From d8568f3279a379990a34067e523446626a95acb1 Mon Sep 17 00:00:00 2001 From: Jozef Kralik Date: Fri, 15 Dec 2023 13:18:05 +0000 Subject: [PATCH] update configurations --- content/en/docs/README.md | 4 +- content/en/docs/architecture/introduction.md | 2 +- .../configuration/certificate-authority.md | 78 ++++---- .../configuration/cloud2cloud-connector.md | 156 +++++++-------- .../docs/configuration/cloud2cloud-gateway.md | 130 ++++++------- content/en/docs/configuration/coap-gateway.md | 160 +++++++-------- .../device-provisioning-service.md | 184 +++++++++--------- content/en/docs/configuration/grpc-gateway.md | 126 ++++++------ content/en/docs/configuration/http-gateway.md | 92 ++++----- .../en/docs/configuration/identity-store.md | 88 ++++----- content/en/docs/configuration/oauth-server.md | 42 ++-- .../docs/configuration/resource-aggregate.md | 145 ++++++++------ .../docs/configuration/resource-directory.md | 124 ++++++------ 13 files changed, 681 insertions(+), 650 deletions(-) diff --git a/content/en/docs/README.md b/content/en/docs/README.md index 849bf819..8f7362c4 100644 --- a/content/en/docs/README.md +++ b/content/en/docs/README.md @@ -9,7 +9,7 @@ To phrase the issue in another way, _"What are the most common issues preventing - Companies are not able or do not have the talent, to complete an end-to-end IoT solution. - Deployment is unexpectedly complex and many companies do not have the skills to accomplish a proper strategy. - Providing Security needs to be a seamless and secure data fabric platform. -- It’s difficult to make something at scale while maintaining quality. +- It's difficult to make something at scale while maintaining quality. - Devices need to be scalable so that they connect to everything they need to. - There will be a large amount of data to run IoT that will need to be stored. @@ -19,7 +19,7 @@ The only viable path forward is a collaboration between companies and market ver The device-to-hub communication represents a unique challenge for engineers because there has never been a historical need for engineers to become knowledgeable in both embedded systems and cloud-native application development. -Our proposed solution to this problem is to emulate a container runtime interface (CRI) architecture and embody Conway’s law to establish a loose coupling between the "IoT code" (CoAP / IoTivity) and the portions of the system that are much more familiar to the cloud developers. +Our proposed solution to this problem is to emulate a container runtime interface (CRI) architecture and embody Conway's law to establish a loose coupling between the "IoT code" (CoAP / IoTivity) and the portions of the system that are much more familiar to the cloud developers. ## IoT Challenges diff --git a/content/en/docs/architecture/introduction.md b/content/en/docs/architecture/introduction.md index 7185c62b..2638fefd 100644 --- a/content/en/docs/architecture/introduction.md +++ b/content/en/docs/architecture/introduction.md @@ -55,7 +55,7 @@ IoT itself is most likely not a domain of your business; it is a group of techno - **Cost Efficient** Many future users won't have the knowledge about infrastructure and operations of the whole system. They might not have their own data center for hosting of the solution. This increases the importance of ease of use and cost efficiency. Most cloud providers offer a similar set of services from a functional point of view. A solution should be able to take advantage of these services to save money, alleviating the burden of missing know-how and increasing runtime optimizations. - **Multitenant** - Solution providers which have multiple customers should have the ability to use "one" instance of the system for all customers in a secured way. It is important that a client is only able to access the devices it’s authorized to access. + Solution providers which have multiple customers should have the ability to use "one" instance of the system for all customers in a secured way. It is important that a client is only able to access the devices it's authorized to access. ## Domain Decomposition diff --git a/content/en/docs/configuration/certificate-authority.md b/content/en/docs/configuration/certificate-authority.md index 45f4a50d..c760a71c 100644 --- a/content/en/docs/configuration/certificate-authority.md +++ b/content/en/docs/configuration/certificate-authority.md @@ -25,11 +25,11 @@ A configuration template is available on [certificate-authority/config.yaml](htt | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `log.level` | string | `Logging enabled from level.` | `"info"` | -| `log.encoding` | string | `Logging format. The supported values are: "json", "console"` | `"json"` | -| `log.stacktrace.enabled` | bool | `Log stacktrace.` | `false` | -| `log.stacktrace.level` | string | `Stacktrace from level.` | `"warn"` | -| `log.encoderConfig.timeEncoder` | string | `Time format for logs. The supported values are: "rfc3339nano", "rfc3339".` | `"rfc3339nano"` | +| `log.level` | string | Logging enabled from level. | `"info"` | +| `log.encoding` | string | Logging format. The supported values are: "json", "console" | `"json"` | +| `log.stacktrace.enabled` | bool | Log stacktrace. | `false` | +| `log.stacktrace.level` | string | Stacktrace from level. | `"warn"` | +| `log.encoderConfig.timeEncoder` | string | Time format for logs. The supported values are: "rfc3339nano", "rfc3339". | `"rfc3339nano"` | ### gRPC API @@ -37,30 +37,30 @@ gRPC API of the Certificate Authority service as defined [here](https://github.c | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `apis.grpc.address` | string | `Listen specification : for grpc client connection.` | `"0.0.0.0:9100"` | -| `apis.grpc.enforcementPolicy.minTime` | string | `The minimum amount of time a client should wait before sending a keepalive ping. Otherwise the server close connection.` | `5s`| -| `apis.grpc.enforcementPolicy.permitWithoutStream` | bool | `If true, server allows keepalive pings even when there are no active streams(RPCs). Otherwise the server close connection.` | `true` | -| `apis.grpc.keepAlive.maxConnectionIdle` | string | `A duration for the amount of time after which an idle connection would be closed by sending a GoAway. 0s means infinity.` | `0s` | -| `apis.grpc.keepAlive.maxConnectionAge` | string | `A duration for the maximum amount of time a connection may exist before it will be closed by sending a GoAway. 0s means infinity.` | `0s` | -| `apis.grpc.keepAlive.maxConnectionAgeGrace` | string | `An additive period after MaxConnectionAge after which the connection will be forcibly closed. 0s means infinity.` | `0s` | -| `apis.grpc.keepAlive.time` | string | `After a duration of this time if the server doesn't see any activity it pings the client to see if the transport is still alive.` | `2h` | -| `apis.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `apis.grpc.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `apis.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.grpc.tls.clientCertificateRequired` | bool | `If true, require client certificate.` | `true` | -| `apis.grpc.authorization.ownerClaim` | string | `Claim used to identify owner of the device.` | `"sub"` | -| `apis.grpc.authorization.authority` | string | `Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token’s signature.` | `""` | -| `apis.grpc.authorization.audience` | string | `Identifier of the API configured in your OAuth provider.` | `""` | -| `apis.grpc.authorization.http.maxIdleConns` | int | `It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit.` | `16` | -| `apis.grpc.authorization.http.maxConnsPerHost` | int | `It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit.` | `32` | -| `apis.grpc.authorization.http.maxIdleConnsPerHost` | int | `If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.` | `16` | -| `apis.grpc.authorization.http.idleConnTimeout` | string | `The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit.` | `30s` | -| `apis.grpc.authorization.http.timeout` | string | `A time limit for requests made by this Client. A Timeout of zero means no timeout.` | `10s` | -| `apis.grpc.authorization.http.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `apis.grpc.authorization.http.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.grpc.authorization.http.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.grpc.authorization.http.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `apis.grpc.address` | string | Listen specification : for grpc client connection. | `"0.0.0.0:9100"` | +| `apis.grpc.enforcementPolicy.minTime` | string | The minimum amount of time a client should wait before sending a keepalive ping. Otherwise the server close connection. | `5s` | +| `apis.grpc.enforcementPolicy.permitWithoutStream` | bool | If true, server allows keepalive pings even when there are no active streams(RPCs). Otherwise the server close connection. | `true` | +| `apis.grpc.keepAlive.maxConnectionIdle` | string | A duration for the amount of time after which an idle connection would be closed by sending a GoAway. 0s means infinity. | `0s` | +| `apis.grpc.keepAlive.maxConnectionAge` | string | A duration for the maximum amount of time a connection may exist before it will be closed by sending a GoAway. 0s means infinity. | `0s` | +| `apis.grpc.keepAlive.maxConnectionAgeGrace` | string | An additive period after MaxConnectionAge after which the connection will be forcibly closed. 0s means infinity. | `0s` | +| `apis.grpc.keepAlive.time` | string | After a duration of this time if the server doesn't see any activity it pings the client to see if the transport is still alive. | `2h` | +| `apis.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `apis.grpc.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `apis.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.grpc.tls.clientCertificateRequired` | bool | If true, require client certificate. | `true` | +| `apis.grpc.authorization.ownerClaim` | string | Claim used to identify owner of the device. | `"sub"` | +| `apis.grpc.authorization.authority` | string | Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token's signature. | `""` | +| `apis.grpc.authorization.audience` | string | Identifier of the API configured in your OAuth provider. | `""` | +| `apis.grpc.authorization.http.maxIdleConns` | int | It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit. | `16` | +| `apis.grpc.authorization.http.maxConnsPerHost` | int | It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit. | `32` | +| `apis.grpc.authorization.http.maxIdleConnsPerHost` | int | If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. | `16` | +| `apis.grpc.authorization.http.idleConnTimeout` | string | The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit. | `30s` | +| `apis.grpc.authorization.http.timeout` | string | A time limit for requests made by this Client. A Timeout of zero means no timeout. | `10s` | +| `apis.grpc.authorization.http.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `apis.grpc.authorization.http.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.grpc.authorization.http.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.grpc.authorization.http.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### HTTP API @@ -69,11 +69,11 @@ gRPC API of the Certificate Authority service as defined [here](https://github.c | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | - | `apis.http.address` | string | `Listen specification : for http client connection.` | `"0.0.0.0:9101"` | - | `apis.http.readTimeout` | string | `The maximum duration for reading the entire request, including the body by the server. A zero or negative value means there will be no timeout.` | `8s` | - | `apis.http.readHeaderTimeout` | string | `The amount of time allowed to read request headers by the server. If readHeaderTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout.` | `4s` | - | `apis.http.writeTimeout` | string | `The maximum duration before the server times out writing of the response. A zero or negative value means there will be no timeout.` | `16s` | - | `apis.http.idleTimeout` | string | `The maximum amount of time the server waits for the next request when keep-alives are enabled. If idleTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout.` | `30s` | + | apis.http.address | string | Listen specification : for http client connection. | `"0.0.0.0:9101"` | + | apis.http.readTimeout | string | The maximum duration for reading the entire request, including the body by the server. A zero or negative value means there will be no timeout. | `8s` | + | apis.http.readHeaderTimeout | string | The amount of time allowed to read request headers by the server. If readHeaderTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout. | `4s` | + | apis.http.writeTimeout | string | The maximum duration before the server times out writing of the response. A zero or negative value means there will be no timeout. | `16s` | + | apis.http.idleTimeout | string | The maximum amount of time the server waits for the next request when keep-alives are enabled. If idleTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout. | `30s` | ### Signer @@ -81,11 +81,11 @@ Signer configuration to issue identity certificates for devices or client applic | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `signer.keyFile` | string | `File path to the signer private key in PEM format.` | `""` | -| `signer.certFile` | string | `File path to the signer certificate in PEM format.` | `""` | -| `signer.validFrom` | string | `The time from when the certificate is valid. (Format: https://github.com/karrick/tparse)` | `"now-1h"` | -| `signer.expiresIn` | string | `The time up to which the certificate is valid.` | `"87600h"` | -| `signer.hubID` | string | `Hub ID which is stored in coap-gw certificate and it cannot be used in the common name in the CSR.` | `""` | +| `signer.keyFile` | string | File path to the signer private key in PEM format. | `""` | +| `signer.certFile` | string | File path to the signer certificate in PEM format. | `""` | +| `signer.validFrom` | string | The time from when the certificate is valid. (Format: https://github.com/karrick/tparse) | `"now-1h"` | +| `signer.expiresIn` | string | The time up to which the certificate is valid. | `"87600h"` | +| `signer.hubID` | string | Hub ID which is stored in coap-gw certificate and it cannot be used in the common name in the CSR. | `""` | {{< note >}} diff --git a/content/en/docs/configuration/cloud2cloud-connector.md b/content/en/docs/configuration/cloud2cloud-connector.md index 7d6f45f5..5820e525 100644 --- a/content/en/docs/configuration/cloud2cloud-connector.md +++ b/content/en/docs/configuration/cloud2cloud-connector.md @@ -23,44 +23,44 @@ A configuration template is available in [cloud2cloud-connector/config.yaml](htt | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `log.level` | string | `Logging enabled from level.` | `"info"` | -| `log.encoding` | string | `Logging format. The supported values are: "json", "console"` | `"json"` | -| `log.stacktrace.enabled` | bool | `Log stacktrace.` | `false` | -| `log.stacktrace.level` | string | `Stacktrace from level.` | `"warn"` | -| `log.encoderConfig.timeEncoder` | string | `Time format for logs. The supported values are: "rfc3339nano", "rfc3339".` | `"rfc3339nano"` | +| `log.level` | string | Logging enabled from level. | `"info"` | +| `log.encoding` | string | Logging format. The supported values are: "json", "console" | `"json"` | +| `log.stacktrace.enabled` | bool | Log stacktrace. | `false` | +| `log.stacktrace.level` | string | Stacktrace from level. | `"warn"` | +| `log.encoderConfig.timeEncoder` | string | Time format for logs. The supported values are: "rfc3339nano", "rfc3339". | `"rfc3339nano"` | ### HTTP API | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `apis.http.address` | string | `Listen specification : for http client connection.` | `"0.0.0.0:9100"` | -| `apis.http.readTimeout` | string | `The maximum duration for reading the entire request, including the body by the server. A zero or negative value means there will be no timeout.` | `8s` | -| `apis.http.readHeaderTimeout` | string | `The amount of time allowed to read request headers by the server. If readHeaderTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout.` | `4s` | -| `apis.http.writeTimeout` | string | `The maximum duration before the server times out writing of the response. A zero or negative value means there will be no timeout.` | `16s` | -| `apis.http.idleTimeout` | string | `The maximum amount of time the server waits for the next request when keep-alives are enabled. If idleTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout.` | `30s` | -| `apis.http.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `apis.http.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.http.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.http.tls.clientCertificateRequired` | bool | `If true, require client certificate.` | `true` | -| `apis.http.eventsURL` | string | `External url where the events from another hub will be send` | `""` | -| `apis.http.pullDevices.disabled` | bool | `Disable get devices via pull for all clouds` | `true` | -| `apis.http.pullDevices.interval` | string | `"Time interval between pulls` | `"5s"` | -| `apis.http.clientID` | string | `Client ID to exchange an authorization code for an access token.` | `""` | -| `apis.http.clientSecretFile` | string | `File path to client secret required to exchange an authorization code for an access token.` | `""` | -| `apis.http.scopes` | string array | `List of required scopes.` | `""` | -| `apis.http.authorization.authority` | string | `Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token’s signature.` | `""` | -| `apis.http.authorization.audience` | string | `Identifier of the API configured in your OAuth provider.` | `""` | -| `apis.http.authorization.ownerClaim` | string | | `Claim used to identify owner of the device.` | `"sub"` | -| `apis.http.authorization.redirectURL` | string | `External redirect url to acquire authorization code.` | `""` | -| `apis.http.authorization.http.maxIdleConns` | int | `It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit.` | `16` | -| `apis.http.authorization.http.maxConnsPerHost` | int | `It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit.` | `32` | -| `apis.http.authorization.http.maxIdleConnsPerHost` | int | `If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.` | `16` | -| `apis.http.authorization.http.idleConnTimeout` | string | `The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit.` | `30s` | -| `apis.http.authorization.http.timeout` | string | `A time limit for requests made by this Client. A Timeout of zero means no timeout.` | `10s` | -| `apis.http.authorization.http.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `apis.http.authorization.http.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.http.authorization.http.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.http.authorization.http.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `apis.http.address` | string | Listen specification : for http client connection. | `"0.0.0.0:9100"` | +| `apis.http.readTimeout` | string | The maximum duration for reading the entire request, including the body by the server. A zero or negative value means there will be no timeout. | `8s` | +| `apis.http.readHeaderTimeout` | string | The amount of time allowed to read request headers by the server. If readHeaderTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout. | `4s` | +| `apis.http.writeTimeout` | string | The maximum duration before the server times out writing of the response. A zero or negative value means there will be no timeout. | `16s` | +| `apis.http.idleTimeout` | string | The maximum amount of time the server waits for the next request when keep-alives are enabled. If idleTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout. | `30s` | +| `apis.http.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `apis.http.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.http.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.http.tls.clientCertificateRequired` | bool | If true, require client certificate. | `true` | +| `apis.http.eventsURL` | string | External url where the events from another hub will be send. | `""` | +| `apis.http.pullDevices.disabled` | bool | Disable get devices via pull for all clouds. | `true` | +| `apis.http.pullDevices.interval` | string | "Time interval between pulls. | `"5s"` | +| `apis.http.clientID` | string | Client ID to exchange an authorization code for an access token. | `""` | +| `apis.http.clientSecretFile` | string | File path to client secret required to exchange an authorization code for an access token. | `""` | +| `apis.http.scopes` | string array | List of required scopes. | `""` | +| `apis.http.authorization.authority` | string | Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token's signature. | `""` | +| `apis.http.authorization.audience` | string | Identifier of the API configured in your OAuth provider. | `""` | +| `apis.http.authorization.ownerClaim` | string | | Claim used to identify owner of the device. | `"sub"` | +| `apis.http.authorization.redirectURL` | string | External redirect url to acquire authorization code. | `""` | +| `apis.http.authorization.http.maxIdleConns` | int | It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit. | `16` | +| `apis.http.authorization.http.maxConnsPerHost` | int | It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit. | `32` | +| `apis.http.authorization.http.maxIdleConnsPerHost` | int | If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. | `16` | +| `apis.http.authorization.http.idleConnTimeout` | string | The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit. | `30s` | +| `apis.http.authorization.http.timeout` | string | A time limit for requests made by this Client. A Timeout of zero means no timeout. | `10s` | +| `apis.http.authorization.http.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `apis.http.authorization.http.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.http.authorization.http.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.http.authorization.http.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | {{< tip >}} @@ -74,14 +74,14 @@ Client configurations to internally connect to Identity Store service. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.identityStore.grpc.address` | string | `Identity Store service address.` | `"127.0.0.1:9100"` | -| `clients.identityStore.grpc.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.identityStore.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.identityStore.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.identityStore.grpc.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | -| `clients.identityStore.grpc.keepAlive.time` | string | `After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.` | `10s` | -| `clients.identityStore.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `clients.identityStore.grpc.keepAlive.permitWithoutStream` | bool | `If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.` | `false` | +| `clients.identityStore.grpc.address` | string | Identity Store service address. | `"127.0.0.1:9100"` | +| `clients.identityStore.grpc.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.identityStore.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.identityStore.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.identityStore.grpc.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | +| `clients.identityStore.grpc.keepAlive.time` | string | After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive. | `10s` | +| `clients.identityStore.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `clients.identityStore.grpc.keepAlive.permitWithoutStream` | bool | If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent. | `false` | ### Event Bus @@ -89,13 +89,13 @@ plgd hub uses NATS messaging system as an event bus. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.eventBus.nats.url` | string | `URL to nats messaging system.` | `"nats://localhost:4222"` | -| `clients.eventBus.nats.pendingLimits.msgLimit` | int | `Limit number of messages in queue. -1 means unlimited` | `524288` | -| `clients.eventBus.nats.pendingLimits.bytesLimit` | int | `Limit buffer size of queue. -1 means unlimited` | `67108864` | -| `clients.eventBus.nats.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.eventBus.nats.tls.keyFile` | string | `File name of private key in PEM format.` | `""` | -| `clients.eventBus.nats.tls.certFile` | string | `File name of certificate in PEM format.` | `""` | -| `clients.eventBus.nats.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `clients.eventBus.nats.url` | string | URL to nats messaging system. | `"nats://localhost:4222"` | +| `clients.eventBus.nats.pendingLimits.msgLimit` | int | Limit number of messages in queue. -1 means unlimited | `524288` | +| `clients.eventBus.nats.pendingLimits.bytesLimit` | int | Limit buffer size of queue. -1 means unlimited | `67108864` | +| `clients.eventBus.nats.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.eventBus.nats.tls.keyFile` | string | File name of private key in PEM format. | `""` | +| `clients.eventBus.nats.tls.certFile` | string | File name of certificate in PEM format. | `""` | +| `clients.eventBus.nats.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### GRPC Gateway Client @@ -103,14 +103,14 @@ Client configurations to internally connect to GRPC Gateway service. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.grpcGateway.grpc.address` | string | `GRPC Gateway service address.` | `"127.0.0.1:9100"` | -| `clients.grpcGateway.grpc.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.grpcGateway.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.grpcGateway.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.grpcGateway.grpc.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | -| `clients.grpcGateway.grpc.keepAlive.time` | string | `After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.` | `10s` | -| `clients.grpcGateway.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `clients.grpcGateway.grpc.keepAlive.permitWithoutStream` | bool | `If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.` | `false` | +| `clients.grpcGateway.grpc.address` | string | GRPC Gateway service address. | `"127.0.0.1:9100"` | +| `clients.grpcGateway.grpc.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.grpcGateway.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.grpcGateway.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.grpcGateway.grpc.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | +| `clients.grpcGateway.grpc.keepAlive.time` | string | After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive. | `10s` | +| `clients.grpcGateway.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `clients.grpcGateway.grpc.keepAlive.permitWithoutStream` | bool | If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent. | `false` | ### Resource Aggregate Client @@ -118,14 +118,14 @@ Client configurations to internally connect to the Resource Aggregate service. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.resourceAggregate.grpc.address` | string | `Resource aggregate service address.` | `"127.0.0.1:9100"` | -| `clients.resourceAggregate.grpc.keepAlive.time` | string | `After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.` | `10s` | -| `clients.resourceAggregate.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `clients.resourceAggregate.grpc.keepAlive.permitWithoutStream` | bool | `If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.` | `false` | -| `clients.resourceAggregate.grpc.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.resourceAggregate.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.resourceAggregate.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.resourceAggregate.grpc.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `clients.resourceAggregate.grpc.address` | string | Resource aggregate service address. | `"127.0.0.1:9100"` | +| `clients.resourceAggregate.grpc.keepAlive.time` | string | After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive. | `10s` | +| `clients.resourceAggregate.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `clients.resourceAggregate.grpc.keepAlive.permitWithoutStream` | bool | If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent. | `false` | +| `clients.resourceAggregate.grpc.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.resourceAggregate.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.resourceAggregate.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.resourceAggregate.grpc.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### Storage @@ -133,30 +133,30 @@ plgd hub uses MongoDB database as the owner's device store. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.storage.mongoDB.uri` | string | `URI to mongo database.` | `"mongodb://localhost:27017"` | -| `clients.storage.mongoDB.database` | string | `Name of database.` | `"cloud2cloudConnector"` | -| `clients.storage.mongoDB.maxPoolSize` | int | `Limits number of connections.` | `16` | -| `clients.storage.mongoDB.maxConnIdleTime` | string | `Close connection when idle time reach the value.` | `4m` | -| `clients.storage.mongoDB.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.storage.mongoDB.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.storage.mongoDB.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.storage.mongoDB.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `clients.storage.mongoDB.uri` | string | URI to mongo database. | `"mongodb://localhost:27017"` | +| `clients.storage.mongoDB.database` | string | Name of database. | `"cloud2cloudConnector"` | +| `clients.storage.mongoDB.maxPoolSize` | int | Limits number of connections. | `16` | +| `clients.storage.mongoDB.maxConnIdleTime` | string | Close connection when idle time reach the value. | `4m` | +| `clients.storage.mongoDB.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.storage.mongoDB.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.storage.mongoDB.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.storage.mongoDB.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### Subscription | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.subscription.http.reconnectInterval` | string | `The interval after which to try to reconnect to grpc-gateway client when connection was closed.` | `"10s"` | -| `clients.subscription.http.resubscribeInterval` | string | `The interval after which to try to resubscribe to grpc-gateway client when subscription does not exist.` | `"10s"` | +| `clients.subscription.http.reconnectInterval` | string | The interval after which to try to reconnect to grpc-gateway client when connection was closed. | `"10s"` | +| `clients.subscription.http.resubscribeInterval` | string | The interval after which to try to resubscribe to grpc-gateway client when subscription does not exist. | `"10s"` | ### Task Queue | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `taskProcessor.cacheSize` | int | `Size of processor task queue` | `2048` | -| `taskProcessor.timeout` | string | `Timeout for one running task` | `"5s"` | -| `taskProcessor.maxParallel` | int | `Maximal number of running tasks at the same time` | `128` | -| `taskProcessor.delay` | string | `Task delay before start` | `0s` | +| `taskProcessor.cacheSize` | int | Size of processor task queue. | `2048` | +| `taskProcessor.timeout` | string | Timeout for one running task. | `"5s"` | +| `taskProcessor.maxParallel` | int | Maximal number of running tasks at the same time. | `128` | +| `taskProcessor.delay` | string | Task delay before start. | `0s` | ## API diff --git a/content/en/docs/configuration/cloud2cloud-gateway.md b/content/en/docs/configuration/cloud2cloud-gateway.md index 24434951..17ff99dc 100644 --- a/content/en/docs/configuration/cloud2cloud-gateway.md +++ b/content/en/docs/configuration/cloud2cloud-gateway.md @@ -23,36 +23,36 @@ A configuration template is available in [cloud2cloud-gateway/config.yaml](https | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `log.level` | string | `Logging enabled from level.` | `"info"` | -| `log.encoding` | string | `Logging format. The supported values are: "json", "console"` | `"json"` | -| `log.stacktrace.enabled` | bool | `Log stacktrace.` | `false` | -| `log.stacktrace.level` | string | `Stacktrace from level.` | `"warn"` | -| `log.encoderConfig.timeEncoder` | string | `Time format for logs. The supported values are: "rfc3339nano", "rfc3339".` | `"rfc3339nano"` | +| `log.level` | string | Logging enabled from level. | `"info"` | +| `log.encoding` | string | Logging format. The supported values are: "json", "console" | `"json"` | +| `log.stacktrace.enabled` | bool | Log stacktrace. | `false` | +| `log.stacktrace.level` | string | Stacktrace from level. | `"warn"` | +| `log.encoderConfig.timeEncoder` | string | Time format for logs. The supported values are: "rfc3339nano", "rfc3339". | `"rfc3339nano"` | ### HTTP API | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `apis.http.address` | string | `Listen specification : for http client connection.` | `"0.0.0.0:9100"` | -| `apis.http.readTimeout` | string | `The maximum duration for reading the entire request, including the body by the server. A zero or negative value means there will be no timeout.` | `8s` | -| `apis.http.readHeaderTimeout` | string | `The amount of time allowed to read request headers by the server. If readHeaderTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout.` | `4s` | -| `apis.http.writeTimeout` | string | `The maximum duration before the server times out writing of the response. A zero or negative value means there will be no timeout.` | `16s` | -| `apis.http.idleTimeout` | string | `The maximum amount of time the server waits for the next request when keep-alives are enabled. If idleTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout.` | `30s` | -| `apis.http.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `apis.http.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.http.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.http.tls.clientCertificateRequired` | bool | `If true, require client certificate.` | `true` | -| `apis.http.authorization.authority` | string | `Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token’s signature.` | `""` | -| `apis.http.authorization.audience` | string | `Identifier of the API configured in your OAuth provider.` | `""` | -| `apis.http.authorization.http.maxIdleConns` | int | `It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit.` | `16` | -| `apis.http.authorization.http.maxConnsPerHost` | int | `It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit.` | `32` | -| `apis.http.authorization.http.maxIdleConnsPerHost` | int | `If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.` | `16` | -| `apis.http.authorization.http.idleConnTimeout` | string | `The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit.` | `30s` | -| `apis.http.authorization.http.timeout` | string | `A time limit for requests made by this Client. A Timeout of zero means no timeout.` | `10s` | -| `apis.http.authorization.http.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `apis.http.authorization.http.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.http.authorization.http.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.http.authorization.http.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `apis.http.address` | string | Listen specification : for http client connection. | `"0.0.0.0:9100"` | +| `apis.http.readTimeout` | string | The maximum duration for reading the entire request, including the body by the server. A zero or negative value means there will be no timeout. | `8s` | +| `apis.http.readHeaderTimeout` | string | The amount of time allowed to read request headers by the server. If readHeaderTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout. | `4s` | +| `apis.http.writeTimeout` | string | The maximum duration before the server times out writing of the response. A zero or negative value means there will be no timeout. | `16s` | +| `apis.http.idleTimeout` | string | The maximum amount of time the server waits for the next request when keep-alives are enabled. If idleTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout. | `30s` | +| `apis.http.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `apis.http.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.http.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.http.tls.clientCertificateRequired` | bool | If true, require client certificate. | `true` | +| `apis.http.authorization.authority` | string | Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token's signature. | `""` | +| `apis.http.authorization.audience` | string | Identifier of the API configured in your OAuth provider. | `""` | +| `apis.http.authorization.http.maxIdleConns` | int | It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit. | `16` | +| `apis.http.authorization.http.maxConnsPerHost` | int | It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit. | `32` | +| `apis.http.authorization.http.maxIdleConnsPerHost` | int | If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. | `16` | +| `apis.http.authorization.http.idleConnTimeout` | string | The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit. | `30s` | +| `apis.http.authorization.http.timeout` | string | A time limit for requests made by this Client. A Timeout of zero means no timeout. | `10s` | +| `apis.http.authorization.http.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `apis.http.authorization.http.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.http.authorization.http.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.http.authorization.http.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### Event Bus @@ -60,13 +60,13 @@ plgd hub uses NATS messaging system as an event bus. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.eventBus.nats.url` | string | `URL to nats messaging system.` | `"nats://localhost:4222"` | -| `clients.eventBus.nats.pendingLimits.msgLimit` | int | `Limit number of messages in queue. -1 means unlimited` | `524288` | -| `clients.eventBus.nats.pendingLimits.bytesLimit` | int | `Limit buffer size of queue. -1 means unlimited` | `67108864` | -| `clients.eventBus.nats.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.eventBus.nats.tls.keyFile` | string | `File name of private key in PEM format.` | `""` | -| `clients.eventBus.nats.tls.certFile` | string | `File name of certificate in PEM format.` | `""` | -| `clients.eventBus.nats.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `clients.eventBus.nats.url` | string | URL to nats messaging system. | `"nats://localhost:4222"` | +| `clients.eventBus.nats.pendingLimits.msgLimit` | int | Limit number of messages in queue. -1 means unlimited | `524288` | +| `clients.eventBus.nats.pendingLimits.bytesLimit` | int | Limit buffer size of queue. -1 means unlimited | `67108864` | +| `clients.eventBus.nats.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.eventBus.nats.tls.keyFile` | string | File name of private key in PEM format. | `""` | +| `clients.eventBus.nats.tls.certFile` | string | File name of certificate in PEM format. | `""` | +| `clients.eventBus.nats.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### GRPC Gateway Client @@ -74,14 +74,14 @@ Client configurations to internally connect to GRPC Gateway service. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.grpcGateway.grpc.address` | string | `GRPC Gateway service address.` | `"127.0.0.1:9100"` | -| `clients.grpcGateway.grpc.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.grpcGateway.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.grpcGateway.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.grpcGateway.grpc.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | -| `clients.grpcGateway.grpc.keepAlive.time` | string | `After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.` | `10s` | -| `clients.grpcGateway.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `clients.grpcGateway.grpc.keepAlive.permitWithoutStream` | bool | `If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.` | `false` | +| `clients.grpcGateway.grpc.address` | string | GRPC Gateway service address. | `"127.0.0.1:9100"` | +| `clients.grpcGateway.grpc.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.grpcGateway.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.grpcGateway.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.grpcGateway.grpc.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | +| `clients.grpcGateway.grpc.keepAlive.time` | string | After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive. | `10s` | +| `clients.grpcGateway.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `clients.grpcGateway.grpc.keepAlive.permitWithoutStream` | bool | If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent. | `false` | ### Resource Aggregate Client @@ -89,14 +89,14 @@ Client configurations to internally connect to the Resource Aggregate service. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.resourceAggregate.grpc.address` | string | `Resource aggregate service address.` | `"127.0.0.1:9100"` | -| `clients.resourceAggregate.grpc.keepAlive.time` | string | `After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.` | `10s` | -| `clients.resourceAggregate.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `clients.resourceAggregate.grpc.keepAlive.permitWithoutStream` | bool | `If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.` | `false` | -| `clients.resourceAggregate.grpc.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.resourceAggregate.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.resourceAggregate.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.resourceAggregate.grpc.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `clients.resourceAggregate.grpc.address` | string | Resource aggregate service address. | `"127.0.0.1:9100"` | +| `clients.resourceAggregate.grpc.keepAlive.time` | string | After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive. | `10s` | +| `clients.resourceAggregate.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `clients.resourceAggregate.grpc.keepAlive.permitWithoutStream` | bool | If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent. | `false` | +| `clients.resourceAggregate.grpc.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.resourceAggregate.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.resourceAggregate.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.resourceAggregate.grpc.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### Storage @@ -104,33 +104,33 @@ plgd hub uses MongoDB database as the owner's device store. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.storage.mongoDB.uri` | string | `URI to mongo database.` | `"mongodb://localhost:27017"` | -| `clients.storage.mongoDB.database` | string | `Name of database.` | `"cloud2cloudGateway"` | -| `clients.storage.mongoDB.maxPoolSize` | int | `Limits number of connections.` | `16` | -| `clients.storage.mongoDB.maxConnIdleTime` | string | `Close connection when idle time reach the value.` | `4m` | -| `clients.storage.mongoDB.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.storage.mongoDB.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.storage.mongoDB.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.storage.mongoDB.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `clients.storage.mongoDB.uri` | string | URI to mongo database. | `"mongodb://localhost:27017"` | +| `clients.storage.mongoDB.database` | string | Name of database. | `"cloud2cloudGateway"` | +| `clients.storage.mongoDB.maxPoolSize` | int | Limits number of connections. | `16` | +| `clients.storage.mongoDB.maxConnIdleTime` | string | Close connection when idle time reach the value. | `4m` | +| `clients.storage.mongoDB.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.storage.mongoDB.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.storage.mongoDB.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.storage.mongoDB.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### Subscription | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.subscription.http.reconnectInterval` | string | `try to reconnect after interval to resource-directory when connection was closed` | `"10s"` | -| `clients.subscription.http.emitEventTimeout` | string | `timeout for send event` | `"5s"` | -| `clients.subscription.http.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.subscription.http.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.subscription.http.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.subscription.http.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `clients.subscription.http.reconnectInterval` | string | try to reconnect after interval to resource-directory when connection was closed | `"10s"` | +| `clients.subscription.http.emitEventTimeout` | string | timeout for send event. | `"5s"` | +| `clients.subscription.http.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.subscription.http.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.subscription.http.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.subscription.http.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### Task Queue | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `taskQueue.goPoolSize` | int | `Maximum number of running goroutine instances.` | `1600` | -| `taskQueue.size` | int | `Size of queue. If it exhausted, submit returns error.` | `2097152` | -| `taskQueue.maxIdleTime` | string | `Sets up the interval time of cleaning up goroutines. Zero means never cleanup.` | `10m` | +| `taskQueue.goPoolSize` | int | Maximum number of running goroutine instances. | `1600` | +| `taskQueue.size` | int | Size of queue. If it exhausted, submit returns error. | `2097152` | +| `taskQueue.maxIdleTime` | string | Sets up the interval time of cleaning up goroutines. Zero means never cleanup. | `10m` | {{< note >}} diff --git a/content/en/docs/configuration/coap-gateway.md b/content/en/docs/configuration/coap-gateway.md index cd395f9b..b0f58bae 100644 --- a/content/en/docs/configuration/coap-gateway.md +++ b/content/en/docs/configuration/coap-gateway.md @@ -23,12 +23,12 @@ A configuration template is available on [coap-gateway/config.yaml](https://gith | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `log.dumpBody` | bool | `Set to true if you would like to dump raw messages.` | `false` | -| `log.level` | string | `Logging enabled from level.` | `"info"` | -| `log.encoding` | string | `Logging format. The supported values are: "json", "console"` | `"json"` | -| `log.stacktrace.enabled` | bool | `Log stacktrace.` | `false` | -| `log.stacktrace.level` | string | `Stacktrace from level.` | `"warn"` | -| `log.encoderConfig.timeEncoder` | string | `Time format for logs. The supported values are: "rfc3339nano", "rfc3339".` | `"rfc3339nano"` | +| `log.dumpBody` | bool | Set to true if you would like to dump raw messages. | `false` | +| `log.level` | string | Logging enabled from level. | `"info"` | +| `log.encoding` | string | Logging format. The supported values are: "json", "console" | `"json"` | +| `log.stacktrace.enabled` | bool | Log stacktrace. | `false` | +| `log.stacktrace.level` | string | Stacktrace from level. | `"warn"` | +| `log.encoderConfig.timeEncoder` | string | Time format for logs. The supported values are: "rfc3339nano", "rfc3339". | `"rfc3339nano"` | ### CoAP API @@ -36,23 +36,23 @@ CoAP API as specified in the [Open Connectivity Foundation - Device to Cloud Ser | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `apis.coap.address` | string | `Listen specification : for coap client connection.` | `"0.0.0.0:5684"` | -| `apis.coap.protocols` | []string | `Protocol for coap connection. The supported values are: "tcp", "udp" .` | `["tcp"]` | -| `apis.coap.externalAddress` | string | `External address including public domain/IP for coap client connection.` | `"coap-gw.example.com:5684"` | -| `apis.coap.maxMessageSize` | int | `Max message size which can be sent/received via coap. i.e. 256*1024 = 262144 bytes.` | `262144` | -| `apis.coap.ownerCacheExpiration` | string | `Time limit of how long to keep subscribed to device updates after last use of the given cache item.` | `1m` | -| `apis.coap.subscriptionBufferSize` | int | `The maximum buffer size for one events subscription.` | `1000` | -| `apis.coap.messagePoolSize` | int | `Defines the maximum preallocated messages in the pool for parse/create coap messages.` | `1000` | -| `apis.coap.keepAlive.timeout` | string | `Time limit to close inactive connection.` | `20s` | -| `apis.coap.blockwiseTransfer.enabled` | bool | `If true, enable blockwise transfer of coap messages.` | `true` | -| `apis.coap.blockwiseTransfer.blockSize` | int | `Size of blockwise transfer block.` | `1024` | -| `apis.coap.tls.enabled` | bool | `If true, require server certificate for ssl connection.` | `true` | -| `apis.coap.tls.disconnectOnExpiredCertificate` | bool | `If true, device with expired certificates will be disconnected.` | `false` | -| `apis.coap.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `apis.coap.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.coap.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.coap.tls.clientCertificateRequired` | bool | `If true, require client certificate.` | `true` | -| `apis.coap.tls.identityPropertiesRequired` | bool | `If true, require EKU with 1.3.6.1.4.1.44924.1.6 and CN with uuid= in client certificate as is defined OCF.` | `true` | +| `apis.coap.address` | string | Listen specification : for coap client connection. | `"0.0.0.0:5684"` | +| `apis.coap.protocols` | []string | Protocol for coap connection. The supported values are: "tcp", "udp" . | `["tcp"]` | +| `apis.coap.externalAddress` | string | External address including public domain/IP for coap client connection. | `"coap-gw.example.com:5684"` | +| `apis.coap.maxMessageSize` | int | Max message size which can be sent/received via coap. i.e. 256*1024 = 262144 bytes. | `262144` | +| `apis.coap.ownerCacheExpiration` | string | Time limit of how long to keep subscribed to device updates after last use of the given cache item. | `1m` | +| `apis.coap.subscriptionBufferSize` | int | The maximum buffer size for one events subscription. | `1000` | +| `apis.coap.messagePoolSize` | int | Defines the maximum preallocated messages in the pool for parse/create coap messages. | `1000` | +| `apis.coap.keepAlive.timeout` | string | Time limit to close inactive connection. | `20s` | +| `apis.coap.blockwiseTransfer.enabled` | bool | If true, enable blockwise transfer of coap messages. | `true` | +| `apis.coap.blockwiseTransfer.blockSize` | int | Size of blockwise transfer block. | `1024` | +| `apis.coap.tls.enabled` | bool | If true, require server certificate for ssl connection. | `true` | +| `apis.coap.tls.disconnectOnExpiredCertificate` | bool | If true, device with expired certificates will be disconnected. | `false` | +| `apis.coap.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `apis.coap.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.coap.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.coap.tls.clientCertificateRequired` | bool | If true, require client certificate. | `true` | +| `apis.coap.tls.identityPropertiesRequired` | bool | If true, require EKU with 1.3.6.1.4.1.44924.1.6 and CN with uuid= in client certificate as is defined OCF. | `true` | #### OAuth2.0 Client @@ -60,25 +60,25 @@ OAuth2.0 Client is used to issuing an authorization code used by the Onboarding | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `apis.coap.authorization.ownerClaim` | string | `Claim used to identify owner of the device. Combination of ownerClaim set to sub is not compatible if at least one authorization provider uses grant type clientCredentials.` | `"sub"` | -| `apis.coap.authorization.deviceIDClaim` | string | `Claim used to identify device id of the device. Empty means that JWT doesn't contain it.` | `""` | -| `apis.coap.authorization.providers[].name` | string | `Provider name, the register request of the device must contain one of the names of providers.` | `""` | -| `apis.coap.authorization.providers[].clientID` | string | `Client ID to exchange an authorization code for an access token.` | `""` | -| `apis.coap.authorization.providers[].clientSecretFile` | string | `File path to client secret required to exchange an authorization code for an access token.` | `""` | -| `apis.coap.authorization.providers[].grantType` | string | `A grant type of OAuth provider specifies how the device signing up process is authorized. Combination of apis.coap.authorization.ownerClaim set to sub is not compatible if at least one authorization provider uses grant type clientCredentials. Supported values: authorizationCode, clientCredentials` | `"authorizationCode"` | -| `apis.coap.authorization.providers[].scopes` | string array | `List of required scopes.` | `""` | -| `apis.coap.authorization.providers[].authority` | string | `Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token’s signature.` | `""` | -| `apis.coap.authorization.providers[].audience` | string | `Audience of OAuth provider.` | `""` | -| `apis.coap.authorization.providers[].redirectURL` | string | `Redirect url used to obtain device access token.` | `""` | -| `apis.coap.authorization.providers[].http.maxIdleConns` | int | `It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit.` | `16` | -| `apis.coap.authorization.providers[].http.maxConnsPerHost` | int | `It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit.` | `32` | -| `apis.coap.authorization.providers[].http.maxIdleConnsPerHost` | int | `If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.` | `16` | -| `apis.coap.authorization.providers[].http.idleConnTimeout` | string | `The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit.` | `30s` | -| `apis.coap.authorization.providers[].http.timeout` | string | `A time limit for requests made by this Client. A Timeout of zero means no timeout.` | `10s` | -| `apis.coap.authorization.providers[].http.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `apis.coap.authorization.providers[].http.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.coap.authorization.providers[].http.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.coap.authorization.providers[].http.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `apis.coap.authorization.ownerClaim` | string | Claim used to identify owner of the device. Combination of ownerClaim set to sub is not compatible if at least one authorization provider uses grant type clientCredentials. | `"sub"` | +| `apis.coap.authorization.deviceIDClaim` | string | Claim used to identify device id of the device. Empty means that JWT doesn't contain it. | `""` | +| `apis.coap.authorization.providers[].name` | string | Provider name, the register request of the device must contain one of the names of providers. | `""` | +| `apis.coap.authorization.providers[].clientID` | string | Client ID to exchange an authorization code for an access token. | `""` | +| `apis.coap.authorization.providers[].clientSecretFile` | string | File path to client secret required to exchange an authorization code for an access token. | `""` | +| `apis.coap.authorization.providers[].grantType` | string | A grant type of OAuth provider specifies how the device signing up process is authorized. Combination of apis.coap.authorization.ownerClaim set to sub is not compatible if at least one authorization provider uses grant type clientCredentials. Supported values: authorizationCode, clientCredentials | `"authorizationCode"` | +| `apis.coap.authorization.providers[].scopes` | string array | List of required scopes. | `""` | +| `apis.coap.authorization.providers[].authority` | string | Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token's signature. | `""` | +| `apis.coap.authorization.providers[].audience` | string | Audience of OAuth provider. | `""` | +| `apis.coap.authorization.providers[].redirectURL` | string | Redirect url used to obtain device access token. | `""` | +| `apis.coap.authorization.providers[].http.maxIdleConns` | int | It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit. | `16` | +| `apis.coap.authorization.providers[].http.maxConnsPerHost` | int | It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit. | `32` | +| `apis.coap.authorization.providers[].http.maxIdleConnsPerHost` | int | If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. | `16` | +| `apis.coap.authorization.providers[].http.idleConnTimeout` | string | The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit. | `30s` | +| `apis.coap.authorization.providers[].http.timeout` | string | A time limit for requests made by this Client. A Timeout of zero means no timeout. | `10s` | +| `apis.coap.authorization.providers[].http.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `apis.coap.authorization.providers[].http.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.coap.authorization.providers[].http.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.coap.authorization.providers[].http.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | {{< tip >}} @@ -92,14 +92,14 @@ plgd hub uses NATS messaging system as an event bus. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.eventBus.goPoolSize` | int | `Number of routines to process events in projection.` | `16` | -| `clients.eventBus.nats.url` | string | `URL to nats messaging system.` | `"nats://localhost:4222"` | -| `clients.eventBus.nats.pendingLimits.msgLimit` | int | `Limit number of messages in queue. -1 means unlimited` | `524288` | -| `clients.eventBus.nats.pendingLimits.bytesLimit` | int | `Limit buffer size of queue. -1 means unlimited` | `67108864` | -| `clients.eventBus.nats.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.eventBus.nats.tls.keyFile` | string | `File name of private key in PEM format.` | `""` | -| `clients.eventBus.nats.tls.certFile` | string | `File name of certificate in PEM format.` | `""` | -| `clients.eventBus.nats.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `clients.eventBus.goPoolSize` | int | Number of routines to process events in projection. | `16` | +| `clients.eventBus.nats.url` | string | URL to nats messaging system. | `"nats://localhost:4222"` | +| `clients.eventBus.nats.pendingLimits.msgLimit` | int | Limit number of messages in queue. -1 means unlimited | `524288` | +| `clients.eventBus.nats.pendingLimits.bytesLimit` | int | Limit buffer size of queue. -1 means unlimited | `67108864` | +| `clients.eventBus.nats.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.eventBus.nats.tls.keyFile` | string | File name of private key in PEM format. | `""` | +| `clients.eventBus.nats.tls.certFile` | string | File name of certificate in PEM format. | `""` | +| `clients.eventBus.nats.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### Identity Store Client @@ -107,14 +107,14 @@ Client configurations to internally connect to Identity Store service. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.identityStore.grpc.address` | string | `Identity Store service address.` | `"127.0.0.1:9100"` | -| `clients.identityStore.grpc.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.identityStore.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.identityStore.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.identityStore.grpc.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | -| `clients.identityStore.grpc.keepAlive.time` | string | `After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.` | `10s` | -| `clients.identityStore.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `clients.identityStore.grpc.keepAlive.permitWithoutStream` | bool | `If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.` | `false` | +| `clients.identityStore.grpc.address` | string | Identity Store service address. | `"127.0.0.1:9100"` | +| `clients.identityStore.grpc.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.identityStore.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.identityStore.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.identityStore.grpc.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | +| `clients.identityStore.grpc.keepAlive.time` | string | After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive. | `10s` | +| `clients.identityStore.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `clients.identityStore.grpc.keepAlive.permitWithoutStream` | bool | If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent. | `false` | ### Resource Aggregate Client @@ -122,16 +122,16 @@ Client configurations to internally connect to Resource Aggregate service. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.resourceAggregate.grpc.address` | string | `Resource aggregate service address.` | `"127.0.0.1:9100"` | -| `clients.resourceAggregate.grpc.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.resourceAggregate.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.resourceAggregate.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.resourceAggregate.grpc.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | -| `clients.resourceAggregate.grpc.keepAlive.time` | string | `After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.` | `10s` | -| `clients.resourceAggregate.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `clients.resourceAggregate.grpc.keepAlive.permitWithoutStream` | bool | `If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.` | `false` | -| `clients.resourceAggregate.deviceStatusExpiration.enabled` | bool | `If true, refresh device online status in short time than sign token expires.` | `false` | -| `clients.resourceAggregate.deviceStatusExpiration.expiresIn` | bool | `The interval time required for refreshing the online status of the device. The specified interval must be equal to or greater than 1 second.` | `0s` | +| `clients.resourceAggregate.grpc.address` | string | Resource aggregate service address. | `"127.0.0.1:9100"` | +| `clients.resourceAggregate.grpc.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.resourceAggregate.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.resourceAggregate.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.resourceAggregate.grpc.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | +| `clients.resourceAggregate.grpc.keepAlive.time` | string | After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive. | `10s` | +| `clients.resourceAggregate.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `clients.resourceAggregate.grpc.keepAlive.permitWithoutStream` | bool | If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent. | `false` | +| `clients.resourceAggregate.deviceStatusExpiration.enabled` | bool | If true, refresh device online status in short time than sign token expires. | `false` | +| `clients.resourceAggregate.deviceStatusExpiration.expiresIn` | bool | The interval time required for refreshing the online status of the device. The specified interval must be equal to or greater than 1 second. | `0s` | ### Resource Directory Client @@ -139,28 +139,28 @@ Client configurations to internally connect to Resource Directory service. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.resourceDirectory.grpc.address` | string | `Resource directory service address.` | `"127.0.0.1:9100"` | -| `clients.resourceDirectory.grpc.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.resourceDirectory.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.resourceDirectory.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.resourceDirectory.grpc.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | -| `clients.resourceDirectory.grpc.keepAlive.time` | string | `After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.` | `10s` | -| `clients.resourceDirectory.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `clients.resourceDirectory.grpc.keepAlive.permitWithoutStream` | bool | `If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.` | `false` | +| `clients.resourceDirectory.grpc.address` | string | Resource directory service address. | `"127.0.0.1:9100"` | +| `clients.resourceDirectory.grpc.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.resourceDirectory.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.resourceDirectory.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.resourceDirectory.grpc.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | +| `clients.resourceDirectory.grpc.keepAlive.time` | string | After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive. | `10s` | +| `clients.resourceDirectory.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `clients.resourceDirectory.grpc.keepAlive.permitWithoutStream` | bool | If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent. | `false` | ### Task Queue | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `taskQueue.goPoolSize` | int | `Maximum number of running goroutine instances.` | `1600` | -| `taskQueue.size` | int | `Size of queue. If it exhausted, submit returns error.` | `2097152` | -| `taskQueue.maxIdleTime` | string | `Sets up the interval time of cleaning up goroutines. Zero means never cleanup.` | `10m` | +| `taskQueue.goPoolSize` | int | Maximum number of running goroutine instances. | `1600` | +| `taskQueue.size` | int | Size of queue. If it exhausted, submit returns error. | `2097152` | +| `taskQueue.maxIdleTime` | string | Sets up the interval time of cleaning up goroutines. Zero means never cleanup. | `10m` | ### Service Heartbeat | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `serviceHeartbeat.timeToLive` | string | `Sets the initial validity duration of the coap-gateway instance in the database, with a minimum value of 1 second. This validity is periodically extended until the coap-gateway ends.` | `1m` | +| `serviceHeartbeat.timeToLive` | string | Sets the initial validity duration of the coap-gateway instance in the database, with a minimum value of 1 second. This validity is periodically extended until the coap-gateway ends. | `1m` | {{< note >}} diff --git a/content/en/docs/configuration/device-provisioning-service.md b/content/en/docs/configuration/device-provisioning-service.md index 4a3c387e..7d9f2594 100644 --- a/content/en/docs/configuration/device-provisioning-service.md +++ b/content/en/docs/configuration/device-provisioning-service.md @@ -25,12 +25,12 @@ A configuration template is available on [config.yaml](https://github.com/plgd-d | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `log.dumpBody` | bool | `Set to true if you would like to dump raw messages.` | `false` | -| `log.level` | string | `Logging enabled from level.` | `"info"` | -| `log.encoding` | string | `Logging format. The supported values are: "json", "console"` | `"json"` | -| `log.stacktrace.enabled` | bool | `Log stacktrace.` | `false` | -| `log.stacktrace.level` | string | `Stacktrace from level.` | `"warn"` | -| `log.encoderConfig.timeEncoder` | string | `Time format for logs. The supported values are: "rfc3339nano", "rfc3339".` | `"rfc3339nano"` | +| `log.dumpBody` | bool | Set to true if you would like to dump raw messages. | `false` | +| `log.level` | string | Logging enabled from level. | `"info"` | +| `log.encoding` | string | Logging format. The supported values are: "json", "console" | `"json"` | +| `log.stacktrace.enabled` | bool | Log stacktrace. | `false` | +| `log.stacktrace.level` | string | Stacktrace from level. | `"warn"` | +| `log.encoderConfig.timeEncoder` | string | Time format for logs. The supported values are: "rfc3339nano", "rfc3339". | `"rfc3339nano"` | ### CoAP API @@ -38,15 +38,15 @@ CoAP API as specified in the [workflow](./workflow.puml). | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `apis.coap.address` | string | `Listen specification : for coap client connection.` | `"0.0.0.0:5688"` | -| `apis.coap.protocols` | []string | `Protocol for coap connection. The supported values are: "tcp", "udp" .` | `["tcp"]` | -| `apis.coap.maxMessageSize` | int | `Max message size which can be sent/received via coap. i.e. 256*1024 = 262144 bytes.` | `262144` | -| `apis.coap.messagePoolSize` | int | `Defines the maximum preallocated messages in the pool for parse/create coap messages.` | `1000` | -| `apis.coap.inactivityMonitor.timeout` | string | `Time limit to close inactive connection.` | `20s` | -| `apis.coap.blockwiseTransfer.enabled` | bool | `If true, enable blockwise transfer of coap messages.` | `true` | -| `apis.coap.blockwiseTransfer.blockSize` | int | `Size of blockwise transfer block.` | `1024` | -| `apis.coap.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.coap.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | +| `apis.coap.address` | string | Listen specification : for coap client connection. | `"0.0.0.0:5688"` | +| `apis.coap.protocols` | []string | Protocol for coap connection. The supported values are: "tcp", "udp" . | `["tcp"]` | +| `apis.coap.maxMessageSize` | int | Max message size which can be sent/received via coap. i.e. 256*1024 = 262144 bytes. | `262144` | +| `apis.coap.messagePoolSize` | int | Defines the maximum preallocated messages in the pool for parse/create coap messages. | `1000` | +| `apis.coap.inactivityMonitor.timeout` | string | Time limit to close inactive connection. | `20s` | +| `apis.coap.blockwiseTransfer.enabled` | bool | If true, enable blockwise transfer of coap messages. | `true` | +| `apis.coap.blockwiseTransfer.blockSize` | int | Size of blockwise transfer block. | `1024` | +| `apis.coap.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.coap.tls.certFile` | string | File path to the certificate in PEM format. | `""` | ### HTTP API @@ -54,27 +54,27 @@ The plgd device provisioning service REST API is defined by [swagger](https://ra | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `apis.http.enabled` | bool | `Enable HTTP API.` | `false` | -| `apis.http.address` | string | `Listen specification : for http client connection.` | `"0.0.0.0:9100"` | -| `apis.http.tls.caPool` | string | `File path to the root certificate in PEM format which might contain multiple certificates in a single file.` | `""` | -| `apis.http.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.http.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.http.tls.clientCertificateRequired` | bool | `If true, require client certificate.` | `true` | -| `apis.http.authorization.authority` | string | `Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token’s signature.` | `""` | -| `apis.http.authorization.audience` | string | `Identifier of the API configured in your OAuth provider.` | `""` | -| `apis.http.authorization.http.maxIdleConns` | int | `It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit.` | `16` | -| `apis.http.authorization.http.maxConnsPerHost` | int | `It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit.` | `32` | -| `apis.http.authorization.http.maxIdleConnsPerHost` | int | `If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.` | `16` | -| `apis.http.authorization.http.idleConnTimeout` | string | `The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit.` | `30s` | -| `apis.http.authorization.http.timeout` | string | `A time limit for requests made by this Client. A Timeout of zero means no timeout.` | `10s` | -| `apis.http.authorization.http.tls.caPool` | string | `File path to the root certificate in PEM format which might contain multiple certificates in a single file.` | `""` | -| `apis.http.authorization.http.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.http.authorization.http.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.http.authorization.http.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | -| `apis.http.readTimeout` | string | `The maximum duration for reading the entire request, including the body by the server. A zero or negative value means there will be no timeout.` | `8s` | -| `apis.http.readHeaderTimeout` | string | `The amount of time allowed to read request headers by the server. If readHeaderTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout.` | `4s` | -| `apis.http.writeTimeout` | string | `The maximum duration before the server times out writing of the response. A zero or negative value means there will be no timeout.` | `16s` | -| `apis.http.idleTimeout` | string | `The maximum amount of time the server waits for the next request when keep-alives are enabled. If idleTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout.` | `30s` | +| `apis.http.enabled` | bool | Enable HTTP API. | `false` | +| `apis.http.address` | string | Listen specification : for http client connection. | `"0.0.0.0:9100"` | +| `apis.http.tls.caPool` | string | File path to the root certificate in PEM format which might contain multiple certificates in a single file. | `""` | +| `apis.http.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.http.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.http.tls.clientCertificateRequired` | bool | If true, require client certificate. | `true` | +| `apis.http.authorization.authority` | string | Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token's signature. | `""` | +| `apis.http.authorization.audience` | string | Identifier of the API configured in your OAuth provider. | `""` | +| `apis.http.authorization.http.maxIdleConns` | int | It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit. | `16` | +| `apis.http.authorization.http.maxConnsPerHost` | int | It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit. | `32` | +| `apis.http.authorization.http.maxIdleConnsPerHost` | int | If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. | `16` | +| `apis.http.authorization.http.idleConnTimeout` | string | The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit. | `30s` | +| `apis.http.authorization.http.timeout` | string | A time limit for requests made by this Client. A Timeout of zero means no timeout. | `10s` | +| `apis.http.authorization.http.tls.caPool` | string | File path to the root certificate in PEM format which might contain multiple certificates in a single file. | `""` | +| `apis.http.authorization.http.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.http.authorization.http.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.http.authorization.http.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | +| `apis.http.readTimeout` | string | The maximum duration for reading the entire request, including the body by the server. A zero or negative value means there will be no timeout. | `8s` | +| `apis.http.readHeaderTimeout` | string | The amount of time allowed to read request headers by the server. If readHeaderTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout. | `4s` | +| `apis.http.writeTimeout` | string | The maximum duration before the server times out writing of the response. A zero or negative value means there will be no timeout. | `16s` | +| `apis.http.idleTimeout` | string | The maximum amount of time the server waits for the next request when keep-alives are enabled. If idleTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout. | `30s` | ### Open telemetry exporter @@ -82,15 +82,15 @@ The plgd open telemetry exporter configuration. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.openTelemetryCollector.grpc.enabled` | bool | `Enable OTLP gRPC exporter` | `false` | -| `clients.openTelemetryCollector.grpc.address` | string | `The gRPC collector to which the exporter is going to send data` | `""` | -| `clients.openTelemetryCollector.grpc.keepAlive.time` | string | `After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.` | `10s` | -| `clients.openTelemetryCollector.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `clients.openTelemetryCollector.grpc.keepAlive.permitWithoutStream` | bool | `If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.` | `true` | -| `clients.openTelemetryCollector.grpc.tls.caPool` | string | `File path to the root certificate in PEM format which might contain multiple certificates in a single file.` | `""` | -| `clients.openTelemetryCollector.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.openTelemetryCollector.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.openTelemetryCollector.grpc.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `clients.openTelemetryCollector.grpc.enabled` | bool | Enable OTLP gRPC exporter. | `false` | +| `clients.openTelemetryCollector.grpc.address` | string | The gRPC collector to which the exporter is going to send data. | `""` | +| `clients.openTelemetryCollector.grpc.keepAlive.time` | string | After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive. | `10s` | +| `clients.openTelemetryCollector.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `clients.openTelemetryCollector.grpc.keepAlive.permitWithoutStream` | bool | If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent. | `true` | +| `clients.openTelemetryCollector.grpc.tls.caPool` | string | File path to the root certificate in PEM format which might contain multiple certificates in a single file. | `""` | +| `clients.openTelemetryCollector.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.openTelemetryCollector.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.openTelemetryCollector.grpc.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### Storage @@ -98,18 +98,18 @@ The plgd device provisioning service uses MongoDB database. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.storage.cacheExpiration` | string | `Expiration time of cached records from database.` | `"10m"` | -| `clients.storage.mongoDB.uri` | string | `URI to mongo database.` | `"mongodb://localhost:27017"` | -| `clients.storage.mongoDB.database` | string | `Name of database` | `"deviceProvisioning"` | -| `clients.storage.mongoDB.maxPoolSize` | int | `Limits number of connections.` | `16` | -| `clients.storage.mongoDB.maxConnIdleTime` | string | `Close connection when idle time reach the value.` | `4m0s` | -| `clients.storage.mongoDB.tls.caPool` | string | `File path to the root certificate in PEM format which might contain multiple certificates in a single file.` | `""` | -| `clients.storage.mongoDB.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.storage.mongoDB.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.storage.mongoDB.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | -| `clients.storage.mongoDB.bulkWrite.timeout` | string | `A time limit for write bulk to mongodb. A Timeout of zero means no timeout.` | `1m0s` | -| `clients.storage.mongoDB.bulkWrite.throttleTime` | string | `The amount of time to wait until a record is written to mongodb. Any records collected during the throttle time will also be written. A throttle time of zero writes immediately. If recordLimit is reached, all records are written immediately.` | `500ms` | -| `clients.storage.mongoDB.bulkWrite.documentLimit` | uint16 | `The maximum number of documents to cache before an immediate write.` | `1000` | +| `clients.storage.cacheExpiration` | string | Expiration time of cached records from database. | `"10m"` | +| `clients.storage.mongoDB.uri` | string | URI to mongo database. | `"mongodb://localhost:27017"` | +| `clients.storage.mongoDB.database` | string | Name of database. | `"deviceProvisioning"` | +| `clients.storage.mongoDB.maxPoolSize` | int | Limits number of connections. | `16` | +| `clients.storage.mongoDB.maxConnIdleTime` | string | Close connection when idle time reach the value. | `4m0s` | +| `clients.storage.mongoDB.tls.caPool` | string | File path to the root certificate in PEM format which might contain multiple certificates in a single file. | `""` | +| `clients.storage.mongoDB.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.storage.mongoDB.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.storage.mongoDB.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | +| `clients.storage.mongoDB.bulkWrite.timeout` | string | A time limit for write bulk to mongodb. A Timeout of zero means no timeout. | `1m0s` | +| `clients.storage.mongoDB.bulkWrite.throttleTime` | string | The amount of time to wait until a record is written to mongodb. Any records collected during the throttle time will also be written. A throttle time of zero writes immediately. If recordLimit is reached, all records are written immediately. | `500ms` | +| `clients.storage.mongoDB.bulkWrite.documentLimit` | uint16 | The maximum number of documents to cache before an immediate write. | `1000` | ### Enrollment groups @@ -117,11 +117,11 @@ Enrollment group entry configuration. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `enrollmentGroups.[].id` | string | `Unique enrollment group id in GUID format` | `""` | -| `enrollmentGroups.[].owner` | string | `Owner of a newly provisioned device` | `""` | -| `enrollmentGroups.[].preSharedKeyFile` | string | `File path to the pre-shared key that will be stored on the device for the owner. It must be empty or have 16 characters in the preSharedKeyFile.` | `""` | -| `enrollmentGroups.[].attestationMechanism.x509.certificateChain` | string | `File path to certificate chain in PEM format.` | `""` | -| `enrollmentGroups.[].attestationMechanism.x509.expiredCertificateEnabled` | bool | `Accept device connections with an expired certificate.` | `false` | +| `enrollmentGroups.[].id` | string | Unique enrollment group id in GUID format. | `""` | +| `enrollmentGroups.[].owner` | string | Owner of a newly provisioned device. | `""` | +| `enrollmentGroups.[].preSharedKeyFile` | string | File path to the pre-shared key that will be stored on the device for the owner. It must be empty or have 16 characters in the preSharedKeyFile. | `""` | +| `enrollmentGroups.[].attestationMechanism.x509.certificateChain` | string | File path to certificate chain in PEM format. | `""` | +| `enrollmentGroups.[].attestationMechanism.x509.expiredCertificateEnabled` | bool | Accept device connections with an expired certificate. | `false` | #### Hub @@ -129,17 +129,17 @@ Defines configuration of the plgd hub where the device connects after it's succe | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `enrollmentGroups.[].hub.caPool` | string | `File path to the root certificate in PEM format. Multiple certificates in a single file are supported.` | `""` | -| `enrollmentGroups.[].hub.hubID` | string | `Uniqhe id of the plgd hub instance.` | `""` | -| `enrollmentGroups.[].hub.coapGateway` | string | `plgd hub CoAP gateway endpoint where the devices should connect to after successful provisioning.Format .` | `""` | -| `enrollmentGroups.[].hub.certificateAuthority.grpc.address` | string | `plgd hub Certificate Authority endpoint used to sign device identity CSRs. Format .` | `""` | -| `enrollmentGroups.[].hub.certificateAuthority.grpc.keepAlive.time` | string | `After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.` | `10s` | -| `enrollmentGroups.[].hub.certificateAuthority.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `enrollmentGroups.[].hub.certificateAuthority.grpc.keepAlive.permitWithoutStream` | bool | `If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.` | `true` | -| `enrollmentGroups.[].hub.certificateAuthority.grpc.tls.caPool` | string | `File path to the root certificate in PEM format which might contain multiple certificates in a single file.` | `""` | -| `enrollmentGroups.[].hub.certificateAuthority.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `enrollmentGroups.[].hub.certificateAuthority.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `enrollmentGroups.[].hub.certificateAuthority.grpc.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `enrollmentGroups.[].hub.caPool` | string | File path to the root certificate in PEM format. Multiple certificates in a single file are supported. | `""` | +| `enrollmentGroups.[].hub.hubID` | string | Uniqhe id of the plgd hub instance. | `""` | +| `enrollmentGroups.[].hub.coapGateway` | string | plgd hub CoAP gateway endpoint where the devices should connect to after successful provisioning.Format . | `""` | +| `enrollmentGroups.[].hub.certificateAuthority.grpc.address` | string | plgd hub Certificate Authority endpoint used to sign device identity CSRs. Format . | `""` | +| `enrollmentGroups.[].hub.certificateAuthority.grpc.keepAlive.time` | string | After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive. | `10s` | +| `enrollmentGroups.[].hub.certificateAuthority.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `enrollmentGroups.[].hub.certificateAuthority.grpc.keepAlive.permitWithoutStream` | bool | If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent. | `true` | +| `enrollmentGroups.[].hub.certificateAuthority.grpc.tls.caPool` | string | File path to the root certificate in PEM format which might contain multiple certificates in a single file. | `""` | +| `enrollmentGroups.[].hub.certificateAuthority.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `enrollmentGroups.[].hub.certificateAuthority.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `enrollmentGroups.[].hub.certificateAuthority.grpc.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | #### OAuth2.0 Client @@ -147,22 +147,22 @@ OAuth2.0 Client is used to obtain JWT with ownerClaim an deviceIDClaim via the c | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `enrollmentGroups.[].hub.authorization.ownerClaim` | string | `Claim used to identify owner of the device. If configured, your OAuth2.0 server has to set the owner id to the token as configured. OwnerClaim with sub is not supported. Custom owner claim needs to be configured also on the plgd hub instance. If used with the plgd mock OAuth Server, value https://plgd.dev/owner has to be set. **Required.**` | `""` | -| `enrollmentGroups.[].hub.authorization.deviceIDClaim` | string | `Claim used to make JWT tokens device specific. If configured, your OAuth2.0 server has to set the device id to the token as configured. If used with the plgd mock OAuth Server, value https://plgd.dev/deviceId has to be set.` | `""` | -| `enrollmentGroups.[].hub.authorization.provider.name` | string | `Provider name which is registered also on the instance of the plgd hub where the device connects after it's successfully provisioned. The grant type for this provider must to be set to ClientCredentials.` | `""` | -| `enrollmentGroups.[].hub.authorization.provider.authority` | string | `Authority is the address of the token-issuing authentication server. Services will use this URI to find token endpoint.` | `""` | -| `enrollmentGroups.[].hub.authorization.provider.clientID` | string | `OAuth Client ID.` | `""` | -| `enrollmentGroups.[].hub.authorization.provider.clientSecretFile` | string | `File path to client secret required to request an access token.` | `""` | -| `enrollmentGroups.[].hub.authorization.provider.audience` | string | `Audience of OAuth provider.` | `""` | -| `enrollmentGroups.[].hub.authorization.provider.http.maxIdleConns` | int | `Maximum number of idle (keep-alive) connections across all hosts. Zero means no limit.` | `16` | -| `enrollmentGroups.[].hub.authorization.provider.http.maxConnsPerHost` | int | `Limit the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will be blocked. Zero means no limit.` | `32` | -| `enrollmentGroups.[].hub.authorization.provider.http.maxIdleConnsPerHost` | int | `If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.` | `16` | -| `enrollmentGroups.[].hub.authorization.provider.http.idleConnTimeout` | string | `The maximum time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit.` | `30s` | -| `enrollmentGroups.[].hub.authorization.provider.http.timeout` | string | `A time limit for requests made by this Client. A Timeout of zero means no timeout.` | `10s` | -| `enrollmentGroups.[].hub.authorization.provider.http.tls.caPool` | string | `File path to the root certificate in PEM format which might contain multiple certificates in a single file.` | `""` | -| `enrollmentGroups.[].hub.authorization.provider.http.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `enrollmentGroups.[].hub.authorization.provider.http.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `enrollmentGroups.[].hub.authorization.provider.http.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `enrollmentGroups.[].hub.authorization.ownerClaim` | string | Claim used to identify owner of the device. If configured, your OAuth2.0 server has to set the owner id to the token as configured. OwnerClaim with sub is not supported. Custom owner claim needs to be configured also on the plgd hub instance. If used with the plgd mock OAuth Server, value https://plgd.dev/owner has to be set. **Required.** | `""` | +| `enrollmentGroups.[].hub.authorization.deviceIDClaim` | string | Claim used to make JWT tokens device specific. If configured, your OAuth2.0 server has to set the device id to the token as configured. If used with the plgd mock OAuth Server, value https://plgd.dev/deviceId has to be set. | `""` | +| `enrollmentGroups.[].hub.authorization.provider.name` | string | Provider name which is registered also on the instance of the plgd hub where the device connects after it's successfully provisioned. The grant type for this provider must to be set to ClientCredentials. | `""` | +| `enrollmentGroups.[].hub.authorization.provider.authority` | string | Authority is the address of the token-issuing authentication server. Services will use this URI to find token endpoint. | `""` | +| `enrollmentGroups.[].hub.authorization.provider.clientID` | string | OAuth Client ID. | `""` | +| `enrollmentGroups.[].hub.authorization.provider.clientSecretFile` | string | File path to client secret required to request an access token. | `""` | +| `enrollmentGroups.[].hub.authorization.provider.audience` | string | Audience of OAuth provider. | `""` | +| `enrollmentGroups.[].hub.authorization.provider.http.maxIdleConns` | int | Maximum number of idle (keep-alive) connections across all hosts. Zero means no limit. | `16` | +| `enrollmentGroups.[].hub.authorization.provider.http.maxConnsPerHost` | int | Limit the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will be blocked. Zero means no limit. | `32` | +| `enrollmentGroups.[].hub.authorization.provider.http.maxIdleConnsPerHost` | int | If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. | `16` | +| `enrollmentGroups.[].hub.authorization.provider.http.idleConnTimeout` | string | The maximum time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit. | `30s` | +| `enrollmentGroups.[].hub.authorization.provider.http.timeout` | string | A time limit for requests made by this Client. A Timeout of zero means no timeout. | `10s` | +| `enrollmentGroups.[].hub.authorization.provider.http.tls.caPool` | string | File path to the root certificate in PEM format which might contain multiple certificates in a single file. | `""` | +| `enrollmentGroups.[].hub.authorization.provider.http.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `enrollmentGroups.[].hub.authorization.provider.http.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `enrollmentGroups.[].hub.authorization.provider.http.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | {{< tip >}} @@ -174,9 +174,9 @@ You might have one client, but multiple APIs registered in the OAuth2.0 Server. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `taskQueue.goPoolSize` | int | `Maximum number of running goroutine instances.` | `1600` | -| `taskQueue.size` | int | `Size of queue. If it exhausted, submit returns error.` | `2097152` | -| `taskQueue.maxIdleTime` | string | `Sets up the interval time of cleaning up goroutines. Zero means never cleanup.` | `10m` | +| `taskQueue.goPoolSize` | int | Maximum number of running goroutine instances. | `1600` | +| `taskQueue.size` | int | Size of queue. If it exhausted, submit returns error. | `2097152` | +| `taskQueue.maxIdleTime` | string | Sets up the interval time of cleaning up goroutines. Zero means never cleanup. | `10m` | {{< note >}} diff --git a/content/en/docs/configuration/grpc-gateway.md b/content/en/docs/configuration/grpc-gateway.md index ff16f6f8..7b07cb1c 100644 --- a/content/en/docs/configuration/grpc-gateway.md +++ b/content/en/docs/configuration/grpc-gateway.md @@ -23,11 +23,11 @@ A configuration template is available on [grpc-gateway/config.yaml](https://gith | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `log.level` | string | `Logging enabled from level.` | `"info"` | -| `log.encoding` | string | `Logging format. The supported values are: "json", "console"` | `"json"` | -| `log.stacktrace.enabled` | bool | `Log stacktrace.` | `false` | -| `log.stacktrace.level` | string | `Stacktrace from level.` | `"warn"` | -| `log.encoderConfig.timeEncoder` | string | `Time format for logs. The supported values are: "rfc3339nano", "rfc3339".` | `"rfc3339nano"` | +| `log.level` | string | Logging enabled from level. | `"info"` | +| `log.encoding` | string | Logging format. The supported values are: "json", "console" | `"json"` | +| `log.stacktrace.enabled` | bool | Log stacktrace. | `false` | +| `log.stacktrace.level` | string | Stacktrace from level. | `"warn"` | +| `log.encoderConfig.timeEncoder` | string | Time format for logs. The supported values are: "rfc3339nano", "rfc3339". | `"rfc3339nano"` | ### gRPC API @@ -35,32 +35,32 @@ gRPC API of the gRPC Gateway service as defined [here](https://github.com/plgd-d | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `apis.grpc.address` | string | `Listen specification : for grpc client connection.` | `"0.0.0.0:9100"` | -| `apis.grpc.ownerCacheExpiration` | string | `Time limit of how long to keep subscribed to device updates after last use of the given cache item.` | `1m` | -| `apis.grpc.subscriptionBufferSize` | int | `The maximum buffer size for one events subscription.` | `1000` | -| `apis.grpc.enforcementPolicy.minTime` | string | `The minimum amount of time a client should wait before sending a keepalive ping. Otherwise the server close connection.` | `5s`| -| `apis.grpc.enforcementPolicy.permitWithoutStream` | bool | `If true, server allows keepalive pings even when there are no active streams(RPCs). Otherwise the server close connection.` | `true` | -| `apis.grpc.keepAlive.maxConnectionIdle` | string | `A duration for the amount of time after which an idle connection would be closed by sending a GoAway. 0s means infinity.` | `0s` | -| `apis.grpc.keepAlive.maxConnectionAge` | string | `A duration for the maximum amount of time a connection may exist before it will be closed by sending a GoAway. 0s means infinity.` | `0s` | -| `apis.grpc.keepAlive.maxConnectionAgeGrace` | string | `An additive period after MaxConnectionAge after which the connection will be forcibly closed. 0s means infinity.` | `0s` | -| `apis.grpc.keepAlive.time` | string | `After a duration of this time if the server doesn't see any activity it pings the client to see if the transport is still alive.` | `2h` | -| `apis.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `apis.grpc.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `apis.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.grpc.tls.clientCertificateRequired` | bool | `If true, require client certificate.` | `true` | -| `apis.grpc.authorization.ownerClaim` | string | `Claim used to identify owner of the device.` | `"sub"` | -| `apis.grpc.authorization.authority` | string | `Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token’s signature.` | `""` | -| `apis.grpc.authorization.audience` | string | `Identifier of the API configured in your OAuth provider.` | `""` | -| `apis.grpc.authorization.http.maxIdleConns` | int | `It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit.` | `16` | -| `apis.grpc.authorization.http.maxConnsPerHost` | int | `It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit.` | `32` | -| `apis.grpc.authorization.http.maxIdleConnsPerHost` | int | `If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.` | `16` | -| `apis.grpc.authorization.http.idleConnTimeout` | string | `The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit.` | `30s` | -| `apis.grpc.authorization.http.timeout` | string | `A time limit for requests made by this Client. A Timeout of zero means no timeout.` | `10s` | -| `apis.grpc.authorization.http.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `apis.grpc.authorization.http.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.grpc.authorization.http.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.grpc.authorization.http.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `apis.grpc.address` | string | Listen specification : for grpc client connection. | `"0.0.0.0:9100"` | +| `apis.grpc.ownerCacheExpiration` | string | Time limit of how long to keep subscribed to device updates after last use of the given cache item. | `1m` | +| `apis.grpc.subscriptionBufferSize` | int | The maximum buffer size for one events subscription. | `1000` | +| `apis.grpc.enforcementPolicy.minTime` | string | The minimum amount of time a client should wait before sending a keepalive ping. Otherwise the server close connection. | `5s` | +| `apis.grpc.enforcementPolicy.permitWithoutStream` | bool | If true, server allows keepalive pings even when there are no active streams(RPCs). Otherwise the server close connection. | `true` | +| `apis.grpc.keepAlive.maxConnectionIdle` | string | A duration for the amount of time after which an idle connection would be closed by sending a GoAway. 0s means infinity. | `0s` | +| `apis.grpc.keepAlive.maxConnectionAge` | string | A duration for the maximum amount of time a connection may exist before it will be closed by sending a GoAway. 0s means infinity. | `0s` | +| `apis.grpc.keepAlive.maxConnectionAgeGrace` | string | An additive period after MaxConnectionAge after which the connection will be forcibly closed. 0s means infinity. | `0s` | +| `apis.grpc.keepAlive.time` | string | After a duration of this time if the server doesn't see any activity it pings the client to see if the transport is still alive. | `2h` | +| `apis.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `apis.grpc.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `apis.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.grpc.tls.clientCertificateRequired` | bool | If true, require client certificate. | `true` | +| `apis.grpc.authorization.ownerClaim` | string | Claim used to identify owner of the device. | `"sub"` | +| `apis.grpc.authorization.authority` | string | Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token's signature. | `""` | +| `apis.grpc.authorization.audience` | string | Identifier of the API configured in your OAuth provider. | `""` | +| `apis.grpc.authorization.http.maxIdleConns` | int | It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit. | `16` | +| `apis.grpc.authorization.http.maxConnsPerHost` | int | It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit. | `32` | +| `apis.grpc.authorization.http.maxIdleConnsPerHost` | int | If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. | `16` | +| `apis.grpc.authorization.http.idleConnTimeout` | string | The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit. | `30s` | +| `apis.grpc.authorization.http.timeout` | string | A time limit for requests made by this Client. A Timeout of zero means no timeout. | `10s` | +| `apis.grpc.authorization.http.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `apis.grpc.authorization.http.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.grpc.authorization.http.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.grpc.authorization.http.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### Identity Store Client @@ -68,14 +68,14 @@ Client configurations to internally connect to Identity Store service. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.identityStore.grpc.address` | string | `Identity Store service address.` | `"127.0.0.1:9100"` | -| `clients.identityStore.grpc.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.identityStore.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.identityStore.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.identityStore.grpc.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | -| `clients.identityStore.grpc.keepAlive.time` | string | `After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.` | `10s` | -| `clients.identityStore.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `clients.identityStore.grpc.keepAlive.permitWithoutStream` | bool | `If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.` | `false` | +| `clients.identityStore.grpc.address` | string | Identity Store service address. | `"127.0.0.1:9100"` | +| `clients.identityStore.grpc.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.identityStore.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.identityStore.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.identityStore.grpc.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | +| `clients.identityStore.grpc.keepAlive.time` | string | After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive. | `10s` | +| `clients.identityStore.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `clients.identityStore.grpc.keepAlive.permitWithoutStream` | bool | If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent. | `false` | ### Event Bus @@ -83,14 +83,14 @@ plgd hub uses NATS messaging system as a event bus. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.eventBus.goPoolSize` | int | `Number of routines to process events in projection.` | `16` | -| `clients.eventBus.nats.url` | string | `URL to nats messaging system.` | `"nats://localhost:4222"` | -| `clients.eventBus.nats.pendingLimits.msgLimit` | int | `Limit number of messages in queue. -1 means unlimited` | `524288` | -| `clients.eventBus.nats.pendingLimits.bytesLimit` | int | `Limit buffer size of queue. -1 means unlimited` | `67108864` | -| `clients.eventBus.nats.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.eventBus.nats.tls.keyFile` | string | `File name of private key in PEM format.` | `""` | -| `clients.eventBus.nats.tls.certFile` | string | `File name of certificate in PEM format.` | `""` | -| `clients.eventBus.nats.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `clients.eventBus.goPoolSize` | int | Number of routines to process events in projection. | `16` | +| `clients.eventBus.nats.url` | string | URL to nats messaging system. | `"nats://localhost:4222"` | +| `clients.eventBus.nats.pendingLimits.msgLimit` | int | Limit number of messages in queue. -1 means unlimited | `524288` | +| `clients.eventBus.nats.pendingLimits.bytesLimit` | int | Limit buffer size of queue. -1 means unlimited | `67108864` | +| `clients.eventBus.nats.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.eventBus.nats.tls.keyFile` | string | File name of private key in PEM format. | `""` | +| `clients.eventBus.nats.tls.certFile` | string | File name of certificate in PEM format. | `""` | +| `clients.eventBus.nats.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### Resource Aggregate Client @@ -98,14 +98,14 @@ Client configurations to internally connect to Resource Aggregate service. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.resourceAggregate.grpc.address` | string | `Resource Aggregate service address.` | `"127.0.0.1:9100"` | -| `clients.resourceAggregate.grpc.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.resourceAggregate.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.resourceAggregate.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.resourceAggregate.grpc.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | -| `clients.resourceAggregate.grpc.keepAlive.time` | string | `After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.` | `10s` | -| `clients.resourceAggregate.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `clients.resourceAggregate.grpc.keepAlive.permitWithoutStream` | bool | `If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.` | `false` | +| `clients.resourceAggregate.grpc.address` | string | Resource Aggregate service address. | `"127.0.0.1:9100"` | +| `clients.resourceAggregate.grpc.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.resourceAggregate.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.resourceAggregate.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.resourceAggregate.grpc.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | +| `clients.resourceAggregate.grpc.keepAlive.time` | string | After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive. | `10s` | +| `clients.resourceAggregate.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `clients.resourceAggregate.grpc.keepAlive.permitWithoutStream` | bool | If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent. | `false` | ### Resource Directory Client @@ -113,14 +113,14 @@ Client configurations to internally connect to Resource Directory service. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.resourceDirectory.grpc.address` | string | `Resource Directory service address.` | `"127.0.0.1:9100"` | -| `clients.resourceDirectory.grpc.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.resourceDirectory.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.resourceDirectory.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.resourceDirectory.grpc.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | -| `clients.resourceDirectory.grpc.keepAlive.time` | string | `After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.` | `10s` | -| `clients.resourceDirectory.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `clients.resourceDirectory.grpc.keepAlive.permitWithoutStream` | bool | `If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.` | `false` | +| `clients.resourceDirectory.grpc.address` | string | Resource Directory service address. | `"127.0.0.1:9100"` | +| `clients.resourceDirectory.grpc.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.resourceDirectory.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.resourceDirectory.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.resourceDirectory.grpc.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | +| `clients.resourceDirectory.grpc.keepAlive.time` | string | After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive. | `10s` | +| `clients.resourceDirectory.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `clients.resourceDirectory.grpc.keepAlive.permitWithoutStream` | bool | If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent. | `false` | {{< note >}} diff --git a/content/en/docs/configuration/http-gateway.md b/content/en/docs/configuration/http-gateway.md index ee6f7b1a..03e46d59 100644 --- a/content/en/docs/configuration/http-gateway.md +++ b/content/en/docs/configuration/http-gateway.md @@ -23,11 +23,11 @@ A configuration template is available on [http-gateway/config.yaml](https://gith | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `log.level` | string | `Logging enabled from level.` | `"info"` | -| `log.encoding` | string | `Logging format. The supported values are: "json", "console"` | `"json"` | -| `log.stacktrace.enabled` | bool | `Log stacktrace.` | `false` | -| `log.stacktrace.level` | string | `Stacktrace from level.` | `"warn"` | -| `log.encoderConfig.timeEncoder` | string | `Time format for logs. The supported values are: "rfc3339nano", "rfc3339".` | `"rfc3339nano"` | +| `log.level` | string | Logging enabled from level. | `"info"` | +| `log.encoding` | string | Logging format. The supported values are: "json", "console" | `"json"` | +| `log.stacktrace.enabled` | bool | Log stacktrace. | `false` | +| `log.stacktrace.level` | string | Stacktrace from level. | `"warn"` | +| `log.encoderConfig.timeEncoder` | string | Time format for logs. The supported values are: "rfc3339nano", "rfc3339". | `"rfc3339nano"` | ### HTTP API @@ -35,28 +35,28 @@ APIs of the HTTP Gateway service as defined [uri](https://github.com/plgd-dev/hu | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `apis.http.address` | string | `Listen specification : for http client connection.` | `"0.0.0.0:9100"` | -| `apis.http.readTimeout` | string | `The maximum duration for reading the entire request, including the body by the server. A zero or negative value means there will be no timeout.` | `8s` | -| `apis.http.readHeaderTimeout` | string | `The amount of time allowed to read request headers by the server. If readHeaderTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout.` | `4s` | -| `apis.http.writeTimeout` | string | `The maximum duration before the server times out writing of the response. A zero or negative value means there will be no timeout.` | `16s` | -| `apis.http.idleTimeout` | string | `The maximum amount of time the server waits for the next request when keep-alives are enabled. If idleTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout.` | `30s` | -| `apis.http.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `apis.http.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.http.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.http.tls.clientCertificateRequired` | bool | `If true, require client certificate.` | `true` | -| `apis.http.websocket.streamBodyLimit` | int | `Limit a size for the buffer used while reading the grpc stream.` | `262144` | -| `apis.http.websocket.pingFrequency` | string | `Ping frequency specifies the ping interval between pings.` | `10s` | -| `apis.http.authorization.authority` | string | `Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token’s signature.` | `""` | -| `apis.http.authorization.audience` | string | `Identifier of the API configured in your OAuth provider.` | `""` | -| `apis.http.authorization.http.maxIdleConns` | int | `It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit.` | `16` | -| `apis.http.authorization.http.maxConnsPerHost` | int | `It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit.` | `32` | -| `apis.http.authorization.http.maxIdleConnsPerHost` | int | `If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.` | `16` | -| `apis.http.authorization.http.idleConnTimeout` | string | `The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit.` | `30s` | -| `apis.http.authorization.http.timeout` | string | `A time limit for requests made by this Client. A Timeout of zero means no timeout.` | `10s` | -| `apis.http.authorization.http.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `apis.http.authorization.http.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.http.authorization.http.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.http.authorization.http.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `apis.http.address` | string | Listen specification : for http client connection. | `"0.0.0.0:9100"` | +| `apis.http.readTimeout` | string | The maximum duration for reading the entire request, including the body by the server. A zero or negative value means there will be no timeout. | `8s` | +| `apis.http.readHeaderTimeout` | string | The amount of time allowed to read request headers by the server. If readHeaderTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout. | `4s` | +| `apis.http.writeTimeout` | string | The maximum duration before the server times out writing of the response. A zero or negative value means there will be no timeout. | `16s` | +| `apis.http.idleTimeout` | string | The maximum amount of time the server waits for the next request when keep-alives are enabled. If idleTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout. | `30s` | +| `apis.http.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `apis.http.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.http.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.http.tls.clientCertificateRequired` | bool | If true, require client certificate. | `true` | +| `apis.http.websocket.streamBodyLimit` | int | Limit a size for the buffer used while reading the grpc stream. | `262144` | +| `apis.http.websocket.pingFrequency` | string | Ping frequency specifies the ping interval between pings. | `10s` | +| `apis.http.authorization.authority` | string | Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token's signature. | `""` | +| `apis.http.authorization.audience` | string | Identifier of the API configured in your OAuth provider. | `""` | +| `apis.http.authorization.http.maxIdleConns` | int | It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit. | `16` | +| `apis.http.authorization.http.maxConnsPerHost` | int | It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit. | `32` | +| `apis.http.authorization.http.maxIdleConnsPerHost` | int | If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. | `16` | +| `apis.http.authorization.http.idleConnTimeout` | string | The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit. | `30s` | +| `apis.http.authorization.http.timeout` | string | A time limit for requests made by this Client. A Timeout of zero means no timeout. | `10s` | +| `apis.http.authorization.http.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `apis.http.authorization.http.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.http.authorization.http.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.http.authorization.http.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### GRPC Gateway Client @@ -64,14 +64,14 @@ Client configurations to internally connect to GRPC Gateway service. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.grpcGateway.grpc.address` | string | `GRPC Gateway service address.` | `"127.0.0.1:9100"` | -| `clients.grpcGateway.grpc.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.grpcGateway.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.grpcGateway.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.grpcGateway.grpc.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | -| `clients.grpcGateway.grpc.keepAlive.time` | string | `After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.` | `10s` | -| `clients.grpcGateway.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `clients.grpcGateway.grpc.keepAlive.permitWithoutStream` | bool | `If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.` | `false` | +| `clients.grpcGateway.grpc.address` | string | GRPC Gateway service address. | `"127.0.0.1:9100"` | +| `clients.grpcGateway.grpc.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.grpcGateway.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.grpcGateway.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.grpcGateway.grpc.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | +| `clients.grpcGateway.grpc.keepAlive.time` | string | After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive. | `10s` | +| `clients.grpcGateway.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `clients.grpcGateway.grpc.keepAlive.permitWithoutStream` | bool | If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent. | `false` | ### Web UI @@ -79,17 +79,17 @@ These configurations are for `plgd Dashboard` as described in [here](https://git | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `ui.enabled` | string | `Set to true if you would like to run the web UI.` | `false` | -| `ui.directory` | string | `Path to default web ui built by nodejs` | `"/usr/local/var/www"` | -| `ui.webConfiguration.authority` | string | `Authority is the address of the token-issuing authentication server.` | `""` | -| `ui.webConfiguration.httpGatewayAddress` | string | `External address of Http gateway service.` | `""` | -| `ui.webConfiguration.webOAuthClient.clientID` | string | `Client ID to exchange an authorization code for an access token.` | `""` | -| `ui.webConfiguration.webOAuthClient.audience` | string | `Identifier of the API configured in your OAuth provider.` | `""` | -| `ui.webConfiguration.webOAuthClient.scopes` | string array | `List of required scopes.` | `""` | -| `ui.webConfiguration.deviceOAuthClient.clientID` | string | `Client ID to get an authorization code for the device.` | `""` | -| `ui.webConfiguration.deviceOAuthClient.audience` | string | `Identifier of the API configured in your OAuth provider.` | `""` | -| `ui.webConfiguration.deviceOAuthClient.scopes` | string array | `List of required scopes.` | `""` | -| `ui.webConfiguration.deviceOAuthClient.providerName` | string | `Name of provider, which needs to be set to cloud resource during cloud provisioning.` | `"plgd"` | +| `ui.enabled` | string | Set to true if you would like to run the web UI. | `false` | +| `ui.directory` | string | Path to default web ui built by nodejs. | `"/usr/local/var/www"` | +| `ui.webConfiguration.authority` | string | Authority is the address of the token-issuing authentication server. | `""` | +| `ui.webConfiguration.httpGatewayAddress` | string | External address of Http gateway service. | `""` | +| `ui.webConfiguration.webOAuthClient.clientID` | string | Client ID to exchange an authorization code for an access token. | `""` | +| `ui.webConfiguration.webOAuthClient.audience` | string | Identifier of the API configured in your OAuth provider. | `""` | +| `ui.webConfiguration.webOAuthClient.scopes` | string array | List of required scopes. | `""` | +| `ui.webConfiguration.deviceOAuthClient.clientID` | string | Client ID to get an authorization code for the device. | `""` | +| `ui.webConfiguration.deviceOAuthClient.audience` | string | Identifier of the API configured in your OAuth provider. | `""` | +| `ui.webConfiguration.deviceOAuthClient.scopes` | string array | List of required scopes. | `""` | +| `ui.webConfiguration.deviceOAuthClient.providerName` | string | Name of provider, which needs to be set to cloud resource during cloud provisioning. | `"plgd"` | {{< note >}} diff --git a/content/en/docs/configuration/identity-store.md b/content/en/docs/configuration/identity-store.md index e0e92522..08600a47 100644 --- a/content/en/docs/configuration/identity-store.md +++ b/content/en/docs/configuration/identity-store.md @@ -23,11 +23,11 @@ A configuration template is available on [identity-store/config.yaml](https://gi | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `log.level` | string | `Logging enabled from level.` | `"info"` | -| `log.encoding` | string | `Logging format. The supported values are: "json", "console"` | `"json"` | -| `log.stacktrace.enabled` | bool | `Log stacktrace.` | `false` | -| `log.stacktrace.level` | string | `Stacktrace from level.` | `"warn"` | -| `log.encoderConfig.timeEncoder` | string | `Time format for logs. The supported values are: "rfc3339nano", "rfc3339".` | `"rfc3339nano"` | +| `log.level` | string | Logging enabled from level. | `"info"` | +| `log.encoding` | string | Logging format. The supported values are: "json", "console" | `"json"` | +| `log.stacktrace.enabled` | bool | Log stacktrace. | `false` | +| `log.stacktrace.level` | string | Stacktrace from level. | `"warn"` | +| `log.encoderConfig.timeEncoder` | string | Time format for logs. The supported values are: "rfc3339nano", "rfc3339". | `"rfc3339nano"` | ### gRPC API @@ -35,30 +35,30 @@ gRPC API of the Identity Store service as defined [here](https://github.com/plgd | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `apis.grpc.address` | string | `Listen specification : for grpc client connection.` | `"0.0.0.0:9100"` | -| `apis.grpc.enforcementPolicy.minTime` | string | `The minimum amount of time a client should wait before sending a keepalive ping. Otherwise the server close connection.` | `5s`| -| `apis.grpc.enforcementPolicy.permitWithoutStream` | bool | `If true, server allows keepalive pings even when there are no active streams(RPCs). Otherwise the server close connection.` | `true` | -| `apis.grpc.keepAlive.maxConnectionIdle` | string | `A duration for the amount of time after which an idle connection would be closed by sending a GoAway. 0s means infinity.` | `0s` | -| `apis.grpc.keepAlive.maxConnectionAge` | string | `A duration for the maximum amount of time a connection may exist before it will be closed by sending a GoAway. 0s means infinity.` | `0s` | -| `apis.grpc.keepAlive.maxConnectionAgeGrace` | string | `An additive period after MaxConnectionAge after which the connection will be forcibly closed. 0s means infinity.` | `0s` | -| `apis.grpc.keepAlive.time` | string | `After a duration of this time if the server doesn't see any activity it pings the client to see if the transport is still alive.` | `2h` | -| `apis.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `apis.grpc.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `apis.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.grpc.tls.clientCertificateRequired` | bool | `If true, require client certificate.` | `true` | -| `apis.grpc.authorization.ownerClaim` | string | `Claim used to identify owner of the device.` | `"sub"` | -| `apis.grpc.authorization.authority` | string | `Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token’s signature.` | `""` | -| `apis.grpc.authorization.audience` | string | `Identifier of the API configured in your OAuth provider.` | `""` | -| `apis.grpc.authorization.http.maxIdleConns` | int | `It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit.` | `16` | -| `apis.grpc.authorization.http.maxConnsPerHost` | int | `It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit.` | `32` | -| `apis.grpc.authorization.http.maxIdleConnsPerHost` | int | `If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.` | `16` | -| `apis.grpc.authorization.http.idleConnTimeout` | string | `The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit.` | `30s` | -| `apis.grpc.authorization.http.timeout` | string | `A time limit for requests made by this Client. A Timeout of zero means no timeout.` | `10s` | -| `apis.grpc.authorization.http.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `apis.grpc.authorization.http.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.grpc.authorization.http.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.grpc.authorization.http.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `apis.grpc.address` | string | Listen specification : for grpc client connection. | `"0.0.0.0:9100"` | +| `apis.grpc.enforcementPolicy.minTime` | string | The minimum amount of time a client should wait before sending a keepalive ping. Otherwise the server close connection. | `5s` | +| `apis.grpc.enforcementPolicy.permitWithoutStream` | bool | If true, server allows keepalive pings even when there are no active streams(RPCs). Otherwise the server close connection. | `true` | +| `apis.grpc.keepAlive.maxConnectionIdle` | string | A duration for the amount of time after which an idle connection would be closed by sending a GoAway. 0s means infinity. | `0s` | +| `apis.grpc.keepAlive.maxConnectionAge` | string | A duration for the maximum amount of time a connection may exist before it will be closed by sending a GoAway. 0s means infinity. | `0s` | +| `apis.grpc.keepAlive.maxConnectionAgeGrace` | string | An additive period after MaxConnectionAge after which the connection will be forcibly closed. 0s means infinity. | `0s` | +| `apis.grpc.keepAlive.time` | string | After a duration of this time if the server doesn't see any activity it pings the client to see if the transport is still alive. | `2h` | +| `apis.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `apis.grpc.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `apis.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.grpc.tls.clientCertificateRequired` | bool | If true, require client certificate. | `true` | +| `apis.grpc.authorization.ownerClaim` | string | Claim used to identify owner of the device. | `"sub"` | +| `apis.grpc.authorization.authority` | string | Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token's signature. | `""` | +| `apis.grpc.authorization.audience` | string | Identifier of the API configured in your OAuth provider. | `""` | +| `apis.grpc.authorization.http.maxIdleConns` | int | It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit. | `16` | +| `apis.grpc.authorization.http.maxConnsPerHost` | int | It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit. | `32` | +| `apis.grpc.authorization.http.maxIdleConnsPerHost` | int | If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. | `16` | +| `apis.grpc.authorization.http.idleConnTimeout` | string | The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit. | `30s` | +| `apis.grpc.authorization.http.timeout` | string | A time limit for requests made by this Client. A Timeout of zero means no timeout. | `10s` | +| `apis.grpc.authorization.http.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `apis.grpc.authorization.http.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.grpc.authorization.http.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.grpc.authorization.http.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### Event Bus @@ -66,13 +66,13 @@ plgd hub uses NATS messaging system as a event bus. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.eventBus.nats.url` | string | `URL to nats messaging system.` | `"nats://localhost:4222"` | -| `clients.eventBus.nats.flusherTimeout` | string | `Define flush timeout for publishing message.` | `"30s"` | -| `clients.eventBus.nats.jetstream`| bool | `If true, events will be published to jetstream.` | `false` | -| `clients.eventBus.nats.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.eventBus.nats.tls.keyFile` | string | `File name of private key in PEM format.` | `""` | -| `clients.eventBus.nats.tls.certFile` | string | `File name of certificate in PEM format.` | `""` | -| `clients.eventBus.nats.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `clients.eventBus.nats.url` | string | URL to nats messaging system. | `"nats://localhost:4222"` | +| `clients.eventBus.nats.flusherTimeout` | string | Define flush timeout for publishing message. | `"30s"` | +| `clients.eventBus.nats.jetstream`| bool | If true, events will be published to jetstream. | `false` | +| `clients.eventBus.nats.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.eventBus.nats.tls.keyFile` | string | File name of private key in PEM format. | `""` | +| `clients.eventBus.nats.tls.certFile` | string | File name of certificate in PEM format. | `""` | +| `clients.eventBus.nats.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### Storage @@ -80,14 +80,14 @@ plgd hub uses MongoDB database as owner's device store. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.storage.mongoDB.uri` | string | `URI to mongo database.` | `"mongodb://localhost:27017"` | -| `clients.storage.mongoDB.database` | string | `Name of database.` | `"ownersDevices"` | -| `clients.storage.mongoDB.maxPoolSize` | int | `Limits number of connections.` | `16` | -| `clients.storage.mongoDB.maxConnIdleTime` | string | `Close connection when idle time reach the value.` | `4m` | -| `clients.storage.mongoDB.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.storage.mongoDB.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.storage.mongoDB.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.storage.mongoDB.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `clients.storage.mongoDB.uri` | string | URI to mongo database. | `"mongodb://localhost:27017"` | +| `clients.storage.mongoDB.database` | string | Name of database. | `"ownersDevices"` | +| `clients.storage.mongoDB.maxPoolSize` | int | Limits number of connections. | `16` | +| `clients.storage.mongoDB.maxConnIdleTime` | string | Close connection when idle time reach the value. | `4m` | +| `clients.storage.mongoDB.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.storage.mongoDB.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.storage.mongoDB.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.storage.mongoDB.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | {{< note >}} diff --git a/content/en/docs/configuration/oauth-server.md b/content/en/docs/configuration/oauth-server.md index 2ab28fe5..722ded65 100644 --- a/content/en/docs/configuration/oauth-server.md +++ b/content/en/docs/configuration/oauth-server.md @@ -23,11 +23,11 @@ A configuration template is available on [test/oauth-server/config.yaml](https:/ | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `log.level` | string | `Logging enabled from level.` | `"info"` | -| `log.encoding` | string | `Logging format. The supported values are: "json", "console"` | `"json"` | -| `log.stacktrace.enabled` | bool | `Log stacktrace.` | `false` | -| `log.stacktrace.level` | string | `Stacktrace from level.` | `"warn"` | -| `log.encoderConfig.timeEncoder` | string | `Time format for logs. The supported values are: "rfc3339nano", "rfc3339".` | `"rfc3339nano"` | +| `log.level` | string | Logging enabled from level. | `"info"` | +| `log.encoding` | string | Logging format. The supported values are: "json", "console" | `"json"` | +| `log.stacktrace.enabled` | bool | Log stacktrace. | `false` | +| `log.stacktrace.level` | string | Stacktrace from level. | `"warn"` | +| `log.encoderConfig.timeEncoder` | string | Time format for logs. The supported values are: "rfc3339nano", "rfc3339". | `"rfc3339nano"` | ### HTTP API @@ -35,15 +35,15 @@ HTTP API of the OAuth Server service as defined [here](https://github.com/plgd-d | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `apis.http.address` | string | `Listen specification : for http client connection.` | `"0.0.0.0:9100"` | -| `apis.http.readTimeout` | string | `The maximum duration for reading the entire request, including the body by the server. A zero or negative value means there will be no timeout.` | `8s` | -| `apis.http.readHeaderTimeout` | string | `The amount of time allowed to read request headers by the server. If readHeaderTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout.` | `4s` | -| `apis.http.writeTimeout` | string | `The maximum duration before the server times out writing of the response. A zero or negative value means there will be no timeout.` | `16s` | -| `apis.http.idleTimeout` | string | `The maximum amount of time the server waits for the next request when keep-alives are enabled. If idleTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout.` | `30s` | -| `apis.http.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `apis.http.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.http.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.http.tls.clientCertificateRequired` | bool | `If true, require client certificate.` | `true` | +| `apis.http.address` | string | Listen specification : for http client connection. | `"0.0.0.0:9100"` | +| `apis.http.readTimeout` | string | The maximum duration for reading the entire request, including the body by the server. A zero or negative value means there will be no timeout. | `8s` | +| `apis.http.readHeaderTimeout` | string | The amount of time allowed to read request headers by the server. If readHeaderTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout. | `4s` | +| `apis.http.writeTimeout` | string | The maximum duration before the server times out writing of the response. A zero or negative value means there will be no timeout. | `16s` | +| `apis.http.idleTimeout` | string | The maximum amount of time the server waits for the next request when keep-alives are enabled. If idleTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout. | `30s` | +| `apis.http.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `apis.http.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.http.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.http.tls.clientCertificateRequired` | bool | If true, require client certificate. | `true` | ### OAuth Signer @@ -51,13 +51,13 @@ Signer configuration to issue ID/access tokens of OAuth provider for mock testin | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `oauthSigner.idTokenKeyFile` | string | `File path to a private RSA key in PEM format required for ID token signing.` | `""` | -| `oauthSigner.accessTokenKeyFile` | string | `File path to a private ECDSA key in PEM format required for access token signing.` | `""` | -| `oauthSigner.domain` | string | `Domain address : for OAuth APIs.` | `""` | -| `oauthSigner.clients[0].id` | string | `client id which is used by oauth clients.` | `"test"` | -| `oauthSigner.clients[0].authorizationCodeLifetime` | string | `validity of generated authorization code` | `"10m0s"` | -| `oauthSigner.clients[0].accessTokenLifetime` | string | `validity of generated access token lifetime. 0s means forever.` | `"0s"` | -| `oauthSigner.clients[0].codeRestrictionLifetime` | string | `define period how long cannot be used again authorization code in exchange after first use.` | `"0s"` | +| `oauthSigner.idTokenKeyFile` | string | File path to a private RSA key in PEM format required for ID token signing. | `""` | +| `oauthSigner.accessTokenKeyFile` | string | File path to a private ECDSA key in PEM format required for access token signing. | `""` | +| `oauthSigner.domain` | string | Domain address : for OAuth APIs. | `""` | +| `oauthSigner.clients[0].id` | string | client id which is used by oauth clients. | `"test"` | +| `oauthSigner.clients[0].authorizationCodeLifetime` | string | validity of generated authorization code. | `"10m0s"` | +| `oauthSigner.clients[0].accessTokenLifetime` | string | validity of generated access token lifetime. 0s means forever. | `"0s"` | +| `oauthSigner.clients[0].codeRestrictionLifetime` | string | define period how long cannot be used again authorization code in exchange after first use. | `"0s"` | {{< note >}} diff --git a/content/en/docs/configuration/resource-aggregate.md b/content/en/docs/configuration/resource-aggregate.md index bd5beebb..93e4ffb2 100644 --- a/content/en/docs/configuration/resource-aggregate.md +++ b/content/en/docs/configuration/resource-aggregate.md @@ -23,11 +23,11 @@ A configuration template is available on [resource-aggregate/config.yaml](https: | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `log.level` | string | `Logging enabled from level.` | `"info"` | -| `log.encoding` | string | `Logging format. The supported values are: "json", "console"` | `"json"` | -| `log.stacktrace.enabled` | bool | `Log stacktrace.` | `false` | -| `log.stacktrace.level` | string | `Stacktrace from level.` | `"warn"` | -| `log.encoderConfig.timeEncoder` | string | `Time format for logs. The supported values are: "rfc3339nano", "rfc3339".` | `"rfc3339nano"` | +| `log.level` | string | Logging enabled from level. | `"info"` | +| `log.encoding` | string | Logging format. The supported values are: "json", "console" | `"json"` | +| `log.stacktrace.enabled` | bool | Log stacktrace. | `false` | +| `log.stacktrace.level` | string | Stacktrace from level. | `"warn"` | +| `log.encoderConfig.timeEncoder` | string | Time format for logs. The supported values are: "rfc3339nano", "rfc3339". | `"rfc3339nano"` | ### gRPC API @@ -35,30 +35,30 @@ gRPC API of the Resource Aggregate service as defined [here](https://github.com/ | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `apis.grpc.ownerCacheExpiration` | string | `Time limit of how long to keep subscribed to device updates after last use of the given cache item.` | `1m` | -| `apis.grpc.address` | string | `Listen specification : for grpc client connection.` | `"0.0.0.0:9100"` | -| `apis.grpc.enforcementPolicy.minTime` | string | `The minimum amount of time a client should wait before sending a keepalive ping. Otherwise the server close connection.` | `5s`| -| `apis.grpc.enforcementPolicy.permitWithoutStream` | bool | `If true, server allows keepalive pings even when there are no active streams(RPCs). Otherwise the server close connection.` | `true` | -| `apis.grpc.keepAlive.maxConnectionIdle` | string | `A duration for the amount of time after which an idle connection would be closed by sending a GoAway. 0s means infinity.` | `0s` | -| `apis.grpc.keepAlive.maxConnectionAge` | string | `A duration for the maximum amount of time a connection may exist before it will be closed by sending a GoAway. 0s means infinity.` | `0s` | -| `apis.grpc.keepAlive.maxConnectionAgeGrace` | string | `An additive period after MaxConnectionAge after which the connection will be forcibly closed. 0s means infinity.` | `0s` | -| `apis.grpc.keepAlive.time` | string | `After a duration of this time if the server doesn't see any activity it pings the client to see if the transport is still alive.` | `2h` | -| `apis.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `apis.grpc.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `apis.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.grpc.tls.clientCertificateRequired` | bool | `If true, require client certificate.` | `true` | -| `apis.grpc.authorization.authority` | string | `Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token’s signature.` | `""` | -| `apis.grpc.authorization.audience` | string | `Identifier of the API configured in your OAuth provider.` | `""` | -| `apis.grpc.authorization.http.maxIdleConns` | int | `It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit.` | `16` | -| `apis.grpc.authorization.http.maxConnsPerHost` | int | `It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit.` | `32` | -| `apis.grpc.authorization.http.maxIdleConnsPerHost` | int | `If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.` | `16` | -| `apis.grpc.authorization.http.idleConnTimeout` | string | `The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit.` | `30s` | -| `apis.grpc.authorization.http.timeout` | string | `A time limit for requests made by this Client. A Timeout of zero means no timeout.` | `10s` | -| `apis.grpc.authorization.http.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `apis.grpc.authorization.http.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.grpc.authorization.http.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.grpc.authorization.http.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `apis.grpc.ownerCacheExpiration` | string | Time limit of how long to keep subscribed to device updates after last use of the given cache item. | `1m` | +| `apis.grpc.address` | string | Listen specification : for grpc client connection. | `"0.0.0.0:9100"` | +| `apis.grpc.enforcementPolicy.minTime` | string | The minimum amount of time a client should wait before sending a keepalive ping. Otherwise the server close connection. | `5s` | +| `apis.grpc.enforcementPolicy.permitWithoutStream` | bool | If true, server allows keepalive pings even when there are no active streams(RPCs). Otherwise the server close connection. | `true` | +| `apis.grpc.keepAlive.maxConnectionIdle` | string | A duration for the amount of time after which an idle connection would be closed by sending a GoAway. 0s means infinity. | `0s` | +| `apis.grpc.keepAlive.maxConnectionAge` | string | A duration for the maximum amount of time a connection may exist before it will be closed by sending a GoAway. 0s means infinity. | `0s` | +| `apis.grpc.keepAlive.maxConnectionAgeGrace` | string | An additive period after MaxConnectionAge after which the connection will be forcibly closed. 0s means infinity. | `0s` | +| `apis.grpc.keepAlive.time` | string | After a duration of this time if the server doesn't see any activity it pings the client to see if the transport is still alive. | `2h` | +| `apis.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `apis.grpc.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `apis.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.grpc.tls.clientCertificateRequired` | bool | If true, require client certificate. | `true` | +| `apis.grpc.authorization.authority` | string | Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token's signature. | `""` | +| `apis.grpc.authorization.audience` | string | Identifier of the API configured in your OAuth provider. | `""` | +| `apis.grpc.authorization.http.maxIdleConns` | int | It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit. | `16` | +| `apis.grpc.authorization.http.maxConnsPerHost` | int | It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit. | `32` | +| `apis.grpc.authorization.http.maxIdleConnsPerHost` | int | If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. | `16` | +| `apis.grpc.authorization.http.idleConnTimeout` | string | The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit. | `30s` | +| `apis.grpc.authorization.http.timeout` | string | A time limit for requests made by this Client. A Timeout of zero means no timeout. | `10s` | +| `apis.grpc.authorization.http.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `apis.grpc.authorization.http.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.grpc.authorization.http.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.grpc.authorization.http.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### Event Bus @@ -66,31 +66,62 @@ plgd hub uses NATS messaging system as a event bus. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.eventBus.nats.url` | string | `URL to nats messaging system.` | `"nats://localhost:4222"` | -| `clients.eventBus.nats.flusherTimeout` | string | `Define flush timeout for publishing message.` | `"30s"` | -| `clients.eventBus.nats.jetstream`| bool | `If true, events will be published to jetstream.` | `false` | -| `clients.eventBus.nats.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.eventBus.nats.tls.keyFile` | string | `File name of private key in PEM format.` | `""` | -| `clients.eventBus.nats.tls.certFile` | string | `File name of certificate in PEM format.` | `""` | -| `clients.eventBus.nats.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `clients.eventBus.nats.url` | string | URL to nats messaging system. | `"nats://localhost:4222"` | +| `clients.eventBus.nats.flusherTimeout` | string | Define flush timeout for publishing message. | `"30s"` | +| `clients.eventBus.nats.jetstream`| bool | If true, events will be published to jetstream. | `false` | +| `clients.eventBus.nats.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.eventBus.nats.tls.keyFile` | string | File name of private key in PEM format. | `""` | +| `clients.eventBus.nats.tls.certFile` | string | File name of certificate in PEM format. | `""` | +| `clients.eventBus.nats.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | -### Event Store +### Event Store Configuration -plgd hub uses MongoDB database as a event store. +To configure the Event Store, modify the properties under `clients.eventStore` in your Hugo configuration file. You can choose between two databases: `MongoDB` and `CqlDB``, and customize their settings accordingly. + +#### General Event Store Settings + +| Property | Type | Description | Default | +| ---------- | -------- | -------------- | ------- | +| `clients.eventStore.use` | string | Database to store events. The supported values are: "mongoDB", "cqlDB". | `"mongoDB"` | +| `clients.eventStore.defaultCommandTimeToLive` | string | Replaces time to live in certain commands. Set to 0s for indefinite storage. | `"0s"` | +| `clients.eventStore.occMaxRetry` | int | Limits the number of attempts to store an event. | `8` | + +#### MongoDB Configuration + +Configure MongoDB settings under `clients.eventStore.mongoDB`. + +| Property | Type | Description | Default | +| ---------- | -------- | -------------- | ------- | +| `clients.eventStore.mongoDB.uri` | string | URI to the MongoDB database. | `"mongodb://localhost:27017"` | +| `clients.eventStore.mongoDB.database` | string | Name of the MongoDB database. | `"eventStore"` | +| `clients.eventStore.mongoDB.maxPoolSize` | int | Limits the number of connections. | `16` | +| `clients.eventStore.mongoDB.maxConnIdleTime` | string | Closes connection when idle time reaches the specified value. | `4m` | +| `clients.eventStore.mongoDB.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.eventStore.mongoDB.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.eventStore.mongoDB.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.eventStore.mongoDB.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | + +#### CqlDB (Scylla) Configuration + +Configure CqlDB (Scylla) settings under `clients.eventStore.cqlDB`. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.eventStore.defaultCommandTimeToLive` | string | `Replaces time to live in CreateResource, RetrieveResource, UpdateResource, DeleteResource and UpdateDeviceMetadata commands when it is zero value. 0s - means forever.` | `"0s"` | -| `clients.eventStore.snapshotThreshold` | int | `Tries to create the snapshot event after n events.` | `16` | -| `clients.eventStore.occMaxRetry` | int | `Limits number of try to store event.` | `8` | -| `clients.eventStore.mongoDB.uri` | string | `URI to mongo database.` | `"mongodb://localhost:27017"` | -| `clients.eventStore.mongoDB.database` | string | `Name of database` | `"eventStore"` | -| `clients.eventStore.mongoDB.maxPoolSize` | int | `Limits number of connections.` | `16` | -| `clients.eventStore.mongoDB.maxConnIdleTime` | string | `Close connection when idle time reach the value.` | `4m` | -| `clients.eventStore.mongoDB.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.eventStore.mongoDB.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.eventStore.mongoDB.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.eventStore.mongoDB.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `clients.eventStore.cqlDB.table` | string | Name of the CqlDB table. | `"events"` | +| `clients.eventStore.cqlDB.keyspace.name` | string | Name of the CqlDB keyspace. | `"plgdhub"` | +| `clients.eventStore.cqlDB.keyspace.create` | bool | If true, attempt to create the keyspace if it does not exist. | `true` | +| `clients.eventStore.cqlDB.keyspace.replication` | object | [Replication map](https://docs.datastax.com/en/cql-oss/3.3/cql/cql_reference/cqlCreateKeyspace.html) determining the data copies in a data center. | `{ "class": "SimpleStrategy", "replication_factor": 1 }` | +| `clients.eventStore.cqlDB.hosts` | []string | List of hosts to connect to without scheme and port. | `[]` | +| `clients.eventStore.cqlDB.port` | int | Port to connect to. | `9042` | +| `clients.eventStore.cqlDB.numConnections` | int | The number of connections to the DB. | `16` | +| `clients.eventStore.cqlDB.connectTimeout` | string | Time to wait until a successful connection is established. | `10s` | +| `clients.eventStore.cqlDB.useHostnameResolution` | bool | If true, attempt to resolve IP for FQDN and use it for connection. | `true` | +| `clients.eventStore.cqlDB.reconnectionPolicy.constant.interval` | string | Time to sleep between connection attempts after a failure. | `3s` | +| `clients.eventStore.cqlDB.reconnectionPolicy.constant.maxRetries` | int | Number of times to attempt reconnection. | `3` | +| `clients.eventStore.cqlDB.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.eventStore.cqlDB.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.eventStore.cqlDB.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.eventStore.cqlDB.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### Identity Store Client @@ -98,14 +129,14 @@ Client configurations to internally connect to Identity Store service. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.identityStore.grpc.address` | string | `Identity Store service address.` | `"127.0.0.1:9100"` | -| `clients.identityStore.grpc.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.identityStore.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.identityStore.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.identityStore.grpc.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | -| `clients.identityStore.grpc.keepAlive.time` | string | `After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.` | `10s` | -| `clients.identityStore.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `clients.identityStore.grpc.keepAlive.permitWithoutStream` | bool | `If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.` | `false` | +| `clients.identityStore.grpc.address` | string | Identity Store service address. | `"127.0.0.1:9100"` | +| `clients.identityStore.grpc.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.identityStore.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.identityStore.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.identityStore.grpc.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | +| `clients.identityStore.grpc.keepAlive.time` | string | After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive. | `10s` | +| `clients.identityStore.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `clients.identityStore.grpc.keepAlive.permitWithoutStream` | bool | If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent. | `false` | {{< note >}} diff --git a/content/en/docs/configuration/resource-directory.md b/content/en/docs/configuration/resource-directory.md index c2297110..e80abe66 100644 --- a/content/en/docs/configuration/resource-directory.md +++ b/content/en/docs/configuration/resource-directory.md @@ -23,11 +23,11 @@ A configuration template is available on [resource-directory/config.yaml](https: | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `log.level` | string | `Logging enabled from level.` | `"info"` | -| `log.encoding` | string | `Logging format. The supported values are: "json", "console"` | `"json"` | -| `log.stacktrace.enabled` | bool | `Log stacktrace.` | `false` | -| `log.stacktrace.level` | string | `Stacktrace from level.` | `"warn"` | -| `log.encoderConfig.timeEncoder` | string | `Time format for logs. The supported values are: "rfc3339nano", "rfc3339".` | `"rfc3339nano"` | +| `log.level` | string | Logging enabled from level. | `"info"` | +| `log.encoding` | string | Logging format. The supported values are: "json", "console" | `"json"` | +| `log.stacktrace.enabled` | bool | Log stacktrace. | `false` | +| `log.stacktrace.level` | string | Stacktrace from level. | `"warn"` | +| `log.encoderConfig.timeEncoder` | string | Time format for logs. The supported values are: "rfc3339nano", "rfc3339". | `"rfc3339nano"` | ### gRPC API @@ -35,31 +35,31 @@ gRPC API of the Resource Directory service. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `apis.grpc.address` | string | `Listen specification : for grpc client connection.` | `"0.0.0.0:9100"` | -| `apis.grpc.ownerCacheExpiration` | string | `Time limit of how long to keep subscribed to device updates after last use of the given cache item.` | `1m` | -| `apis.grpc.enforcementPolicy.minTime` | string | `The minimum amount of time a client should wait before sending a keepalive ping. Otherwise the server close connection.` | `5s`| -| `apis.grpc.enforcementPolicy.permitWithoutStream` | bool | `If true, server allows keepalive pings even when there are no active streams(RPCs). Otherwise the server close connection.` | `true` | -| `apis.grpc.keepAlive.maxConnectionIdle` | string | `A duration for the amount of time after which an idle connection would be closed by sending a GoAway. 0s means infinity.` | `0s` | -| `apis.grpc.keepAlive.maxConnectionAge` | string | `A duration for the maximum amount of time a connection may exist before it will be closed by sending a GoAway. 0s means infinity.` | `0s` | -| `apis.grpc.keepAlive.maxConnectionAgeGrace` | string | `An additive period after MaxConnectionAge after which the connection will be forcibly closed. 0s means infinity.` | `0s` | -| `apis.grpc.keepAlive.time` | string | `After a duration of this time if the server doesn't see any activity it pings the client to see if the transport is still alive.` | `2h` | -| `apis.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `apis.grpc.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `apis.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.grpc.tls.clientCertificateRequired` | bool | `If true, require client certificate.` | `true` | -| `apis.grpc.authorization.ownerClaim` | string | `Claim used to identify owner of the device.` | `"sub"` | -| `apis.grpc.authorization.authority` | string | `Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token’s signature.` | `""` | -| `apis.grpc.authorization.audience` | string | `Identifier of the API configured in your OAuth provider.` | `""` | -| `apis.grpc.authorization.http.maxIdleConns` | int | `It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit.` | `16` | -| `apis.grpc.authorization.http.maxConnsPerHost` | int | `It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit.` | `32` | -| `apis.grpc.authorization.http.maxIdleConnsPerHost` | int | `If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.` | `16` | -| `apis.grpc.authorization.http.idleConnTimeout` | string | `The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit.` | `30s` | -| `apis.grpc.authorization.http.timeout` | string | `A time limit for requests made by this Client. A Timeout of zero means no timeout.` | `10s` | -| `apis.grpc.authorization.http.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `apis.grpc.authorization.http.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `apis.grpc.authorization.http.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `apis.grpc.authorization.http.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `apis.grpc.address` | string | Listen specification : for grpc client connection. | `"0.0.0.0:9100"` | +| `apis.grpc.ownerCacheExpiration` | string | Time limit of how long to keep subscribed to device updates after last use of the given cache item. | `1m` | +| `apis.grpc.enforcementPolicy.minTime` | string | The minimum amount of time a client should wait before sending a keepalive ping. Otherwise the server close connection. | `5s` | +| `apis.grpc.enforcementPolicy.permitWithoutStream` | bool | If true, server allows keepalive pings even when there are no active streams(RPCs). Otherwise the server close connection. | `true` | +| `apis.grpc.keepAlive.maxConnectionIdle` | string | A duration for the amount of time after which an idle connection would be closed by sending a GoAway. 0s means infinity. | `0s` | +| `apis.grpc.keepAlive.maxConnectionAge` | string | A duration for the maximum amount of time a connection may exist before it will be closed by sending a GoAway. 0s means infinity. | `0s` | +| `apis.grpc.keepAlive.maxConnectionAgeGrace` | string | An additive period after MaxConnectionAge after which the connection will be forcibly closed. 0s means infinity. | `0s` | +| `apis.grpc.keepAlive.time` | string | After a duration of this time if the server doesn't see any activity it pings the client to see if the transport is still alive. | `2h` | +| `apis.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `apis.grpc.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `apis.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.grpc.tls.clientCertificateRequired` | bool | If true, require client certificate. | `true` | +| `apis.grpc.authorization.ownerClaim` | string | Claim used to identify owner of the device. | `"sub"` | +| `apis.grpc.authorization.authority` | string | Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token's signature. | `""` | +| `apis.grpc.authorization.audience` | string | Identifier of the API configured in your OAuth provider. | `""` | +| `apis.grpc.authorization.http.maxIdleConns` | int | It controls the maximum number of idle (keep-alive) connections across all hosts. Zero means no limit. | `16` | +| `apis.grpc.authorization.http.maxConnsPerHost` | int | It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit. | `32` | +| `apis.grpc.authorization.http.maxIdleConnsPerHost` | int | If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. | `16` | +| `apis.grpc.authorization.http.idleConnTimeout` | string | The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit. | `30s` | +| `apis.grpc.authorization.http.timeout` | string | A time limit for requests made by this Client. A Timeout of zero means no timeout. | `10s` | +| `apis.grpc.authorization.http.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `apis.grpc.authorization.http.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `apis.grpc.authorization.http.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `apis.grpc.authorization.http.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### Event Bus @@ -67,14 +67,14 @@ plgd hub uses NATS messaging system as a event bus. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.eventBus.goPoolSize` | int | `Number of routines to process events in projection.` | `16` | -| `clients.eventBus.nats.url` | string | `URL to nats messaging system.` | `"nats://localhost:4222"` | -| `clients.eventBus.nats.pendingLimits.msgLimit` | int | `Limit number of messages in queue. -1 means unlimited` | `524288` | -| `clients.eventBus.nats.pendingLimits.bytesLimit` | int | `Limit buffer size of queue. -1 means unlimited` | `67108864` | -| `clients.eventBus.nats.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.eventBus.nats.tls.keyFile` | string | `File name of private key in PEM format.` | `""` | -| `clients.eventBus.nats.tls.certFile` | string | `File name of certificate in PEM format.` | `""` | -| `clients.eventBus.nats.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `clients.eventBus.goPoolSize` | int | Number of routines to process events in projection. | `16` | +| `clients.eventBus.nats.url` | string | URL to nats messaging system. | `"nats://localhost:4222"` | +| `clients.eventBus.nats.pendingLimits.msgLimit` | int | Limit number of messages in queue. -1 means unlimited | `524288` | +| `clients.eventBus.nats.pendingLimits.bytesLimit` | int | Limit buffer size of queue. -1 means unlimited | `67108864` | +| `clients.eventBus.nats.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.eventBus.nats.tls.keyFile` | string | File name of private key in PEM format. | `""` | +| `clients.eventBus.nats.tls.certFile` | string | File name of certificate in PEM format. | `""` | +| `clients.eventBus.nats.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### Event Store @@ -82,15 +82,15 @@ plgd hub uses MongoDB database as a event store. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.eventStore.cacheExpiration` | string | `Expiration time of cached resource in projection.` | `20m` | -| `clients.eventStore.mongoDB.uri` | string | `URI to mongo database.` | `"mongodb://localhost:27017"` | -| `clients.eventStore.mongoDB.database` | string | `Name of database` | `"eventStore"` | -| `clients.eventStore.mongoDB.maxPoolSize` | int | `Limits number of connections.` | `16` | -| `clients.eventStore.mongoDB.maxConnIdleTime` | string | `Close connection when idle time reach the value.` | `4m` | -| `clients.eventStore.mongoDB.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.eventStore.mongoDB.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.eventStore.mongoDB.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.eventStore.mongoDB.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | +| `clients.eventStore.cacheExpiration` | string | Expiration time of cached resource in projection. | `20m` | +| `clients.eventStore.mongoDB.uri` | string | URI to mongo database. | `"mongodb://localhost:27017"` | +| `clients.eventStore.mongoDB.database` | string | Name of database. | `"eventStore"` | +| `clients.eventStore.mongoDB.maxPoolSize` | int | Limits number of connections. | `16` | +| `clients.eventStore.mongoDB.maxConnIdleTime` | string | Close connection when idle time reach the value. | `4m` | +| `clients.eventStore.mongoDB.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.eventStore.mongoDB.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.eventStore.mongoDB.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.eventStore.mongoDB.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | ### Identity Store Client @@ -98,14 +98,14 @@ Client configurations to internally connect to Identity Store service. | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `clients.identityStore.grpc.address` | string | `Identity Store service address.` | `"127.0.0.1:9100"` | -| `clients.identityStore.grpc.tls.caPool` | []string | `File paths to the root certificates in PEM format. The file may contain multiple certificates.` | `[]` | -| `clients.identityStore.grpc.tls.keyFile` | string | `File path to private key in PEM format.` | `""` | -| `clients.identityStore.grpc.tls.certFile` | string | `File path to certificate in PEM format.` | `""` | -| `clients.identityStore.grpc.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` | -| `clients.identityStore.grpc.keepAlive.time` | string | `After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.` | `10s` | -| `clients.identityStore.grpc.keepAlive.timeout` | string | `After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.` | `20s` | -| `clients.identityStore.grpc.keepAlive.permitWithoutStream` | bool | `If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.` | `false` | +| `clients.identityStore.grpc.address` | string | Identity Store service address. | `"127.0.0.1:9100"` | +| `clients.identityStore.grpc.tls.caPool` | []string | File paths to root certificates in PEM format. | `[]` | +| `clients.identityStore.grpc.tls.keyFile` | string | File path to the private key in PEM format. | `""` | +| `clients.identityStore.grpc.tls.certFile` | string | File path to the certificate in PEM format. | `""` | +| `clients.identityStore.grpc.tls.useSystemCAPool` | bool | If true, use the system certification pool. | `false` | +| `clients.identityStore.grpc.keepAlive.time` | string | After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive. | `10s` | +| `clients.identityStore.grpc.keepAlive.timeout` | string | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. | `20s` | +| `clients.identityStore.grpc.keepAlive.permitWithoutStream` | bool | If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent. | `false` | ### Public Configuration @@ -114,13 +114,13 @@ This will be served by HTTP Gateway API as defined [here](https://github.com/plg | Property | Type | Description | Default | | ---------- | -------- | -------------- | ------- | -| `publicConfiguration.caPool` | string | `File path to root CA which was used to sign coap-gw certificate.` | `""` | -| `publicConfiguration.ownerClaim` | string | `Claim used to identify owner of the device.` | `"sub"` | -| `publicConfiguration.deviceIDClaim` | string | `Claim used to identify device id of the device. Empty means that JWT doesn't contain it.` | `""` | -| `publicConfiguration.hubID` | string | `Hub ID which is stored in coap-gw certificate.` | `""` | -| `publicConfiguration.coapGateway` | string | `CoAP gateway for onboard device.` | `""` | -| `publicConfiguration.defaultCommandTimeToLive` | string | `Exposes default command time to live for CreateResource, RetrieveResource, UpdateResource, DeleteResource, and UpdateDeviceMetadata commands when it is not set in the request. 0s - means forever.` | `"0s"` | -| `publicConfiguration.authorizationServer` | string | `Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token’s signature. Must be same as in coap-gateway configuration.` | `""` | +| `publicConfiguration.caPool` | string | File path to root CA which was used to sign coap-gw certificate. | `""` | +| `publicConfiguration.ownerClaim` | string | Claim used to identify owner of the device. | `"sub"` | +| `publicConfiguration.deviceIDClaim` | string | Claim used to identify device id of the device. Empty means that JWT doesn't contain it. | `""` | +| `publicConfiguration.hubID` | string | Hub ID which is stored in coap-gw certificate. | `""` | +| `publicConfiguration.coapGateway` | string | CoAP gateway for onboard device. | `""` | +| `publicConfiguration.defaultCommandTimeToLive` | string | Exposes default command time to live for CreateResource, RetrieveResource, UpdateResource, DeleteResource, and UpdateDeviceMetadata commands when it is not set in the request. 0s - means forever. | `"0s"` | +| `publicConfiguration.authorizationServer` | string | Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token's signature. Must be same as in coap-gateway configuration. | `""` | {{< note >}}