Configuration changes
Several services include configurable settings that can be customized. Below are the configuration values available for each service.
How to update configuration
The configuration values can be changed by setting helm chart values while deploying the helm chart using --set configuration.<Configuration Key>=<Configuration value>.
For example, to set ASPNETCORE_SHUTDOWNTIMEOUTSECONDS value to 90 seconds and set RATELIMITING__MaxMessageCount value to 300 messages, the helm command looks like below -
helm upgrade --install cdrplatform-sync-api cdrplatform-sync-api \
--set configuration.ASPNETCORE_SHUTDOWNTIMEOUTSECONDS=90 \
--set configuration.RATELIMITING__MaxMessageCount=300
API Access
| Configuration Key | Description | Valid Values |
|---|---|---|
| ASPNETCORE_SHUTDOWNTIMEOUTSECONDS | Specifies the amount of time to wait for Web Host to shut down. | Any valid integer |
| AuthenticationScheme | Authentication Scheme for the API Access. | None, Bearer, Basic |
| Authentication__Schemes__Bearer__ValidAudiences__0 | Valid audience for API Access when AuthenticationScheme is set to Bearer | Any valid string ( e.g. api://cdrplatform-api-access) |
| Authentication__Schemes__Bearer__ValidIssuer | Valid Issuer when AuthenticationScheme is set to Bearer | https://sts.windows.net/\<tenant-id>/ |
| Authentication__Schemes__Bearer__Authority | Authority for the API Access when AuthenticationScheme is set to Bearer | https://login.microsoftonline.com/\<tenant-id>/v2.0/ |
| CLIENTS__Policy__BaseAddress | The base URL the proxy Policy Management API requests to | http://policy-api:8080 |
| CLIENTS__License__BaseAddress | The base URL the proxy License Management API requests to | http://license-management.license-management.svc.cluster.local:8080 |
| CLIENTS__SyncApi__BaseAddress | The base URL the proxy Sync API requests to | http://api:8080 |
| CLIENTS__AsyncApi__BaseAddress | The base URL the proxy Async API requests to | http://async-api:8080 |
| CLIENTS__IcapProfile__BaseAddress | The base URL to proxy ICAP Profile Management requests to | http://policy-api:8080 |
Sync API
| Configuration Key | Description | Valid Values |
|---|---|---|
| ASPNETCORE_SHUTDOWNTIMEOUTSECONDS | Specifies the amount of time to wait for Web Host to shut down. | Any valid integer |
| RATELIMITING__MaxMessageCount | The max number of messages allowed on the request queue before rate limiting kicks in | Any valid integer |
| ARCHIVE__MaxLevel | Maximum layers of nested archives that will be processed more info | Positive integer |
| ARCHIVE__MaxFileCount | Maximum file count allowed in an archive before failure more info | Positive integer |
| ARCHIVE__MaxArchiveCount | Maximum nested archive count allowed in an archive before failure more info | Positive integer |
| ARCHIVE__MaxUnpackedSizeBytes | Maximum allowed size of unpacked files from an archive before failure more info | Positive integer (in bytes) |
Engine
| Configuration Key | Description | Valid Values |
|---|---|---|
| DOTNET_SHUTDOWNTIMEOUTSECONDS | Specifies the amount of time to wait for Host to shut down. | Any valid integer |
| QUEUE__RetryLimit | Specifies the amount of times to retry Async requests | Any valid integer |
| ReversingLabs__Endpoint | ReversingLabs File Reputation API endpoint. | https://data.reversinglabs.com/api/databrowser/malware_presence/query |
| ReversingLabs__Timeout | Timeout in seconds used when contacting the ReversingLabs File Reputation API (defaults to 100 seconds). | Any valid integer |
Portal Access
| Configuration Key | Description | Valid Values |
|---|---|---|
| AuthenticationScheme | Authentication Scheme for the Portal Access API | None, Bearer |
| Authentication__Schemes__Bearer__ValidAudiences__0 | Valid audience for Portal Access API | Any valid string (e.g. api://cdrplatform-portal-access) |
| Authentication__Schemes__Bearer__ValidIssuer | Valid issuer for the Portal Access API | https://sts.windows.net/\<tenant-id>/ |
| Authentication__Schemes__Bearer__Authority | Authority for the Portal Access API | https://login.microsoftonline.com/\<tenant-id>/v2.0/ |
| REBUILD__RequireAuthenticatedUser | Determines whether users must be authenticated to perform rebuild requests. Defaults to false. | true/false |
Portal
| Configuration Key | Description | Valid Values |
|---|---|---|
| BackendUrl | Domain of the CDR Platform API | https://<domain-name> (A valid string) |
| OIDC.ProviderOptions.Authority | Authority for the Portal service | https://login.microsoftonline.com/\<tenant-id>/v2.0 |
| OIDC.ProviderOptions.ClientId | Client ID of the Portal App registration (cdrplatform-portal-client) | A valid string |
| OIDC.ProviderOptions.RedirectUri | Redirect URI after SSO Login | https://\<domain-name>/authentication/login-callback |
| OIDC.ProviderOptions.PostLogoutRedirectUri | Redirect URI after Logout | https://\<domain-name>/authentication/logout-callback |
| REBUILD.RequireAuthenticatedUser | Determines whether users must be authenticated access the "Clean a file" page. Defaults to false. | true/false |
License Management
| Configuration Key | Description | Valid Values |
|---|---|---|
| ASPNETCORE_SHUTDOWNTIMEOUTSECONDS | Specifies the amount of time to wait for Web Host to shut down. | Any valid integer |
| DATABASE__Provider | The database provider used for caching purposes | Mongo / Cosmos |
| DATABASE__DatabaseName | The name of the database which will be created in Mongo / Cosmos | A valid string depending on provider |
| DATABASE__ConnectionString | Connection string to the Mongo or Cosmos database | A valid connection string for the configured provider |
Cleanup
| Configuration Key | Description | Valid Values |
|---|---|---|
| DOTNET_SHUTDOWNTIMEOUTSECONDS | Specifies the amount of time to wait for Host to shut down. | Any valid integer |
| CleanupAmount | Specifies the amount of files to clean up per cron job. This can be set via --set cron.CleanupAmount=5000 | Any valid integer |
| maxAge | Specifies the max age of files to keep in storage. This can be set via --set cron.maxAge=01.00:00:00 | Any valid Timespan |
| schedule | Specifies the cron schedule for the cleanup cron job to run on. This can be set via --set cron.schedule=0 */1 * * * | Any valid cron schedule expression |
ICAP
| Configuration Key | Description | Valid Values |
|---|---|---|
| ASPNETCORE_SHUTDOWNTIMEOUTSECONDS | Specifies the amount of time to wait for Host to shut down. | Any valid integer |
| ICAP__ServiceHeader | An Identifier that gets inserted into ICAP headers. | Any valid string, defaults to 'Glasswall ICAP Server 1.0"' |
| ICAP__OptionsTTL | The amount of time in seconds which an ICAP options response sent by the server is valid to the icap client. | Any valid integer that the icap client supports |
| ICAP__IdleTimeout | Defaults to infinite. Sets a deadline indicating how long the client must take before the server will end the connection | A valid timespan e.g 00:00:30 |
| CACHE__MaxSizeInMb | The amount of data in megabytes which the ICAP server will store inside its cache for rebuilt files | Defaults to 1Gb "1000" |
| DATABASE__Provider | The database provider used for caching purposes | Mongo / Cosmos |
| DATABASE__DatabaseName | The name of the database which will be created in Mongo / Cosmos | A valid string depending on provider |
| DATABASE__ConnectionString | Connection string to the Mongo or Cosmos database | A valid connection string for the configured provider |
| CERTIFICATE__VerificationFlags | Flags used to customize certificate chain verification in the ICAP server. Please see X509VerificationFlags for an explanation of the verification flags. | A valid integer within the enum range |
| PROFILE__UseFallback | Boolean flag that indicates whether or not to use a fallback profile when the Policy API cannot be contacted. | 'true' to enable the fallback profile or 'false' to disable it. By default, this is 'false' |
Async API
| Configuration Key | Description | Valid Values |
|---|---|---|
| ASPNETCORE_SHUTDOWNTIMEOUTSECONDS | Specifies the amount of time to wait for Web Host to shut down. | Any valid integer |
| ARCHIVE__MaxLevel | Maximum layers of nested archives that will be processed more info | Positive integer |
| ARCHIVE__MaxFileCount | Maximum file count allowed in an archive before failure more info | Positive integer |
| ARCHIVE__MaxArchiveCount | Maximum nested archive count allowed in an archive before failure more info | Positive integer |
| ARCHIVE__MaxUnpackedSizeBytes | Maximum allowed size of unpacked files from an archive before failure more info | Positive integer (in bytes) |
| DATABASE__Provider | Specifies which Database provider to use when storing Async Requests | Mongo, Cosmos (Defaults to Mongo) |
| DATABASE__DatabaseName | The name of the database which will be created in Mongo / Cosmos | A valid string depending on provider |
| DATABASE__ConnectionString | Connection string to the Mongo or Cosmos database | A valid connection string for the configured provider |
| QUEUE__MessageDelayInMs | Time in Milliseconds before the result of an ASYNC request is cleaned up. This should be set lower than the maxAge Timespan of the Cleanup service. | Any valid positive integer. The maximum value is (2^32)-1 milliseconds which is just under 50 days. |
Tally Accumulator
| Configuration Key | Description | Valid Values |
|---|---|---|
| DATABASE__Provider | Specifies which Database provider to use when storing Async Requests | Mongo, Cosmos (Defaults to Mongo) |
| DATABASE__DatabaseName | The name of the database which will be created in Mongo / Cosmos | A valid string depending on provider |
| DATABASE__ConnectionString | Connection string to the Mongo or Cosmos database | A valid connection string for the configured provider |
Policy API
| Configuration Key | Description | Valid Values |
|---|---|---|
| DATABASE__Provider | Specifies which Database provider to use when storing Async Requests | Mongo, Cosmos (Defaults to Mongo) |
| DATABASE__DatabaseName | The name of the database which will be created in Mongo / Cosmos | A valid string depending on provider |
| DATABASE__ConnectionString | Connection string to the Mongo or Cosmos database | A valid connection string for the configured provider |
Metrics Collation (Deprecated)
As of version 2.6.2 of Halo, the Metrics Collation service is no longer required.
| Configuration Key | Description | Valid Values |
|---|---|---|
| DATABASE__Provider | Specifies which Database provider to use when storing Async Requests | Mongo, Cosmos (Defaults to Mongo) |
| DATABASE__DatabaseName | The name of the database which will be created in Mongo / Cosmos | A valid string depending on provider |
| DATABASE__ConnectionString | Connection string to the Mongo or Cosmos database | A valid connection string for the configured provider |
Metrics Projection
| Configuration Key | Description | Valid Values |
|---|---|---|
| DATABASE__Provider | Specifies which Database provider to use when storing Async Requests | Mongo, Cosmos (Defaults to Mongo) |
| DATABASE__DatabaseName | The name of the database which will be created in Mongo / Cosmos | A valid string depending on provider |
| DATABASE__ConnectionString | Connection string to the Mongo or Cosmos database | A valid connection string for the configured provider |