{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://github.com/hasura/ndc-storage/connector/types/configuration",
"$ref": "#/$defs/Configuration",
"$defs": {
"ClientConfig": {
"oneOf": [
{
"properties": {
"type": {
"type": "string",
"enum": [
"s3"
],
"description": "Cloud provider type of the storage client"
},
"id": {
"type": "string",
"description": "The unique identity of a client. Use this setting if there are many configured clients"
},
"defaultBucket": {
"$ref": "#/$defs/EnvString",
"description": "Default bucket name to be set if the user doesn't specify any bucket"
},
"endpoint": {
"$ref": "#/$defs/EnvString",
"description": "Endpoint of the storage server. Required for other S3 compatible services such as MinIO, Cloudflare R2, DigitalOcean Spaces, etc..."
},
"maxRetries": {
"type": "integer",
"minimum": 1,
"description": "Maximum number of retry times",
"default": 10
},
"defaultPresignedExpiry": {
"type": "string",
"pattern": "^((([0-9]+h)?([0-9]+m)?([0-9]+s))|(([0-9]+h)?([0-9]+m))|([0-9]+h))$",
"description": "Default bucket name to be set if the user doesn't specify any bucket",
"default": "24h"
},
"allowedBuckets": {
"items": {
"type": "string"
},
"type": "array",
"description": "Allowed buckets. This setting prevents users to get buckets and objects outside the list. However, it's recommended to restrict the permissions for the IAM credentials"
},
"region": {
"oneOf": [
{
"type": "null"
},
{
"$ref": "#/$defs/EnvString"
}
],
"description": "Optional region"
},
"publicHost": {
"$ref": "#/$defs/EnvString",
"description": "The public host to be used for presigned URL generation"
},
"authentication": {
"oneOf": [
{
"properties": {
"type": {
"type": "string",
"enum": [
"static"
]
},
"accessKeyId": {
"$ref": "#/$defs/EnvString"
},
"secretAccessKey": {
"$ref": "#/$defs/EnvString"
},
"sessionToken": {
"$ref": "#/$defs/EnvString"
}
},
"type": "object",
"required": [
"type",
"accessKeyId",
"secretAccessKey"
]
},
{
"properties": {
"type": {
"type": "string",
"enum": [
"iam"
]
},
"iamAuthEndpoint": {
"$ref": "#/$defs/EnvString"
}
},
"type": "object",
"required": [
"type"
]
}
]
},
"trailingHeaders": {
"type": "boolean",
"description": "TrailingHeaders indicates server support of trailing headers. Only supported for v4 signatures"
},
"http": {
"$ref": "#/$defs/HTTPTransportTLSConfig"
}
},
"type": "object",
"required": [
"type",
"defaultBucket",
"authentication"
]
},
{
"properties": {
"type": {
"type": "string",
"enum": [
"azblob"
],
"description": "Cloud provider type of the storage client"
},
"id": {
"type": "string",
"description": "The unique identity of a client. Use this setting if there are many configured clients"
},
"defaultBucket": {
"$ref": "#/$defs/EnvString",
"description": "Default bucket name to be set if the user doesn't specify any bucket"
},
"endpoint": {
"$ref": "#/$defs/EnvString",
"description": "Endpoint of the storage server. Required for other S3 compatible services such as MinIO, Cloudflare R2, DigitalOcean Spaces, etc..."
},
"maxRetries": {
"type": "integer",
"minimum": 1,
"description": "Maximum number of retry times",
"default": 10
},
"defaultPresignedExpiry": {
"type": "string",
"pattern": "^((([0-9]+h)?([0-9]+m)?([0-9]+s))|(([0-9]+h)?([0-9]+m))|([0-9]+h))$",
"description": "Default bucket name to be set if the user doesn't specify any bucket",
"default": "24h"
},
"allowedBuckets": {
"items": {
"type": "string"
},
"type": "array",
"description": "Allowed buckets. This setting prevents users to get buckets and objects outside the list. However, it's recommended to restrict the permissions for the IAM credentials"
},
"authentication": {
"oneOf": [
{
"properties": {
"type": {
"type": "string",
"enum": [
"sharedKey"
],
"description": "Authorize with an immutable SharedKeyCredential containing the storage account's name and either its primary or secondary key"
},
"accountName": {
"$ref": "#/$defs/EnvString",
"description": "Account Name"
},
"accountKey": {
"$ref": "#/$defs/EnvString",
"description": "Account Key"
}
},
"type": "object",
"required": [
"type",
"accountName",
"accountKey"
]
},
{
"properties": {
"type": {
"type": "string",
"enum": [
"connectionString"
],
"description": "Authorize with a connection string for the desired storage account"
},
"connectionString": {
"$ref": "#/$defs/EnvString",
"description": "The connection string"
}
},
"type": "object",
"required": [
"type",
"connectionString"
]
},
{
"properties": {
"type": {
"type": "string",
"enum": [
"anonymous"
]
}
},
"type": "object",
"required": [
"type"
]
},
{
"properties": {
"type": {
"type": "string",
"enum": [
"entra"
]
},
"tenantId": {
"$ref": "#/$defs/EnvString",
"description": "ID of the service principal's tenant. Also called its `directory` ID"
},
"clientId": {
"$ref": "#/$defs/EnvString",
"description": "The service principal's client ID"
},
"clientSecret": {
"$ref": "#/$defs/EnvString",
"description": "One of the service principal's client secrets"
},
"username": {
"$ref": "#/$defs/EnvString",
"description": "The username (usually an email address)"
},
"password": {
"$ref": "#/$defs/EnvString",
"description": "The user's password"
},
"clientCertificate": {
"$ref": "#/$defs/EnvString",
"description": "Inline PEM or PKCS12 certificate of the private key in base64 format"
},
"clientCertificatePath": {
"$ref": "#/$defs/EnvString",
"description": "Path to a PEM or PKCS12 certificate file including the private key"
},
"clientCertificatePassword": {
"$ref": "#/$defs/EnvString",
"description": "Optional password for the certificate"
},
"sendCertificateChain": {
"type": "boolean",
"description": "Controls whether the credential sends the public certificate chain in the x5c header of each token request's JWT"
},
"tokenFilePath": {
"$ref": "#/$defs/EnvString",
"description": "the path of a file containing a Kubernetes service account token"
},
"audience": {
"$ref": "#/$defs/EnvString",
"description": "Audience to use when requesting tokens for Azure Active Directory authentication"
},
"disableInstanceDiscovery": {
"type": "boolean"
},
"additionallyAllowedTenants": {
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object",
"required": [
"type",
"tenantId"
],
"dependentRequired": {
"clientSecret": [
"clientId"
],
"password": [
"username"
],
"username": [
"password"
]
}
}
]
},
"http": {
"$ref": "#/$defs/HTTPTransportTLSConfig"
}
},
"type": "object",
"required": [
"type",
"defaultBucket",
"authentication"
]
},
{
"properties": {
"type": {
"type": "string",
"enum": [
"gcs"
],
"description": "Cloud provider type of the storage client"
},
"id": {
"type": "string",
"description": "The unique identity of a client. Use this setting if there are many configured clients"
},
"defaultBucket": {
"$ref": "#/$defs/EnvString",
"description": "Default bucket name to be set if the user doesn't specify any bucket"
},
"endpoint": {
"$ref": "#/$defs/EnvString",
"description": "Endpoint of the storage server. Required for other S3 compatible services such as MinIO, Cloudflare R2, DigitalOcean Spaces, etc..."
},
"maxRetries": {
"type": "integer",
"minimum": 1,
"description": "Maximum number of retry times",
"default": 10
},
"defaultPresignedExpiry": {
"type": "string",
"pattern": "^((([0-9]+h)?([0-9]+m)?([0-9]+s))|(([0-9]+h)?([0-9]+m))|([0-9]+h))$",
"description": "Default bucket name to be set if the user doesn't specify any bucket",
"default": "24h"
},
"allowedBuckets": {
"items": {
"type": "string"
},
"type": "array",
"description": "Allowed buckets. This setting prevents users to get buckets and objects outside the list. However, it's recommended to restrict the permissions for the IAM credentials"
},
"authentication": {
"oneOf": [
{
"oneOf": [
{
"required": [
"credentials"
]
},
{
"required": [
"credentialsFile"
]
}
],
"properties": {
"type": {
"type": "string",
"enum": [
"credentials"
],
"description": "Authorize with a service account or refresh token JSON credentials"
},
"credentials": {
"$ref": "#/$defs/EnvString",
"description": "The given service account or refresh token JSON credentials in JSON string format"
},
"credentialsFile": {
"$ref": "#/$defs/EnvString",
"description": "The given service account or refresh token JSON credentials file"
}
},
"type": "object",
"required": [
"type"
]
},
{
"properties": {
"type": {
"type": "string",
"enum": [
"anonymous"
]
}
},
"type": "object",
"required": [
"type"
]
}
]
},
"publicHost": {
"$ref": "#/$defs/EnvString",
"description": "The public host to be used for presigned URL generation"
},
"projectId": {
"$ref": "#/$defs/EnvString",
"description": "Project ID of the Google Cloud account"
},
"http": {
"$ref": "#/$defs/HTTPTransportTLSConfig"
}
},
"type": "object",
"required": [
"type",
"defaultBucket",
"authentication",
"projectId"
]
},
{
"properties": {
"type": {
"type": "string",
"enum": [
"fs"
],
"description": "Cloud provider type of the storage client"
},
"id": {
"type": "string",
"description": "The unique identity of a client. Use this setting if there are many configured clients"
},
"defaultDirectory": {
"$ref": "#/$defs/EnvString",
"description": "Default directory location to be set if the user doesn't specify any bucket"
},
"allowedDirectories": {
"items": {
"type": "string"
},
"type": "array",
"description": "Allowed directories. This setting prevents users to browse files outside the list"
},
"permissions": {
"properties": {
"directory": {
"type": "integer",
"maximum": 777,
"minimum": 0,
"description": "Default directory permission",
"default": 644
},
"file": {
"type": "integer",
"maximum": 777,
"minimum": 0,
"description": "Default file permission",
"default": 644
}
},
"type": "object",
"required": [
"directory",
"file"
]
}
},
"type": "object",
"required": [
"type",
"defaultDirectory"
]
}
]
},
"ConcurrencySettings": {
"properties": {
"query": {
"type": "integer",
"default": 5
},
"mutation": {
"type": "integer",
"default": 1
}
},
"additionalProperties": false,
"type": "object",
"required": [
"query",
"mutation"
]
},
"Configuration": {
"properties": {
"clients": {
"items": {
"$ref": "#/$defs/ClientConfig"
},
"type": "array"
},
"concurrency": {
"$ref": "#/$defs/ConcurrencySettings"
},
"runtime": {
"$ref": "#/$defs/RuntimeSettings"
},
"generator": {
"$ref": "#/$defs/GeneratorSettings"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"clients",
"runtime"
]
},
"DialerConfig": {
"properties": {
"timeout": {
"oneOf": [
{
"type": "string",
"pattern": "^((([0-9]+h)?([0-9]+m)?([0-9]+s))|(([0-9]+h)?([0-9]+m))|([0-9]+h))$"
},
{
"type": "null"
}
]
},
"keepAliveEnabled": {
"type": "boolean"
},
"keepAliveInterval": {
"oneOf": [
{
"type": "string",
"pattern": "^((([0-9]+h)?([0-9]+m)?([0-9]+s))|(([0-9]+h)?([0-9]+m))|([0-9]+h))$"
},
{
"type": "null"
}
]
},
"keepAliveCount": {
"oneOf": [
{
"type": "integer"
},
{
"type": "null"
}
]
},
"keepAliveIdle": {
"oneOf": [
{
"type": "string",
"pattern": "^((([0-9]+h)?([0-9]+m)?([0-9]+s))|(([0-9]+h)?([0-9]+m))|([0-9]+h))$"
},
{
"type": "null"
}
]
}
},
"additionalProperties": false,
"type": "object"
},
"EnvBool": {
"anyOf": [
{
"required": [
"value"
],
"title": "value"
},
{
"required": [
"env"
],
"title": "env"
}
],
"properties": {
"value": {
"type": "boolean"
},
"env": {
"type": "string"
}
},
"additionalProperties": false,
"type": "object"
},
"EnvString": {
"anyOf": [
{
"required": [
"value"
]
},
{
"required": [
"env"
]
}
],
"properties": {
"env": {
"type": "string"
},
"value": {
"type": "string"
}
},
"type": "object"
},
"GeneratorSettings": {
"properties": {
"promptqlCompatible": {
"type": "boolean",
"default": false
},
"dynamicCredentials": {
"type": "boolean",
"default": false
}
},
"additionalProperties": false,
"type": "object"
},
"HTTPTransportTLSConfig": {
"properties": {
"dialer": {
"$ref": "#/$defs/DialerConfig"
},
"idleConnTimeout": {
"oneOf": [
{
"type": "string",
"pattern": "^((([0-9]+h)?([0-9]+m)?([0-9]+s))|(([0-9]+h)?([0-9]+m))|([0-9]+h))$"
},
{
"type": "null"
}
]
},
"responseHeaderTimeout": {
"oneOf": [
{
"type": "string",
"pattern": "^((([0-9]+h)?([0-9]+m)?([0-9]+s))|(([0-9]+h)?([0-9]+m))|([0-9]+h))$"
},
{
"type": "null"
}
]
},
"tlsHandshakeTimeout": {
"oneOf": [
{
"type": "string",
"pattern": "^((([0-9]+h)?([0-9]+m)?([0-9]+s))|(([0-9]+h)?([0-9]+m))|([0-9]+h))$"
},
{
"type": "null"
}
]
},
"expectContinueTimeout": {
"oneOf": [
{
"type": "string",
"pattern": "^((([0-9]+h)?([0-9]+m)?([0-9]+s))|(([0-9]+h)?([0-9]+m))|([0-9]+h))$"
},
{
"type": "null"
}
]
},
"maxIdleConns": {
"oneOf": [
{
"type": "integer"
},
{
"type": "null"
}
]
},
"maxIdleConnsPerHost": {
"oneOf": [
{
"type": "integer"
},
{
"type": "null"
}
]
},
"maxConnsPerHost": {
"oneOf": [
{
"type": "integer"
},
{
"type": "null"
}
]
},
"maxResponseHeaderBytes": {
"oneOf": [
{
"type": "integer"
},
{
"type": "null"
}
]
},
"readBufferSize": {
"oneOf": [
{
"type": "integer"
},
{
"type": "null"
}
]
},
"writeBufferSize": {
"oneOf": [
{
"type": "integer"
},
{
"type": "null"
}
]
},
"tls": {
"oneOf": [
{
"$ref": "#/$defs/TLSConfig"
},
{
"type": "null"
}
]
}
},
"additionalProperties": false,
"type": "object"
},
"RuntimeSettings": {
"properties": {
"maxDownloadSizeMBs": {
"type": "integer",
"default": 20
},
"maxUploadSizeMBs": {
"type": "integer",
"default": 20
},
"http": {
"$ref": "#/$defs/HTTPTransportTLSConfig"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"maxDownloadSizeMBs",
"maxUploadSizeMBs"
]
},
"TLSConfig": {
"properties": {
"certFile": {
"$ref": "#/$defs/EnvString"
},
"certPem": {
"$ref": "#/$defs/EnvString"
},
"keyFile": {
"$ref": "#/$defs/EnvString"
},
"keyPem": {
"$ref": "#/$defs/EnvString"
},
"caFile": {
"$ref": "#/$defs/EnvString"
},
"caPem": {
"$ref": "#/$defs/EnvString"
},
"insecureSkipVerify": {
"$ref": "#/$defs/EnvBool"
},
"includeSystemCACertsPool": {
"$ref": "#/$defs/EnvBool"
},
"minVersion": {
"type": "string"
},
"maxVersion": {
"type": "string"
},
"cipherSuites": {
"items": {
"type": "string"
},
"type": "array"
},
"serverName": {
"$ref": "#/$defs/EnvString"
}
},
"additionalProperties": false,
"type": "object"
}
}
}