-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapplication.yaml.example
More file actions
183 lines (151 loc) · 8.22 KB
/
application.yaml.example
File metadata and controls
183 lines (151 loc) · 8.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
# NetScope gRPC v2.0 - Complete Configuration Example
# Copy this file to your application.yaml and customize as needed
netscope:
server:
# ═══════════════════════════════════════════════════════════════
# gRPC Server Configuration
# ═══════════════════════════════════════════════════════════════
grpc:
# Enable/disable gRPC server
enabled: true
# gRPC server port
port: 9090
# Maximum inbound message size in bytes (default: 4MB)
maxInboundMessageSize: 4194304
# Maximum concurrent calls per connection
maxConcurrentCallsPerConnection: 100
# Keep-alive time in seconds (0 = disabled)
keepAliveTime: 300
# Keep-alive timeout in seconds
keepAliveTimeout: 20
# Permit keep-alive without calls
permitKeepAliveWithoutCalls: false
# Maximum connection idle time in seconds (0 = infinite)
maxConnectionIdle: 0
# Maximum connection age in seconds (0 = infinite)
maxConnectionAge: 0
# Enable gRPC server reflection (for grpcurl, Postman, etc.)
enableReflection: true
# ═══════════════════════════════════════════════════════════════
# OAuth 2.0 Security Configuration
# ═══════════════════════════════════════════════════════════════
security:
# Enable/disable OAuth 2.0 authentication
enabled: true
# JWT issuer URL (must match the 'iss' claim in tokens)
issuerUri: https://auth.example.com
# JWK Set URI for token validation (JWKS endpoint)
jwkSetUri: https://auth.example.com/.well-known/jwks.json
# Expected audiences (must match 'aud' claim in tokens)
audiences:
- https://api.example.com
- my-api-audience
# Token validation cache duration in seconds
# Caches successful validations to reduce load on auth server
tokenCacheDuration: 300
# Clock skew allowance in seconds (for exp/nbf validation)
clockSkew: 60
# Allow public methods without authentication
# Set to false to require authentication for ALL methods
allowPublicMethods: true
# Require HTTPS for token validation (recommended for production)
requireHttps: false
# ═══════════════════════════════════════════════════════════════
# Service Discovery Configuration
# ═══════════════════════════════════════════════════════════════
discovery:
# Enable automatic service discovery
enabled: true
# Base packages to scan for network-exposed methods
# Leave empty to scan all packages
basePackages:
- com.example.service
- com.example.api
# Include method parameter names in documentation
includeParameterNames: true
# Include return types in documentation
includeReturnTypes: true
# ═══════════════════════════════════════════════════════════════
# Application Logging Configuration
# ═══════════════════════════════════════════════════════════════
logging:
level:
# NetScope debug logging
org.fractalx.netscope.server: INFO
# gRPC logging
io.grpc: WARN
# Suppress harmless HTTP/2 transport errors (from Postman, browsers)
io.grpc.netty.shaded.io.netty.handler.codec.http2: ERROR
# Your application logging
com.example: DEBUG
# ═══════════════════════════════════════════════════════════════
# Example Configurations for Different OAuth Providers
# ═══════════════════════════════════════════════════════════════
# ─────────────────────────────────────────────────────────────
# Keycloak Configuration
# ─────────────────────────────────────────────────────────────
#netscope:
# server:
# security:
# issuerUri: https://keycloak.example.com/realms/myrealm
# jwkSetUri: https://keycloak.example.com/realms/myrealm/protocol/openid-connect/certs
# audiences:
# - account
# ─────────────────────────────────────────────────────────────
# Auth0 Configuration
# ─────────────────────────────────────────────────────────────
#netscope:
# server:
# security:
# issuerUri: https://your-tenant.auth0.com/
# jwkSetUri: https://your-tenant.auth0.com/.well-known/jwks.json
# audiences:
# - https://your-api.example.com
# ─────────────────────────────────────────────────────────────
# Azure AD Configuration
# ─────────────────────────────────────────────────────────────
#netscope:
# server:
# security:
# issuerUri: https://login.microsoftonline.com/{tenant-id}/v2.0
# jwkSetUri: https://login.microsoftonline.com/{tenant-id}/discovery/v2.0/keys
# audiences:
# - api://{client-id}
# ─────────────────────────────────────────────────────────────
# Development Mode (Security Disabled)
# WARNING: Only use in development/testing!
# ─────────────────────────────────────────────────────────────
#netscope:
# server:
# security:
# enabled: false
# ─────────────────────────────────────────────────────────────
# Production Optimized Configuration
# ─────────────────────────────────────────────────────────────
#netscope:
# server:
# grpc:
# port: 9090
# maxInboundMessageSize: 10485760 # 10MB
# maxConcurrentCallsPerConnection: 200
# keepAliveTime: 300
# keepAliveTimeout: 20
# maxConnectionIdle: 600
# maxConnectionAge: 3600
# enableReflection: false # Disable in production
# security:
# enabled: true
# issuerUri: https://auth.production.com
# jwkSetUri: https://auth.production.com/.well-known/jwks.json
# audiences:
# - https://api.production.com
# tokenCacheDuration: 300
# clockSkew: 30
# requireHttps: true
# discovery:
# basePackages:
# - com.mycompany.api
#logging:
# level:
# org.fractalx.netscope.server: WARN
# io.grpc: ERROR