Configuration File Reference

The agent container requires the configuration to be in YAML format in the /home/moveworks/agent/conf directory with the file name as agent_config.yml.

The configuration encompasses various aspects such as Moveworks-specific settings, LDAP and REST client configurations, secrets management, and proxy settings.

Secret Object

A secret object is a field in the configuration that is a protected value. All credentials in the configuration are stored as a secret object. There are 3 types of secret objects:

Plaintext/Encrypted Plaintext: These secrets are stored in the config YAML itself. Once the agent starts, all value objects are converted to encrypted_value objects for security.
```
value: "your-default-secret"
# Or after encryption:
# encrypted_value: "your-encrypted-secret"
```

AWS Secrets Manager: These secrets can be fetched from AWS Secrets Manager.

aws_entry:
  secret_name: "my-aws-secret"  # Name of the secret in AWS Secrets Manager
  region: "us-west-2"           # AWS region where the secret is stored
  refresh_time_sec: 3600        # Time interval in seconds to refresh / retrieve the secret

Azure Key Vault: These secrets can be fetched from Azure Key Vault

azure_entry:
  secret_name: "my-azure-secret"  # Name of the secret in Azure Key Vault
  vault: "my-azure-vault"         # Name of the Azure Key Vault
  refresh_time_sec: 3600          # Time interval in seconds to refresh / retrieve the secret

Top-Level Configuration Fields

bond_version
1. Type: string
2. Description: Indicates the version of the bond configuration being used.
3. Example: "2.10.3"
secrets_provider_config
1. Description: Configuration for secrets management, to either AWS Secrets Manager or Azure Key Vault. Only specified if using any of the above management methods.
2. aws (object, optional):
  1. Description: Configuration specific to AWS Secrets Manager.
  2. Fields:
    1. default_region: Default AWS region for accessing secrets. Example: "us-west-2"
3. azure (object, optional):
  1. Description: Configuration specific to Azure Key Vault.
  2. Fields:
    1. default_vault: Default Azure Key Vault to use. Example: "your-vault-name"
moveworks_config
1. auth_url:
  1. Type: string
  2. Description: The URL used for authentication with Moveworks systems.
  3. Example: "https://agent.moveworks.com/api/v1/auth"
2. config_url:
  1. Type: string
  2. Description: The URL where configuration data is fetched from.
  3. Example: "https://agent.moveworks.com/api/v1/config"
3. access_key:
  1. Type: string
  2. Description: The key used for access authorization. Generally org name.
  3. Example: "your-access-key"
4. moveworks_access_secret: Type: secret object Description: Secret entry for Moveworks access credentials.
5. path_to_cert:
  1. Type: string
  2. Description: File path to the certificate used for secure connections.
  3. Optional: True
  4. Example: "/home/moveworks/agent/certs/cert.pem"
ldap_config
1. enabled:
  1. Type: boolean
  2. Description: Whether the LDAP configuration is enabled.
2. host:
  1. Type: string
  2. Description: The hostname or IP address of the LDAP server.
  3. Example: "ldap.example.com"
3. port:
  1. Type: int32
  2. Description: The port on which the LDAP server listens.
  3. Example: 389
4. domain:
  1. Type: string
  2. Description: The domain for LDAP authentication, without ldap:// prefix.
  3. Example: "example.com"
5. service_user:
  1. Type: string
  2. Description: The service user account for LDAP operations.
  3. Example: "service_user"
6. ldap_service_password:
  1. Type: secret object
  2. Description: Password for the LDAP service user.
7. use_ssl:
  1. Type: boolean
  2. Description: Whether to connect to the LDAP server using SSL.
  3. Example: true
8. use_start_tls:
  1. Type: boolean
  2. Description: Whether to initiate a StartTLS connection to the LDAP server.
  3. Example: false
9. path_to_cert:
  1. Type: string
  2. Description: File path to the LDAP server's certificate.
  3. Optional: True
  4. Example: "/home/moveworks/agent/certs/ldap_cert.pem"
10. tls_skip_verify:
  1. Type: boolean
  2. Description: Whether to skip TLS certificate verification for LDAP.
  3. Optional: True
  4. Example: false
ldap_forest_config (Map)
1. Description: A map of LDAP forest configurations, keyed by forest name.
2. Fields per forest:
  1. host:
    1. **Type: ** string
    2. Description: Hostname or IP address of the LDAP forest server.
    3. **Example: ** "forest-ldap.example.com"
  2. port:
    1. Type: int32
    2. Description: Port number for the LDAP forest server.
    3. Example: 636
  3. domain:
    1. Type: string
    2. Description: LDAP domain for the forest server, without ldap:// prefix.
    3. Example: "forest.example.com"
  4. service_user
    1. Type: string
    2. Description: Service user for operations within the LDAP forest.
    3. Example: "forest_service_user"
  5. ldap_service_password:
    1. Type: secret object
    2. Description: Password for the service user in the LDAP forest.
  6. use_ssl:
    1. Type: boolean
    2. Optional: True
    3. Description: Whether SSL is used for connections to the forest server.
    4. Example: true
  7. path_to_cert:
    1. Type: string
    2. Optional:True
    3. Description: Path to the certificate used by the LDAP forest server.
    4. Example: "/path/to/forest_cert.pem"
  8. tls_skip_verify:
    1. Type: boolean
    2. Optional: True
    3. Description: Whether to skip TLS verification in forest configurations.
    4. Example: false
rest_configs (Map)
1. Description: A map of REST client configurations, keyed by service name (e.g., JIRA, SNOW).
2. Fields per service:
  1. enabled:
    1. Type: boolean
    2. Description: Whether the REST configuration is enabled
  2. service:
    1. Type: string
    2. Description: The identifier of the external service.
    3. Example: "example_service"
  3. header_decorators:
    1. Type: array
    2. Description: A list of configurations for modifying request headers. See Header Decorators section below.
  4. body_decorators:
    1. Type: array
    2. Description: A list of configurations for modifying the request body. See Body Decorators section below.
  5. url_decorators:
    1. Type: array
    2. Description: A list of configurations for modifying the request URL. See https://www.geeksforgeeks.org/python/decorators-in-python/(#decorators) section below.
  6. do_not_use_rest_proxy:
    1. Type: boolean
    2. Description: Whether to bypass any configured REST proxy for local requests.
    3. Optional: True
    4. Example: true
  7. ca_cert_path:
    1. Type: string
    2. Description: File path to an additional CA certificate used in TLS configuration.
    3. Optional: True
    4. Example: "/home/moveworks/agent/certs/ca-cert.pem"
  8. tls_skip_verify:
    1. Type: boolean
    2. Description: Whether to skip TLS certificate verification for REST communications.
    3. Optional: True
    4. Example: false
  9. max_response_size:
    1. Type: int32
    2. Description: Maximum size of the response in bytes that the REST client will accept.
    3. Optional: True
    4. Example: 1048576 (1 MB)
  10. use_ntlmv2:
    1. Type: boolean
    2. Description: Whether to use NTLMv2 authentication for REST calls.
    3. Optional: True
    4. Example: false
moveworks_proxy_configs (Map)
1. Description: A map of proxy configurations, keyed by proxy name.
2. Fields per proxy:
  1. target_url:
    1. Type: string
    2. Description: URL of the target where all forwarded requests should go.
    3. Example: "https://proxy.example.com"
  2. port:
    1. Type: int32
    2. Description: Port number on which the proxy listens for requests.
    3. Example: 8080

Decorators

Header Decorators

For rest_configs, you can define header decorators to add different types of headers to the request.

Plain (KV Pair)
- Description: A simple key-value pair to be added to the request headers.
- Fields: header_key (string), header_value (string).
File
- Description: To load multiple headers from a JSON file.
- Fields: file_path (string).
Basic Auth
- Description: To add authentication via Username and Password.
- Fields: username (string), password (secret object).
Oauth2 Client Credentials
- Description: To add authentication via OAuth2 client credentials (client ID and secret).
- Fields:
  - client_id: (string)
  - client_secret: (secret object)
  - scope: (string)
  - rest_call_config: (object) Defines the auth call for the access token.
    - url: (secret object) Auth URL for authentication.
    - method: (string) HTTP method type. Default: POST.
    - header_key: (string) HTTP header to send the auth token in. Default: Authentication.
    - header_template: (string) Template for the HTTP header value. Default: Bearer %s.
    - refresh_time_sec: (int32) Time between auth token calls. Default: 60.
    - token_body_key: (string) Key to pull the token from in the response body. Default: empty (takes whole response).
    - request_body: (string) Body of the auth request. Default: empty.
    - auth_headers: (map<string, string>) Headers of the auth request. Default: \{"content_type": "application/x-www-form-urlencoded"}.
Oauth2 Client Credentials Basic Auth
- Description: To add authentication via OAuth2 client credentials basic authentication (clientid:secret). All fields are the same as Oauth2 Client Credentials Auth.
Oauth2 Refresh Token
- Description: To add authentication via OAuth2 Refresh Token Auth.
- Fields:
  - client_id (string)
  - client_secret (secret object)
  - scope (string)
  - client_refresh_token (secret object)
  - rest_call_config (same as Oauth2 Client Credentials Auth)

Body Decorators

For rest_configs, you can define body decorators to add different types of body to the request.

Plain (KV Pair)
- Description: A simple key-value pair to be added to the request body.
- Fields::
  - query_key (string)
  - query_value (secret object).
Oracle Web centre auth
- Description: For Oracle WebCenter Authentication.
- Fields:
  - username: (string)
  - password: (secret object)
  - rest_call_config: Same as rest_call_config in Oauth2 Refresh Token.
  - query_key: (string) Query param key.
  - query_template: (string) Template for the query value.

Updated 9 days ago