zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-03 05:27:52 +02:00
Code Issues Projects Releases Packages Wiki Activity
google-nomulus/java/google/registry/config/files/default-config.yaml
larryruili 33ee7de457 Add GenerateSpec11Action and SafeBrowsing evaluation 
This adds actual subdomain verification via the SafeBrowsing API to the Spec11
pipeline, as well as on-the-fly KMS decryption via the GenerateSpec11Action to
securely store our API key in source code.

Testing the interaction becomes difficult due to serialization requirements, and will be significantly expanded in the next cl. For now, it verifies basic end-to-end pipeline behavior.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=208092942
2018-08-10 13:46:48 -04:00

265 lines
11 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# This is the default configuration file for Nomulus. Do not make changes to it
# unless you are writing new features that requires you to. To customize an
# individual deployment or environment, create a nomulus-config.yaml file in the
# WEB-INF/ directory overriding only the values you wish to change. You may need
# to override some of these values to configure and enable some services used in
# production environments.
appEngine:
# Globally unique App Engine project ID
projectId: registry-project-id
# Hostname and port of the tools service for the project.
toolsServiceUrl:
hostName: localhost
port: 443
gSuite:
# Publicly accessible domain name of the running G Suite instance.
domainName: domain-registry.example
# Display name and email address used on outgoing emails through G Suite.
outgoingEmailDisplayName: Example Registry
outgoingEmailAddress: noreply@project-id.appspotmail.com
# Email address of the admin account on the G Suite app. This is used for
# logging in to perform administrative actions, not sending emails.
adminAccountEmailAddress: admin@example.com
registryPolicy:
# Repository identifier (ROID) suffix for contacts and hosts.
contactAndHostRoidSuffix: ROID
# Product name of the registry. Used throughout the registrar console.
productName: Nomulus
# Custom logic factory fully-qualified class name.
# See flows/custom/CustomLogicFactory.java
customLogicFactoryClass: google.registry.flows.custom.CustomLogicFactory
# WHOIS command factory fully-qualified class name.
# See whois/WhoisCommandFactory.java
whoisCommandFactoryClass: google.registry.whois.WhoisCommandFactory
# Custom logic class for handling allocation tokens.
# See flows/domain/token/AllocationTokenCustomLogic.java
allocationTokenCustomLogicClass: google.registry.flows.domain.token.AllocationTokenCustomLogic
# Length of time after which contact transfers automatically conclude.
contactAutomaticTransferDays: 5
# Server ID used in the 'svID' element of an EPP 'greeting'.
greetingServerId: Nomulus Registry
# List of email addresses that notifications of registrar and/or registrar
# contact updates should be sent to, or empty list for no notifications.
registrarChangesNotificationEmailAddresses: []
# Default WHOIS server used when not specified on a registrar.
defaultRegistrarWhoisServer: whois.domain-registry.example
# Mode TMCH should run in (PRODUCTION for production environments, PILOT for
# all others including sandbox).
tmchCaMode: PILOT
# URL for the ICANN TMCH Certificate Revocation List.
tmchCrlUrl: http://crl.icann.org/tmch_pilot.crl
# URL for the MarksDB registry interface.
tmchMarksDbUrl: https://test.ry.marksdb.org
# Registrys operations registrar, used for front-end availability/premium
# domain checks.
checkApiServletClientId: TheRegistrar
# The registry admin's registrar. Admins are granted permission to log in
# using this registrar automatically if they are not associated with any
# registrar
registryAdminClientId: TheRegistrar
# Disclaimer at the top of the exported reserved terms list.
reservedTermsExportDisclaimer: |
This list contains reserved terms for the TLD. Other terms may be reserved
but not included in this list, including terms the registry chooses not
to publish. This list is subject to change. The most up-to-date source
is always the registry itself, by sending domain check EPP commands.
# Disclaimer at the top of WHOIS results.
whoisDisclaimer: |
WHOIS information is provided by the registry solely for query-based,
informational purposes. Any information provided is "as is" without any
guarantee of accuracy. You may not use such information to (a) allow,
enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations; (b) enable high volume, automated,
electronic processes that access the registry's systems or any
ICANN-Accredited Registrar, except as reasonably necessary to register
domain names or modify existing registrations; or (c) engage in or support
unlawful behavior. We reserve the right to restrict or deny your access to
the WHOIS database, and may modify these terms at any time.
datastore:
# Number of commit log buckets in Datastore. Lowering this after initial
# install risks losing up to a days' worth of differential backups.
commitLogBucketsNum: 397
# Number of EPP resource index buckets in Datastore. Dont change after
# initial install.
eppResourceIndexBucketsNum: 997
# Milliseconds that Objectify waits to retry a Datastore transaction (this
# doubles after each failure).
baseOfyRetryMillis: 100
cloudDns:
# The root url for the Cloud DNS API. Set this to a non-null value to
# override the default API server used by the googleapis library.
rootUrl: null
# The service endpoint path for the Cloud DNS API. Set this to a non-null
# value to override the default API path used by the googleapis library.
servicePath: null
caching:
# Length of time that a singleton should be cached before expiring.
singletonCacheRefreshSeconds: 600
# Length of time that a reserved/premium list should be cached before expiring.
domainLabelCachingSeconds: 3600
# Length of time that a long-lived singleton in persist mode should be cached.
singletonCachePersistSeconds: 31557600 # This is one year.
# Maximum total number of static premium list entry entities to cache in
# memory, across all premium lists for all TLDs. Tuning this up will use more
# memory (and might require using larger App Engine instances). Note that
# premium list entries that are absent are cached in addition to ones that are
# present, so the total cache size is not bounded by the total number of
# premium price entries that exist.
staticPremiumListMaxCachedEntries: 200000
# Whether to enable caching of EPP resource entities and keys. Enabling this
# caching allows for much higher domain create/update throughput when hosts
# and/or contacts are being frequently used (which is commonly the case).
# However, this may introduce transactional inconsistencies, such as allowing
# hosts or contacts to be used that are actually deleted (though in practice
# this will only happen for non-widely-used entities). Only set this to true
# if you need the performance, i.e. if you need >10 domain mutations per
# frequently used contact or host. This situation is typically caused by
# registrars reusing the same contact/host across many operations, e.g. a
# privacy/proxy contact or a common host pointing to a registrar-run
# nameserver.
eppResourceCachingEnabled: false
# Length of time that EPP resource entities and keys are cached in memory
# before expiring. This should always be shorter than asyncDeleteDelaySeconds,
# to prevent deleted contacts or hosts from being used on domains.
eppResourceCachingSeconds: 60
# The maximum number of EPP resource entities and keys to cache in memory.
# LoadingCache evicts rarely-used keys first, so in practice this does not
# have to be very large to achieve the vast majority of possible gains.
eppResourceMaxCachedEntries: 500
oAuth:
# OAuth scopes to detect on access tokens. Superset of requiredOauthScopes.
availableOauthScopes:
- https://www.googleapis.com/auth/userinfo.email
# OAuth scopes required for authenticating. Subset of availableOauthScopes.
requiredOauthScopes:
- https://www.googleapis.com/auth/userinfo.email
# OAuth client IDs that are allowed to authenticate and communicate with
# backend services, e. g. nomulus tool, EPP proxy, etc. All client_id values
# used in client_secret.json files for associated tooling should be included
# in this list. Client IDs are typically of the format
# numbers-alphanumerics.apps.googleusercontent.com
allowedOauthClientIds: []
icannReporting:
# URL we PUT monthly ICANN transactions reports to.
icannTransactionsReportingUploadUrl: https://ry-api.icann.org/report/registrar-transactions
# URL we PUT monthly ICANN activity reports to.
icannActivityReportingUploadUrl: https://ry-api.icann.org/report/registry-functions-activity
billing:
invoiceEmailRecipients: []
rde:
# URL prefix of ICANN's server to upload RDE reports to. Nomulus adds /TLD/ID
# to the end of this to construct the full URL.
reportUrlPrefix: https://test-ry-api.icann.org:8543/report/registry-escrow-report
# SFTP URL to which RDE deposits are uploaded. This should contain a username
# but not the password.
uploadUrl: sftp://username@rde-provider.example
# Identity of the SSH keys (stored in the Keyring) used for RDE SFTP uploads.
sshIdentityEmailAddress: rde@example.com
registrarConsole:
# Filename of the logo to use in the header of the console. This filename is
# relative to ui/assets/images/
logoFilename: logo.png
# Contact phone number for support with the registry.
supportPhoneNumber: +1 (888) 555 0123
# Contact email address for support with the registry.
supportEmailAddress: support@example.com
# From: email address used to send announcements from the registry.
announcementsEmailAddress: announcements@example.com
# Contact email address for questions about integrating with the registry.
integrationEmailAddress: integration@example.com
# URL linking to directory of technical support docs on the registry.
technicalDocsUrl: http://example.com/your_support_docs/
monitoring:
# Max queries per second for the Google Cloud Monitoring V3 (aka Stackdriver)
# API. The limit can be adjusted by contacting Cloud Support.
stackdriverMaxQps: 30
# Max number of points that can be sent to Stackdriver in a single
# TimeSeries.Create API call.
stackdriverMaxPointsPerRequest: 200
# How often metrics are exported to BigQuery.
writeIntervalSeconds: 60
misc:
# The ID of the Google Sheet (as found in the URL) to export registrar details
# to. Leave this null to disable syncing.
sheetExportId: null
# Address we send alert summary emails to.
alertRecipientEmailAddress: email@example.com
# Domain for the email address we send alert summary emails from.
alertEmailSenderDomain: appspotmail.com
# How long to delay processing of asynchronous deletions. This should always
# be longer than eppResourceCachingSeconds, to prevent deleted contacts or
# hosts from being used on domains.
asyncDeleteDelaySeconds: 90
beam:
# The default zone to run Apache Beam (Cloud Dataflow) jobs in.
defaultJobZone: us-east1-c
kms:
# GCP project containing the KMS keyring. Should only be used for KMS in
# order to keep a simple locked down IAM configuration.
projectId: registry-kms-project-id
# The name to use for the Cloud KMS KeyRing which will store encryption keys
# for Nomulus secrets.
keyringName: nomulus
# Configuration options relevant to the "nomulus" registry tool.
registryTool:
# Name of the client secret file used for authenticating with App Engine.
clientSecretFilename: /google/registry/tools/resources/client_secret.json
Reference in a new issue View git blame Copy permalink