Skip to main content

Feature Flags

Feature flags — or Flags for short — allow you to enable or disable certain features inside Morio.

Note that all flags are disabled by default, so you can only ever enable flags, even if that flag disables something.

For example, to disable the UI service, you can enable the HEADLESS_MORIO flag.

The full list of feature flags is included below.

DISABLE_IDP_APIKEY

Enable this flag to disable the apikey identity provider thereby blocking authentication via API Keys.

DISABLE_IDP_LDAP

Enable this flag to disable the ldap identity provider thereby blocking authentication via any LDAP backend.

DISABLE_IDP_LOCAL

Enable this flag to disable the local identity provider thereby blocking authentication via local Morio accounts.

DISABLE_IDP_MRT

Enable this flag to disable the mrt identity provider thereby blocking authentication via the Morio Root Token.

Note that if you enable this flag in your initial settings, you will have effectively locked yourself out of your Morio deployment unless you have also included an alternative identity provider.

As such, we recommend to not enable this flag until after you have made sure you have an alternative identity provider that you know is functioning as expected.

DISABLE_IDP_OIDC

Enable this flag to disable the oidc identity provider thereby blocking authentication via any OpenID Connect backend.

DISABLE_SERVICE_UI

Enable this flag to disable the UI service and run Morio in headless mode where you can only use the API to manage it.

FIXME

This flag is not implemented yet, but on our todo list.

ENFORCE_HTTP_MTLS

Enable this feature flag to enforce on all HTTP endpoints.

The purpose of this feature flag is to add an extra layer of defence so prevent anyone from being able to establish an HTTP connection to your Morio instance. This is useful when deploying Morio in hostile environments, such as on the Internet.

The extra mTLS authentication comes in addition to Morio’s standard HTTP authentication, as described in the IAM guide. In other words, this is not a replacement for any other authentication, but adds an extra authentication layer.

RESEED_ON_RELOAD

Enable this flag to reseed Morio when reloading.

This flag comes into play when you have have preseed.git settings that make Morio clone a git repository locally. This gives you various ways to keep your configuration under version control, as outlined in the Preseeding Guide.

By default, Morio will not re-clone the repository when you make a configuration change, or when you restart Morio. Instead, it will only update the git repository from the remote when you explicitly reseed Morio through the reseed API endpoint, (or via the UI which uses this endpoint under the hood).

When you enable this flag, Morio will reseed (thus update the local git content from the remote) whenever you restart it, or update its configuration.

warning

Even with this flag enabled, Morio will not reseed the data when it restarts in an unforeseen way, such as with a server reboot.

Understanding then this flag takes effect

When updating the Morio settings, there are three steps:

  • Core receives the configuration update request
  • Core will reseed if the RESEED_ON_RELOAD flag is set
  • Core will apply the new configuration

This means that if you change this flag in an update to the settings, it will not take effect until the next update.

In other words, the flag value of the running configuration is used, not the flag value of the new settings.