Configuration Changes

Prev Next

Overview

A number of the services have different configuration values which can be changed. For each services here are the following configuration values you may wish to change.

How to update configuration

The configuration values can be changed by setting helm chart values while deploying the helm chart using --set configuration.<Configuration Key>=<Configuration value>.
For example, to set ASPNETCORE_SHUTDOWNTIMEOUTSECONDS value to 90 seconds and set RATELIMITING__MaxMessageCount value to 300 messages, the helm command looks like below -

helm upgrade --install cdrplatform-sync-api cdrplatform-sync-api \
--set configuration.ASPNETCORE_SHUTDOWNTIMEOUTSECONDS=90 \
--set configuration.RATELIMITING__MaxMessageCount=300

API Access

Configuration Key Description Valid Values
ASPNETCORE_SHUTDOWNTIMEOUTSECONDS Specifies the amount of time to wait for Web Host to shut down. Any valid integer
AuthenticationScheme Authentication Scheme for the API Access. None, Bearer, Basic
Authentication__Schemes__Bearer__ValidAudiences__0 Valid audience for API Access when AuthenticationScheme is set to Bearer Any valid string ( e.g. api://cdrplatform-api-access)
Authentication__Schemes__Bearer__ValidIssuer Valid Issuer when AuthenticationScheme is set to Bearer https://sts.windows.net/\<tenant-id>/
Authentication__Schemes__Bearer__Authority Authority for the API Access when AuthenticationScheme is set to Bearer https://login.microsoftonline.com/\<tenant-id>/v2.0/
CLIENTS__Policy__BaseAddress The base URL the proxy Policy Management API requests to http://policy-api:8080
CLIENTS__License__BaseAddress The base URL the proxy License Management API requests to http://license-management.license-management.svc.cluster.local:8080
CLIENTS__SyncApi__BaseAddress The base URL the proxy Sync API requests to http://api:8080
CLIENTS__AsyncApi__BaseAddress The base URL the proxy Async API requests to http://async-api:8080
CLIENTS__IcapProfile__BaseAddress The base URL to proxy ICAP Profile Management requests to http://policy-api:8080

Sync API

Configuration Key Description Valid Values
ASPNETCORE_SHUTDOWNTIMEOUTSECONDS Specifies the amount of time to wait for Web Host to shut down. Any valid integer
RATELIMITING__MaxMessageCount The max number of messages allowed on the request queue before rate limiting kicks in Any valid integer
ARCHIVE__MaxLevel Maximum layers of nested archives that will be processed Positive integer
ARCHIVE__MaxFileCount Maximum file count allowed in an archive before failure Positive integer
ARCHIVE__MaxArchiveCount Maximum nested archive count allowed in an archive before failure Positive integer
ARCHIVE__MaxUnpackedSizeBytes Maximum allowed size of unpacked files from an archive before failure Positive integer (in bytes)

Engine

Configuration Key Description Valid Values
DOTNET_SHUTDOWNTIMEOUTSECONDS Specifies the amount of time to wait for Host to shut down. Any valid integer
QUEUE__RetryLimit Specifies the amount of times to retry Async requests Any valid integer
ReversingLabs__Endpoint ReversingLabs File Reputation API endpoint. https://data.reversinglabs.com/api/databrowser/malware_presence/query
ReversingLabs__Timeout Timeout in seconds used when contacting the ReversingLabs File Reputation API (defaults to 100 seconds). Any valid integer

Report Aggregator

Configuration Key Description Valid Values
DOTNET_SHUTDOWNTIMEOUTSECONDS Specifies the amount of time to wait for Host to shut down. Any valid integer
SINKS A semi-colon delimited list of configured report sinks azure, s3, file
AZURE__ContainerName Specifies the name of the azure sink container for the reports to be placed in Any valid blob container name
AZURE__ConnectionString Specifies the connection string of the azure sink container for the reports to be placed in Any valid connection string
S3SINK__AccessKey S3 access key for the report sink A valid string
S3SINK__SecretKey S3 secret key for the report sink A valid string
S3SINK__Bucket S3 bucket for the report sink A valid string
S3SINK__Endpoint S3 endpoint for the report sink A valid string
FILESINK__Path Specifies the file path of the local disk for the reports to be placed in if the file sink is configured Any valid path
GenerateReport Generate reports and save them in the sink before forwarding to the cleanup-requests queue. Please note, If this config item is set to false, the SINKS config item will need to be removed to prevent the report aggregator from attempting to connect to the report sinks. true/false

Portal Access

Configuration Key Description Valid Values
AuthenticationScheme Authentication Scheme for the Portal Access API None, Bearer
Authentication__Schemes__Bearer__ValidAudiences__0 Valid audience for Portal Access API Any valid string (e.g. api://cdrplatform-portal-access)
Authentication__Schemes__Bearer__ValidIssuer Valid issuer for the Portal Access API https://sts.windows.net/<tenant-id>/
Authentication__Schemes__Bearer__Authority Authority for the Portal Access API https://login.microsoftonline.com/<tenant-id>/v2.0/
REBUILD__RequireAuthenticatedUser Determines whether users must be authenticated to perform rebuild requests. Defaults to false. true/false

Portal

Configuration Key Description Valid Values
BackendUrl Domain of the Glasswall Halo API https://<domain-name> (A valid string)
OIDC.ProviderOptions.Authority Authority for the Portal service https://login.microsoftonline.com/<tenant-id>/v2.0
OIDC.ProviderOptions.ClientId Client ID of the Portal App registration (cdrplatform-portal-client) A valid string
OIDC.ProviderOptions.RedirectUri Redirect URI after SSO Login https://<domain-name>/authentication/login-callback
OIDC.ProviderOptions.PostLogoutRedirectUri Redirect URI after Logout https://<domain-name>/authentication/logout-callback
REBUILD.RequireAuthenticatedUser Determines whether users must be authenticated to access the "Clean a file" page. Defaults to false. true/false

License Management

Configuration Key Description Valid Values
ASPNETCORE_SHUTDOWNTIMEOUTSECONDS Specifies the amount of time to wait for Web Host to shut down. Any valid integer
DATABASE__Provider The database provider used for caching purposes Mongo / Cosmos
DATABASE__DatabaseName The name of the database which will be created in Mongo / Cosmos A valid string depending on provider
DATABASE__ConnectionString Connection string to the Mongo or Cosmos database A valid connection string for the configured provider

Cleanup

Configuration Key Description Valid Values
DOTNET_SHUTDOWNTIMEOUTSECONDS Specifies the amount of time to wait for Host to shut down. Any valid integer
CleanupAmount Specifies the amount of files to clean up per cron job. This can be set via --set cron.CleanupAmount=5000 Any valid integer
maxAge Specifies the max age of files to keep in storage. This can be set via --set cron.maxAge=01.00:00:00 Any valid Timespan
schedule Specifies the cron schedule for the cleanup cron job to run on. This can be set via --set cron.schedule=0 */1 * * * Any valid cron schedule expression

ICAP

Configuration Key Description Valid Values
ASPNETCORE_SHUTDOWNTIMEOUTSECONDS Specifies the amount of time to wait for Host to shut down. Any valid integer
ICAP__ServiceHeader An Identifier that gets inserted into ICAP headers. Any valid string, defaults to 'Glasswall ICAP Server 1.0"'
ICAP__OptionsTTL The amount of time in seconds which an ICAP options response sent by the server is valid to the icap client. Any valid integer that the icap client supports
CACHE__MaxSizeInMb The amount of data in megabytes which the ICAP server will store inside its cache for rebuilt files Defaults to 1Gb "1000"
DATABASE__Provider The database provider used for caching purposes Mongo / Cosmos
DATABASE__DatabaseName The name of the database which will be created in Mongo / Cosmos A valid string depending on provider
DATABASE__ConnectionString Connection string to the Mongo or Cosmos database A valid connection string for the configured provider
CERTIFICATE__VerificationFlags Flags used to customize certificate chain verification in the ICAP server. Please see X509VerificationFlags for an explanation of the verification flags. A valid integer within the enum range

Async API

Configuration Key Description Valid Values
ASPNETCORE_SHUTDOWNTIMEOUTSECONDS Specifies the amount of time to wait for Web Host to shut down. Any valid integer
ARCHIVE__MaxLevel Maximum layers of nested archives that will be processed more info Positive integer
ARCHIVE__MaxFileCount Maximum file count allowed in an archive before failure more info Positive integer
ARCHIVE__MaxArchiveCount Maximum nested archive count allowed in an archive before failure more info Positive integer
ARCHIVE__MaxUnpackedSizeBytes Maximum allowed size of unpacked files from an archive before failure more info Positive integer (in bytes)
DATABASE__Provider Specifies which Database provider to use when storing Async Requests Mongo, Cosmos (Defaults to Mongo)
DATABASE__DatabaseName The name of the database which will be created in Mongo / Cosmos A valid string depending on provider
DATABASE__ConnectionString Connection string to the Mongo or Cosmos database A valid connection string for the configured provider
QUEUE__MessageDelayInMs Time in Milliseconds before the result of an ASYNC request is cleaned up. This should be set lower than the maxAge Timespan of the Cleanup service. Any valid positive integer. The maximum value is (2^32)-1 milliseconds which is just under 50 days.

Tally Accumulator

Configuration Key Description Valid Values
DATABASE__Provider Specifies which Database provider to use when storing Async Requests Mongo, Cosmos (Defaults to Mongo)
DATABASE__DatabaseName The name of the database which will be created in Mongo / Cosmos A valid string depending on provider
DATABASE__ConnectionString Connection string to the Mongo or Cosmos database A valid connection string for the configured provider

Policy API

Configuration Key Description Valid Values
DATABASE__Provider Specifies which Database provider to use when storing Async Requests Mongo, Cosmos (Defaults to Mongo)
DATABASE__DatabaseName The name of the database which will be created in Mongo / Cosmos A valid string depending on provider
DATABASE__ConnectionString Connection string to the Mongo or Cosmos database A valid connection string for the configured provider

Metrics Collation

Configuration Key Description Valid Values
DATABASE__Provider Specifies which Database provider to use when storing Async Requests Mongo, Cosmos (Defaults to Mongo)
DATABASE__DatabaseName The name of the database which will be created in Mongo / Cosmos A valid string depending on provider
DATABASE__ConnectionString Connection string to the Mongo or Cosmos database A valid connection string for the configured provider

Metrics Projection

Configuration Key Description Valid Values
DATABASE__Provider Specifies which Database provider to use when storing Async Requests Mongo, Cosmos (Defaults to Mongo)
DATABASE__DatabaseName The name of the database which will be created in Mongo / Cosmos A valid string depending on provider
DATABASE__ConnectionString Connection string to the Mongo or Cosmos database A valid connection string for the configured provider