Pyron Authorizer configuration reference

This article contains a reference for Pyron Authorizer configuration and instructions how you can apply your settings to the authorizer.

Configuring Pyron Authorizer

ACP’s Pyron Authorizer configuration is handled by setting environment variables. The variables and their values can be provided in two ways:

  • In the docker-compose.yml file, for example:

    pyron-authorizer:
     container_name: pyron-authorizer
     image: docker.cloudentity.io/pyron-authorizer:2.0.0-2
     env_file: .authorizer_env
     environment:
       - CONFIG_REFRESH_INTERVAL=5s # for demo purposes only, increase for production!
    

    You can see that the CONFIG_REFRESH_INTERVAL variable is set under the environment object.

  • In a separate file that stores all of the environment variables for your authorizer’s deployment. See example for an .authorizer_env file below:

    PYRON_ACPISSUERURL={YOUR_ISSUER_URL}
    PYRON_ACPCLIENTID={YOUR_CLIENT_ID}
    PYRON_ACPCLIENTSECRET={YOUR_CLIENT_SECRET}
    

    After you create your file with the variables, you need to point your authorizer’s deployment to your file path in the docker-compose.yml file. See example below:

    pyron-authorizer:
     container_name: pyron-authorizer
     image: docker.cloudentity.io/pyron-authorizer:2.0.0-2
     env_file: .authorizer_env
    

    You can see that the env_file object is pointing to your .authorizer_env file with the variables.

    .authorizer_env

    The Pyron Gateway package that you download to set up your APIs and the authorizer already contains the .authorizer_env file. You can edit it or provide a different file with the variables. As the name of the file starts with the dot, the file is hidden by default. If you were, for example, to execute the ls command, the file would not be listed. You need to use the ls -a to be able to list the .authorizer_env file. On macOS, you can also press SHIFT + CMD + . while browsing in Finder to show hidden files.

Required configuration

Setting Type Default Description
PYRON_ACPISSUERURL string Defaults to the issuer URL for the workspace in which the authorizer is created Your authorizer issuer URL
PYRON_ACPCLIENTID string Defaults to the client identifier of a client application that is created for your authorizer in the System workspace Client identifier of your authorizer’s client application that is used for the purpose of authenticating your requests
PYRON_ACPCLIENTSECRET string Defaults to the client secret of a client application that is created for your authorizer in the System workspace Client secret of your authorizer’s client application that is used for the purpose of authenticating your requests
CONFIG_REFRESH_INTERVAL time.Duration 5s Represents the frequency of retrieving policies from ACP by the authorizer. Increase the interval for production environments.

Optional configuration

Server configuration

Setting Type Default Description
SERVER_SERVER string http://localhost:8442 URL of your authorizer
SERVER_PORT int 8442 Port for your authorizer
SERVER_DANGEROUSDISABLETLS bool true Disables mTLS for the Pyron Authorizer server.

Client configuration

Setting Type Default Description
CLIENT_INSECURESKIPVERIFY bool - Disables certificate verification for the client application.
CLIENT_ROOTCA string - Path to the root certificate of your client application

Other settings

Setting Type Default Description
PYRON_DISABLEANALYTICS bool false If true, turns off the analytics for the Pyron Authorizer in ACP’s Admin Panel Analytics.
PYRON_DONOTFAILONMATCHINGREQUESTS bool false If set to false, the authorizer blocks every API request that does not match the provided criteria.
PYRON_CACHETTL time.Duration 10*time.Second Server authorization engine instance time-to-live in the multi-tenant mode.
PYRON_CACHEMAXSIZE int 100 Maximum number or server authorization engine instances in the multi-tenant mode.