ac24ca766a
CI / Check (push) Has been skipped
CI / Detect Changes (push) Successful in 4s
CI / Deploy Dashboard (push) Has been cancelled
CI / Deploy Docs (push) Has been cancelled
CI / Deploy MCP (push) Has been cancelled
CI / Deploy Agent (push) Has been cancelled
GET /api/admin/tenants lists tenant DBs; DELETE /api/admin/tenants/{tenant_id} drops them (GDPR). Behind a separate auth path that rejects customer realm tokens.
59 lines
2.2 KiB
Rust
59 lines
2.2 KiB
Rust
use secrecy::SecretString;
|
|
use serde::{Deserialize, Serialize};
|
|
|
|
#[derive(Clone, Debug)]
|
|
pub struct AgentConfig {
|
|
pub mongodb_uri: String,
|
|
pub mongodb_database: String,
|
|
pub litellm_url: String,
|
|
pub litellm_api_key: SecretString,
|
|
pub litellm_model: String,
|
|
pub litellm_embed_model: String,
|
|
pub github_token: Option<SecretString>,
|
|
pub github_webhook_secret: Option<SecretString>,
|
|
pub gitlab_url: Option<String>,
|
|
pub gitlab_token: Option<SecretString>,
|
|
pub gitlab_webhook_secret: Option<SecretString>,
|
|
pub jira_url: Option<String>,
|
|
pub jira_email: Option<String>,
|
|
pub jira_api_token: Option<SecretString>,
|
|
pub jira_project_key: Option<String>,
|
|
pub searxng_url: Option<String>,
|
|
pub nvd_api_key: Option<SecretString>,
|
|
pub agent_port: u16,
|
|
pub scan_schedule: String,
|
|
pub cve_monitor_schedule: String,
|
|
pub git_clone_base_path: String,
|
|
pub ssh_key_path: String,
|
|
pub keycloak_url: Option<String>,
|
|
pub keycloak_realm: Option<String>,
|
|
pub keycloak_admin_username: Option<String>,
|
|
pub keycloak_admin_password: Option<SecretString>,
|
|
// Pentest defaults
|
|
pub pentest_verification_email: Option<String>,
|
|
pub pentest_imap_host: Option<String>,
|
|
pub pentest_imap_port: Option<u16>,
|
|
/// Use implicit TLS (IMAPS, port 993) instead of plain IMAP.
|
|
pub pentest_imap_tls: bool,
|
|
pub pentest_imap_username: Option<String>,
|
|
pub pentest_imap_password: Option<SecretString>,
|
|
/// Static bearer for the cross-tenant admin endpoints under
|
|
/// `/api/v1/admin/*`. When `None`, those endpoints are not
|
|
/// mounted at all (defense-in-depth: ops endpoints never reach
|
|
/// any auth path if no operator has explicitly opted in).
|
|
pub admin_api_token: Option<SecretString>,
|
|
/// Live tenant-registry URL the scheduler consults for the list
|
|
/// of tenants to iterate. When `None` or unreachable, scheduler
|
|
/// falls back to `SCHEDULER_TENANT_IDS` env (M7.2-C).
|
|
pub tenant_registry_url: Option<String>,
|
|
}
|
|
|
|
#[derive(Clone, Debug, Serialize, Deserialize)]
|
|
pub struct DashboardConfig {
|
|
pub mongodb_uri: String,
|
|
pub mongodb_database: String,
|
|
pub agent_api_url: String,
|
|
pub dashboard_port: u16,
|
|
pub mcp_endpoint_url: Option<String>,
|
|
}
|