All Collections
CloudGen Access Docs
General Parameters
General Parameters
Barracuda Admin avatar
Written by Barracuda Admin
Updated over a week ago

These parameters are shared by various sources: Google Workspace, Azure AD, Okta Directory, MSAD/LDAP, etc. Source-specific parameters are listed in each source article.

The following override mechanisms will be processed in order, the last override representing the final value:

  1. Default value

  2. config.json file on the CWD of the service process

  3. Docker-provisioned secret (/run/secrets/<key>)

  4. AWS SSM (all keys prefixed with the value from the ‘prefix’ key; disable check with env variable DISABLE_AWS_SSM=1 )

  5. AWS SecretsManager (all keys prefixed with the value from the ‘prefix’ key; disable check with env variable DISABLE_AWS_SEC_MANAGER=1 )

  6. Environment variable, prefixed with FYDE_, all caps and replacing dashes ( - ) with underscores ( _ ).

  7. Command-line arguments in long-form notation like ‘--example’, all keys underscores converted to dashes.

The following is a complete list of all configuration parameters used by this program.

Key

Default

Type

Description

api_ca_validation

True

bool

Validate the TLS certificates of the API server

api_timeout

60

int

Timeout to fail a connection to the API server

dry-run

False

bool

This flag will run all the synchronization and delta calculation steps, but it will not send the changes over to the Enterprise Console.

enrollment_token

None

string

Enrollment token provided by the CloudGen Access Console

force-full-sync

False

bool

Force a full sync of the directory source.

groups-excluded

string

Group import filtering (regex). Note that all groups are still imported. This will filter the users that are imported.

groups-included

string

Group import filtering (regex). Note that all groups are still imported. This will filter the users that are imported.

http-proxy

string

Use HTTP proxy. Example: http://proxy.host:1234/ or socks5://10.0.0.1:5555

https-proxy

string

Use HTTPS proxy. Example: https://proxy.host:1234/ or socks5://10.0.0.1:5555

live_test_timeout

30

int

Liveness of the redis data for active jobs in server_mode. If data about a pending job is not refreshed by the end of this timeout, the system considers the connector instance handling the job has died and cleans up the associated data.

logfile

string

Log file to send all output. It is also sent to stderr by default.

loglevel

info

string

Log level to use. Valid values error/warning/info/debug

only-matched-groups

True

bool

Decides if it should push only groups that match the group filters, or all of them.

prefix

fyde_

string

Define the prefix used for keys stored in AWS SSM and AWS SecretsManager

prometheus

False

bool

Prometheus metrics for the connector

prometheus_port

9000

int

Prometheus port

run_once

False

bool

Run only one sync cycle and exit

server_host

127.0.0.1

string

IP address to listen to for requests when running in server_mode

server_mode

False

bool

Run connector in microservice mode

server_port

8000

int

Port to listen in server_mode

sync_cycle

900

int

Time to wait between sync cycles

sync_error_backoff

30

int

Time to wait before retrying a failed sync attempt

sync_job_completion

30

int

Time to wait between polls to confirm a sync job has been processed

users-excluded

string

User import filtering (regex). Note that all groups are still imported. This will filter the users that are imported.

users-included

string

User import filtering (regex). Note that all groups are still imported. This will filter the users that are imported.

Did this answer your question?