Configuration File Reference

The agent container requires the configuration to be in YAML format in the /home/moveworks/agent/conf directory with the file name as agent_config.yml.

The configuration encompasses various aspects such as Moveworks-specific settings, LDAP and REST client configurations, secrets management, and proxy settings.

Secret Object

A secret object is a field in the configuration that is a protected value. All credentials in the configuration are stored as a secret object. There are 3 types of secret objects:

  1. Plaintext/Encrypted Plaintext: These secrets are stored in the config YAML itself. Once the agent starts, all value objects are converted to encrypted_value objects for security.
    value: "your-default-secret"
    # Or after encryption:
    # encrypted_value: "your-encrypted-secret"
  2. AWS Secrets Manager: These secrets can be fetched from AWS Secrets Manager.
    aws_entry:
      secret_name: "my-aws-secret"  # Name of the secret in AWS Secrets Manager
      region: "us-west-2"           # AWS region where the secret is stored
      refresh_time_sec: 3600        # Time interval in seconds to refresh / retrieve the secret
  3. Azure Key Vault: These secrets can be fetched from Azure Key Vault.

Top-Level Configuration Fields

  1. bond_version
    1. Type: string
    2. Description: Indicates the version of the bond configuration being used.
    3. Example: "2.10.3"
  2. secrets_provider_config
    1. Description: Configuration for secrets management, to either AWS Secrets Manager or Azure Key Vault. Only specified if using any of the above management methods.
    2. aws (object, optional):
      1. Description: Configuration specific to AWS Secrets Manager.
      2. Fields:
        1. default_region: Default AWS region for accessing secrets. Example: "us-west-2"
    3. azure (object, optional):
      1. Description: Configuration specific to Azure Key Vault.
      2. Fields:
        1. default_vault: Default Azure Key Vault to use. Example: "your-vault-name"
  3. moveworks_config
    1. auth_url:
      1. Type: string
      2. Description: The URL used for authentication with Moveworks systems.
      3. Example: "https://agent.moveworks.com/api/v1/auth"
    2. config_url:
      1. Type: string
      2. Description: The URL where configuration data is fetched from.
      3. Example: "https://agent.moveworks.com/api/v1/config"
    3. access_key:
      1. Type: string
      2. Description: The key used for access authorization. Generally org name.
      3. Example: "your-access-key"
    4. moveworks_access_secret:
      Type: secret object Description: Secret entry for Moveworks access credentials.
    5. path_to_cert:
      1. Type: string
      2. Description: File path to the certificate used for secure connections.
      3. Optional: True
      4. Example: "/home/moveworks/agent/certs/cert.pem"
  4. ldap_config
    1. enabled:
      1. Type: boolean
      2. Description: Whether the LDAP configuration is enabled.
    2. host:
      1. Type: string
      2. Description: The hostname or IP address of the LDAP server.
      3. Example: "ldap.example.com"
    3. port:
      1. Type: int32
      2. Description: The port on which the LDAP server listens.
      3. Example: 389
    4. domain:
      1. Type: string
      2. Description: The domain for LDAP authentication, without ldap:// prefix.
      3. Example: "example.com"
    5. service_user:
      1. Type: string
      2. Description: The service user account for LDAP operations.
      3. Example: "service_user"
    6. ldap_service_password:
      1. Type: secret object
      2. Description: Password for the LDAP service user.
    7. use_ssl:
      1. Type: boolean
      2. Description: Whether to connect to the LDAP server using SSL.
      3. Example: true
    8. use_start_tls:
      1. Type: boolean
      2. Description: Whether to initiate a StartTLS connection to the LDAP server.
      3. Example: false
    9. path_to_cert:
      1. Type: string
      2. Description: File path to the LDAP server's certificate.
      3. Optional: True
      4. Example: "/home/moveworks/agent/certs/ldap_cert.pem"
    10. tls_skip_verify:
      1. Type: boolean
      2. Description: Whether to skip TLS certificate verification for LDAP.
      3. Optional: True
      4. Example: false
  5. ldap_forest_config (Map)
    1. Description: A map of LDAP forest configurations, keyed by forest name.
    2. Fields per forest:
      1. host:
        1. **Type: ** string
        2. Description: Hostname or IP address of the LDAP forest server.
        3. **Example: ** "forest-ldap.example.com"
      2. port:
        1. Type: int32
        2. Description: Port number for the LDAP forest server.
        3. Example: 636
      3. domain:
        1. Type: string
        2. Description: LDAP domain for the forest server, without ldap:// prefix.
        3. Example: "forest.example.com"
      4. service_user
        1. Type: string
        2. Description: Service user for operations within the LDAP forest.
        3. Example: "forest_service_user"
      5. ldap_service_password:
        1. Type: secret object
        2. Description: Password for the service user in the LDAP forest.
      6. use_ssl:
        1. Type: boolean
        2. Optional: True
        3. Description: Whether SSL is used for connections to the forest server.
        4. Example: true
      7. path_to_cert:
        1. Type: string
        2. Optional:True
        3. Description: Path to the certificate used by the LDAP forest server.
        4. Example: "/path/to/forest_cert.pem"
      8. tls_skip_verify:
        1. Type: boolean
        2. Optional: True
        3. Description: Whether to skip TLS verification in forest configurations.
        4. Example: false
  6. rest_configs (Map)
    1. Description: A map of REST client configurations, keyed by service name (e.g., JIRA, SNOW).
    2. Fields per service:
      1. enabled:
        1. Type: boolean
        2. Description: Whether the REST configuration is enabled
      2. service:
        1. Type: string
        2. Description: The identifier of the external service.
        3. Example: "example_service"
      3. header_decorators:
        1. Type: array
        2. Description: A list of configurations for modifying request headers. See Header Decorators section below.
      4. body_decorators:
        1. Type: array
        2. Description: A list of configurations for modifying the request body. See Body Decorators section below.
      5. url_decorators:
        1. Type: array
        2. Description: A list of configurations for modifying the request URL. See https://www.geeksforgeeks.org/python/decorators-in-python/(#decorators) section below.
      6. do_not_use_rest_proxy:
        1. Type: boolean
        2. Description: Whether to bypass any configured REST proxy for local requests.
        3. Optional: True
        4. Example: true
      7. ca_cert_path:
        1. Type: string
        2. Description: File path to an additional CA certificate used in TLS configuration.
        3. Optional: True
        4. Example: "/home/moveworks/agent/certs/ca-cert.pem"
      8. tls_skip_verify:
        1. Type: boolean
        2. Description: Whether to skip TLS certificate verification for REST communications.
        3. Optional: True
        4. Example: false
      9. max_response_size:
        1. Type: int32
        2. Description: Maximum size of the response in bytes that the REST client will accept.
        3. Optional: True
        4. Example: 1048576 (1 MB)
      10. use_ntlmv2:
        1. Type: boolean
        2. Description: Whether to use NTLMv2 authentication for REST calls.
        3. Optional: True
        4. Example: false
  7. moveworks_proxy_configs (Map)
    1. Description: A map of proxy configurations, keyed by proxy name.
    2. Fields per proxy:
      1. target_url:
        1. Type: string
        2. Description: URL of the target where all forwarded requests should go.
        3. Example: "https://proxy.example.com"
      2. port:
        1. Type: int32
        2. Description: Port number on which the proxy listens for requests.
        3. Example: 8080

Decorators

Header Decorators

For rest_configs, you can define header decorators to add different types of headers to the request.

  • Plain (KV Pair)- Description: A simple key-value pair to be added to the request headers.
    • Fields: header_key (string), header_value (string).
    • File- Description: To load multiple headers from a JSON file.
      • Fields: file_path (string).
      • Basic Auth- Description: To add authentication via Username and Password.
        • Fields: username (string), password (secret object).
        • **Oauth2 Client Credentials** * **Description:** To add authentication via OAuth2 client credentials (client ID and secret). * **Fields:** * `client_id`: (string) * `client_secret`: (secret object) * `scope`: (string) * `rest_call_config`: (object) Defines the auth call for the access token. * `url`: (secret object) Auth URL for authentication. * `method`: (string) HTTP method type. Default: `POST`. * `header_key`: (string) HTTP header to send the auth token in. Default: `Authentication`. * `header_template`: (string) Template for the HTTP header value. Default: `Bearer %s`. * `refresh_time_sec`: (int32) Time between auth token calls. Default: `60`. * `token_body_key`: (string) Key to pull the token from in the response body. Default: empty (takes whole response). * `request_body`: (string) Body of the auth request. Default: empty. * `auth_headers`: (map<string, string>) Headers of the auth request. Default: `{"content_type": "application/x-www-form-urlencoded"}`.
          • Oauth2 Client Credentials Basic Auth- Description: To add authentication via OAuth2 client credentials basic authentication (clientid:secret). All fields are the same as Oauth2 Client Credentials Auth.
            • Oauth2 Refresh Token- Description: To add authentication via OAuth2 Refresh Token Auth.
              • Fields: client_id (string), client_secret (secret object), scope (string), client_refresh_token (secret object), rest_call_config (same as Oauth2 Client Credentials Auth).

Body Decorators


For rest_configs, you can define body decorators to add different types of body to the request.


  • Plain (KV Pair)- Description: A simple key-value pair to be added to the request body.
    • Fields: