---
name: policy-server
templates:
  pre-start.erb: bin/pre-start
  policy-server_ctl.erb: bin/policy-server_ctl
  policy-server_as_vcap.erb: bin/policy-server_as_vcap
  policy-server.json.erb: config/policy-server.json
  ca.crt.erb: config/certs/ca.crt
  uaa_ca.crt.erb: config/certs/uaa_ca.crt
  server.crt.erb: config/certs/server.crt
  server.key.erb: config/certs/server.key

packages:
  - policy-server

properties:
  cf_networking.policy_server.listen_host:
    description: "Host where the policy server will serve its API"
    default: 0.0.0.0

  cf_networking.policy_server.listen_port:
    description: "Port where the policy server will serve its external API"
    default: 4002

  cf_networking.policy_server.debug_server_host:
    description: "Host for the debug server"
    default: 127.0.0.1

  cf_networking.policy_server.debug_server_port:
    description: "Port for the debug server"
    default: 22222

  cf_networking.policy_server.internal_listen_port:
    description: "Port where the policy server will serve its internal API"
    default: 4003

  cf_networking.policy_server.ca_cert:
    description: "Trusted CA certificate for clients"

  cf_networking.policy_server.server_cert:
    description: "Server certificate for TLS"

  cf_networking.policy_server.server_key:
    description: "Server key for TLS"

  cf_networking.policy_server.uaa_client:
    description: "UAA client name"
    default: network-policy

  cf_networking.policy_server.uaa_ca:
    description: "Trusted CA for UAA server"

  cf_networking.policy_server.uaa_client_secret:
    description: "UAA client secret"
    default: network-policy-secret

  cf_networking.policy_server.uaa_url:
    description: "Address of UAA server"
    default: https://uaa.service.cf.internal:8443

  cf_networking.policy_server.cc_url:
    description: "Address of Cloud Controller server"
    default: http://cloud-controller-ng.service.cf.internal:9022

  cf_networking.policy_server.skip_ssl_validation:
    description: "Skip verifying ssl certs when speaking to UAA or Cloud Controller"
    default: false


  cf_networking.policy_server.database.type:
    description: "Type of database: postgres or mysql"
    default: postgres

  cf_networking.policy_server.database.connection_string:
    description: "DEPRECATED: please instead set username,password,host,port,name"
    default: ""

  cf_networking.policy_server.database.username:
    description: "Username for database connection"
    default: ""

  cf_networking.policy_server.database.password:
    description: "Password for database connection"
    default: ""

  cf_networking.policy_server.database.host:
    description: "Host (IP or DNS name) for database server"
    default: ""

  cf_networking.policy_server.database.port:
    description: "Port for database server"
    default: ""

  cf_networking.policy_server.database.name:
    description: "Name of logical database to use"
    default: ""



  cf_networking.policy_server.tag_length:
    description: "Length in bytes of the packet tags to generate for policy sources and destinations. Must be greater than 0 and less than 4."
    default: 2

  cf_networking.policy_server.metron_address:
    description: "Forward metrics to this metron agent"
    default: 127.0.0.1:3457

  cf_networking.policy_server.log_level:
    description: "Logging level (debug, info, warn, error)"
    default: info

  cf_networking.policy_server.cleanup_interval:
    description: "Clean up stale policies on this interval, in minutes"
    default: 60
