- All secrets and configuration settings are handled through environment variables
- There is an example.env provided to ease the configuration process
- Command line flags are available for config that is only needed at startup, they take precedence over the environment variables when used.
- Other configs are defined through env variables so that they can be modified without restarting the server.
- Here is the resolution order:
- Flag, where option is available and used
- Environment variable
- Default value, where available
- If auth is enabled some or all routes are protected based on env variable
AUTH_LEVELsettings. - The middleware validate and parse JWT to verify
X-ProcessAPI-User-Emailheader and injectX-ProcessAPI-User-Rolesheader. - A user can use tools like Postman to set these headers themselves, but if auth is enabled, they will be checked against the token. This setup allows adding submitter info to the database when auth is not enabled.
- I auth is enabled
X-ProcessAPI-User-Emailheader is mandatory. - Requests from Service Role will not be verified for
X-ProcessAPI-User-Email. - Only service_accounts can post callbacks
- Requests from Admin Role are allowed to execute all processes, non-admins must have the role with same name as
processIDto execute that process. - Requests from Admin Role are allowed to retrieve all jobs information, non admins can only retrieve information for jobs that they submitted.
- Only admins can add/update/delete processes.
- The behavior of logging is unknown for AWS Batch processes with job definitions having number of attempts more than 1.