xref: /OpenGrok/opengrok-indexer/src/test/resources/analysis/hcl/sample.hcl (revision 1e5c8487176cdb2a165a031f8bfccef6638ba8e4) 
1/*
2 * This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this
4 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
5 */
6
7/*
8 * This is derived from Caiyeon goldfish/config/sample.hcl just for testing
9 * OpenGrok's HCL handling and modified arbitrarily to test other HCL syntax.
10 */
11
12# [Required] listener defines how goldfish will listen to incoming connections
13listener "tcp" {
14	# [Required] [Format: "address", "address:port", or ":port"]
15	# goldfish's listening address and/or port. Simply ":443" would suffice.
16	address          = ":8000"
17
18	# [Optional] [Default: 0] [Allowed values: 0, 1]
19	# set to 1 to disable tls & https
20	tls_disable      = 1
21
22	# [Optional] [Default: 0] [Allowed values: 0, 1]
23	# set to 1 to redirect port 80 to 443 (hard-coded port numbers)
24	tls_autoredirect = 0
25
26	# Option 1: local certificate
27	certificate "local" {
28		cert_file = "/path/to/certificate.cert"
29		key_file  = "/path/to/keyfile.pem"
30	}
31
32	# Option 2: using Vault's PKI backend [Requires vault_token at launch time]
33	# goldfish will request new certificates at half-life and hot-reload,
34	pki_certificate "pki" {
35		# [Required]
36		pki_path    = "pki/issue/<role_name>"
37		common_name = "goldfish.vault.service"
38
39		# [Optional] see Vault PKI docs for what these mean
40		alt_names   = ["goldfish.vault.srv", "ui.vault.srv"]
41		ip_sans     = ["10.0.0.10", "127.0.0.1", "172.0.0.1"]
42	}
43}
44
45# [Required] vault defines how goldfish should bootstrap to vault
46vault {
47	# [Required] [Format: "protocol://address:port"]
48	# This is vault's address. Vault must be up before goldfish is deployed!
49	address         = "http://127.0.0.1:8200"
50
51	# [Optional] [Default: 0] [Allowed values: 0, 1]
52	# Set this to 1 to skip verifying the certificate of vault (e.g. self-signed certs)
53	tls_skip_verify = 0
54
55	# [Required] [Default: "secret/goldfish"]
56	# This should be a generic secret endpoint where runtime settings are stored
57	# See wiki for what key values are required in this
58	runtime_config  = "secret/goldfish"
59
60	# [Optional] [Default: "auth/approle/login"]
61	# You can omit this, unless you mounted approle somewhere weird
62	approle_login   = "auth/approle/login"
63
64	# [Optional] [Default: "goldfish"]
65	# You can omit this if you already customized the approle ID to be 'goldfish'
66	approle_id      = "goldfish"
67
68	# [Optional] [Default: ""]
69	# If provided, goldfish will use this CA cert to verify Vault's certificate
70	# This should be a path to a PEM-encoded CA cert file
71	ca_cert         = ""
72
73	# [Optional] [Default: ""]
74	# See above. This should be a path to a directory instead of a single cert
75	ca_path         = ""
76}
77
78# [Optional] [Default: 0] [Allowed values: 0, 1]
79# Set to 1 to disable mlock. Implementation is similar to vault - see vault docs for details
80# This option will be ignored on unsupported platforms (e.g Windows)
81disable_mlock = 0
82