1<!DOCTYPE html> 2<html lang="en"> 3<head> 4<meta charset="UTF-8"> 5<title>sampleFile - OpenGrok cross reference for /sampleFile</title></head><body> 6<a class="l" name="1" href="#1">1</a><span class="c">/*</span> 7<a class="l" name="2" href="#2">2</a><span class="c"> * This Source Code Form is subject to the terms of the Mozilla Public</span> 8<a class="l" name="3" href="#3">3</a><span class="c"> * License, v. 2.0. If a copy of the MPL was not distributed with this</span> 9<a class="l" name="4" href="#4">4</a><span class="c"> * file, You can obtain one at <a href="http://mozilla.org/MPL/2.0/">http://mozilla.org/MPL/2.0/</a>.</span> 10<a class="l" name="5" href="#5">5</a><span class="c"> */</span> 11<a class="l" name="6" href="#6">6</a> 12<a class="l" name="7" href="#7">7</a><span class="c">/*</span> 13<a class="l" name="8" href="#8">8</a><span class="c"> * This is derived from Caiyeon <a href="/source/s?path=goldfish/">goldfish</a>/<a href="/source/s?path=goldfish/config/">config</a>/<a href="/source/s?path=goldfish/config/sample.hcl">sample.hcl</a> just for testing</span> 14<a class="l" name="9" href="#9">9</a><span class="c"> * OpenGrok's HCL handling and modified arbitrarily to test other HCL syntax.</span> 15<a class="hl" name="10" href="#10">10</a><span class="c"> */</span> 16<a class="l" name="11" href="#11">11</a> 17<a class="l" name="12" href="#12">12</a><span class="c"># [Required] listener defines how goldfish will listen to incoming connections</span> 18<a class="l" name="13" href="#13">13</a><a href="/source/s?defs=listener" class="intelliWindow-symbol" data-definition-place="undefined-in-file">listener</a> <span class="s">"tcp"</span> { 19<a class="l" name="14" href="#14">14</a> <span class="c"># [Required] [Format: "address", "address:port", or ":port"]</span> 20<a class="l" name="15" href="#15">15</a> <span class="c"># goldfish's listening address <a href="/source/s?path=and/">and</a>/<a href="/source/s?path=and/or">or</a> port. Simply ":443" would suffice.</span> 21<a class="l" name="16" href="#16">16</a> <a href="/source/s?defs=address" class="intelliWindow-symbol" data-definition-place="undefined-in-file">address</a> = <span class="s">":8000"</span> 22<a class="l" name="17" href="#17">17</a> 23<a class="l" name="18" href="#18">18</a> <span class="c"># [Optional] [Default: 0] [Allowed values: 0, 1]</span> 24<a class="l" name="19" href="#19">19</a> <span class="c"># set to 1 to disable tls & https</span> 25<a class="hl" name="20" href="#20">20</a> <a href="/source/s?defs=tls_disable" class="intelliWindow-symbol" data-definition-place="undefined-in-file">tls_disable</a> = <span class="n">1</span> 26<a class="l" name="21" href="#21">21</a> 27<a class="l" name="22" href="#22">22</a> <span class="c"># [Optional] [Default: 0] [Allowed values: 0, 1]</span> 28<a class="l" name="23" href="#23">23</a> <span class="c"># set to 1 to redirect port 80 to 443 (hard-coded port numbers)</span> 29<a class="l" name="24" href="#24">24</a> <a href="/source/s?defs=tls_autoredirect" class="intelliWindow-symbol" data-definition-place="undefined-in-file">tls_autoredirect</a> = <span class="n">0</span> 30<a class="l" name="25" href="#25">25</a> 31<a class="l" name="26" href="#26">26</a> <span class="c"># Option 1: local certificate</span> 32<a class="l" name="27" href="#27">27</a> <a href="/source/s?defs=certificate" class="intelliWindow-symbol" data-definition-place="undefined-in-file">certificate</a> <span class="s">"local"</span> { 33<a class="l" name="28" href="#28">28</a> <a href="/source/s?defs=cert_file" class="intelliWindow-symbol" data-definition-place="undefined-in-file">cert_file</a> = <span class="s">"/<a href="/source/s?path=/path/">path</a>/<a href="/source/s?path=/path/to/">to</a>/<a href="/source/s?path=/path/to/certificate.cert">certificate.cert</a>"</span> 34<a class="l" name="29" href="#29">29</a> <a href="/source/s?defs=key_file" class="intelliWindow-symbol" data-definition-place="undefined-in-file">key_file</a> = <span class="s">"/<a href="/source/s?path=/path/">path</a>/<a href="/source/s?path=/path/to/">to</a>/<a href="/source/s?path=/path/to/keyfile.pem">keyfile.pem</a>"</span> 35<a class="hl" name="30" href="#30">30</a> } 36<a class="l" name="31" href="#31">31</a> 37<a class="l" name="32" href="#32">32</a> <span class="c"># Option 2: using Vault's PKI backend [Requires vault_token at launch time]</span> 38<a class="l" name="33" href="#33">33</a> <span class="c"># goldfish will request new certificates at half-life and hot-reload,</span> 39<a class="l" name="34" href="#34">34</a> <a href="/source/s?defs=pki_certificate" class="intelliWindow-symbol" data-definition-place="undefined-in-file">pki_certificate</a> <span class="s">"pki"</span> { 40<a class="l" name="35" href="#35">35</a> <span class="c"># [Required]</span> 41<a class="l" name="36" href="#36">36</a> <a href="/source/s?defs=pki_path" class="intelliWindow-symbol" data-definition-place="undefined-in-file">pki_path</a> = <span class="s">"<a href="/source/s?path=pki/">pki</a>/<a href="/source/s?path=pki/issue">issue</a>/<role_name>"</span> 42<a class="l" name="37" href="#37">37</a> <a href="/source/s?defs=common_name" class="intelliWindow-symbol" data-definition-place="undefined-in-file">common_name</a> = <span class="s">"goldfish.vault.service"</span> 43<a class="l" name="38" href="#38">38</a> 44<a class="l" name="39" href="#39">39</a> <span class="c"># [Optional] see Vault PKI docs for what these mean</span> 45<a class="hl" name="40" href="#40">40</a> <a href="/source/s?defs=alt_names" class="intelliWindow-symbol" data-definition-place="undefined-in-file">alt_names</a> = [<span class="s">"goldfish.vault.srv"</span>, <span class="s">"ui.vault.srv"</span>] 46<a class="l" name="41" href="#41">41</a> <a href="/source/s?defs=ip_sans" class="intelliWindow-symbol" data-definition-place="undefined-in-file">ip_sans</a> = [<span class="s">"10.0.0.10"</span>, <span class="s">"127.0.0.1"</span>, <span class="s">"172.0.0.1"</span>] 47<a class="l" name="42" href="#42">42</a> } 48<a class="l" name="43" href="#43">43</a>} 49<a class="l" name="44" href="#44">44</a> 50<a class="l" name="45" href="#45">45</a><span class="c"># [Required] vault defines how goldfish should bootstrap to vault</span> 51<a class="l" name="46" href="#46">46</a><a href="/source/s?defs=vault" class="intelliWindow-symbol" data-definition-place="undefined-in-file">vault</a> { 52<a class="l" name="47" href="#47">47</a> <span class="c"># [Required] [Format: "protocol://address:port"]</span> 53<a class="l" name="48" href="#48">48</a> <span class="c"># This is vault's address. Vault must be up before goldfish is deployed!</span> 54<a class="l" name="49" href="#49">49</a> <a href="/source/s?defs=address" class="intelliWindow-symbol" data-definition-place="undefined-in-file">address</a> = <span class="s">"<a href="http://127.0.0.1:8200">http://127.0.0.1:8200</a>"</span> 55<a class="hl" name="50" href="#50">50</a> 56<a class="l" name="51" href="#51">51</a> <span class="c"># [Optional] [Default: 0] [Allowed values: 0, 1]</span> 57<a class="l" name="52" href="#52">52</a> <span class="c"># Set this to 1 to skip verifying the certificate of vault (e.g. self-signed certs)</span> 58<a class="l" name="53" href="#53">53</a> <a href="/source/s?defs=tls_skip_verify" class="intelliWindow-symbol" data-definition-place="undefined-in-file">tls_skip_verify</a> = <span class="n">0</span> 59<a class="l" name="54" href="#54">54</a> 60<a class="l" name="55" href="#55">55</a> <span class="c"># [Required] [Default: "<a href="/source/s?path=secret/">secret</a>/<a href="/source/s?path=secret/goldfish">goldfish</a>"]</span> 61<a class="l" name="56" href="#56">56</a> <span class="c"># This should be a generic secret endpoint where runtime settings are stored</span> 62<a class="l" name="57" href="#57">57</a> <span class="c"># See wiki for what key values are required in this</span> 63<a class="l" name="58" href="#58">58</a> <a href="/source/s?defs=runtime_config" class="intelliWindow-symbol" data-definition-place="undefined-in-file">runtime_config</a> = <span class="s">"<a href="/source/s?path=secret/">secret</a>/<a href="/source/s?path=secret/goldfish">goldfish</a>"</span> 64<a class="l" name="59" href="#59">59</a> 65<a class="hl" name="60" href="#60">60</a> <span class="c"># [Optional] [Default: "<a href="/source/s?path=auth/">auth</a>/<a href="/source/s?path=auth/approle/">approle</a>/<a href="/source/s?path=auth/approle/login">login</a>"]</span> 66<a class="l" name="61" href="#61">61</a> <span class="c"># You can omit this, unless you mounted approle somewhere weird</span> 67<a class="l" name="62" href="#62">62</a> <a href="/source/s?defs=approle_login" class="intelliWindow-symbol" data-definition-place="undefined-in-file">approle_login</a> = <span class="s">"<a href="/source/s?path=auth/">auth</a>/<a href="/source/s?path=auth/approle/">approle</a>/<a href="/source/s?path=auth/approle/login">login</a>"</span> 68<a class="l" name="63" href="#63">63</a> 69<a class="l" name="64" href="#64">64</a> <span class="c"># [Optional] [Default: "goldfish"]</span> 70<a class="l" name="65" href="#65">65</a> <span class="c"># You can omit this if you already customized the approle ID to be 'goldfish'</span> 71<a class="l" name="66" href="#66">66</a> <a href="/source/s?defs=approle_id" class="intelliWindow-symbol" data-definition-place="undefined-in-file">approle_id</a> = <span class="s">"goldfish"</span> 72<a class="l" name="67" href="#67">67</a> 73<a class="l" name="68" href="#68">68</a> <span class="c"># [Optional] [Default: ""]</span> 74<a class="l" name="69" href="#69">69</a> <span class="c"># If provided, goldfish will use this CA cert to verify Vault's certificate</span> 75<a class="hl" name="70" href="#70">70</a> <span class="c"># This should be a path to a PEM-encoded CA cert file</span> 76<a class="l" name="71" href="#71">71</a> <a href="/source/s?defs=ca_cert" class="intelliWindow-symbol" data-definition-place="undefined-in-file">ca_cert</a> = <span class="s">""</span> 77<a class="l" name="72" href="#72">72</a> 78<a class="l" name="73" href="#73">73</a> <span class="c"># [Optional] [Default: ""]</span> 79<a class="l" name="74" href="#74">74</a> <span class="c"># See above. This should be a path to a directory instead of a single cert</span> 80<a class="l" name="75" href="#75">75</a> <a href="/source/s?defs=ca_path" class="intelliWindow-symbol" data-definition-place="undefined-in-file">ca_path</a> = <span class="s">""</span> 81<a class="l" name="76" href="#76">76</a>} 82<a class="l" name="77" href="#77">77</a> 83<a class="l" name="78" href="#78">78</a><span class="c"># [Optional] [Default: 0] [Allowed values: 0, 1]</span> 84<a class="l" name="79" href="#79">79</a><span class="c"># Set to 1 to disable mlock. Implementation is similar to vault - see vault docs for details</span> 85<a class="hl" name="80" href="#80">80</a><span class="c"># This option will be ignored on unsupported platforms (e.g Windows)</span> 86<a class="l" name="81" href="#81">81</a><a href="/source/s?defs=disable_mlock" class="intelliWindow-symbol" data-definition-place="undefined-in-file">disable_mlock</a> = <span class="n">0</span> 87<a class="l" name="82" href="#82">82</a></body> 88</html> 89