Provisioning

Provisioning is step after server is started and API becomes available. It allows you to directly influence how a fresh Corteza instance is configured on first run. This entire process can be disabled by setting env. variables PROVISION_MIGRATE_DATABASE and PROVISION_CONFIGURATION to false.

Table 1. Control provisioning procedure
Type	Default value	Description
`PROVISION_MIGRATE_DATABASE`
`boolean`	`true`	Controls if database migration (creation of tables, changes of schema between versions) should be done before each service is started. It’s recommended to keep this setting on. Disabling it on a running server prevents migration between version udpates
`PROVISION_CONFIGURATION`
`boolean`	`true`	Runs various auto-setup procedures and creates resources: - creates default permission rules and roles - default channels are created - default applications are created - compose resources (namespaces, modules, charts,…) - settings auto-discovery

Table 2. Provision authentication settings:
Type	Default value	Description
`PROVISION_SETTINGS_AUTH_EXTERNAL_ENABLED`
`auth.external.enabled`
`boolean`	`true`	Is OAuth2 enabled or disabled OAuth2 flow redirection URL.
`PROVISION_SETTINGS_AUTH_EXTERNAL_REDIRECT_URL`
`auth.external.redirect-url`
`string`		searches env-variables (`DOMAIN`, `LETSENCRYPT_HOST`, `VIRTUAL_HOST`, `HOSTNAME`, `HOST`) and uses additional info (monolith, api-base-url) to calculate the value
`PROVISION_SETTINGS_AUTH_EXTERNAL_SESSION_STORE_SECRET`
`auth.external.session-store-secret`
`string`	`random 64 char string`	generated 64 char long string if missing. Is session cookie "secure" flag used (if yes, cookie can only be access over HTTPS).
`PROVISION_SETTINGS_AUTH_EXTERNAL_SESSION_STORE_SECURE`
`auth.external.session-store-secure`
`bool`	`false`	If HTTPS is used for external auth redirection url, value is set to true.
`PROVISION_SETTINGS_AUTH_FRONTEND_URL_BASE`
`auth.frontend.url.base`
`string`		Where the frontend SPA is located. Serves as base for generating other `auth.frontend.url…` variables.
`PROVISION_SETTINGS_AUTH_FRONTEND_URL_PASSWORD_RESET`
`auth.frontend.url.password-reset`
`string`		Where the frontend SPA is located, the password reset form. Where the frontend SPA is located, password email confirmation page.
`PROVISION_SETTINGS_AUTH_FRONTEND_URL_EMAIL_CONFIRMATION`
`auth.frontend.url.email-confirmation`
`string`	`auth.frontend.url.base is used as base URL`
`PROVISION_SETTINGS_AUTH_FRONTEND_URL_REDIRECT`
`auth.frontend.url.redirect`
`string`		Where the frontend SPA is located. User will be redirected here on successful external authentication. Auto discovery uses `auth.frontend.url.base` as base URL
`PROVISION_SETTINGS_AUTH_EMAIL_FROM_ADDRESS`
`auth.mail.from-address`
`string`	`to-be-configured@example.tld`	Email address used for sending auth emails (password reset, email confirmation) Name used for sending auth emails (password reset, email confirmation)
`PROVISION_SETTINGS_AUTH_EMAIL_FROM_NAME`
`auth.mail.from-name`
`string`		Corteza Team (to-be-configured) Is internal auth enabled? Enable this to allow users to use all (enabled) internal features (sign-up, log in….)
`auth.internal.signup`
`PROVISION_SETTINGS_AUTH_INTERNAL_ENABLED`
`boolean`	`true`
`PROVISION_SETTINGS_AUTH_INTERNAL_SIGNUP_ENABLED`
`auth.internal.signup.enabled`
`boolean`	`true`	Is internal sign-up enabled? Enable this to allow users to register if you do not have external authentication providers.
`PROVISION_SETTINGS_AUTH_INTERNAL_SIGNUP_EMAIL_CONFIRMATION_REQUIRED`
`auth.internal.signup-email-confirmation-required`
`boolean`	`false`	Is email confirmation required for internal sign-ups? Enabled on auto-discovery if server has email capabilities (`SMTP_HOST` variable is set)
`PROVISION_SETTINGS_AUTH_INTERNAL_PASSWORD_RESET_ENABLED`
`auth.internal.password-reset.enabled`
`boolean`	`false`	Is password reset enabled for internal account? Auto-discovery enables this if server has email capabilities (`SMTP_HOST` variable is set)

Table 3. Provision OIDC providers:
Type	Default value	Description
`PROVISION_OIDC_PROVIDER`
`string`		Registers all given providers on start. Provide a list of space delimited provider pairs (`<name> <provider-url>` or `<name> <provider-url> <name-2> <provider-url-2>`). The provider is auto-discovered only if it does not exist (match by name). Also, make sure that your redirect URL (`auth.external.redirect-url`) is properly. and `PROVISION_SETTINGS_AUTH_EXTERNAL_REDIRECT_URL`.
`PROVISION_SETTINGS_AUTH_EXTERNAL_REDIRECT_URL`
`string`		Sets value for `auth.external.redirect-url` setting. This should be set to: `https://api.your-corteza-instance.tld/system/auth/external/%s/callback`

Table 4. Provision other external provider
Type	Default value	Description
`PROVISION_SETTINGS_AUTH_EXTERNAL_GITHUB`
`string`		Github’s app credentials: `<key> <secret>`
`PROVISION_SETTINGS_AUTH_EXTERNAL_FACEBOOK`
`string`		Facebook’s app credentials: `<key> <secret>`
`PROVISION_SETTINGS_AUTH_EXTERNAL_GPLUS`
`string`		Google’s app credentials: `<key> <secret>`
`PROVISION_SETTINGS_AUTH_EXTERNAL_LINKEDIN`
`string`		LinkedIn’s app credentials: `<key> <secret>`
`PROVISION_SETTINGS_AUTH_EXTERNAL_OIDC`
`string`		OIDC provider settings `<name> <issuer> <key> <secret>`