diff --git a/.github/workflows/roundtrip/opentdf.yaml b/.github/workflows/roundtrip/opentdf.yaml index 6ccc9ae7..bf1b206b 100644 --- a/.github/workflows/roundtrip/opentdf.yaml +++ b/.github/workflows/roundtrip/opentdf.yaml @@ -23,6 +23,7 @@ services: legacy: true entityresolution: url: http://localhost:65432/auth + log_level: info clientid: 'tdf-entity-resolution' clientsecret: 'secret' realm: 'opentdf' @@ -31,27 +32,34 @@ services: from: email: true username: true + # policy is enabled by default in mode 'all' + # policy: + # enabled: true + # list_request_limit_default: 1000 + # list_request_limit_max: 2500 server: + tls: + enabled: false + cert: ./keys/platform.crt + key: ./keys/platform-key.pem auth: enabled: true public_client_id: 'opentdf-public' audience: 'http://localhost:65432' issuer: http://localhost:65432/auth/realms/opentdf policy: - ## Default policy for all requests - default: #"role:standard" ## Dot notation is used to access nested claims (i.e. realm_access.roles) - claim: # realm_access.roles - ## Maps the external role to the opentdf role - ## Note: left side is used in the policy, right side is the external role - map: - # standard: opentdf-standard - # admin: opentdf-admin - - ## Custom policy (see examples https://github.com/casbin/casbin/tree/master/examples) + # Claim that represents the user (i.e. email) + username_claim: # preferred_username + # That claim to access groups (i.e. realm_access.roles) + groups_claim: # realm_access.roles + ## Extends the builtin policy + extension: | + g, opentdf-admin, role:admin + g, opentdf-standard, role:standard + ## Custom policy that overrides builtin policy (see examples https://github.com/casbin/casbin/tree/master/examples) csv: #| # p, role:admin, *, *, allow - ## Custom model (see https://casbin.org/docs/syntax-for-models/) model: #| # [request_definition]