AGATE Configuration
Rule
pydantic-model
Bases: BaseModel
Fields:
part
pydantic-field
If undefined, then the pattern is matched against the path. Use query.{param}, where {param} is the parameter value, to use a query parameter. Use query.{param}.url.path|query if the param value is a url and that you want to target the path or query of that url.
pattern
pydantic-field
Regex pattern to match the URL part of interest in order to extract the collection name and the item id with the keywords '
Service
pydantic-model
Bases: BaseModel
Fields:
jwt_locations = [ParamLocation.headers, ParamLocation.query_params]
pydantic-field
The location in the request containing the JWT parameter
jwt_name = 'authorization'
pydantic-field
The name of the parameter containing the JWT
private = []
pydantic-field
Access is allowed if one of the rule is matching the URL part of interest and if the user has access to the corresponding ARLAS Item.
public = []
pydantic-field
Access is allowed if one of the rule is matching the URL part of interest. No access control is done.
Settings
pydantic-model
Bases: BaseModel
Fields:
-
method_header(str) -
url_header(str) -
arlas_url_search(str) -
agate_prefix(str) -
host(str) -
port(int) -
services(dict[str, Service]) -
urbac(URBAC) -
headers_for_arlas(list[str])
agate_prefix
pydantic-field
Agate endpoint prefix
arlas_url_search
pydantic-field
ARLAS URL Search (ex http://arlas-server:9999/arlas/explore/{collection}/_search?f=id:eq:{item})
headers_for_arlas = ['authorization', 'arlas-org-filter']
pydantic-field
The header to be forwarded to ARLAS
host
pydantic-field
Agate service connection host
method_header = 'x-forwarded-method'
pydantic-field
The header containing the method
port
pydantic-field
Agate service port
services = {}
pydantic-field
Dictionary of service name/definition. A service protects an endpoint that is exposing resources linked to an ARLAS Item. The service definition tells how to extract the collection name and the item id that are then used for checking with ARLAS whether the item is accessible or not.
urbac
pydantic-field
URL Role Based Access Control Definition. A user access an endpoint if one of his role is configured in the role configuration file for the requested endpoint (roles.yaml)
url_header = 'X-Forwarded-Uri'
pydantic-field
The header containing the requested URL
URBAC
pydantic-model
Bases: BaseModel
Fields:
-
roles(Roles) -
role_file(str) -
verify_jwt(bool) -
jwks_uri(str | None) -
verify_ssl(bool) -
jwt_audience(str) -
jwt_header(str)
jwks_uri = ''
pydantic-field
Must be provided for production.
jwt_audience = ''
pydantic-field
Expected audience in the JWT. If not set, no audience verification is done.
jwt_header = 'authorization'
pydantic-field
The name of the header parameter containing the JWT
role_file
pydantic-field
File location containing the roles
roles = Roles(technicalRoles={})
pydantic-field
Definition of the endpoints and of the authorized roles. This is automatically filled from role_file
verify_jwt = True
pydantic-field
Whether to verify the JWT signature. Should be True in production.
verify_ssl = True
pydantic-field
Whether to verify SSL certificates when fetching the OpenID configuration and JWKS. Should be True in production.