/issue/<role_name>"
37*1e5c8487SChris Fraire		common_name = "goldfish.vault.service"
38*1e5c8487SChris Fraire
39*1e5c8487SChris Fraire		# [Optional] see Vault PKI docs for what these mean
40*1e5c8487SChris Fraire		alt_names   = ["goldfish.vault.srv", "ui.vault.srv"]
41*1e5c8487SChris Fraire		ip_sans     = ["10.0.0.10", "127.0.0.1", "172.0.0.1"]
42*1e5c8487SChris Fraire	}
43*1e5c8487SChris Fraire}
44*1e5c8487SChris Fraire
45*1e5c8487SChris Fraire# [Required] vault defines how goldfish should bootstrap to vault
46*1e5c8487SChris Frairevault {
47*1e5c8487SChris Fraire	# [Required] [Format: "protocol://address:port"]
48*1e5c8487SChris Fraire	# This is vault's address. Vault must be up before goldfish is deployed!
49*1e5c8487SChris Fraire	address         = "http://127.0.0.1:8200"
50*1e5c8487SChris Fraire
51*1e5c8487SChris Fraire	# [Optional] [Default: 0] [Allowed values: 0, 1]
52*1e5c8487SChris Fraire	# Set this to 1 to skip verifying the certificate of vault (e.g. self-signed certs)
53*1e5c8487SChris Fraire	tls_skip_verify = 0
54*1e5c8487SChris Fraire
55*1e5c8487SChris Fraire	# [Required] [Default: "secret/goldfish"]
56*1e5c8487SChris Fraire	# This should be a generic secret endpoint where runtime settings are stored
57*1e5c8487SChris Fraire	# See wiki for what key values are required in this
58*1e5c8487SChris Fraire	runtime_config  = "secret/goldfish"
59*1e5c8487SChris Fraire
60*1e5c8487SChris Fraire	# [Optional] [Default: "auth/approle/login"]
61*1e5c8487SChris Fraire	# You can omit this, unless you mounted approle somewhere weird
62*1e5c8487SChris Fraire	approle_login   = "auth/approle/login"
63*1e5c8487SChris Fraire
64*1e5c8487SChris Fraire	# [Optional] [Default: "goldfish"]
65*1e5c8487SChris Fraire	# You can omit this if you already customized the approle ID to be 'goldfish'
66*1e5c8487SChris Fraire	approle_id      = "goldfish"
67*1e5c8487SChris Fraire
68*1e5c8487SChris Fraire	# [Optional] [Default: ""]
69*1e5c8487SChris Fraire	# If provided, goldfish will use this CA cert to verify Vault's certificate
70*1e5c8487SChris Fraire	# This should be a path to a PEM-encoded CA cert file
71*1e5c8487SChris Fraire	ca_cert         = ""
72*1e5c8487SChris Fraire
73*1e5c8487SChris Fraire	# [Optional] [Default: ""]
74*1e5c8487SChris Fraire	# See above. This should be a path to a directory instead of a single cert
75*1e5c8487SChris Fraire	ca_path         = ""
76*1e5c8487SChris Fraire}
77*1e5c8487SChris Fraire
78*1e5c8487SChris Fraire# [Optional] [Default: 0] [Allowed values: 0, 1]
79*1e5c8487SChris Fraire# Set to 1 to disable mlock. Implementation is similar to vault - see vault docs for details
80*1e5c8487SChris Fraire# This option will be ignored on unsupported platforms (e.g Windows)
81*1e5c8487SChris Frairedisable_mlock = 0
82