This file lists all the configuration properties available for a deployment of the service application.
You can set the properties either with an application.yaml
file or with environment variables.
This documentation is generated from annotations in the configuration classes.
- Access Control
- Application Database
- Authentication
- Export (Per Model)
- Export (Shared)
- Feature Flags
- Underlays
Configure the access control or authorization model.
optional String
URL of another service the access control model will call. e.g. Workbench URL.
Example value:
optional String
Pointer to the access control model Java class. Currently this must be one of the enum values in thebio.terra.tanagra.service.accesscontrol.model.CoreModel
Java class, or the full name of a class that implements the bio.terra.tanagra.service.accesscontrol.model.FineGrainedAccessControl
interface and is on the classpath.
Default value: OPEN_ACCESS
optional String
OAuth client id of another service the access control model will call. e.g. Workbench client id.
Example value:
optional List [ String ]
Map of parameters to pass to the access control model. Pass the map as a list e.g. key1,value1,key2,value2,... This is useful when you want to parameterize a model beyond just the base path and OAuth client id. e.g. Name of a Google Group you want to use to restrict access.
Example value: googleGroupName,
Configure the application database.
required String
Password for the application database.
Environment variable: TANAGRA_DB_PASSWORD
Example value: dbpwd
required String
URI of the application database.
Environment variable: TANAGRA_DB_URI
Example value: jdbc:postgresql://
required String
Username for the application database.
Environment variable: TANAGRA_DB_USERNAME
Example value: dbuser
optional String
Name of the Cloud SQL instance **project:region:instance**
. Required to configure a CloudSQL connector (e.g. when deployed in AppEngine). More information in GCP documentation.
optional String
Name of the driver class. Required to configure a CloudSQL connector (e.g. when deployed in AppEngine). More information in GCP documentation.
Environment variable: TANAGRA_DB_DRIVER_CLASS_NAME
Example value: com.mysql.cj.jdbc.Driver
optional boolean
When true, the application database will be wiped on service startup.
Default value: false
optional String
Comma separated list of preferred IP types. Used to configure a CloudSQL connector (e.g. when deployed in AppEngine). Not required to use a CloudSQL connector. Leave empty to use GCP's default. More information in GCP documentation.
Environment variable: TANAGRA_DB_IP_TYPES
Example value: PUBLIC,PRIVATE
optional String
Name of the socket factory class. Required to configure a CloudSQL connector (e.g. when deployed in AppEngine). More information in GCP documentation.
Environment variable: TANAGRA_DB_SOCKET_FACTORY
Example value:
optional boolean
When true, the application database will have Liquibase changesets applied on service startup.
Environment variable: TANAGRA_DB_UPGRADE_ON_START
Default value: false
Configure the authentication model.
There are five separate flags that control which model is used: tanagra.auth.disableChecks
, tanagra.auth.iapGkeJwt
, tanagra.auth.iapAppEngineJwt
, tanagra.auth.gcpAccessToken
, tanagra.auth.jwt
. In the future these will be combined into a single flag. For now, you must set all five flags and only one should be true.
required boolean
When true, authentication checks will be disabled. This is helpful during testing, especially testing a locally deployed service. It should never be used for a production service.
required boolean
When true, the service expects a Google OAuth access token. The service calls Google's
endpoint to get the email address of the user from the token. More details in the GCP documentation.
optional String
The GCP project id, which is different from the project number. You can find this in the Cloud Console dashboard. More details in the GCP documentation. Required when using the IAP JWT GKE or IAP JWT AppEngine model.
Environment variable: TANAGRA_AUTH_GCP_PROJECT_ID
Example value: tanagra-dev
optional String
The GCP project number, which is different from the project id. You can find this in the Cloud Console dashboard. More details in the GCP documentation and IAP documentation. Required when using the IAP JWT AppEngine model.
Example value: 0123456789
optional String
The GKE backend service id. You can find this in the Cloud Console. More details in the IAP documentation. Required when using the IAP JWT GKE model.
Example value: 0123456789
required boolean
When true, the service expects a JWT generated by Google IAP running in front of AppEngine. When this flag is set, you must also define the GCP project number and the GCP project id. More details in the GCP documentation.
required boolean
When true, the service expects a JWT generated by Google IAP running in front of GKE. When this flag is set, you must also define the GKE backend service id and the GCP project id. More details in the GCP documentation.
Environment variable: TANAGRA_AUTH_IAP_GKE_JWT
required boolean
When true, the service expects a JWT. The service decodes the user information from the token payload. When this flag is set, optionally verify the token by setting Issuer, Audience, Public key file. Algorithm defaults to RSA256.
Environment variable: TANAGRA_AUTH_JWT
required String
The algorithm used to verify the JWT. Defaults to RSA256
Environment variable: TANAGRA_AUTH_JWT_ALGORITHM
required String
The audience of JWT used for its verification.
Environment variable: TANAGRA_AUTH_JWT_AUDIENCE
required String
The issuer of JWT used for its verification.
Environment variable: TANAGRA_AUTH_JWT_ISSUER
required String
Name of the PEM public key file in the 'resources/keys' directory used to verify the JWT.
Configure the export options for each model.
optional String
Displayed name of the export model. This is for display only and will be shown in the export dialog when the user initiates an export. Defaults to the display name provided by the export model. It's useful to override the default if you have more than one instance of the same model (e.g. export to workbench parameterized with the dev environment URL, and another parameterized with the test environment URL).
Environment variable: TANAGRA_EXPORT_MODELS_0_DISPLAY_NAME (Note 0 is the list index, so if you have 2 models, you'd have 0 and 1 env vars.)
Example value: Export File to Workbench (dev instance)
optional String
Name of the export model. This must be unique across all models for a given deployment. Defaults to the name of the export model. It's useful to override the default if you have more than one instance of the same model (e.g. export to workbench parameterized with the dev environment URL, and another parameterized with the test environment URL).
Environment variable: TANAGRA_EXPORT_MODELS_0_NAME (Note 0 is the list index, so if you have 2 models, you'd have 0 and 1 env vars.)
optional String
Maximum number of primary entity instances to allow exporting (e.g. number of persons <= 10k). This is useful when you want to limit the amount of data a user can export e.g. to keep file sizes reasonable. The limit is inclusive, so 10k means <=10k is allowed. Note that this limit applies to the union of all selected cohorts, not each cohort individually. When unset, there is no default cap. This export model will always run, regardless of how many primary entity instances are included in the selected cohorts.
Environment variable: TANAGRA_EXPORT_MODELS_0_NUM_PRIMARY_ENTITY_CAP (Note 0 is the list index, so if you have 2 models, you'd have 0 and 1 env vars.)
Example value: 10000
optional List [ String ]
Map of parameters to pass to the export model. This is useful when you want to parameterize a model beyond just the redirect URL. e.g. A description for a generated notebook file.
Environment variable: TANAGRA_EXPORT_MODELS_0_PARAMS_0 (Note the first 0 is the list index of the export models, so if you have 2 models, you'd have 0 and 1 env vars. The second 0 is the list index of the parameters, so if you have 2 parameters, you'd need 0 and 1 env vars.)
Example value: Notebook file generated for Workbench v35
optional String
URL to redirect the user to once the Tanagra export model has run. This is useful when you want to export a file to another site. e.g. Write the exported data to CSV files in GCS and then redirect to a workbench URL, passing the URL to the CSV files so the workbench can import them somewhere.
Environment variable: TANAGRA_EXPORT_MODELS_0_REDIRECT_AWAY_URL (Note 0 is the list index, so if you have 2 models, you'd have 0 and 1 env vars.)
Example value:${tsvFileUrl}&returnUrl=${redirectBackUrl}&returnApp=${sourceApp}
optional Type
Pointer to the data export model Java class. Currently this must be one of the enum values in thebio.terra.tanagra.service.export.DataExport.Type
Java class. In the future, it will support arbitrary class names
Environment variable: TANAGRA_EXPORT_MODELS_0_TYPE (Note 0 is the list index, so if you have 2 models, you'd have 0 and 1 env vars.)
Configure the export options shared by all models.
optional List [ String ]
Comma separated list of all BQ dataset ids that all export models can use. Required if there are any export models that need to export from BQ to GCS.
Example value: service_export_us,service_export_uscentral1
optional String
GCP project id that contains the BQ dataset and GCS bucket(s) that all export models can use. Required if there are any export models that need to export from BQ to GCS.
Example value: broad-tanagra-dev
optional List [ String ]
Comma separated list of all GCS bucket names that all export models can use. Only include the bucket name, not the gs:// prefix. Required if there are any export models that need to write to GCS.
Example value: bq-export-uscentral1,bq-export-useast1
optional boolean
When true, export models will generate unsigned GCS urls. Setting this to true can be helpful during testing, especially testing a locally deployed service. It should never be used for a production service.
Example value: false
Enable and disable specific features.
optional boolean
When true, we store activity log events in the application database. This is intended to support auditing requirements.
Default value: false
optional String
The maximum number of child threads a single request can spawn. The application will only use multi-threading where it could improve performance, so just configuring a specific number here is not a guarantee that exactly that many or even any child threads will be spawned for a given request.
When unset, the application will default to using multi-threading where it could improve performance. When set to 0, the application will only run things serially. When set to some N > 0 (e.g. 2), the application may spawn at most N child threads.
(For export, spawning a single child thread would not improve performance, so 0 and 1 cause identical behavior, i.e. run serially in same thread as request.)
Configure the underlays served.
required List [ String ]
Comma-separated list of service configurations. Use the name of the service configuration file only, no extension or path.
Environment variable: TANAGRA_UNDERLAY_FILES
Example value: cmssynpuf_broad,aouSR2019q4r4_broad