-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaggregator_proxy.env
More file actions
88 lines (60 loc) · 3.01 KB
/
aggregator_proxy.env
File metadata and controls
88 lines (60 loc) · 3.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# NSI Aggregator Proxy configuration
#
# Copy this file and fill in the values for your environment.
# Environment variables take precedence over values in this file.
# Lines starting with # are comments. Uncomment and edit the lines you need.
# --- Required ---
# Full URL of the NSI provider endpoint on the aggregator.
# AGGREGATOR_PROXY_PROVIDER_URL=https://aggregator.example.com/nsi-v2/ConnectionServiceProvider
# NSA URN used as requesterNSA in query requests to the aggregator.
# AGGREGATOR_PROXY_REQUESTER_NSA=urn:ogf:network:example.com:2025:requester-nsa
# NSA URN of the aggregator; used as providerNSA in all outbound SOAP headers.
# AGGREGATOR_PROXY_PROVIDER_NSA=urn:ogf:network:example.com:2025:provider-nsa
# Externally reachable base URL of this proxy; /nsi/v2/callback is appended for replyTo.
# AGGREGATOR_PROXY_BASE_URL=https://proxy.example.com
# --- Optional: mTLS ---
# Path to client TLS certificate for mTLS with the aggregator.
# AGGREGATOR_PROXY_CLIENT_CERT=
# Path to client TLS private key.
# AGGREGATOR_PROXY_CLIENT_KEY=
# Path to CA bundle for server certificate verification.
# AGGREGATOR_PROXY_CA_FILE=
# --- Optional: Timeouts ---
# Seconds to wait for async NSI callbacks (reserve, commit, provision, release, terminate).
# AGGREGATOR_PROXY_NSI_TIMEOUT=180
# Seconds to wait for DataPlaneStateChange after provision or release.
# AGGREGATOR_PROXY_DATAPLANE_TIMEOUT=300
# --- Optional: Server ---
# Log level (DEBUG, INFO, WARNING, ERROR).
# AGGREGATOR_PROXY_LOG_LEVEL=INFO
# Bind host.
# AGGREGATOR_PROXY_HOST=0.0.0.0
# Bind port.
# AGGREGATOR_PROXY_PORT=8080
# ASGI root path prefix. Set when behind a reverse proxy that strips a path prefix.
# AGGREGATOR_PROXY_ROOT_PATH=
# --- Optional: Authentication ---
# Enable authentication on all reservation endpoints. When true, every request
# must be authenticated via OIDC (JWT) or mTLS (header from nsi-auth).
# The /health endpoint is always unauthenticated. The /nsi/v2/callback endpoint
# requires mTLS when auth is enabled and MTLS_HEADER is set.
# AGGREGATOR_PROXY_AUTH_ENABLED=false
# Header name that nsi-auth sets on successful mTLS validation (e.g. X-Auth-Method).
# AGGREGATOR_PROXY_MTLS_HEADER=
# OIDC issuer URL. OIDC validation is active when this is set and auth is enabled.
# AGGREGATOR_PROXY_OIDC_ISSUER=
# Expected audience claim in the JWT.
# AGGREGATOR_PROXY_OIDC_AUDIENCE=
# JWKS endpoint URL. Auto-discovered from OIDC issuer if empty.
# AGGREGATOR_PROXY_OIDC_JWKS_URI=
# Userinfo endpoint URL. Auto-discovered from OIDC issuer if empty.
# AGGREGATOR_PROXY_OIDC_USERINFO_URI=
# Claim name in userinfo response containing group memberships.
# AGGREGATOR_PROXY_OIDC_GROUP_CLAIM=eduperson_entitlement
# Groups required for access. JSON array or comma-separated.
# Use [] when no group check is needed (any authenticated user is allowed).
# AGGREGATOR_PROXY_OIDC_REQUIRED_GROUPS=[]
# JWKS key cache TTL in seconds.
# AGGREGATOR_PROXY_OIDC_JWKS_CACHE_LIFESPAN=300
# Userinfo response cache TTL in seconds.
# AGGREGATOR_PROXY_OIDC_USERINFO_CACHE_TTL=60