vip/vip.toml.example at main · posit-dev/vip · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
# VIP Configuration
# Documentation: https://posit-dev.github.io/vip/getting-started/
#
# Copy this file to vip.toml and fill in your deployment details.
# Secrets should be set via environment variables (see comments below).
#
# Quick start (no config file needed):
#   vip verify --connect-url https://connect.example.com
#
# With this config file:
#   vip verify --config vip.toml --no-interactive-auth
#
# Headless auth (OIDC/SAML/OAuth2 requires [auth] idp):
#   vip verify --config vip.toml --headless-auth
#
# Kubernetes mode (auto-configure from PTD Site CR, requires posit-dev/team-operator):
#   vip verify --k8s --site main --namespace posit-team

[general]
# Human-readable name for this deployment (appears in reports)
deployment_name = "My Posit Team"

# Additional directories containing custom test cases.
# These are collected and run alongside the built-in test suite.
extension_dirs = []

[connect]
# Set enabled = false to skip all Connect tests.
enabled = true
url = "https://connect.example.com"
# Product version - used by @min_version markers to skip version-specific tests.
# version = "2024.09.0"

# API key for a Connect admin user.
# Prefer setting the VIP_CONNECT_API_KEY environment variable.
# api_key = "..."

# Timeout in seconds for content deployments (default: 1200)
# Increase this for environments with slower package installation.
deploy_timeout = 1200

[workbench]
enabled = true
url = "https://workbench.example.com"
# version = "2024.09.0"

# API key for a Workbench admin user.
# Prefer setting the VIP_WORKBENCH_API_KEY environment variable.
# api_key = "..."
#
# Session capacity testing (requires --interactive-auth).
# If omitted, VIP auto-detects available profiles from the UI.
# session_profiles = ["Small", "Medium", "Large"]
# session_count = 3

# Idle session timeout testing.
# Set idle_timeout_minutes to match the deployment's session-timeout-minutes
# from rsession.conf.  Must be ≤ 15 for the idle scenarios to run within
# practical time budgets; values above 15 cause those scenarios to skip.
# idle_timeout_minutes = 5   # must be ≤ 15 for the idle scenarios to run
# idle_grace_seconds = 60    # seconds added on top of idle_timeout_minutes before asserting suspend

# Additional IDE extensions to validate beyond the built-in Posit Workbench
# integration (which is always checked).  Use extension IDs for VS Code and
# Positron, and package names for JupyterLab.
# [workbench.extensions]
# vscode = ["quarto.quarto", "posit.shiny", "posit.publisher"]
# positron = ["quarto.quarto"]
# jupyterlab = []

# Kubernetes-specific capacity and autoscaling tests.
# Cluster credentials are read from the ambient environment (kubeconfig /
# KUBECONFIG env var / in-cluster service account) — no separate credential
# fields required.  Requires the 'kubernetes' Python package: uv add kubernetes
# [workbench.kubernetes]
# enabled = false
# namespace = "posit-team"
#
# Map node-pool names to resource profile labels for routing verification.
# [workbench.kubernetes.node_pool_profiles]
# "cpu-pool" = "Small"
# "gpu-pool" = "GPU Large"
#
# Hard session ceiling (for capacity limit test).
# max_sessions = 10
#
# Expected CPU limits (cores) per resource profile.
# [workbench.kubernetes.profile_cpu_limit]
# "Small" = 1.0
# "Large" = 4.0
#
# Expected memory limits (GiB) per resource profile.
# [workbench.kubernetes.profile_memory_limit_gib]
# "Small" = 2.0
# "Large" = 8.0

# Git operations testing.
# Validates that users can clone, commit, and push from Workbench sessions
# (RStudio terminal, VS Code terminal, Positron terminal, and RStudio Git pane).
# All Git scenarios auto-skip when this block is absent.
#
# auth_method = "https-token": set VIP_GIT_TOKEN in the environment (never in
#   this file); clone and push scenarios run.
#   export VIP_GIT_TOKEN="ghp_..."
# auth_method = "none": anonymous HTTPS clone of a public repo; no token needed;
#   only the clone/connectivity scenarios run (push/commit scenarios skip).
#
# [workbench.git_test]
# clone_url = "https://github.com/org/repo.git"
# auth_method = "https-token"    # "https-token" or "none"; SSH is out of scope

[package_manager]
enabled = true
url = "https://packagemanager.example.com"
# version = "2024.09.0"

# Token for a Package Manager user.
# Prefer setting the VIP_PACKAGE_MANAGER_TOKEN environment variable.
# token = "..."

[auth]
# Authentication provider in use: "password", "ldap", "saml", "oidc", "oauth2"
provider = "password"

# Identity provider for --headless-auth: "keycloak", "okta", "snowflake"
# Only required when provider is "oidc", "saml", or "oauth2".
# For Snowflake Native App deployments, use provider = "oauth2" and
# idp = "snowflake"
# idp = "keycloak"

# Test user credentials.
# Prefer setting VIP_TEST_USERNAME and VIP_TEST_PASSWORD environment variables.
#
# For unattended MFA-protected runs (--headless-auth only), set
# VIP_TEST_TOTP_SECRET to the base32 TOTP seed of a DEDICATED TEST SERVICE
# ACCOUNT. The seed is equivalent to bypassing 2FA — never use a personal
# account's seed and never commit it to source control.
# username = "..."
# password = "..."

[email]
# Set enabled = true if email delivery is configured on Connect.
enabled = false
# smtp_server = "smtp.example.com"

[data_sources]
# External data sources to verify connectivity against.
# Each entry is a name and connection string (or env var reference).
# Example:
# [data_sources.postgres]
# type = "postgres"
# connection_string_env = "VIP_POSTGRES_CONN"

[runtimes]
# Expected R and Python versions.  Used to verify that the correct
# versions are available on Connect and Workbench.
# r_versions = ["4.3.2", "4.4.0"]
# python_versions = ["3.11.8", "3.12.2"]

[monitoring]
# Set enabled = true if monitoring / logging is configured.
enabled = false

[chronicle]
# Set enabled = true if Connect's embedded Chronicle usage data collection
# is configured. VIP verifies the Chronicle subprocess is running and ready.
enabled = false

[performance]
# Thresholds for performance tests.  All time values are in seconds.
# page_load_timeout = 10.0
# download_timeout = 30.0
# p95_response_time = 5.0
# concurrent_requests = 10
# disk_usage_max_pct = 90.0
# memory_available_min_pct = 10.0
#
# Load test settings (used by test_load scenarios).
# load_user_counts = [10, 100, 1000, 10000]
# load_max_connections = 200
# load_success_rate_threshold = 0.95
# load_test_tool = "auto"        # "auto" | "async" | "locust" | "threadpool"
# load_test_duration = 30         # seconds (locust only)
# load_test_spawn_rate = 10       # users/sec (locust only)
#
# Slow VMs: to scale every operation timeout up by 3×, set the env var:
#   VIP_TIMEOUT_SCALE=3 vip verify --connect-url https://connect.example.com
# This multiplies Playwright waits, API polling deadlines, and httpx timeouts
# uniformly. The per-section knobs above set absolute values; the scale
# multiplies on top of whatever effective value (default or configured) is in
# play. Values < 1.0 are valid for speeding up CI smoke checks.

[tls]
# TLS configuration for self-signed or corporate CAs.
#
# Disable TLS certificate verification (equivalent to curl -k).
# Use only in trusted environments; this silently ignores certificate errors.
# Overridable on the command line with: vip verify --insecure
# insecure = false
#
# Path to a custom CA certificate bundle (PEM).  Useful for self-signed or
# corporate CAs.  For Playwright tests, sets NODE_EXTRA_CA_CERTS before
# launching Chromium (Chromium-level trust only).
# Overridable on the command line with: vip verify --ca-bundle /path/to/ca.pem
# ca_bundle = "/etc/ssl/corp-ca.pem"

[security]
# Set enabled = true to run security-policy compliance tests.
policy_checks_enabled = false

# Kubernetes cluster access
# Required for k8s_job mode (default) and config_only mode (--config-only).
# Not used when running locally (--local).
# [cluster]
# provider = "aws"                    # "aws" or "azure"
# name = "my-cluster-20260101"        # EKS/AKS cluster name
# region = "us-east-1"                # Cloud region
# namespace = "posit-team"            # K8s namespace (default: posit-team)
# site = "main"                       # PTD Site CR name (default: main)
# profile = "my-staging"              # AWS: profile name
# role_arn = ""                       # AWS: IAM role ARN for cross-account access
# subscription_id = ""                # Azure: subscription ID
# resource_group = ""                 # Azure: resource group