opensource/supermq
1
0
Fork 0
mirror of https://github.com/absmach/supermq.git synced 2026-06-23 07:20:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
362a4fc76d3f68052effbfdb34e3a7bcc5c55729
supermq/docker/supermq-docker-compose.override.yaml
T
Steve Munene 362a4fc76d MG-370 - Add fine grained access control to rules engine (#402) 
* update go mod file

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix rules endpoint tests

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix yaml file

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix build

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* address comments

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* remove roles from alarms

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* change approach for schema combaine

Signed-off-by: Arvindh <arvindh91@gmail.com>

* change approach for schema combaine

Signed-off-by: Arvindh <arvindh91@gmail.com>

* fix permissions for rules

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix authorization file

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix linter

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix linter

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

---------

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: Arvindh <arvindh91@gmail.com>
Co-authored-by: Arvindh <arvindh91@gmail.com>
2026-03-05 11:42:51 +01:00

228 lines
6.7 KiB
YAML
Raw Blame History

# Copyright (c) Abstract Machines
# SPDX-License-Identifier: Apache-2.0
services:
spicedb:
networks: !override
- magistrala-base-net
volumes:
- ../spicedb/combined-schema.zed:${SMQ_SPICEDB_SCHEMA_FILE}
spicedb-migrate:
networks: !override
- magistrala-base-net
spicedb-db:
networks: !override
- magistrala-base-net
auth-db:
networks: !override
- magistrala-base-net
volumes:
- ../spicedb/combined-schema.zed:${SMQ_SPICEDB_SCHEMA_FILE}
auth-redis:
networks: !override
- magistrala-base-net
auth:
networks: !override
- magistrala-base-net
volumes:
- ../spicedb/combined-schema.zed:${SMQ_SPICEDB_SCHEMA_FILE}
domains-db:
networks: !override
- magistrala-base-net
domains-redis:
networks: !override
- magistrala-base-net
domains:
networks: !override
- magistrala-base-net
volumes:
- ../spicedb/combined-schema.zed:${SMQ_SPICEDB_SCHEMA_FILE}
clients-db:
networks: !override
- magistrala-base-net
clients-redis:
networks: !override
- magistrala-base-net
clients:
networks: !override
- magistrala-base-net
volumes:
- ../spicedb/combined-schema.zed:${SMQ_SPICEDB_SCHEMA_FILE}
channels-redis:
networks: !override
- magistrala-base-net
channels-db:
networks: !override
- magistrala-base-net
channels:
networks: !override
- magistrala-base-net
volumes:
- ../spicedb/combined-schema.zed:${SMQ_SPICEDB_SCHEMA_FILE}
users-db:
networks: !override
- magistrala-base-net
users:
networks: !override
- magistrala-base-net
groups-db:
networks: !override
- magistrala-base-net
groups:
networks: !override
- magistrala-base-net
volumes:
- ../spicedb/combined-schema.zed:${SMQ_SPICEDB_SCHEMA_FILE}
jaeger:
networks: !override
- magistrala-base-net
mqtt-adapter:
networks: !override
- magistrala-base-net
http-adapter:
networks: !override
- magistrala-base-net
coap-adapter:
networks: !override
- magistrala-base-net
rabbitmq:
networks: !override
- magistrala-base-net
nats:
networks: !override
- magistrala-base-net
journal-db:
networks: !override
- magistrala-base-net
journal:
networks: !override
- magistrala-base-net
notifications:
networks: !override
- magistrala-base-net
openbao:
volumes:
- ./addons/certs/openbao-entrypoint.sh:/entrypoint.sh
networks: !override
- magistrala-base-net
certs-db:
networks: !override
- magistrala-base-net
certs:
environment:
AM_CERTS_LOG_LEVEL: ${AM_CERTS_LOG_LEVEL}
AM_CERTS_HTTP_HOST: ${AM_CERTS_HTTP_HOST}
AM_CERTS_HTTP_PORT: ${AM_CERTS_HTTP_PORT}
AM_CERTS_GRPC_HOST: ${AM_CERTS_GRPC_HOST}
AM_CERTS_GRPC_PORT: ${AM_CERTS_GRPC_PORT}
AM_CERTS_RELEASE_TAG: ${AM_CERTS_RELEASE_TAG}
AM_CERTS_SECRET: ${AM_CERTS_SECRET}
AM_CERTS_DB_HOST: ${AM_CERTS_DB_HOST}
AM_CERTS_DB_PORT: ${AM_CERTS_DB_PORT}
AM_CERTS_DB_USER: ${AM_CERTS_DB_USER}
AM_CERTS_DB_PASS: ${AM_CERTS_DB_PASS}
AM_CERTS_DB: ${AM_CERTS_DB}
AM_CERTS_DB_SSL_MODE: ${AM_CERTS_DB_SSL_MODE}
AM_CERTS_DB_MAX_CONNECTIONS: ${AM_CERTS_DB_MAX_CONNECTIONS}
AM_CERTS_OPENBAO_HOST: ${AM_CERTS_OPENBAO_HOST}
AM_CERTS_OPENBAO_APP_ROLE: ${AM_CERTS_OPENBAO_APP_ROLE}
AM_CERTS_OPENBAO_APP_SECRET: ${AM_CERTS_OPENBAO_APP_SECRET}
AM_CERTS_OPENBAO_NAMESPACE: ${AM_CERTS_OPENBAO_NAMESPACE}
AM_CERTS_OPENBAO_PKI_PATH: ${AM_CERTS_OPENBAO_PKI_PATH}
AM_CERTS_OPENBAO_ROLE: ${AM_CERTS_OPENBAO_ROLE}
AM_CERTS_OPENBAO_SECRET_ID_TTL: ${AM_CERTS_OPENBAO_SECRET_ID_TTL}
AM_CERTS_SERVICE_TOKEN_PATH: ${AM_CERTS_SERVICE_TOKEN_PATH}
AM_CERTS_SECRET_ID_PATH: ${AM_CERTS_SECRET_ID_PATH}
AM_CERTS_SECRET_RENEW_THRESHOLD: ${AM_CERTS_SECRET_RENEW_THRESHOLD}
AM_CERTS_SECRET_CHECK_INTERVAL: ${AM_CERTS_SECRET_CHECK_INTERVAL}
# OpenBao PKI CA configuration
AM_CERTS_OPENBAO_PKI_CA_CN: ${AM_CERTS_OPENBAO_PKI_CA_CN}
AM_CERTS_OPENBAO_PKI_CA_OU: ${AM_CERTS_OPENBAO_PKI_CA_OU}
AM_CERTS_OPENBAO_PKI_CA_O: ${AM_CERTS_OPENBAO_PKI_CA_O}
AM_CERTS_OPENBAO_PKI_CA_C: ${AM_CERTS_OPENBAO_PKI_CA_C}
AM_CERTS_OPENBAO_PKI_CA_L: ${AM_CERTS_OPENBAO_PKI_CA_L}
AM_CERTS_OPENBAO_PKI_CA_ST: ${AM_CERTS_OPENBAO_PKI_CA_ST}
AM_CERTS_OPENBAO_PKI_CA_ADDR: ${AM_CERTS_OPENBAO_PKI_CA_ADDR}
AM_CERTS_OPENBAO_PKI_CA_PO: ${AM_CERTS_OPENBAO_PKI_CA_PO}
AM_CERTS_OPENBAO_PKI_CA_DNS_NAMES: ${AM_CERTS_OPENBAO_PKI_CA_DNS_NAMES}
AM_CERTS_OPENBAO_PKI_CA_IP_ADDRESSES: ${AM_CERTS_OPENBAO_PKI_CA_IP_ADDRESSES}
AM_CERTS_OPENBAO_PKI_CA_URI_SANS: ${AM_CERTS_OPENBAO_PKI_CA_URI_SANS}
AM_CERTS_OPENBAO_PKI_CA_EMAIL_ADDRESSES: ${AM_CERTS_OPENBAO_PKI_CA_EMAIL_ADDRESSES}
AM_CERTS_OPENBAO_UNSEAL_KEY_1: ${AM_CERTS_OPENBAO_UNSEAL_KEY_1}
AM_CERTS_OPENBAO_UNSEAL_KEY_2: ${AM_CERTS_OPENBAO_UNSEAL_KEY_2}
AM_CERTS_OPENBAO_UNSEAL_KEY_3: ${AM_CERTS_OPENBAO_UNSEAL_KEY_3}
AM_CERTS_OPENBAO_ROOT_TOKEN: ${AM_CERTS_OPENBAO_ROOT_TOKEN}
AM_JAEGER_URL: ${AM_JAEGER_URL}
AM_JAEGER_TRACE_RATIO: ${AM_JAEGER_TRACE_RATIO}
AM_AUTH_GRPC_URL: ${AM_AUTH_GRPC_URL}
AM_AUTH_GRPC_TIMEOUT: ${AM_AUTH_GRPC_TIMEOUT}
AM_AUTH_GRPC_CLIENT_CERT: ${AM_AUTH_GRPC_CLIENT_CERT}
AM_AUTH_GRPC_CLIENT_KEY: ${AM_AUTH_GRPC_CLIENT_KEY}
AM_AUTH_GRPC_SERVER_CA_CERTS: ${AM_AUTH_GRPC_SERVER_CA_CERTS}
AM_DOMAINS_GRPC_URL: ${AM_DOMAINS_GRPC_URL}
AM_DOMAINS_GRPC_TIMEOUT: ${AM_DOMAINS_GRPC_TIMEOUT}
AM_DOMAINS_GRPC_CLIENT_CERT: ${AM_DOMAINS_GRPC_CLIENT_CERT}
AM_DOMAINS_GRPC_CLIENT_KEY: ${AM_DOMAINS_GRPC_CLIENT_KEY}
AM_DOMAINS_GRPC_SERVER_CA_CERTS: ${AM_DOMAINS_GRPC_SERVER_CA_CERTS}
networks: !override
- magistrala-base-net
nginx:
container_name: magistrala-nginx
volumes:
- ../../docker/nginx/nginx-${AUTH-key}.conf:/etc/nginx/nginx.conf.template
- ../../docker/nginx/entrypoint.sh:/docker-entrypoint.d/entrypoint.sh
- type: bind
source: ${SMQ_NGINX_SERVER_CERT:-../../docker/ssl/certs/magistrala-server.crt}
target: /etc/ssl/certs/magistrala-server.crt
- type: bind
source: ${SMQ_NGINX_SERVER_KEY:-../../docker/ssl/certs/magistrala-server.key}
target: /etc/ssl/private/magistrala-server.key
- type: bind
source: ${SMQ_NGINX_SERVER_CLIENT_CA:-../../docker/ssl/certs/ca.crt}
target: /etc/ssl/certs/ca.crt
- type: bind
source: ${SMQ_NGINX_SERVER_DHPARAM:-../../docker/ssl/dhparam.pem}
target: /etc/ssl/certs/dhparam.pem
networks: !override
- magistrala-base-net
env_file: !override
- ./.env
- ../../docker/.env
Reference in New Issue View Git Blame Copy Permalink