Service Configuration

Service Configuration file defines the rules on - who can access the application running in enclave, what they can access, and how they will be authenticated. It also contains meta information about your application. The configuration file is composed of the following details

Base Image

This represents the base docker image that will be used for deploying your application. For now we support a limited number of base images. They are -

• oblv_ubuntu_18_04_proxy
• oblv_ubuntu_18_04_proxy_nsm_api
• oblv_ubuntu_18_04_proxy_python_3_8
• oblv_ubuntu_18_04_proxy_nsm_api_python_3_8
• oblv_ubuntu_18_04_proxy_python_3_9
• oblv_ubuntu_18_04_proxy_nsm_api_python_3_9
• oblv_ubuntu_18_04_proxy_node_14
• oblv_ubuntu_18_04_proxy_nsm_api_node_14
• oblv_ubuntu_18_04_proxy_node_16
• oblv_ubuntu_18_04_proxy_nsm_api_node_16
• oblv_ubuntu_18_04_proxy_node_18

Auth

The different authentication methods, which needs to be used for authorizing and authenticating users to your application and the enclave. This is a required array property and it requires two attributes in each of its element.

1. Auth Name (auth_name) - Name of the auth type. This will be used in the upcoming attributes.

2. Auth Type (auth_type) - The type of authentication method. For now, we only support signed_headers, which accepts rsa key pair for authentication.

note

At least 1 auth needs to be defined.

Roles

This property represents the different roles you want to create for your applications. The roles help in restricting users to access paths that they are not authorized to access. Each of the role must have the following attributes

1. Role Name (role_name) - Name of the role. Will be used in upcoming properties.
2. Role Cardinality (role_cardinality) - How many users will be allowed to have this role.
3. Role Description (role_description) - A short description on what the role represents.
4. Role Auth (role_auth) - What type of authentication will be used for this role. It must be present in the list of the auths defined above.

note

At least 1 role needs to be defined.

Paths

This property lists all the paths that can be access in this enclave for this application. If a path is not defined in this list, then it will return an error code even though your application supports it. For each path, you must define the following -

1. Path (path) - The path that will be accessed.
2. Access (access) - The role name which can access this path. A comma separated list is acceptable for multiple roles.
3. Short Description (short_description) - A short description for the path.

note

At least 1 path needs to be defined.

Build Args

This is a list of arguments required for docker build. Every argument must have the following -

1. Name (name) - Name of the argument.
2. Type (type) - Type of the argument based on json-schema type e.g.: integer, string, number.

Traffic

It represents the traffic that will be allowed for the application. This property has two attributes -

1. Inbound - Representing the list of allowed inbound traffic. Each element should have the following defined -

   • Name (name) - Name for the inbound traffic.
   • Type (type) - Type of traffic expected. For eg - tcp.
   • Port (port) - Port to be opened to accept this traffic.

note

Atleast 1 inbound traffic should be defined for the application.

2. Outbound - List of traffic going out of the application. Each element must have -

   • Name (name) - Name for the outbound traffic.
   • Domain (domain) - Domain of the URL that needs to be connected to.
   • Port (port) - The port the connection will be made from. For example, 443 for https connections.
   • Type (type) - Type of connection that will be made. For eg - tcp.

Meta

This property defines some meta information about the service. It has the following attributes -

1. Author (author) - Name of the author for service.
2. Author Email (author_email) - Email of the author.
3. Git (git) - The git URL for the code.
4. Version (version) - Version of the service.