Joseph Doherty
04bce3ff9f
Standardize the dashboard role VALUE on the canonical six: Admin→Administrator (Viewer unchanged). Pure value rename via DashboardRoles.Admin constant + appsettings GroupToRole; the GatewayOptionsValidator allowed-set/message track the constant so they now require 'Administrator' or 'Viewer'. Enforcement is unchanged — Administrator authorizes exactly what Admin did. Dashboard roles are derived at login from LDAP groups via GroupToRole and are never persisted to the SQLite auth store, so no DB migration/seed change. UNTOUCHED: the separate gRPC API-key scope GatewayScopes.Admin = "admin" (lowercase) and every "admin" scope literal — a distinct data-plane system.
86 lines
2.6 KiB
JSON
86 lines
2.6 KiB
JSON
{
|
|
"Serilog": {
|
|
"Using": [ "Serilog.Sinks.Console", "Serilog.Sinks.File" ],
|
|
"MinimumLevel": {
|
|
"Default": "Information",
|
|
"Override": { "Microsoft.AspNetCore": "Warning" }
|
|
},
|
|
"WriteTo": [
|
|
{ "Name": "Console" },
|
|
{ "Name": "File", "Args": { "path": "logs/mxgateway-.log", "rollingInterval": "Day" } }
|
|
]
|
|
},
|
|
"AllowedHosts": "*",
|
|
"MxGateway": {
|
|
"Authentication": {
|
|
"Mode": "ApiKey",
|
|
"SqlitePath": "C:\\ProgramData\\MxGateway\\gateway-auth.db",
|
|
"PepperSecretName": "MxGateway:ApiKeyPepper",
|
|
"RunMigrationsOnStartup": true
|
|
},
|
|
"Ldap": {
|
|
"Enabled": true,
|
|
"Server": "localhost",
|
|
"Port": 3893,
|
|
"Transport": "None",
|
|
"AllowInsecure": true,
|
|
"SearchBase": "dc=zb,dc=local",
|
|
"ServiceAccountDn": "cn=serviceaccount,dc=zb,dc=local",
|
|
"ServiceAccountPassword": "serviceaccount123",
|
|
"UserNameAttribute": "cn",
|
|
"DisplayNameAttribute": "cn",
|
|
"GroupAttribute": "memberOf"
|
|
},
|
|
"Worker": {
|
|
"ExecutablePath": "src\\ZB.MOM.WW.MxGateway.Worker\\bin\\x86\\Release\\ZB.MOM.WW.MxGateway.Worker.exe",
|
|
"RequiredArchitecture": "X86",
|
|
"StartupTimeoutSeconds": 30,
|
|
"ShutdownTimeoutSeconds": 10,
|
|
"HeartbeatIntervalSeconds": 5,
|
|
"HeartbeatGraceSeconds": 15,
|
|
"MaxMessageBytes": 16777216
|
|
},
|
|
"Sessions": {
|
|
"DefaultCommandTimeoutSeconds": 30,
|
|
"MaxSessions": 64,
|
|
"MaxPendingCommandsPerSession": 128,
|
|
"DefaultLeaseSeconds": 1800,
|
|
"LeaseSweepIntervalSeconds": 30,
|
|
"AllowMultipleEventSubscribers": false
|
|
},
|
|
"Events": {
|
|
"QueueCapacity": 10000,
|
|
"BackpressurePolicy": "FailFast"
|
|
},
|
|
"Dashboard": {
|
|
"Enabled": true,
|
|
"AllowAnonymousLocalhost": true,
|
|
"SnapshotIntervalMilliseconds": 1000,
|
|
"RecentFaultLimit": 100,
|
|
"RecentSessionLimit": 200,
|
|
"ShowTagValues": false,
|
|
"GroupToRole": {
|
|
"GwAdmin": "Administrator",
|
|
"GwReader": "Viewer"
|
|
}
|
|
},
|
|
"Protocol": {
|
|
"WorkerProtocolVersion": 1,
|
|
"MaxGrpcMessageBytes": 16777216
|
|
},
|
|
"Galaxy": {
|
|
"ConnectionString": "Server=localhost;Database=ZB;Integrated Security=True;TrustServerCertificate=True;Encrypt=False;",
|
|
"CommandTimeoutSeconds": 60,
|
|
"DashboardRefreshIntervalSeconds": 30,
|
|
"PersistSnapshot": true,
|
|
"SnapshotCachePath": "C:\\ProgramData\\MxGateway\\galaxy-snapshot.json"
|
|
},
|
|
"Alarms": {
|
|
"Enabled": true,
|
|
"SubscriptionExpression": "\\\\DESKTOP-6JL3KKO\\Galaxy!DEV",
|
|
"DefaultArea": "",
|
|
"ReconcileIntervalSeconds": 30
|
|
}
|
|
}
|
|
}
|