Last active
September 1, 2020 20:48
-
-
Save shamsimam/139c0610357413d1cde517e2630ef148 to your computer and use it in GitHub Desktop.
Sample Waiter config with JWT/OIDC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; | |
| ; The purpose of this example is to show the absolute minimum you can configure to setup a Waiter router that you can | |
| ; experiment with. This is not a valid production configuration of Waiter. For a complete explanation of the Waiter | |
| ; configuration file, see config-full.edn. | |
| ; | |
| {:authenticator-config {:jwt {:allow-bearer-auth-api? true | |
| :allow-bearer-auth-services? false | |
| :allow-oidc-auth-api? false | |
| :allow-oidc-auth-services? false | |
| :attach-www-authenticate-on-missing-bearer-token? true | |
| :http-options {;; The HTTP options that will be used when accessing the authorization server: | |
| :conn-timeout 10000 | |
| :socket-timeout 10000 | |
| :spnego-auth false} | |
| :issuer ["test.com" #config/regex "https://test.com/.*"] | |
| :jwks-url "http://127.0.0.1:8080/keys" | |
| :max-expiry-duration-ms 86400000 | |
| :oidc-authorize-uri "http://127.0.0.1:8080/authorize" | |
| :oidc-token-uri "http://127.0.0.1:8080/id-token" | |
| :subject-key :sub | |
| :subject-regex #config/regex "([a-zA-Z0-9]+)$" | |
| :supported-algorithms #{:eddsa :rs256} | |
| :token-type "JWT" | |
| :update-interval-ms 60000} | |
| :kind :composite | |
| :composite {:factory-fn waiter.auth.composite/composite-authenticator | |
| :authentication-providers {"one-user" {:factory-fn waiter.auth.authentication/one-user-authenticator | |
| :run-as-user #config/env "USER"}} | |
| ;; The authentication scheme to use if one is not specified | |
| :default-authentication-provider "one-user"} | |
| :one-user {:run-as-user "johndoe"}} | |
| :cluster-config {:name "c9091" | |
| :service-prefix "w9091-"} | |
| :cors-config {:kind :patterns | |
| :patterns {:factory-fn waiter.cors/pattern-based-validator | |
| :allowed-origins [#config/regex "^.*$"]} | |
| :max-age 3600} | |
| :host "127.0.0.1" | |
| ;;:hostname ["127.0.0.1" "localhost" "waiter.localtest.me" "waiter-9091.localtest.me"] | |
| :instance-request-properties {:client-connection-idle-timeout-ms 20000} | |
| :kv-config {:kind :file | |
| :file {:factory-fn waiter.kv/new-file-based-kv-store | |
| :target-file "kv-store/store-9091.bin"}} | |
| :port 9091 | |
| :profile-config {"kitchen" {:defaults {"cmd" "/Users/johndoe/projects/github-projects/twosigma-waiter/containers/test-apps/kitchen/bin/kitchen -p $PORT0", | |
| "concurrency-level" 120 | |
| "cpus" 0.1, | |
| "fallback-period-secs" 300, | |
| "grace-period-secs" 120, | |
| "health-check-url" "/status", | |
| "idle-timeout-mins" 10, | |
| "mem" 256, | |
| "metric-group" "waiter_test", | |
| "min-instances" 1, | |
| "name" "kitchen-profile", | |
| "version" "v20200423"}} | |
| "webapp" {:defaults {"concurrency-level" 120 | |
| "cpus" 1 | |
| "fallback-period-secs" 900 | |
| "load-balancing" "random"}}} | |
| :router-id-prefix "r9091" | |
| :scheduler-config {:kind :composite | |
| :composite {:factory-fn waiter.scheduler.composite/create-composite-scheduler | |
| :components {:shell-high {:factory-fn waiter.scheduler.shell/shell-scheduler | |
| :backup-file-name "backup-high-9091.json" | |
| :failed-instance-retry-interval-ms 5000 | |
| :health-check-interval-ms 10000 | |
| :health-check-timeout-ms 200 | |
| :port-grace-period-ms 120000 | |
| :port-range [10500 10999] | |
| :work-directory "scheduler/shell-high"} | |
| :shell-low {:factory-fn waiter.scheduler.shell/shell-scheduler | |
| :backup-file-name "backup-low-9091.json" | |
| :failed-instance-retry-interval-ms 5000 | |
| :health-check-interval-ms 10000 | |
| :health-check-timeout-ms 200 | |
| :port-grace-period-ms 120000 | |
| :port-range [10000 10199] | |
| :work-directory "scheduler/shell-low"}} | |
| :default-scheduler :shell-high}} | |
| :scheduler-gc-config {:scheduler-gc-broken-service-interval-ms 15000 | |
| :scheduler-gc-interval-ms 15000} | |
| :server-options {:http2? true | |
| :keystore "/Users/johndoe/projects/github-projects/temp/john20200428-keystore.p12" | |
| :keystore-type "pkcs12" | |
| :key-password "john" | |
| :ssl-port 9081} | |
| :waiter-principal "john@waiter.com" | |
| :zookeeper {:base-path "/waiter-c1" | |
| :connect-string :in-process}} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ rm -rf kv-store/ log/ scheduler/ ; lein do clean, compile, run resources/config.edn |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| WAITER_TEST_JWT_ACCESS_TOKEN_URL=http://127.0.0.1:8080/get-token?host\={HOST} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment