Skip to content

Latest commit

 

History

History
127 lines (106 loc) · 11.2 KB

CONFIGURATION.md

File metadata and controls

127 lines (106 loc) · 11.2 KB

Configuration

Terralist supports multiple types of configuration:

  • CLI arguments Set the option by passing it with the -- prefix on the CLI command (e.g. --port).
  • Environment Variable Any option can be set using an environment variable. To do such, replace any dash (-) with an underscore (_), uppercase everything and add the TERRALIST_ prefix (e.g. TERRALIST_PORT).
  • Configuration File Set all options you want to a configuration file, then pass the path to the configuration file using the config option (--config argument or TERRALIST_CONFIG environment variable).
    Supported file formats: JSON, TOML, YAML, HCL, INI, envfile and Java Properties files.
    E.g. (YAML):
    port: 5758
    
    log-level: debug

It is also possible to mix those types.

Terralist also supports reading the environment at run-time. For example, if you only know the port value at run-time (e.g. you are running on Heroku), you can set the TERRALIST_PORT environment variable to ${PORT}; this instruction will inform Terralist to read the value, at run-time, from the environment variable called PORT. It is also possible to set a default value, in case the given one is not present, by using a colon (:), example: ${PORT:5758}.

Options

Name Type Required Default Description
config string no n/a Path to YAML config file where flag values are set.
log-level string no info The log level.
port int no 5758 The port to bind to.
url string no http://localhost:5758 The URL that Terralist is accessible from.
cert-file string no n/a The path to the certificate file (pem format).
key-file string no n/a "The path to the certificate key file (pem format).
token-signing-secret string yes n/a The secret to use when signing authorization tokens.
oauth-provider string yes n/a The OAuth 2.0 provider (github, bitbucket, gitlab, oidc).
gh-client-id string no n/a The GitHub OAuth Application client ID.
gh-client-secret string no n/a The GitHub OAuth Application client secret.
gh-organization string no n/a The GitHub organization to use for user validation.
bb-client-id string no n/a The BitBucket OAuth Application client ID.
bb-client-secret string no n/a The BitBucket OAuth Application client secret.
bb-workspace string no n/a The BitBucket workspace to use for user validation.
gl-client-id string no n/a The GitLab OAuth Application client ID.
gl-client-secret string no n/a The Gitlab OAuth Application client secret.
gl-host string no gitlab.com The (self hosted) GitLab host to use. E.g. gitlab.mycompany.com:8443
oi-client-id string no n/a The OpenID Connect client ID.
oi-client-secret string no n/a The OpenID Connect client secret.
oi-authorize-url string no n/a The url to OpenID Connect authorization endpoint. E.g. https://login.mycompany.com/auth/realms/developer/protocol/openid-connect/auth
oi-token-url string no n/a The url to OpenID Connect token endpoint. E.g. https://login.mycompany.com/auth/realms/developer/protocol/openid-connect/token
oi-userinfo-url string no n/a The url to OpenID Connect userinfo endpoint. E.g. https://login.mycompany.com/auth/realms/developer/protocol/openid-connect/userinfo
oi-scope string no openid email The OpenID Connect scope requested during authorization to ensure to get claims sub and email.
database-backend string no sqlite The database backend.
postgres-url string no n/a The URL that can be used to connect to PostgreSQL database.
postgres-host string no n/a The host where the PostgreSQL database can be found.
postgres-port int no n/a The port on which the PostgreSQL database listens.
postgres-username string no n/a The username that can be used to authenticate to PostgreSQL database.
postgres-password string no n/a The password that can be used to authenticate to PostgreSQL database.
postgres-database string no n/a The schema name on which application data should be stored.
mysql-url string no n/a The URL that can be used to connect to MySQL database.
mysql-host string no n/a The host where the MySQL database can be found.
mysql-port int no n/a The port on which the MySQL database listens.
mysql-username string no n/a The username that can be used to authenticate to MySQL database.
mysql-password string no n/a The password that can be used to authenticate to MySQL database.
mysql-database string no n/a The schema name on which application data should be stored.
sqlite-path string no n/a The path to the SQLite database.
session-store string no cookie The session store backend.
cookie-secret string no n/a The secret to use for cookie encryption.
modules-storage-resolver string no proxy The modules storage resolver.
providers-storage-resolver string no proxy The providers storage resolver.
modules-anonymous-read bool no false Allows anonymous read and download of modules.
providers-anonymous-read bool no false Allows anonymous read and download of providers.
s3-bucket-name string no n/a The S3 bucket name.
s3-bucket-region string no n/a The S3 bucket region.
s3-bucket-prefix string no n/a A prefix to be added to the S3 bucket keys.
s3-presign-expire int no 15 The number of minutes after which the presigned URLs should expire.
s3-access-key-id string no n/a The AWS access key ID to access the S3 bucket.
s3-secret-access-key string no n/a The AWS secret access key to access the S3 bucket.
local-store string no ~/.terralist.d The path to a directory in which Terralist can store files.
azure-account-name string no n/a The Azure account name.
azure-account-key string no n/a The Azure account key.
azure-container-name string no n/a The Azure container name.
azure-sas-expire int no 15 The number of minutes after which the Azure Shared Access Signature(SAS) should expire.

Example config file

# Try to read PORT from the environment variable, and if it's missing,
# fallback to 5758
port: "${PORT:5758}"

log-level: "debug"

oauth-provider: "github"
gh-client-id: "<< YOUR_CLIENT_ID >>"
gh-client-secret: "<< YOUR_CLIENT_SECRET >>"
# gh-organization is optional, you can set it to restrict access to the registry
# only to members of your GitHub organization
gh-organization: "<< YOUR_GH_ORGANIZATION >>"

token-signing-secret: "<< ANY_RANDOM_STRING_SECRET >>"

database-backend: "sqlite"
sqlite-path: "terralist.db"

# database-backend: "postgresql"
# postgres-url: "${DATABASE_URL:postgres://admin:admin@localhost:5678/public}"

# database-backend: "mysql"
# mysql-url: "admin:admin@tcp(localhost:3306)/terralist"

modules-storage-resolver: "s3" # or "azure"
providers-storage-resolver: "proxy"

s3-bucket-name: "<< YOUR_S3_BUCKET_NAME >>"
s3-bucket-region: "<< S3_BUCKET_REGION >>"
s3-access-key-id: "<< YOUR_ACCESS_KEY_ID >>"
s3-secret-access-key: "<< YOUR_SECRET_ACCESS_KEY >>"

# azure-account-name: "Globally unique name of your storage account"
# azure-container-name: "Name of the container in the storage account"
# azure-account-key: "Access key of the storage account" # If not using DefaultAzureCredentials
# azure-sas-expire: 45 # The number of minutes after which the SAS should expire.


# local-store: "~/.terralist.d"

session-store: "cookie"

cookie-secret: "<< ANY_RANDOM_STRING_SECRET>>"