Configuration Changes
    • PDF

    Configuration Changes

    • PDF

    Article summary

    Overview

    A number of the services have different configuration values which can be changed. For each services here are the following configuration values you may wish to change.

    How to update configuration

    The configuration values can be changed by setting helm chart values while deploying the helm chart using --set configuration.<Configuration Key>=<Configuration value>.
    For example, to set ASPNETCORE_SHUTDOWNTIMEOUTSECONDS value to 90 seconds and set RATELIMITING__MaxMessageCount value to 300 messages, the helm command looks like below -

    helm upgrade --install cdrplatform-sync-api cdrplatform-sync-api \
    --set configuration.ASPNETCORE_SHUTDOWNTIMEOUTSECONDS=90 \
    --set configuration.RATELIMITING__MaxMessageCount=300
    

    API Access

    Configuration KeyDescriptionValid Values
    ASPNETCORE_SHUTDOWNTIMEOUTSECONDSSpecifies the amount of time to wait for Web Host to shut down.Any valid integer
    AuthenticationSchemeAuthentication Scheme for the API Access. This value is separate from the MenloAuthenticationScheme which covers the specific Menlo integrationNone, Bearer, Basic
    Authentication__Schemes__Bearer__ValidAudiences__0Valid audience for API Access when AuthenticationScheme is set to BearerAny valid string ( e.g. api://cdrplatform-api-access)
    Authentication__Schemes__Bearer__ValidIssuerValid Issuer when AuthenticationScheme is set to Bearerhttps://sts.windows.net/\<tenant-id>/
    Authentication__Schemes__Bearer__AuthorityAuthority for the API Access when AuthenticationScheme is set to Bearerhttps://login.microsoftonline.com/\<tenant-id>/v2.0/
    CLIENTS__Policy__BaseAddressThe base URL the proxy Policy Management API requests tohttp://policy-api:8080
    CLIENTS__License__BaseAddressThe base URL the proxy License Management API requests tohttp://license-management.license-management.svc.cluster.local:8080
    CLIENTS__SyncApi__BaseAddressThe base URL the proxy Sync API requests tohttp://api:8080
    CLIENTS__AsyncApi__BaseAddressThe base URL the proxy Async API requests tohttp://async-api:8080
    CLIENTS__Menlo__BaseAddressThe base URL the proxy Async API requests to for the Menlo Integrationhttp://async-api:8080
    CLIENTS__IcapProfile__BaseAddressThe base URL to proxy ICAP Profile Management requests tohttp://policy-api:8080
    MenloAuthenticationSchemeAuthentication Scheme for the Menlo API Access, this only has affect on endpoints governed by CLIENTS__Menlo__BaseAddressNone, APIKey
    Authentication__Schemes__ApiKey__TokenMenlo can be configured to send a bearer token with requests to endpoints governed by CLIENTS__Menlo__BaseAddress. When MenloAuthenticationScheme is configured with the APIKey setting, validation is performed against the bearer token transmitted by Menlo.A valid string

    Sync API

    Configuration KeyDescriptionValid Values
    ASPNETCORE_SHUTDOWNTIMEOUTSECONDSSpecifies the amount of time to wait for Web Host to shut down.Any valid integer
    RATELIMITING__MaxMessageCountThe max number of messages allowed on the request queue before rate limiting kicks inAny valid integer
    ARCHIVE__MaxLevelMaximum layers of nested archives that will be processedPositive integer
    ARCHIVE__MaxFileCountMaximum file count allowed in an archive before failurePositive integer
    ARCHIVE__MaxArchiveCountMaximum nested archive count allowed in an archive before failurePositive integer
    ARCHIVE__MaxUnpackedSizeBytesMaximum allowed size of unpacked files from an archive before failurePositive integer (in bytes)

    Engine

    Configuration KeyDescriptionValid Values
    DOTNET_SHUTDOWNTIMEOUTSECONDSSpecifies the amount of time to wait for Host to shut down.Any valid integer
    QUEUE__RetryLimitSpecifies the amount of times to retry Async requestsAny valid integer
    ReversingLabs__EndpointReversingLabs File Reputation API endpoint.https://data.reversinglabs.com/api/databrowser/malware_presence/query
    ReversingLabs__TimeoutTimeout in seconds used when contacting the ReversingLabs File Reputation API (defaults to 100 seconds).Any valid integer

    Report Aggregator

    Configuration KeyDescriptionValid Values
    DOTNET_SHUTDOWNTIMEOUTSECONDSSpecifies the amount of time to wait for Host to shut down.Any valid integer
    SINKSA semi-colon delimited list of configured report sinksazure, s3, file
    AZURE__ContainerNameSpecifies the name of the azure sink container for the reports to be placed inAny valid blob container name
    AZURE__ConnectionStringSpecifies the connection string of the azure sink container for the reports to be placed inAny valid connection string
    S3SINK__AccessKeyS3 access key for the report sinkA valid string
    S3SINK__SecretKeyS3 secret key for the report sinkA valid string
    S3SINK__BucketS3 bucket for the report sinkA valid string
    S3SINK__EndpointS3 endpoint for the report sinkA valid string
    FILESINK__PathSpecifies the file path of the local disk for the reports to be placed in if the file sink is configuredAny valid path
    GenerateReportGenerate reports and save them in the sink before forwarding to the cleanup-requests queue. Please note, If this config item is set to false, the SINKS config item will need to be removed to prevent the report aggregator from attempting to connect to the report sinks.true/false

    Portal Access

    Configuration KeyDescriptionValid Values
    AuthenticationSchemeAuthentication Scheme for the Portal Access APINone, Bearer
    Authentication__Schemes__Bearer__ValidAudiences__0Valid audience for Portal Access APIAny valid string (e.g. api://cdrplatform-portal-access)
    Authentication__Schemes__Bearer__ValidIssuerValid issuer for the Portal Access APIhttps://sts.windows.net/<tenant-id>/
    Authentication__Schemes__Bearer__AuthorityAuthority for the Portal Access APIhttps://login.microsoftonline.com/<tenant-id>/v2.0/

    Portal

    Configuration KeyDescriptionValid Values
    BackendUrlDomain of the Glasswall Halo APIhttps://<domain-name> (A valid string)
    OIDC.ProviderOptions.AuthorityAuthority for the Portal servicehttps://login.microsoftonline.com/<tenant-id>/v2.0
    OIDC.ProviderOptions.ClientIdClient ID of the Portal App registration (cdrplatform-portal-client)A valid string
    OIDC.ProviderOptions.RedirectUriRedirect URI after SSO Loginhttps://<domain-name>/authentication/login-callback
    OIDC.ProviderOptions.PostLogoutRedirectUriRedirect URI after Logouthttps://<domain-name>/authentication/logout-callback

    License Management

    Configuration KeyDescriptionValid Values
    ASPNETCORE_SHUTDOWNTIMEOUTSECONDSSpecifies the amount of time to wait for Web Host to shut down.Any valid integer
    DATABASE__ProviderThe database provider used for caching purposesMongo / Cosmos
    DATABASE__DatabaseNameThe name of the database which will be created in Mongo / CosmosA valid string depending on provider
    DATABASE__ConnectionStringConnection string to the Mongo or Cosmos databaseA valid connection string for the configured provider

    Cleanup

    Configuration KeyDescriptionValid Values
    DOTNET_SHUTDOWNTIMEOUTSECONDSSpecifies the amount of time to wait for Host to shut down.Any valid integer

    ICAP

    Configuration KeyDescriptionValid Values
    ASPNETCORE_SHUTDOWNTIMEOUTSECONDSSpecifies the amount of time to wait for Host to shut down.Any valid integer
    ICAP__ServiceHeaderAn Identifier that gets inserted into ICAP headers.Any valid string, defaults to 'Glasswall ICAP Server 1.0"'
    ICAP__OptionsTTLThe amount of time in seconds which an ICAP options response sent by the server is valid to the icap client.Any valid integer that the icap client supports
    CACHE__MaxSizeInMbThe amount of data in megabytes which the ICAP server will store inside its cache for rebuilt filesDefaults to 1Gb "1000"
    DATABASE__ProviderThe database provider used for caching purposesMongo / Cosmos
    DATABASE__DatabaseNameThe name of the database which will be created in Mongo / CosmosA valid string depending on provider
    DATABASE__ConnectionStringConnection string to the Mongo or Cosmos databaseA valid connection string for the configured provider
    CERTIFICATE__VerificationFlagsFlags used to customize certificate chain verification in the ICAP server. Please see X509VerificationFlags for an explanation of the verification flags.A valid integer within the enum range

    Async API

    Configuration KeyDescriptionValid Values
    ASPNETCORE_SHUTDOWNTIMEOUTSECONDSSpecifies the amount of time to wait for Web Host to shut down.Any valid integer
    ARCHIVE__MaxLevelMaximum layers of nested archives that will be processed more infoPositive integer
    ARCHIVE__MaxFileCountMaximum file count allowed in an archive before failure more infoPositive integer
    ARCHIVE__MaxArchiveCountMaximum nested archive count allowed in an archive before failure more infoPositive integer
    ARCHIVE__MaxUnpackedSizeBytesMaximum allowed size of unpacked files from an archive before failure more infoPositive integer (in bytes)
    DATABASE__ProviderSpecifies which Database provider to use when storing Async RequestsMongo, Cosmos (Defaults to Mongo)
    DATABASE__DatabaseNameThe name of the database which will be created in Mongo / CosmosA valid string depending on provider
    DATABASE__ConnectionStringConnection string to the Mongo or Cosmos databaseA valid connection string for the configured provider
    QUEUE__MessageDelayInMsTime in Milliseconds before the result of an ASYNC request is cleaned up.Any valid positive integer. The maximum value is (2^32)-1 milliseconds which is just under 50 days.

    Tally Accumulator

    Configuration KeyDescriptionValid Values
    DATABASE__ProviderSpecifies which Database provider to use when storing Async RequestsMongo, Cosmos (Defaults to Mongo)
    DATABASE__DatabaseNameThe name of the database which will be created in Mongo / CosmosA valid string depending on provider
    DATABASE__ConnectionStringConnection string to the Mongo or Cosmos databaseA valid connection string for the configured provider

    Policy API

    Configuration KeyDescriptionValid Values
    DATABASE__ProviderSpecifies which Database provider to use when storing Async RequestsMongo, Cosmos (Defaults to Mongo)
    DATABASE__DatabaseNameThe name of the database which will be created in Mongo / CosmosA valid string depending on provider
    DATABASE__ConnectionStringConnection string to the Mongo or Cosmos databaseA valid connection string for the configured provider

    Metrics Collation

    Configuration KeyDescriptionValid Values
    DATABASE__ProviderSpecifies which Database provider to use when storing Async RequestsMongo, Cosmos (Defaults to Mongo)
    DATABASE__DatabaseNameThe name of the database which will be created in Mongo / CosmosA valid string depending on provider
    DATABASE__ConnectionStringConnection string to the Mongo or Cosmos databaseA valid connection string for the configured provider

    Metrics Projection

    Configuration KeyDescriptionValid Values
    DATABASE__ProviderSpecifies which Database provider to use when storing Async RequestsMongo, Cosmos (Defaults to Mongo)
    DATABASE__DatabaseNameThe name of the database which will be created in Mongo / CosmosA valid string depending on provider
    DATABASE__ConnectionStringConnection string to the Mongo or Cosmos databaseA valid connection string for the configured provider

    Was this article helpful?

    What's Next