flex-auth/examples/topaz/cfg/config.yaml

# Topaz config for the flex-auth alignment spike.
# Plaintext HTTP gateways for local convenience — never use this shape
# in production. See docs/topaz-mapping-spike.md.

version: 2

logging:
  prod: false
  log_level: info

directory:
  db_path: /db/directory.db
  request_timeout: 5s
  seed_metadata: false

remote_directory:
  address: "0.0.0.0:9292"
  insecure: true

jwt:
  acceptable_time_skew_seconds: 5

api:
  health:
    listen_address: "0.0.0.0:9494"
  metrics:
    listen_address: "0.0.0.0:9696"
  services:
    reader:
      grpc:
        listen_address: "0.0.0.0:9292"
        certs:
          tls_key_path: "/certs/grpc.key"
          tls_cert_path: "/certs/grpc.crt"
          tls_ca_cert_path: "/certs/grpc-ca.crt"
      gateway:
        listen_address: "0.0.0.0:9393"
        allowed_origins:
          - "*"
        http: true
        read_timeout: 2s
        write_timeout: 2s
        idle_timeout: 30s
    writer:
      needs: [reader]
      grpc:
        listen_address: "0.0.0.0:9292"
        certs:
          tls_key_path: "/certs/grpc.key"
          tls_cert_path: "/certs/grpc.crt"
          tls_ca_cert_path: "/certs/grpc-ca.crt"
      gateway:
        listen_address: "0.0.0.0:9393"
        allowed_origins: ["*"]
        http: true
    model:
      needs: [reader]
      grpc:
        listen_address: "0.0.0.0:9292"
        certs:
          tls_key_path: "/certs/grpc.key"
          tls_cert_path: "/certs/grpc.crt"
          tls_ca_cert_path: "/certs/grpc-ca.crt"
      gateway:
        listen_address: "0.0.0.0:9393"
        allowed_origins: ["*"]
        http: true
    exporter:
      needs: [reader]
      grpc:
        listen_address: "0.0.0.0:9292"
        certs:
          tls_key_path: "/certs/grpc.key"
          tls_cert_path: "/certs/grpc.crt"
          tls_ca_cert_path: "/certs/grpc-ca.crt"
    importer:
      needs: [reader]
      grpc:
        listen_address: "0.0.0.0:9292"
        certs:
          tls_key_path: "/certs/grpc.key"
          tls_cert_path: "/certs/grpc.crt"
          tls_ca_cert_path: "/certs/grpc-ca.crt"
    authorizer:
      needs: [reader]
      grpc:
        connection_timeout_seconds: 2
        listen_address: "0.0.0.0:8282"
        certs:
          tls_key_path: "/certs/grpc.key"
          tls_cert_path: "/certs/grpc.crt"
          tls_ca_cert_path: "/certs/grpc-ca.crt"
      gateway:
        listen_address: "0.0.0.0:8383"
        allowed_origins: ["*"]
        http: true
        read_timeout: 2s
        write_timeout: 2s
        idle_timeout: 30s

opa:
  instance_id: "flex-auth-spike"
  graceful_shutdown_period_seconds: 2
  local_bundles:
    paths:
      - "/bundle"
    skip_verification: true