---
name: loggr-syslog-agent-windows

templates:
  pre-start.ps1.erb: bin/pre-start.ps1
  ingress_port.yml.erb: config/ingress_port.yml
  cache_ca.crt.erb: config/certs/cache_ca.crt
  cache_client.crt.erb: config/certs/cache_client.crt
  cache_client.key.erb: config/certs/cache_client.key
  loggregator_ca.crt.erb: config/certs/loggregator_ca.crt
  syslog_agent.crt.erb: config/certs/syslog_agent.crt
  syslog_agent.key.erb: config/certs/syslog_agent.key
  prom_scraper_config.yml.erb: config/prom_scraper_config.yml
  metrics_ca.crt.erb: config/certs/metrics_ca.crt
  metrics.crt.erb: config/certs/metrics.crt
  metrics.key.erb: config/certs/metrics.key
  drain_ca.crt.erb: config/certs/drain_ca.crt

packages:
- syslog-agent-windows

consumes:
- name: cloud_controller
  type: cloud_controller
- name: binding_cache
  type: binding_cache

properties:
  enabled:
    description: "Syslog agent is enabled on VM"
    default: true

  port:
    description: "Port the agent is serving gRPC via mTLS"
    default: 3458
  drain_skip_cert_verify:
    description: If set to true the SSL hostname validation will be disabled.
    default: false
  drain_ca_cert:
    description: The CA certificate for key/cert verification.

  non_app_drains:
    description: "URLs to syslog drains that will receive all logs from all sources"
    default: ""
    example: "syslog-tls://some-drain-1,syslog-tls://some-drain-1"

  tls.ca_cert:
    description: |
      TLS loggregator root CA certificate. It is required for key/cert
      verification.
  tls.cert:
    description: "TLS certificate for syslog signed by the loggregator CA"
  tls.key:
    description: "TLS private key for syslog signed by the loggregator CA"
  tls.cipher_suites:
    description: |
      An ordered list of supported SSL cipher suites. Allowed cipher suites are
      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384.
    default: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"

  cache.tls.ca_cert:
    description: |
      When the syslog communicates with the Cloud Controller it must
      validate the Cloud Controller's certificate was signed by a trusted CA.
      This is the CA trusted by the syslog for that communication.
  cache.tls.cert:
    description: |
      This certificate is sent to the Cloud Controller when initiating a
      connection. It must be signed by a CA that is trusted by the Cloud
      Controller.
  cache.tls.key:
    description: |
      This is the private key for the certificate sent to the Cloud Controller
      when initiating a connection.
  cache.tls.cn:
    description: |
      When the syslog communicates with the cache it must
      validate the Cloud Controller's common name (CN) or subject alternative
      names (SANs) against the hostname or IP address used to initiate the
      connection. Most of the time this should be the hostname defined in
      api.url.
  cache.polling_interval:
    description: |
      The interval at which the syslog will poll the Cloud Controller for
      bindings.
    default: 15s
  cache.batch_size:
    description: |
      The batch size the syslog will request the Cloud Controller for
      bindings.
    default: 1000

  metrics.port:
    description: "Port the agent uses to serve metrics and debug information"
    default: 14822
  metrics.ca_cert:
    description: "TLS CA cert to verify requests to metrics endpoint."
  metrics.cert:
    description: "TLS certificate for metrics server signed by the metrics CA"
  metrics.key:
    description: "TLS private key for metrics server signed by the metrics CA"
  metrics.server_name:
    description: "The server name used in the scrape configuration for the metrics endpoint"