helmsdeep/config/capi-pcidss-v2/sys.config

[
    {kernel, [
        {logger_level, info},
        {logger, [
            {handler, default, logger_std_h, #{
                level => debug,
                config => #{
                    type => standard_io,
                    sync_mode_qlen => 2000,
                    drop_mode_qlen => 2000,
                    flush_qlen => 3000
                },
                filters => [{access_log, {fun logger_filters:domain/2, {stop, equal, [cowboy_access_log]}}}],
                formatter => {logger_logstash_formatter, #{
                    message_redaction_regex_list => [
                        %% PAN
                        "(?<=\\W[2-6][0-9]{5})[0-9]{1,11}(?=[0-9]{2}\\W)",
                        %% Expiration date
                        "(?<=\\W)[0-9]{1,2}[\\s.,-/]([0-9]{2}|2[0-9]{3})(?=\\W)",
                        %% CVV / CVV2 / CSC
                        "(?<=\\W)[0-9]{3,4}(?=\\W)"
                    ]
                }}
            }},
            {handler, access_logger, logger_std_h, #{
                level => info,
                config => #{
                    type => standard_io,
                    sync_mode_qlen => 2000,
                    drop_mode_qlen => 2000,
                    flush_qlen => 3000
                },
                filters => [{access_log, {fun logger_filters:domain/2, {stop, not_equal, [cowboy_access_log]}}}],
                formatter => {logger_logstash_formatter, #{
                    message_redaction_regex_list => [
                        %% PAN
                        "(?<=\\W[2-6][0-9]{5})[0-9]{1,11}(?=[0-9]{2}\\W)",
                        %% Expiration date
                        "(?<=\\W)[0-9]{1,2}[\\s.,-/]([0-9]{2}|2[0-9]{3})(?=\\W)",
                        %% CVV / CVV2 / CSC
                        "(?<=\\W)[0-9]{3,4}(?=\\W)"
                    ]
                }}
            }}
        ]}
    ]},

    {scoper, [
        {storage, scoper_storage_logger}
    ]},

    {capi_pcidss, [
        {ip                  , "::"                     },
        {port                , 8080                     },
        {service_type        , real                     },
        {access_conf, #{
            jwt => #{
                signee => capi,
                keyset => #{
                    keycloak => #{
                        source => {pem_file, "/var/lib/capi/keys/keycloak/keycloak.pubkey.pem"},
                        metadata => #{
                            auth_method => user_session_token,
                            user_realm => <<"external">>
                        }
                    },
                    capi => #{
                        source => {pem_file, "/var/lib/capi/keys/capi.privkey.pem"},
                        metadata => #{}
                    }
                }
            },
            access => #{
                service_name => <<"common-api">>,
                resource_hierarchy => #{
                    payment_resources   => #{}
                }
            }
        }},
        {bouncer_ruleset_id, <<"service/authz/api">>},
        {oops_bodies, #{
            500 => "/var/lib/capi/oops-bodies/oopsBody1",
            501 => "/var/lib/capi/oops-bodies/oopsBody1",
            502 => "/var/lib/capi/oops-bodies/oopsBody1",
            503 => "/var/lib/capi/oops-bodies/oopsBody2",
            504 => "/var/lib/capi/oops-bodies/oopsBody2"
        }},
        {swagger_handler_opts, #{
            validation_opts => #{
                schema => #{
                    response => mild
                }
            }
        }},
        {health_check, #{
            disk    => {erl_health, disk     , ["/", 99]},
            memory  => {erl_health, cg_memory, [70]},
            service => {erl_health, service  , [<<"capi-pcidss-v2">>]}
        }},
        {max_request_deadline, 60000}, % milliseconds
        {lechiffre_opts, #{
            encryption_source => {json, {file, <<"/var/lib/capi/keys/token_encryption_key1.jwk">>}}
        }},
        {validation, #{
            %% By default now = current datetime.
            now => { {2020, 2, 1}, {0, 0, 0} }
        }},
        {payment_tool_token_lifetime, <<"600s">>},
        {auth_config, #{
            metadata_mappings => #{
                % Keep those synchronized with token-keeper config!
                party_id => <<"com.rbkmoney.party.id">>,
                token_consumer => <<"com.rbkmoney.token.consumer">>,
                user_id => <<"com.rbkmoney.user.id">>,
                user_email => <<"com.rbkmoney.user.email">>
            }
        }}
    ]},

    {capi_woody_client, [
        {services, #{
            cds_storage => #{
                url => "http://cds:8022/v2/storage",
                transport_opts => #{
                    pool => cds_storage,
                    timeout => 1000,
                    max_connections => 1
                }
            },
            tds_storage => #{
                url => "http://cds:8022/v1/token_storage",
                transport_opts => #{
                    pool => tds_storage,
                    timeout => 1000
                }
            },
            binbase => #{
                url => "http://binbase:8022/v1/binbase",
                transport_opts => #{
                    pool =>  binbase,
                    timeout => 1000,
                    max_connections => 1
                }
            },
            bender => #{
                url => "http://bender:8022/v1/bender",
                transport_opts => #{
                    pool => bender,
                    timeout => 1000,
                    max_connections => 1
                }
            }
            }}
    ]},

    {bouncer_client, [
        {service_clients, #{
            bouncer => #{
                url => <<"http://bouncer:8022/v1/arbiter">>,
                retries => #{
                    'Judge' => {linear, 3, 500},
                    '_' => finish
                }
            },
            org_management => #{
                url => <<"http://bouncer:8022/v1/org_management_stub">>,
                retries => #{
                    'GetUserContext' => {linear, 3, 500},
                    '_' => finish
                }
            }
        }}
    ]},

    {dmt_client, [
        {cache_update_interval, 5000}, % milliseconds
        {cache_server_call_timeout, 30000}, % milliseconds
        {max_cache_size, #{
            elements => 1,
            memory => 10485760 % 10Mb
        }},
        {woody_event_handlers, [
            {scoper_woody_event_handler, #{
                event_handler_opts => #{
                    formatter_opts => #{
                        max_length => 1000,
                        max_printable_string_length => 80
                    }
                }
            }}
        ]},
        {service_urls, #{
            'Repository'       => <<"http://dominant:8022/v1/domain/repository"       >>,
            'RepositoryClient' => <<"http://dominant:8022/v1/domain/repository_client">>
        }}
    ]},

    {token_keeper_client, [
        {service_client, #{
            url => <<"http://token-keeper:8022/v1/token-keeper">>,
            retries => #{
                'GetByToken' => {linear, 3, 500},
                '_' => finish
            }
        }}
    ]},

    {how_are_you, [
        {metrics_publishers, []}
    ]},

    {os_mon, [
        {disksup_posix_only, true}
    ]},

    {prometheus, [
        {collectors, [default]}
    ]}
].