forked from spotify/styx
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstyx-standalone.conf
73 lines (58 loc) · 2.68 KB
/
styx-standalone.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
styx.mode = "production"
# ttls for stale states in ISO-8601 duration format
styx.stale-state-ttls = {
new = "PT1M"
creating = "PT1M"
submitted = "PT10M"
running = "PT24H"
terminated = "PT1M"
failed = "PT1M"
awaiting_retry = "PT8H"
# applies to all other states
default = "P2D"
}
# gke cluster
styx.gke.default.project-id = ""
styx.gke.default.cluster-zone = ""
styx.gke.default.cluster-id = ""
styx.gke.default.namespace = ""
# k8s request timeout in ms
styx.k8s.request-timeout = 60000
# bigtable instance
styx.bigtable.project-id = ""
styx.bigtable.instance-id = ""
# datastore config
styx.datastore.project-id = ""
styx.datastore.namespace = ""
# configuration for http interface
http.server.port = 8080
http.server.port = ${?HTTP_PORT}
# styx environment that will be injected into container as environment variable STYX_ENVIRONMENT
styx.environment = "production"
# A white list of domains whose users should be granted access to perform non-GET requests against the Styx API.
styx.authentication.domain-whitelist = [
# "foo.com",
# "bar.com",
]
# A white list of GCP Organizations, folders and projects whose service accounts should be granted
# access to perform non-GET requests against the Styx API. Access is hierarchically inherited.
styx.authentication.resource-whitelist = [
# { type: "organization", id: "foo-4711" },
# { type: "folder", id: "bar-4711" },
# { type: "project", id: "baz-4711" },
]
# The role that a principal should have either on the workflow service account or in the
# gcp project of the workflow service account in order to be allowed to create/modify a workflow using it.
# If unset, authenticated users can use any service account in their workflows.
# styx.authorization.service-account-user-role = "organizations/3141592/roles/StyxWorkflowServiceAccountUser"
# The GSuite user that should be impersonated when making GSuite Directory API requests.
# Required if styx.authorization.service-account-user-role is set.
# styx.authorization.gsuite-user = gsuite-admin-user@example.com
# Whether styx should require authorization for all workflows. Default: false.
# styx.authorization.require.all = false
# A list of workflows that require authorization. Has no effect if authorization for all
# workflows is enabled using `styx.authorization.require.all = true`.
# styx.authorization.require.workflows = ["component#workflow-id"]
# A message to include in the 403 Forbidden response to user requests that fail authorization. Can be used to
# E.g. refer to organization-specific documentation on how users can set up authorization.
# styx.authorization.message = "See instructions at https://example.com/docs/styx/auth."