Common configuration

This section describes a few topics that are common to various areas of Drogue Cloud.

Defining durations

Durations are defined using the "humantime" syntax. For example:

durationOneSecond: 1s (1)
durationOneMinute: 1m (2)
durationOneHourAndTwoMinutes: 1hour 30min (3)

1	Timeout of one second
2	Timeout of one minute
3	Duration of 1.5 hours

Also see: https://docs.rs/humantime/latest/humantime/fn.parse_duration.html

Defining external endpoints

Some components of Drogue Cloud allow you to configure an external endpoint, to which Drogue Cloud will reach out to, when necessary. This can be configured using the structure ExternalEndpoint. This is normally embedded in some other structure. The following examples will assume that there is a field named endpoint, which should define the external endpoint.

The role of the endpoint is specific to the actual location of the configuration. This section simply describes the common configuration options.

The most simple configuration is:

endpoint:
  url: https://my-external/endpoint

HTTP method override

By default, the functionality using an external endpoint will use a reasonable HTTP method for making the request.

However, you can override the method using the following field:

endpoint:
  url: https://my-external/endpoint
  method: GET (1)

1	Must be a valid HTTP method, using uppercase only.

Authentication

If the remote endpoint requires authentication, you can configure HTTP "basic auth" like this:

endpoint:
  url: https://my-external/endpoint
  auth:
    basic:
      username: my-username
      password: my-password

Or a "bearer token" using:

endpoint:
  url: https://my-external/endpoint
  auth:
    bearer:
      token: my-token

Additional HTTP headers

It is also possible to add additional HTTP header like so:

endpoint:
  url: https://my-external/endpoint
  headers:
    - my-foo-header: my-foo-value

Timeout

By default, the functionality using an external endpoint will use a reasonable default timeout for making the request.

However, you can override the timeout using the following field:

endpoint:
  url: https://my-external/endpoint
  timeout: 1s (1)

1	Timeout duration in a format described in Defining durations

TLS

By default, system default TLS settings will be used. TLS validation is enabled. However, you can override and tweak the TLS settings using the following fields:

These settings don’t "enable" TLS. This is done by selecting a protocol using TLS using the url, like https://.

endpoint:
  url: https://my-external/endpoint
  tls:
    insecure: true (1)
    certificate: | (2)
      -----BEGIN CERTIFICATE-----
      MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
      MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
      DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
      TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
      cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
      AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
      ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
      wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
      LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
      4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
      bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
      sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
      Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
      FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
      SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
      PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
      TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
      SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
      c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
      +tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
      ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
      b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
      U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
      MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
      5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
      9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
      WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
      he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
      Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
      -----END CERTIFICATE-----

1	Disable TLS validation. This is insecure and should be used with caution!
2	Explicit trust anchor, overriding all system trust anchors.