@restorecommerce/acs-client/cfg/config.json

Access Control Service Client

{
  "logger": {
    "console": {
      "handleExceptions": false,
      "level": "silly",
      "colorize": true,
      "prettyPrint": true
    },
    "fieldOptions": {
      "bufferFields": [
        {
          "fieldPath": "request.target.context.subject"
        },
        {
          "fieldPath": "request.target.context.resources"
        }
      ]
    }
  },
  "redis": {
    "host": "localhost",
    "port": 6379,
    "offsetStoreInterval": 1000,
    "db-indexes": {
      "db-offsetStore": 0,
      "db-subject": 1,
      "db-access-token": 2
    }
  },
  "events": {
    "kafka": {
      "provider": "kafka",
      "groupId": "acs-client",
      "kafka": {
        "clientId": "acs-client-id",
        "brokers": [
          "localhost:29092"
        ]
      },
      "policy_setCreated": {
        "messageObject": "io.restorecommerce.policy_set.PolicySet"
      },
      "policy_setModified": {
        "messageObject": "io.restorecommerce.policy_set.PolicySet"
      },
      "policy_setDeleted": {
        "messageObject": "io.restorecommerce.policy_set.PolicySet"
      },
      "policyCreated": {
        "messageObject": "io.restorecommerce.policy.Policy"
      },
      "policyModified": {
        "messageObject": "io.restorecommerce.policy.Policy"
      },
      "policyDeleted": {
        "messageObject": "io.restorecommerce.policy.Policy"
      },
      "ruleCreated": {
        "messageObject": "io.restorecommerce.rule.Rule"
      },
      "ruleModified": {
        "messageObject": "io.restorecommerce.rule.Rule"
      },
      "ruleDeleted": {
        "messageObject": "io.restorecommerce.rule.Rule"
      },
      "evictACSCache": {
        "policy.resource": {
          "topic": "io.restorecommerce.policies.resource",
          "events": [
            "policyCreated",
            "policyModified",
            "policyDeleted"
          ]
        },
        "rule.resource": {
          "topic": "io.restorecommerce.rules.resource",
          "events": [
            "ruleCreated",
            "ruleModified",
            "ruleDeleted"
          ]
        },
        "policy_set.resource": {
          "topic": "io.restorecommerce.policy_sets.resource",
          "events": [
            "policy_setCreated",
            "policy_setModified",
            "policy_setDeleted"
          ]
        }
      }
    }
  },
  "client": {
    "acs-srv": {
      "address": "localhost:50061"
    },
    "user": {
      "address": "localhost:50051"
    },
    "graph-srv": {
      "address": "localhost:50053"
    }
  },
  "authorization": {
    "service": "acs-srv",
    "enabled": true,
    "enforce": true,
    "urns": {
      "entity": "urn:restorecommerce:acs:names:model:entity",
      "user": "urn:test:acs:model:user.User",
      "model": "urn:test:acs:model",
      "role": "urn:restorecommerce:acs:names:role",
      "roleScopingEntity": "urn:restorecommerce:acs:names:roleScopingEntity",
      "roleScopingInstance": "urn:restorecommerce:acs:names:roleScopingInstance",
      "hierarchicalRoleScoping": "urn:restorecommerce:acs:names:hierarchicalRoleScoping",
      "unauthenticated_user": "urn:restorecommerce:acs:names:unauthenticated-user",
      "property": "urn:restorecommerce:acs:names:model:property",
      "ownerIndicatoryEntity": "urn:restorecommerce:acs:names:ownerIndicatoryEntity",
      "ownerInstance": "urn:restorecommerce:acs:names:ownerInstance",
      "orgScope": "urn:test:acs:model:organization.Organization",
      "subjectID": "urn:oasis:names:tc:xacml:1.0:subject:subject-id",
      "resourceID": "urn:oasis:names:tc:xacml:1.0:resource:resource-id",
      "actionID": "urn:oasis:names:tc:xacml:1.0:action:action-id",
      "action": "urn:restorecommerce:acs:names:action",
      "operation": "urn:restorecommerce:acs:names:operation",
      "execute": "urn:restorecommerce:acs:names:action:execute",
      "permitOverrides": "urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides",
      "denyOverrides": "urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides",
      "create": "urn:restorecommerce:acs:names:action:create",
      "read": "urn:restorecommerce:acs:names:action:read",
      "modify": "urn:restorecommerce:acs:names:action:modify",
      "delete": "urn:restorecommerce:acs:names:action:delete",
      "organization": "urn:test:acs:model:organization.Organization",
      "aclIndicatoryEntity": "urn:restorecommerce:acs:names:aclIndicatoryEntity",
      "aclInstance": "urn:restorecommerce:acs:names:aclInstance",
      "skipACL": "urn:restorecommerce:acs:names:skipACL",
      "maskedProperty": "urn:restorecommerce:acs:names:obligation:maskedProperty"
    },
    "filterParamKey": [
      {
        "scopingEntity": "urn:test:acs:model:organization.Organization",
        "value": "orgKey"
      },
      {
        "scopingEntity": "urn:test:acs:model:user.User",
        "value": "userKey"
      }
    ],
    "hierarchicalResources": [
      {
        "collection": "organizations",
        "edge": "org_has_parent_org"
      }
    ],
    "cache": {
      "host": "localhost",
      "port": 6379,
      "db-index": 5,
      "ttl": 3600,
      "prefix": "acs:"
    },
    "unauthenticated_user": {
      "id": "",
      "token": ""
    }
  },
  "errors": {
    "INVALID_CREDENTIALS": {
      "code": "001",
      "message": "Invalid credentials"
    },
    "USER_NOT_LOGGED_IN": {
      "code": "002",
      "message": "User not logged in, please login first!"
    },
    "ACTION_NOT_ALLOWED": {
      "code": "403",
      "message": "Action not allowed on this resource"
    }
  }
}