Configuration File Reference
The agent container requires the configuration to be in YAML format in the /home/moveworks/agent/conf
directory with the file name as agent_config.yml
.
The configuration encompasses various aspects such as Moveworks-specific settings, LDAP and REST client configurations, secrets management, and proxy settings.
Secret Object
A secret object is a field in the configuration that is a protected value. All credentials in the configuration are stored as a secret object. There are 3 types of secret objects:
- Plaintext/Encrypted Plaintext: These secrets are stored in the config YAML itself. Once the agent starts, all
value
objects are converted toencrypted_value
objects for security.value: "your-default-secret" # Or after encryption: # encrypted_value: "your-encrypted-secret"
- AWS Secrets Manager: These secrets can be fetched from AWS Secrets Manager.
aws_entry: secret_name: "my-aws-secret" # Name of the secret in AWS Secrets Manager region: "us-west-2" # AWS region where the secret is stored refresh_time_sec: 3600 # Time interval in seconds to refresh / retrieve the secret
- Azure Key Vault: These secrets can be fetched from Azure Key Vault.
Top-Level Configuration Fields
bond_version
- Type:
string
- Description: Indicates the version of the bond configuration being used.
- Example:
"2.10.3"
- Type:
secrets_provider_config
- Description: Configuration for secrets management, to either AWS Secrets Manager or Azure Key Vault. Only specified if using any of the above management methods.
aws
(object, optional):- Description: Configuration specific to AWS Secrets Manager.
- Fields:
default_region
: Default AWS region for accessing secrets. Example:"us-west-2"
azure
(object, optional):- Description: Configuration specific to Azure Key Vault.
- Fields:
default_vault
: Default Azure Key Vault to use. Example:"your-vault-name"
moveworks_config
auth_url
:- Type:
string
- Description: The URL used for authentication with Moveworks systems.
- Example:
"https://agent.moveworks.com/api/v1/auth"
- Type:
config_url
:- Type:
string
- Description: The URL where configuration data is fetched from.
- Example:
"https://agent.moveworks.com/api/v1/config"
- Type:
access_key
:- Type:
string
- Description: The key used for access authorization. Generally org name.
- Example:
"your-access-key"
- Type:
moveworks_access_secret
:
Type:secret object
Description: Secret entry for Moveworks access credentials.path_to_cert
:- Type:
string
- Description: File path to the certificate used for secure connections.
- Optional: True
- Example:
"/home/moveworks/agent/certs/cert.pem"
- Type:
ldap_config
enabled
:- Type:
boolean
- Description: Whether the LDAP configuration is enabled.
- Type:
host
:- Type:
string
- Description: The hostname or IP address of the LDAP server.
- Example:
"ldap.example.com"
- Type:
port
:- Type:
int32
- Description: The port on which the LDAP server listens.
- Example:
389
- Type:
domain
:- Type:
string
- Description: The domain for LDAP authentication, without
ldap://
prefix. - Example:
"example.com"
- Type:
service_user
:- Type:
string
- Description: The service user account for LDAP operations.
- Example:
"service_user"
- Type:
ldap_service_password
:- Type:
secret object
- Description: Password for the LDAP service user.
- Type:
use_ssl
:- Type:
boolean
- Description: Whether to connect to the LDAP server using SSL.
- Example:
true
- Type:
use_start_tls
:- Type:
boolean
- Description: Whether to initiate a StartTLS connection to the LDAP server.
- Example:
false
- Type:
path_to_cert
:- Type:
string
- Description: File path to the LDAP server's certificate.
- Optional: True
- Example:
"/home/moveworks/agent/certs/ldap_cert.pem"
- Type:
tls_skip_verify
:- Type:
boolean
- Description: Whether to skip TLS certificate verification for LDAP.
- Optional: True
- Example:
false
- Type:
ldap_forest_config
(Map)- Description: A map of LDAP forest configurations, keyed by forest name.
- Fields per forest:
host
:- **Type: **
string
- Description: Hostname or IP address of the LDAP forest server.
- **Example: **
"forest-ldap.example.com"
- **Type: **
port
:- Type:
int32
- Description: Port number for the LDAP forest server.
- Example:
636
- Type:
domain
:- Type:
string
- Description: LDAP domain for the forest server, without
ldap://
prefix. - Example:
"forest.example.com"
- Type:
service_user
- Type:
string
- Description: Service user for operations within the LDAP forest.
- Example:
"forest_service_user"
- Type:
ldap_service_password
:- Type:
secret object
- Description: Password for the service user in the LDAP forest.
- Type:
use_ssl
:- Type:
boolean
- Optional:
True
- Description: Whether SSL is used for connections to the forest server.
- Example:
true
- Type:
path_to_cert
:- Type:
string
- Optional:
True
- Description: Path to the certificate used by the LDAP forest server.
- Example:
"/path/to/forest_cert.pem"
- Type:
tls_skip_verify
:- Type:
boolean
- Optional:
True
- Description: Whether to skip TLS verification in forest configurations.
- Example:
false
- Type:
rest_configs
(Map)- Description: A map of REST client configurations, keyed by service name (e.g.,
JIRA
,SNOW
). - Fields per service:
enabled
:- Type:
boolean
- Description: Whether the REST configuration is enabled
- Type:
service
:- Type:
string
- Description: The identifier of the external service.
- Example:
"example_service"
- Type:
header_decorators
:- Type:
array
- Description: A list of configurations for modifying request headers. See Header Decorators section below.
- Type:
body_decorators
:- Type:
array
- Description: A list of configurations for modifying the request body. See Body Decorators section below.
- Type:
url_decorators
:- Type:
array
- Description: A list of configurations for modifying the request URL. See https://www.geeksforgeeks.org/python/decorators-in-python/(#decorators) section below.
- Type:
do_not_use_rest_proxy
:- Type:
boolean
- Description: Whether to bypass any configured REST proxy for local requests.
- Optional: True
- Example:
true
- Type:
ca_cert_path
:- Type:
string
- Description: File path to an additional CA certificate used in TLS configuration.
- Optional: True
- Example:
"/home/moveworks/agent/certs/ca-cert.pem"
- Type:
tls_skip_verify
:- Type:
boolean
- Description: Whether to skip TLS certificate verification for REST communications.
- Optional: True
- Example:
false
- Type:
max_response_size
:- Type:
int32
- Description: Maximum size of the response in bytes that the REST client will accept.
- Optional: True
- Example:
1048576
(1 MB)
- Type:
use_ntlmv2
:- Type:
boolean
- Description: Whether to use NTLMv2 authentication for REST calls.
- Optional: True
- Example:
false
- Type:
- Description: A map of REST client configurations, keyed by service name (e.g.,
moveworks_proxy_configs
(Map)- Description: A map of proxy configurations, keyed by proxy name.
- Fields per proxy:
target_url
:- Type:
string
- Description: URL of the target where all forwarded requests should go.
- Example:
"https://proxy.example.com"
- Type:
port
:- Type:
int32
- Description: Port number on which the proxy listens for requests.
- Example:
8080
- Type:
Decorators
Header Decorators
For rest_configs
, you can define header decorators to add different types of headers to the request.
- Plain (KV Pair)- Description: A simple key-value pair to be added to the request headers.
- Fields:
header_key
(string),header_value
(string).
- File- Description: To load multiple headers from a JSON file.
- Fields:
file_path
(string).
- Basic Auth- Description: To add authentication via Username and Password.
- Fields:
username
(string),password
(secret object).
- **Oauth2 Client Credentials**
* **Description:** To add authentication via OAuth2 client credentials (client ID and secret).
* **Fields:**
* `client_id`: (string)
* `client_secret`: (secret object)
* `scope`: (string)
* `rest_call_config`: (object) Defines the auth call for the access token.
* `url`: (secret object) Auth URL for authentication.
* `method`: (string) HTTP method type. Default: `POST`.
* `header_key`: (string) HTTP header to send the auth token in. Default: `Authentication`.
* `header_template`: (string) Template for the HTTP header value. Default: `Bearer %s`.
* `refresh_time_sec`: (int32) Time between auth token calls. Default: `60`.
* `token_body_key`: (string) Key to pull the token from in the response body. Default: empty (takes whole response).
* `request_body`: (string) Body of the auth request. Default: empty.
* `auth_headers`: (map<string, string>) Headers of the auth request. Default: `{"content_type": "application/x-www-form-urlencoded"}`.
- Oauth2 Client Credentials Basic Auth- Description: To add authentication via OAuth2 client credentials basic authentication (clientid:secret). All fields are the same as Oauth2 Client Credentials Auth.
- Oauth2 Refresh Token- Description: To add authentication via OAuth2 Refresh Token Auth.
- Fields:
client_id
(string),client_secret
(secret object),scope
(string),client_refresh_token
(secret object),rest_call_config
(same as Oauth2 Client Credentials Auth).
- Fields:
- Oauth2 Refresh Token- Description: To add authentication via OAuth2 Refresh Token Auth.
- Oauth2 Client Credentials Basic Auth- Description: To add authentication via OAuth2 client credentials basic authentication (clientid:secret). All fields are the same as Oauth2 Client Credentials Auth.
- Fields:
- Fields:
- Fields:
Body Decorators
For rest_configs
, you can define body decorators to add different types of body to the request.
- Plain (KV Pair)- Description: A simple key-value pair to be added to the request body.
- Fields:
Updated about 12 hours ago