Configuration File Reference

The agent container requires the configuration to be in YAML format in the /home/moveworks/agent/conf directory with the file name as agent_config.yml.

The configuration encompasses various aspects such as Moveworks-specific settings, LDAP and REST client configurations, secrets management, and proxy settings.

Secret Object

A secret object is a field in the configuration that is a protected value. All credentials in the configuration are stored as a secret object. There are 3 types of secret objects:

Plaintext/Encrypted Plaintext: These secrets are stored in the config YAML itself. Once the agent starts, all value objects are converted to encrypted_value objects for security.
```
value: "your-default-secret"
# Or after encryption:
# encrypted_value: "your-encrypted-secret"
```

AWS Secrets Manager: These secrets can be fetched from AWS Secrets Manager.

aws_entry:
  secret_name: "my-aws-secret"  # Name of the secret in AWS Secrets Manager
  region: "us-west-2"           # AWS region where the secret is stored
  refresh_time_sec: 3600        # Time interval in seconds to refresh / retrieve the secret

Azure Key Vault: These secrets can be fetched from Azure Key Vault.

Top-Level Configuration Fields

bond_version
1. Type: string
2. Description: Indicates the version of the bond configuration being used.
3. Example: "2.10.3"
secrets_provider_config
1. Description: Configuration for secrets management, to either AWS Secrets Manager or Azure Key Vault. Only specified if using any of the above management methods.
2. aws (object, optional):
  1. Description: Configuration specific to AWS Secrets Manager.
  2. Fields:
    1. default_region: Default AWS region for accessing secrets. Example: "us-west-2"
3. azure (object, optional):
  1. Description: Configuration specific to Azure Key Vault.
  2. Fields:
    1. default_vault: Default Azure Key Vault to use. Example: "your-vault-name"
moveworks_config
1. auth_url:
  1. Type: string
  2. Description: The URL used for authentication with Moveworks systems.
  3. Example: "https://agent.moveworks.com/api/v1/auth"
2. config_url:
  1. Type: string
  2. Description: The URL where configuration data is fetched from.
  3. Example: "https://agent.moveworks.com/api/v1/config"
3. access_key:
  1. Type: string
  2. Description: The key used for access authorization. Generally org name.
  3. Example: "your-access-key"
4. moveworks_access_secret:
  Type: secret object Description: Secret entry for Moveworks access credentials.
5. path_to_cert:
  1. Type: string
  2. Description: File path to the certificate used for secure connections.
  3. Optional: True
  4. Example: "/home/moveworks/agent/certs/cert.pem"
ldap_config
1. enabled:
  1. Type: boolean
  2. Description: Whether the LDAP configuration is enabled.
2. host:
  1. Type: string
  2. Description: The hostname or IP address of the LDAP server.
  3. Example: "ldap.example.com"
3. port:
  1. Type: int32
  2. Description: The port on which the LDAP server listens.
  3. Example: 389
4. domain:
  1. Type: string
  2. Description: The domain for LDAP authentication, without ldap:// prefix.
  3. Example: "example.com"
5. service_user:
  1. Type: string
  2. Description: The service user account for LDAP operations.
  3. Example: "service_user"
6. ldap_service_password:
  1. Type: secret object
  2. Description: Password for the LDAP service user.
7. use_ssl:
  1. Type: boolean
  2. Description: Whether to connect to the LDAP server using SSL.
  3. Example: true
8. use_start_tls:
  1. Type: boolean
  2. Description: Whether to initiate a StartTLS connection to the LDAP server.
  3. Example: false
9. path_to_cert:
  1. Type: string
  2. Description: File path to the LDAP server's certificate.
  3. Optional: True
  4. Example: "/home/moveworks/agent/certs/ldap_cert.pem"
10. tls_skip_verify:
  1. Type: boolean
  2. Description: Whether to skip TLS certificate verification for LDAP.
  3. Optional: True
  4. Example: false
ldap_forest_config (Map)
1. Description: A map of LDAP forest configurations, keyed by forest name.
2. Fields per forest:
  1. host:
    1. **Type: ** string
    2. Description: Hostname or IP address of the LDAP forest server.
    3. **Example: ** "forest-ldap.example.com"
  2. port:
    1. Type: int32
    2. Description: Port number for the LDAP forest server.
    3. Example: 636
  3. domain:
    1. Type: string
    2. Description: LDAP domain for the forest server, without ldap:// prefix.
    3. Example: "forest.example.com"
  4. service_user
    1. Type: string
    2. Description: Service user for operations within the LDAP forest.
    3. Example: "forest_service_user"
  5. ldap_service_password:
    1. Type: secret object
    2. Description: Password for the service user in the LDAP forest.
  6. use_ssl:
    1. Type: boolean
    2. Optional: True
    3. Description: Whether SSL is used for connections to the forest server.
    4. Example: true
  7. path_to_cert:
    1. Type: string
    2. Optional:True
    3. Description: Path to the certificate used by the LDAP forest server.
    4. Example: "/path/to/forest_cert.pem"
  8. tls_skip_verify:
    1. Type: boolean
    2. Optional: True
    3. Description: Whether to skip TLS verification in forest configurations.
    4. Example: false
rest_configs (Map)
1. Description: A map of REST client configurations, keyed by service name (e.g., JIRA, SNOW).
2. Fields per service:
  1. enabled:
    1. Type: boolean
    2. Description: Whether the REST configuration is enabled
  2. service:
    1. Type: string
    2. Description: The identifier of the external service.
    3. Example: "example_service"
  3. header_decorators:
    1. Type: array
    2. Description: A list of configurations for modifying request headers. See Header Decorators section below.
  4. body_decorators:
    1. Type: array
    2. Description: A list of configurations for modifying the request body. See Body Decorators section below.
  5. url_decorators:
    1. Type: array
    2. Description: A list of configurations for modifying the request URL. See https://www.geeksforgeeks.org/python/decorators-in-python/(#decorators) section below.
  6. do_not_use_rest_proxy:
    1. Type: boolean
    2. Description: Whether to bypass any configured REST proxy for local requests.
    3. Optional: True
    4. Example: true
  7. ca_cert_path:
    1. Type: string
    2. Description: File path to an additional CA certificate used in TLS configuration.
    3. Optional: True
    4. Example: "/home/moveworks/agent/certs/ca-cert.pem"
  8. tls_skip_verify:
    1. Type: boolean
    2. Description: Whether to skip TLS certificate verification for REST communications.
    3. Optional: True
    4. Example: false
  9. max_response_size:
    1. Type: int32
    2. Description: Maximum size of the response in bytes that the REST client will accept.
    3. Optional: True
    4. Example: 1048576 (1 MB)
  10. use_ntlmv2:
    1. Type: boolean
    2. Description: Whether to use NTLMv2 authentication for REST calls.
    3. Optional: True
    4. Example: false
moveworks_proxy_configs (Map)
1. Description: A map of proxy configurations, keyed by proxy name.
2. Fields per proxy:
  1. target_url:
    1. Type: string
    2. Description: URL of the target where all forwarded requests should go.
    3. Example: "https://proxy.example.com"
  2. port:
    1. Type: int32
    2. Description: Port number on which the proxy listens for requests.
    3. Example: 8080

Decorators

Header Decorators

For rest_configs, you can define header decorators to add different types of headers to the request.

Plain (KV Pair)- Description: A simple key-value pair to be added to the request headers.
- Fields: header_key (string), header_value (string).
- File- Description: To load multiple headers from a JSON file.
  - Fields: file_path (string).
  - Basic Auth- Description: To add authentication via Username and Password.
    - Fields: username (string), password (secret object).
    - **Oauth2 Client Credentials** * **Description:** To add authentication via OAuth2 client credentials (client ID and secret). * **Fields:** * `client_id`: (string) * `client_secret`: (secret object) * `scope`: (string) * `rest_call_config`: (object) Defines the auth call for the access token. * `url`: (secret object) Auth URL for authentication. * `method`: (string) HTTP method type. Default: `POST`. * `header_key`: (string) HTTP header to send the auth token in. Default: `Authentication`. * `header_template`: (string) Template for the HTTP header value. Default: `Bearer %s`. * `refresh_time_sec`: (int32) Time between auth token calls. Default: `60`. * `token_body_key`: (string) Key to pull the token from in the response body. Default: empty (takes whole response). * `request_body`: (string) Body of the auth request. Default: empty. * `auth_headers`: (map<string, string>) Headers of the auth request. Default: `{"content_type": "application/x-www-form-urlencoded"}`.
      - Oauth2 Client Credentials Basic Auth- Description: To add authentication via OAuth2 client credentials basic authentication (clientid:secret). All fields are the same as Oauth2 Client Credentials Auth.
        
        Oauth2 Refresh Token- Description: To add authentication via OAuth2 Refresh Token Auth.
        
        Fields: client_id (string), client_secret (secret object), scope (string), client_refresh_token (secret object), rest_call_config (same as Oauth2 Client Credentials Auth).

Body Decorators

For rest_configs, you can define body decorators to add different types of body to the request.

Plain (KV Pair)- Description: A simple key-value pair to be added to the request body.
- Fields:

Updated about 12 hours ago