Feature Flags
Feature flags — or Flags for short — allow you to enable or disable certain features inside Morio.
Note that all flags are disabled by default, so you can only ever enable flags, even if that flag disables something.
For example, to disable the UI service, you can enable the
HEADLESS_MORIO flag.
The full list of feature flags is included below.
DISABLE_IDP_APIKEY
Enable this flag to disable the apikey identity
provider thereby blocking authentication
via API Keys.
DISABLE_IDP_LDAP
Enable this flag to disable the ldap identity
provider thereby blocking authentication via
any LDAP backend.
DISABLE_IDP_LOCAL
Enable this flag to disable the local identity
provider thereby blocking authentication via
local Morio accounts.
DISABLE_IDP_MRT
Enable this flag to disable the mrt identity
provider thereby blocking authentication via
the Morio Root Token.
Note that if you enable this flag in your initial settings, you will have effectively locked yourself out of your Morio deployment unless you have also included an alternative identity provider.
As such, we recommend to not enable this flag until after you have made sure you have an alternative identity provider that you know is functioning as expected.
DISABLE_IDP_OIDC
Enable this flag to disable the oidc identity
provider thereby blocking
authentication via any OpenID Connect backend.
DISABLE_SERVICE_UI
Enable this flag to disable the UI service and run Morio in headless mode where you can only use the API to manage it.
This flag is not implemented yet, but on our todo list.
ENFORCE_HTTP_MTLS
Enable this feature flag to enforce on all HTTP endpoints.
The purpose of this feature flag is to add an extra layer of defence so prevent anyone from being able to establish an HTTP connection to your Morio instance. This is useful when deploying Morio in hostile environments, such as on the Internet.
The extra mTLS authentication comes in addition to Morio’s standard HTTP authentication, as described in the IAM guide. In other words, this is not a replacement for any other authentication, but adds an extra authentication layer.
RESEED_ON_RELOAD
Enable this flag to reseed Morio when reloading.
This flag comes into play when you have have preseed.git settings that make
Morio clone a git repository locally. This gives you various ways to keep your
configuration under version control, as outlined in the Preseeding
Guide.
By default, Morio will not re-clone the repository when you make a
configuration change, or when you restart Morio. Instead, it will only update
the git repository from the remote when you explicitly reseed Morio through
the reseed API
endpoint, (or via the
UI which uses this endpoint under the hood).
When you enable this flag, Morio will reseed (thus update the local git content from the remote) whenever you restart it, or update its configuration.
Even with this flag enabled, Morio will not reseed the data when it restarts in an unforeseen way, such as with a server reboot.
When updating the Morio settings, there are three steps:
- Core receives the configuration update request
- Core will reseed if the
RESEED_ON_RELOADflag is set - Core will apply the new configuration
This means that if you change this flag in an update to the settings, it will not take effect until the next update.
In other words, the flag value of the running configuration is used, not the flag value of the new settings.