Overview
A number of the services have different configuration values which can be changed. For each services here are the following configuration values you may wish to change.
How to update configuration
The configuration values can be changed by setting helm chart values while deploying the helm chart using --set configuration.<Configuration Key>=<Configuration value>
.
For example, to set ASPNETCORE_SHUTDOWNTIMEOUTSECONDS
value to 90 seconds and set RATELIMITING__MaxMessageCount
value to 300 messages, the helm command looks like below -
helm upgrade --install cdrplatform-sync-api cdrplatform-sync-api \
--set configuration.ASPNETCORE_SHUTDOWNTIMEOUTSECONDS=90 \
--set configuration.RATELIMITING__MaxMessageCount=300
API Access
Configuration Key |
Description |
Valid Values |
ASPNETCORE_SHUTDOWNTIMEOUTSECONDS |
Specifies the amount of time to wait for Web Host to shut down. |
Any valid integer |
AuthenticationScheme |
Authentication Scheme for the API Access. |
None, Bearer, Basic |
Authentication__Schemes__Bearer__ValidAudiences__0 |
Valid audience for API Access when AuthenticationScheme is set to Bearer |
Any valid string ( e.g. api://cdrplatform-api-access) |
Authentication__Schemes__Bearer__ValidIssuer |
Valid Issuer when AuthenticationScheme is set to Bearer |
https://sts.windows.net/\<tenant-id>/ |
Authentication__Schemes__Bearer__Authority |
Authority for the API Access when AuthenticationScheme is set to Bearer |
https://login.microsoftonline.com/\<tenant-id>/v2.0/ |
CLIENTS__Policy__BaseAddress |
The base URL the proxy Policy Management API requests to |
http://policy-api:8080 |
CLIENTS__License__BaseAddress |
The base URL the proxy License Management API requests to |
http://license-management.license-management.svc.cluster.local:8080 |
CLIENTS__SyncApi__BaseAddress |
The base URL the proxy Sync API requests to |
http://api:8080 |
CLIENTS__AsyncApi__BaseAddress |
The base URL the proxy Async API requests to |
http://async-api:8080 |
CLIENTS__IcapProfile__BaseAddress |
The base URL to proxy ICAP Profile Management requests to |
http://policy-api:8080 |
Sync API
Configuration Key |
Description |
Valid Values |
ASPNETCORE_SHUTDOWNTIMEOUTSECONDS |
Specifies the amount of time to wait for Web Host to shut down. |
Any valid integer |
RATELIMITING__MaxMessageCount |
The max number of messages allowed on the request queue before rate limiting kicks in |
Any valid integer |
ARCHIVE__MaxLevel |
Maximum layers of nested archives that will be processed |
Positive integer |
ARCHIVE__MaxFileCount |
Maximum file count allowed in an archive before failure |
Positive integer |
ARCHIVE__MaxArchiveCount |
Maximum nested archive count allowed in an archive before failure |
Positive integer |
ARCHIVE__MaxUnpackedSizeBytes |
Maximum allowed size of unpacked files from an archive before failure |
Positive integer (in bytes) |
Engine
Configuration Key |
Description |
Valid Values |
DOTNET_SHUTDOWNTIMEOUTSECONDS |
Specifies the amount of time to wait for Host to shut down. |
Any valid integer |
QUEUE__RetryLimit |
Specifies the amount of times to retry Async requests |
Any valid integer |
ReversingLabs__Endpoint |
ReversingLabs File Reputation API endpoint. |
https://data.reversinglabs.com/api/databrowser/malware_presence/query |
ReversingLabs__Timeout |
Timeout in seconds used when contacting the ReversingLabs File Reputation API (defaults to 100 seconds). |
Any valid integer |
Report Aggregator
Configuration Key |
Description |
Valid Values |
DOTNET_SHUTDOWNTIMEOUTSECONDS |
Specifies the amount of time to wait for Host to shut down. |
Any valid integer |
SINKS |
A semi-colon delimited list of configured report sinks |
azure, s3, file |
AZURE__ContainerName |
Specifies the name of the azure sink container for the reports to be placed in |
Any valid blob container name |
AZURE__ConnectionString |
Specifies the connection string of the azure sink container for the reports to be placed in |
Any valid connection string |
S3SINK__AccessKey |
S3 access key for the report sink |
A valid string |
S3SINK__SecretKey |
S3 secret key for the report sink |
A valid string |
S3SINK__Bucket |
S3 bucket for the report sink |
A valid string |
S3SINK__Endpoint |
S3 endpoint for the report sink |
A valid string |
FILESINK__Path |
Specifies the file path of the local disk for the reports to be placed in if the file sink is configured |
Any valid path |
GenerateReport |
Generate reports and save them in the sink before forwarding to the cleanup-requests queue. Please note, If this config item is set to false , the SINKS config item will need to be removed to prevent the report aggregator from attempting to connect to the report sinks. |
true/false |
Portal Access
Configuration Key |
Description |
Valid Values |
AuthenticationScheme |
Authentication Scheme for the Portal Access API |
None, Bearer |
Authentication__Schemes__Bearer__ValidAudiences__0 |
Valid audience for Portal Access API |
Any valid string (e.g. api://cdrplatform-portal-access) |
Authentication__Schemes__Bearer__ValidIssuer |
Valid issuer for the Portal Access API |
https://sts.windows.net/<tenant-id>/ |
Authentication__Schemes__Bearer__Authority |
Authority for the Portal Access API |
https://login.microsoftonline.com/<tenant-id>/v2.0/ |
REBUILD__RequireAuthenticatedUser |
Determines whether users must be authenticated to perform rebuild requests. Defaults to false. |
true/false |
Portal
Configuration Key |
Description |
Valid Values |
BackendUrl |
Domain of the Glasswall Halo API |
https://<domain-name> (A valid string) |
OIDC.ProviderOptions.Authority |
Authority for the Portal service |
https://login.microsoftonline.com/<tenant-id>/v2.0 |
OIDC.ProviderOptions.ClientId |
Client ID of the Portal App registration (cdrplatform-portal-client) |
A valid string |
OIDC.ProviderOptions.RedirectUri |
Redirect URI after SSO Login |
https://<domain-name>/authentication/login-callback |
OIDC.ProviderOptions.PostLogoutRedirectUri |
Redirect URI after Logout |
https://<domain-name>/authentication/logout-callback |
REBUILD.RequireAuthenticatedUser |
Determines whether users must be authenticated to access the "Clean a file" page. Defaults to false. |
true/false |
License Management
Configuration Key |
Description |
Valid Values |
ASPNETCORE_SHUTDOWNTIMEOUTSECONDS |
Specifies the amount of time to wait for Web Host to shut down. |
Any valid integer |
DATABASE__Provider |
The database provider used for caching purposes |
Mongo / Cosmos |
DATABASE__DatabaseName |
The name of the database which will be created in Mongo / Cosmos |
A valid string depending on provider |
DATABASE__ConnectionString |
Connection string to the Mongo or Cosmos database |
A valid connection string for the configured provider |
Cleanup
Configuration Key |
Description |
Valid Values |
DOTNET_SHUTDOWNTIMEOUTSECONDS |
Specifies the amount of time to wait for Host to shut down. |
Any valid integer |
CleanupAmount |
Specifies the amount of files to clean up per cron job. This can be set via --set cron.CleanupAmount=5000 |
Any valid integer |
maxAge |
Specifies the max age of files to keep in storage. This can be set via --set cron.maxAge=01.00:00:00 |
Any valid Timespan |
schedule |
Specifies the cron schedule for the cleanup cron job to run on. This can be set via --set cron.schedule=0 */1 * * * |
Any valid cron schedule expression |
ICAP
Configuration Key |
Description |
Valid Values |
ASPNETCORE_SHUTDOWNTIMEOUTSECONDS |
Specifies the amount of time to wait for Host to shut down. |
Any valid integer |
ICAP__ServiceHeader |
An Identifier that gets inserted into ICAP headers. |
Any valid string, defaults to 'Glasswall ICAP Server 1.0"' |
ICAP__OptionsTTL |
The amount of time in seconds which an ICAP options response sent by the server is valid to the icap client. |
Any valid integer that the icap client supports |
CACHE__MaxSizeInMb |
The amount of data in megabytes which the ICAP server will store inside its cache for rebuilt files |
Defaults to 1Gb "1000" |
DATABASE__Provider |
The database provider used for caching purposes |
Mongo / Cosmos |
DATABASE__DatabaseName |
The name of the database which will be created in Mongo / Cosmos |
A valid string depending on provider |
DATABASE__ConnectionString |
Connection string to the Mongo or Cosmos database |
A valid connection string for the configured provider |
CERTIFICATE__VerificationFlags |
Flags used to customize certificate chain verification in the ICAP server. Please see X509VerificationFlags for an explanation of the verification flags. |
A valid integer within the enum range |
Async API
Configuration Key |
Description |
Valid Values |
ASPNETCORE_SHUTDOWNTIMEOUTSECONDS |
Specifies the amount of time to wait for Web Host to shut down. |
Any valid integer |
ARCHIVE__MaxLevel |
Maximum layers of nested archives that will be processed more info |
Positive integer |
ARCHIVE__MaxFileCount |
Maximum file count allowed in an archive before failure more info |
Positive integer |
ARCHIVE__MaxArchiveCount |
Maximum nested archive count allowed in an archive before failure more info |
Positive integer |
ARCHIVE__MaxUnpackedSizeBytes |
Maximum allowed size of unpacked files from an archive before failure more info |
Positive integer (in bytes) |
DATABASE__Provider |
Specifies which Database provider to use when storing Async Requests |
Mongo , Cosmos (Defaults to Mongo ) |
DATABASE__DatabaseName |
The name of the database which will be created in Mongo / Cosmos |
A valid string depending on provider |
DATABASE__ConnectionString |
Connection string to the Mongo or Cosmos database |
A valid connection string for the configured provider |
QUEUE__MessageDelayInMs |
Time in Milliseconds before the result of an ASYNC request is cleaned up. This should be set lower than the maxAge Timespan of the Cleanup service. |
Any valid positive integer. The maximum value is (2^32)-1 milliseconds which is just under 50 days. |
Tally Accumulator
Configuration Key |
Description |
Valid Values |
DATABASE__Provider |
Specifies which Database provider to use when storing Async Requests |
Mongo , Cosmos (Defaults to Mongo ) |
DATABASE__DatabaseName |
The name of the database which will be created in Mongo / Cosmos |
A valid string depending on provider |
DATABASE__ConnectionString |
Connection string to the Mongo or Cosmos database |
A valid connection string for the configured provider |
Policy API
Configuration Key |
Description |
Valid Values |
DATABASE__Provider |
Specifies which Database provider to use when storing Async Requests |
Mongo , Cosmos (Defaults to Mongo ) |
DATABASE__DatabaseName |
The name of the database which will be created in Mongo / Cosmos |
A valid string depending on provider |
DATABASE__ConnectionString |
Connection string to the Mongo or Cosmos database |
A valid connection string for the configured provider |
Metrics Collation
Configuration Key |
Description |
Valid Values |
DATABASE__Provider |
Specifies which Database provider to use when storing Async Requests |
Mongo , Cosmos (Defaults to Mongo ) |
DATABASE__DatabaseName |
The name of the database which will be created in Mongo / Cosmos |
A valid string depending on provider |
DATABASE__ConnectionString |
Connection string to the Mongo or Cosmos database |
A valid connection string for the configured provider |
Metrics Projection
Configuration Key |
Description |
Valid Values |
DATABASE__Provider |
Specifies which Database provider to use when storing Async Requests |
Mongo , Cosmos (Defaults to Mongo ) |
DATABASE__DatabaseName |
The name of the database which will be created in Mongo / Cosmos |
A valid string depending on provider |
DATABASE__ConnectionString |
Connection string to the Mongo or Cosmos database |
A valid connection string for the configured provider |