44648e3206
- Remove KCL ecosystem (~220 files deleted) - Migrate all infrastructure to Nickel schema system - Consolidate documentation: legacy docs → provisioning/docs/src/ - Add CI/CD workflows (.github/) and Rust build config (.cargo/) - Update core system for Nickel schema parsing - Update README.md and CHANGES.md for v5.0.0 release - Fix pre-commit hooks: end-of-file, trailing-whitespace - Breaking changes: KCL workspaces require migration - Migration bridge available in docs/src/development/
167 lines
3.5 KiB
Plaintext
167 lines
3.5 KiB
Plaintext
# Control Center Service Default Configuration
|
|
# Policy management, RBAC, and compliance defaults
|
|
|
|
let control_center_schema = import "../schemas/control-center.ncl" in
|
|
let monitoring_defaults = import "./common/monitoring-defaults.ncl" in
|
|
let logging_defaults = import "./common/logging-defaults.ncl" in
|
|
|
|
{
|
|
control_center | control_center_schema.ControlCenterConfig = {
|
|
# Workspace Configuration
|
|
workspace = {
|
|
name = "default",
|
|
path = "/var/lib/provisioning/control-center",
|
|
enabled = true,
|
|
multi_workspace = false,
|
|
},
|
|
|
|
# HTTP Server Settings
|
|
server = {
|
|
host = "127.0.0.1",
|
|
port = 8080,
|
|
workers = 4,
|
|
keep_alive = 75,
|
|
max_connections = 100,
|
|
request_timeout = 30000,
|
|
graceful_shutdown = true,
|
|
shutdown_timeout = 30,
|
|
},
|
|
|
|
# Database Configuration
|
|
database = {
|
|
backend = "rocksdb",
|
|
path = "/var/lib/provisioning/control-center/data",
|
|
pool_size = 10,
|
|
timeout = 30,
|
|
retry = true,
|
|
max_retries = "3",
|
|
},
|
|
|
|
# Security Configuration
|
|
security = {
|
|
jwt = {
|
|
issuer = "control-center",
|
|
audience = "provisioning",
|
|
expiration = 3600,
|
|
refresh_expiration = 86400,
|
|
secret = "change_me_in_production",
|
|
algorithm = "HS256",
|
|
},
|
|
rbac = {
|
|
enabled = true,
|
|
inheritance = true,
|
|
default_role = "user",
|
|
},
|
|
mfa = {
|
|
required = false,
|
|
methods = ["totp"],
|
|
max_attempts = "5",
|
|
lockout_duration = 15,
|
|
},
|
|
rate_limiting = {
|
|
enabled = false,
|
|
max_requests = "1000",
|
|
window_seconds = 60,
|
|
},
|
|
tls = {
|
|
enabled = false,
|
|
},
|
|
cors = {
|
|
enabled = false,
|
|
},
|
|
session = {
|
|
max_duration = 86400,
|
|
idle_timeout = 3600,
|
|
tracking = false,
|
|
},
|
|
},
|
|
|
|
# Policy Engine Configuration
|
|
policy = {
|
|
enabled = true,
|
|
cache = {
|
|
enabled = true,
|
|
ttl = 3600,
|
|
max_policies = 10000,
|
|
},
|
|
versioning = {
|
|
enabled = true,
|
|
max_versions = 20,
|
|
},
|
|
},
|
|
|
|
# RBAC Configuration
|
|
rbac = {
|
|
enabled = true,
|
|
hierarchy = true,
|
|
dynamic_roles = false,
|
|
default_role = "user",
|
|
roles = {
|
|
admin = true,
|
|
operator = true,
|
|
viewer = true,
|
|
},
|
|
attribute_based = false,
|
|
},
|
|
|
|
# User Management
|
|
users = {
|
|
enabled = true,
|
|
registration = {
|
|
enabled = true,
|
|
requires_approval = false,
|
|
auto_assign_role = "user",
|
|
},
|
|
sessions = {
|
|
max_active = 5,
|
|
idle_timeout = 3600,
|
|
absolute_timeout = 86400,
|
|
},
|
|
audit_enabled = false,
|
|
},
|
|
|
|
# Audit Logging
|
|
audit = {
|
|
enabled = false,
|
|
storage = {
|
|
retention_days = 90,
|
|
immutable = false,
|
|
},
|
|
redact_sensitive = true,
|
|
},
|
|
|
|
# Compliance Configuration
|
|
compliance = {
|
|
enabled = false,
|
|
validation = {
|
|
enabled = false,
|
|
interval_hours = 24,
|
|
},
|
|
data_retention = {
|
|
policy_years = 7,
|
|
audit_log_days = 2555,
|
|
},
|
|
encryption_required = false,
|
|
},
|
|
|
|
# Integrations
|
|
integrations = {
|
|
ldap = {
|
|
enabled = false,
|
|
},
|
|
oauth2 = {
|
|
enabled = false,
|
|
},
|
|
webhooks = {
|
|
enabled = false,
|
|
},
|
|
},
|
|
|
|
# Monitoring Configuration
|
|
monitoring = monitoring_defaults.monitoring,
|
|
|
|
# Logging Configuration
|
|
logging = logging_defaults.logging,
|
|
},
|
|
}
|