-
Notifications
You must be signed in to change notification settings - Fork 3
/
enduro.toml
259 lines (221 loc) · 8.44 KB
/
enduro.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
# This is the configuration file valid for the development environment.
debug = true
debugListen = "127.0.0.1:9001"
verbosity = 2
[temporal]
namespace = "default"
address = "temporal.enduro-sdps:7233"
taskQueue = "global"
[internalapi]
listen = "0.0.0.0:9002"
debug = false
[api]
listen = "0.0.0.0:9000"
debug = false
corsOrigin = "http://localhost"
[api.auth]
# Enable API authentication. OIDC is the only protocol supported at the
# moment. When enabled the API verifies the access token submitted with
# each request. The API client is responsible for obtaining an access
# token from the provider.
enabled = true
[api.auth.oidc]
# OIDC provider URL. Required when auth. is enabled.
providerURL = "http://keycloak:7470/realms/artefactual"
# OIDC client ID. The client ID must be included in the `aud` claim of
# the access token. Required when auth. is enabled.
clientID = "enduro"
# Do not check if the `email_verified` claim is present and set to `true`.
skipEmailVerifiedCheck = false
[api.auth.oidc.abac]
# Enable Attribute Based Access Control (ABAC). If enabled, the API will
# check a configurable multivalue claim against required attributes based
# on each endpoint configuration.
enabled = true
# Claim path of the Enduro attributes within the access token. If the claim
# path is nested then include all fields separated by `claimPathSeparator`
# (see below). E.g. "attributes.enduro" with `claimPathSeparator = "."`.
# Required when ABAC is enabled.
claimPath = "enduro"
# Separator used to split the claim path fields. The default value of "" will
# try to match the claim path as-is to a top-level field from the access token.
claimPathSeparator = ""
# Add a prefix to filter the values of the configured claim. If the claim
# contains values unrelated to Enduro's ABAC, the values relevant to Enduro
# should be prefixed so they are the only values used for access control.
# For example, a claim with values ["enduro:*", "unrelated"] will be filtered
# to a value of ["*"] when `claimValuePrefix = "enduro:"`. The default "" will
# not filter any value.
claimValuePrefix = ""
# Consider the values obtained from the claim as roles and use the `rolesMapping`
# config below to map them to Enduro attributes.
useRoles = false
# A JSON formatted string specifying a mapping from expected roles to Enduro
# attributes. JSON format:
# {
# "role1": ["attribute1", "atrribute2"],
# "role2": ["attribute1", "atrribute2", "attribute3", "atrribute4"]
# }
# Example:
# rolesMapping = '{"admin": ["*"], "operator": ["package:list", "package:listActions", "package:move", "package:read", "package:upload"], "readonly": ["package:list", "package:listActions", "package:read"]}'
rolesMapping = ""
[api.auth.ticket.redis]
address = "redis://redis.enduro-sdps:6379"
prefix = "enduro"
[database]
driver = "mysql"
dsn = "enduro:enduro123@tcp(mysql.enduro-sdps:3306)/enduro"
migrate = true
[event]
redisAddress = "redis://redis.enduro-sdps:6379"
redisChannel = "enduro-events"
[extractActivity]
dirMode = "0o700"
fileMode = "0o600"
[validatePremis]
enabled = true
xsdPath = "/home/enduro/premis.xsd"
[watcher.embedded]
name = "dev-minio"
redisAddress = "redis://redis.enduro-sdps:6379"
redisList = "minio-events"
endpoint = "http://minio.enduro-sdps:9000"
pathStyle = true
key = "minio"
secret = "minio123"
region = "us-west-1"
bucket = "sips"
stripTopLevelDir = true
[storage]
enduroAddress = "enduro.enduro-sdps:9002"
# defaultPermanentLocationId is the UUID of the storage location used for
# permanent AIP storage in the "auto-approve" processing workflow. The value of
# "f2cc963f-c14d-4eaa-b950-bd207189a1f1" represents the first permanent location
# defined in the mysql-create-locations-job.yaml Kubernetes manifest.
defaultPermanentLocationId = "f2cc963f-c14d-4eaa-b950-bd207189a1f1"
[storage.database]
driver = "mysql"
dsn = "enduro:enduro123@tcp(mysql.enduro-sdps:3306)/enduro_storage"
migrate = true
[storage.internal]
endpoint = "http://minio.enduro-sdps:9000"
pathStyle = true
key = "minio"
secret = "minio123"
region = "us-west-1"
bucket = "aips"
# Change the taskqueue setting to your prefered preservation system, by default it is a3m.
[preservation]
taskqueue = "a3m"
[a3m]
address = "127.0.0.1:7000"
shareDir = "/home/a3m/.local/share/a3m/share"
# capacity limits the number of transfers a worker can process at one time
# (default: 1)
capacity = 1
[a3m.processing]
AssignUuidsToDirectories = true
ExamineContents = true
GenerateTransferStructureReport = true
DocumentEmptyDirectories = true
ExtractPackages = true
DeletePackagesAfterExtraction = true
IdentifyTransfer = true
IdentifySubmissionAndMetadata = true
IdentifyBeforeNormalization = true
Normalize = true
TranscribeFiles = true
PerformPolicyChecksOnOriginals = true
PerformPolicyChecksOnPreservationDerivatives = true
AipCompressionLevel = 1
AipCompressionAlgorithm = 6
[am]
address = ""
user = "" # Secret: set with env var ENDURO_AM_USER.
apiKey = "" # Secret: set with env var ENDURO_AM_APIKEY.
processingConfig = "automated"
# capacity limits the number of transfers a worker can process at one time
# (default: 1)
capacity = 1
# pollInterval is the time to wait between AM polling requests in a string
# format compatible with https://pkg.go.dev/time#ParseDuration (Default: 10s).
pollInterval = "10s"
# transferDeadline is the maximum time to wait for a transfer to complete in a
# format compatible with https://pkg.go.dev/time#ParseDuration. Set to "0" for
# no time limit.
transferDeadline = "1h"
# transferSourcePath is the path to an Archivematica transfer source directory.
# It is used in the POST /api/v2beta/package "path" parameter to start a
# transfer via the API. TransferSourcePath must be prefixed with the UUID of an
# AMSS transfer source directory, optionally followed by a relative path from
# the source dir (e.g. "749ef452-fbed-4d50-9072-5f98bc01e52e:sftp_upload"). If
# no transferSourcPath is specified, the default transfer source path will be
# used.
transferSourcePath = ""
[am.sftp]
host = "" # The Archivematica Storage Service hostname.
port = ""
user = ""
# knownHostsFile is the absolute path to a local SSH "known_hosts" file that
# includes a public host key for the AM SFTP server.
# Default: "/home/[user]/.ssh/known_hosts" (where [user] is your local user).
knownHostsFile = ""
# remoteDir is the directory path, relative to the SFTP root directory, where
# PIPs should be uploaded.
remoteDir = ""
[am.sftp.privateKey]
path = ""
passphrase = "" # Secret: set (if required) with env var ENDURO_AM_SFTP_PRIVATEKEY_PASSPHRASE.
[upload]
# maxSize is the maximum upload size allowed by the server in bytes.
# Default: 102400000.
maxSize = 102400000
# upload.bucket section configures a bucket where the files will be placed.
# Make sure it matches the configuration from one of the watchers to trigger
# the processing workflow after upload.
[upload.bucket]
endpoint = "http://minio.enduro-sdps:9000"
pathStyle = true
accessKey = "minio"
secretKey = "minio123"
region = "us-west-1"
bucket = "sips"
[telemetry.traces]
enabled = false
address = ""
samplingRatio = 1.0
# Optional preprocessing child workflow configuration.
[preprocessing]
# enabled triggers the execution of the child workflow, when set to false all other
# options are ignored.
enabled = false
# extract determines if the package extraction happens on the child workflow.
extract = false
# sharedPath is the full path to the directory used to share the package between workflows,
# required when enabled is set to true.
sharedPath = "/home/enduro/preprocessing"
# Temporal configuration to trigger the preprocessing child workflow, all fields are
# required when enabled is set to true.
[preprocessing.temporal]
namespace = "default"
taskQueue = "preprocessing"
workflowName = "preprocessing"
# Temporal configurations to trigger poststorage child workflows, allows multiple sections.
# [[poststorage]]
# namespace = "default"
# taskQueue = "poststorage"
# workflowName = "poststorage"
[failedSips]
endpoint = "http://minio.enduro-sdps:9000"
pathStyle = true
accessKey = "minio"
secretKey = "minio123"
region = "us-west-1"
bucket = "failed-sips"
[failedPips]
endpoint = "http://minio.enduro-sdps:9000"
pathStyle = true
accessKey = "minio"
secretKey = "minio123"
region = "us-west-1"
bucket = "failed-pips"