Settings
The Pact Broker supports configuration via environment variables or a YAML file from version 2.87.0.1 of the Docker images.
To configure the application using a YAML file, place it in the location config/pact_broker.yml
,
relative to the working directory of the application, or set the environment
variable PACT_BROKER_CONF
to the full path to the configuration file.
Logging
log_level
The application log level
Environment variable name: PACT_BROKER_LOG_LEVEL
YAML configuration key name: log_level
Default: info
Allowed values: debug
, info
, warn
, error
, fatal
log_format
The application log format. Can be any value supported by Semantic Logger.
Environment variable name: PACT_BROKER_LOG_FORMAT
YAML configuration key name: log_format
Default: default
Allowed values: default
, json
, color
More information: https://github.com/rocketjob/semantic_logger/tree/master/lib/semantic_logger/formatters
log_dir
The log file directory
Environment variable name: PACT_BROKER_LOG_DIR
YAML configuration key name: log_dir
Default: ./logs
log_stream
The stream to which the logs will be sent.
While the default is file
for the Ruby application, it is set to stdout
on the supported Docker images.
Environment variable name: PACT_BROKER_LOG_STREAM
YAML configuration key name: log_stream
Default: file
Allowed values: stdout
, file
http_debug_logging_enabled
Enable this setting to print the entire request and response to the logs at debug level. Used for troubleshooting issues.
Do not leave this on permanently, as it will have performance and security issues.
Ensure the application log_level
is set to debug
when this setting is enabled.
Supported versions: From v2.98.0
Environment variable name: PACT_BROKER_HTTP_DEBUG_LOGGING_ENABLED
YAML configuration key name: http_debug_logging_enabled
Default: false
Allowed values: true
, false
hide_pactflow_messages
Set to true
to hide the messages in the logs about PactFlow
Environment variable name: PACT_BROKER_HIDE_PACTFLOW_MESSAGES
YAML configuration key name: hide_pactflow_messages
Default: true
Allowed values: true
, false
More information: https://pactflow.io
Database
database_adapter
The database adapter. For production use, Postgres must be used.
For investigations/spikes on a development machine, you can use SQlite. It is not supported as a production database, as it does not support concurrent requests.
Environment variable name: PACT_BROKER_DATABASE_ADAPTER
YAML configuration key name: database_adapter
Default: postgres
Allowed values: postgres
(for production use), sqlite
(for spikes only)
database_username
The database username
Environment variable name: PACT_BROKER_DATABASE_USERNAME
YAML configuration key name: database_username
database_password
The database password
Environment variable name: PACT_BROKER_DATABASE_PASSWORD
YAML configuration key name: database_password
database_name
The database name. If using the sqlite
adapter, this will be the path to the database file.
Environment variable name: PACT_BROKER_DATABASE_NAME
YAML configuration key name: database_name
Examples: pact_broker
, /tmp/pact_broker.sqlite3
, ./tmp/pact_broker.sqlite3
database_host
The database host
Environment variable name: PACT_BROKER_DATABASE_HOST
YAML configuration key name: database_host
database_port
The database port. If ommited, the default port for the adapter will be used.
Environment variable name: PACT_BROKER_DATABASE_PORT
YAML configuration key name: database_port
database_url
The full database URL may be specified instead of the separate adapter, username, password, name, host and port.
Environment variable name: PACT_BROKER_DATABASE_URL
YAML configuration key name: database_url
Format: {database_adapter}://{database_username}:{database_password}@{database_host}:{database_port}/{database_name}
Examples: postgres://pact_broker_user:pact_broker_password@pact_broker_db_host/pact_broker
, sqlite:///tmp/pact_broker.sqlite3
(relative path to working directory), sqlite:////tmp/pact_broker.sqlite3
(absolute path)
database_sslmode
The Postgresql ssl mode.
Environment variable name: PACT_BROKER_DATABASE_SSLMODE
YAML configuration key name: database_sslmode
Default: prefer
Allowed values: disable
, allow
, prefer
, require
, verify-ca
, verify-full
More information: https://ankane.org/postgres-sslmode-explained
sql_log_level
The log level that will be used when the SQL query statements are logged.
To disable noisy SQL query logging when the application log_level
is set to debug
for other reasons, use the value none
.
Environment variable name: PACT_BROKER_SQL_LOG_LEVEL
YAML configuration key name: sql_log_level
Default: From 2.99+, the default is none
. In previous versions, the default is debug
.
Allowed values: none
, debug
, info
, warn
, error
, fatal
sql_log_warn_duration
The number of seconds after which to log an SQL query at warn level. Use this for detecting slow queries.
Environment variable name: PACT_BROKER_SQL_LOG_WARN_DURATION
YAML configuration key name: sql_log_warn_duration
Default: 5
Allowed values: A positive integer or float, as a string.
More information: https://sequel.jeremyevans.net/rdoc/files/doc/opening_databases_rdoc.html#label-General+connection+options
sql_enable_caller_logging
Whether or not to enable caller_logging extension for database connection. When enabled it logs source path that caused SQL query.
Environment variable name: PACT_BROKER_SQL_ENABLE_CALLER_LOGGING
YAML configuration key name: sql_enable_caller_logging
Default: false
Allowed values: true
, false
More information: https://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/caller_logging_rb.html
database_max_connections
The maximum size of the connection pool (4 connections by default on most databases)
Environment variable name: PACT_BROKER_DATABASE_MAX_CONNECTIONS
YAML configuration key name: database_max_connections
Default: 4
Allowed values: A positive integer value.
More information: https://sequel.jeremyevans.net/rdoc/files/doc/opening_databases_rdoc.html#label-General+connection+options
database_pool_timeout
The number of seconds to wait if a connection cannot be acquired before raising an error
Environment variable name: PACT_BROKER_DATABASE_POOL_TIMEOUT
YAML configuration key name: database_pool_timeout
Default: 5
Allowed values: A positive integer.
More information: https://sequel.jeremyevans.net/rdoc/files/doc/opening_databases_rdoc.html#label-General+connection+options
database_connect_max_retries
When running the Pact Broker Docker image experimentally using Docker Compose on a local development machine, the Broker application process may be ready before the database is available for connection, causing the application container to exit with an error. Setting the max retries to a non-zero number will allow it to retry the connection the configured number of times, waiting 3 seconds between attempts.
Environment variable name: PACT_BROKER_DATABASE_CONNECT_MAX_RETRIES
YAML configuration key name: database_connect_max_retries
Default: 0
Allowed values: A positive integer value.
auto_migrate_db
Whether or not to run the database schema migrations on start up. It is recommended to set this to true
.
Environment variable name: PACT_BROKER_AUTO_MIGRATE_DB
YAML configuration key name: auto_migrate_db
Default: true
Allowed values: true
, false
auto_migrate_db_data
Whether or not to run the database data migrations on start up. It is recommended to set this to true
.
Environment variable name: PACT_BROKER_AUTO_MIGRATE_DB_DATA
YAML configuration key name: auto_migrate_db_data
Default: true
Allowed values: true
, false
allow_missing_migration_files
If true
, will not raise an error if a database migration is recorded in the database that does not have an
equivalent file in the codebase. If this is true, an older version of the code may be used with a newer version of the database,
however, data integrity issues may occur.
Environment variable name: PACT_BROKER_ALLOW_MISSING_MIGRATION_FILES
YAML configuration key name: allow_missing_migration_files
Default: true
More information: https://sequel.jeremyevans.net/rdoc/classes/Sequel/Migrator.html
database_statement_timeout
The number of seconds after which an SQL query will be aborted. Only supported for Postgresql connections.
Environment variable name: PACT_BROKER_DATABASE_STATEMENT_TIMEOUT
YAML configuration key name: database_statement_timeout
Default: 15
Allowed values: A positive integer or float.
More information: https://www.postgresql.org/docs/9.3/runtime-config-client.html
metrics_sql_statement_timeout
The number of seconds after which the SQL queries used for the metrics endpoint will be aborted.
This is configurable separately from the standard database_statement_timeout
as it may need to be significantly
longer than the desired value for standard queries.
Environment variable name: PACT_BROKER_METRICS_SQL_STATEMENT_TIMEOUT
YAML configuration key name: metrics_sql_statement_timeout
Default: 30
Allowed values: A positive integer.
database_connection_validation_timeout
The number of seconds after which to check the health of a connection from a connection pool before passing it to the application.
-1
means that connections will be validated every time, which avoids errors
when databases are restarted and connections are killed. This has a performance
penalty, so consider increasing this timeout if building a frequently accessed service.
Environment variable name: PACT_BROKER_DATABASE_CONNECTION_VALIDATION_TIMEOUT
YAML configuration key name: database_connection_validation_timeout
Default: -1 for v2.85.1 and earlier, 3600 for later versions.
Allowed values: -1 or any positive integer.
More information: https://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_validator_rb.html
Authentication and authorization
The Pact Broker comes with 2 configurable basic auth users - one with read/write privileges, and one with read only privileges. The read only credentials should be distributed to the developers for use from development machines, and the read/write credentials should be used for CI/CD.
basic_auth_enabled
Whether to enable basic authorization. This is automatically set to true for the Docker images if the basic_auth_username
and basic_auth_password
are set.
Environment variable name: PACT_BROKER_BASIC_AUTH_ENABLED
YAML configuration key name: basic_auth_enabled
Default: false
Allowed values: true
, false
basic_auth_username
The username for the read/write basic auth user.
Environment variable name: PACT_BROKER_BASIC_AUTH_USERNAME
YAML configuration key name: basic_auth_username
basic_auth_password
The password for the read/write basic auth user.
Environment variable name: PACT_BROKER_BASIC_AUTH_PASSWORD
YAML configuration key name: basic_auth_password
basic_auth_read_only_username
The username for the read only basic auth user.
Environment variable name: PACT_BROKER_BASIC_AUTH_READ_ONLY_USERNAME
YAML configuration key name: basic_auth_read_only_username
basic_auth_read_only_password
The password for the read only basic auth user.
Environment variable name: PACT_BROKER_BASIC_AUTH_READ_ONLY_PASSWORD
YAML configuration key name: basic_auth_read_only_password
allow_public_read
If you want to allow public read access, but still require credentials for writing, then leave basic_auth_read_only_username
and basic_auth_read_only_password
unset, and set allow_public_read
to true
.
Environment variable name: PACT_BROKER_ALLOW_PUBLIC_READ
YAML configuration key name: allow_public_read
Default: false
Allowed values: true
, false
public_heartbeat
If you have enabled basic auth, but require unauthenticated access to the heartbeat URL (eg. for use within an AWS autoscaling group), set public_heartbeat
to true
.
Environment variable name: PACT_BROKER_PUBLIC_HEARTBEAT
YAML configuration key name: public_heartbeat
Default: false
Allowed values: true
, false
enable_public_badge_access
Set this to true to allow status badges to be embedded in README files without requiring a hardcoded password.
Environment variable name: PACT_BROKER_ENABLE_PUBLIC_BADGE_ACCESS
YAML configuration key name: enable_public_badge_access
Default: false
Allowed values: true
, false
Webhooks
webhook_retry_schedule
The schedule of seconds to wait between webhook execution attempts. The default schedule is 10 sec, 1 min, 2 min, 5 min, 10 min, 20 min (38 minutes in total).
Environment variable name: PACT_BROKER_WEBHOOK_RETRY_SCHEDULE
YAML configuration key name: webhook_retry_schedule
Format: A space separated list of integers.
Default: 10 60 120 300 600 1200
webhook_http_method_whitelist
The allowed HTTP methods for webhooks.
It is highly recommended that only POST
requests are allowed to ensure that webhooks cannot be used to retrieve sensitive information from hosts within the same network.
Environment variable name: PACT_BROKER_WEBHOOK_HTTP_METHOD_WHITELIST
YAML configuration key name: webhook_http_method_whitelist
Format: A space separated list.
Default: POST
Allowed values: POST
, GET
(not recommended), PUT
(not recommended), PATCH
(not recommended), DELETE
(not recommended)
webhook_http_code_success
If webhook call returns the response with an HTTP code that is listed in the success codes then the operation is
considered a success, otherwise the webhook will be re-triggered based on the webhook_retry_schedule
configuration.
In most cases, configuring this is not necessary, but there are some CI systems that return a non 200 status for a success, which is why this feature exists.
Environment variable name: PACT_BROKER_WEBHOOK_HTTP_CODE_SUCCESS
YAML configuration key name: webhook_http_code_success
Format: A space separated list of integers.
Default: 200 201 202 203 204 205 206
Allowed values: Any valid HTTP status code
webhook_scheme_whitelist
The allowed URL schemes for webhooks.
Environment variable name: PACT_BROKER_WEBHOOK_SCHEME_WHITELIST
YAML configuration key name: webhook_scheme_whitelist
Format: A space delimited list.
Default: https
Allowed values: https
, http
webhook_host_whitelist
A list of hosts, network ranges, or host regular expressions.
Regular expressions should start and end with a /
to differentiate them from Strings.
Note that backslashes need to be escaped with a second backslash when setting via an environment variable.
Please read the Webhook whitelists section of the Pact Broker configuration documentation to understand how the whitelist is used.
Environment variable name: PACT_BROKER_WEBHOOK_HOST_WHITELIST
Environment variable format: A space separated list.
YAML configuration key name: webhook_host_whitelist
YAML format: A YAML list.
Examples: github.com
, 10.2.3.41/24
, /.*\\.foo\\.com$/
More information: https://docs.pact.io/pact_broker/configuration/#webhook-whitelists
webhook_certificates
A list of SSL certificate configuration objects with the key description
, and either content
or path
. These
certificates are used when a webhook needs to connect to a server that uses a self signed certificate.
Each certificate configuration item accepts a chain of certificates in PEM format - there may be multiple 'BEGIN CERTIFICATE' and 'END CERTIFICATE' in the content of each item.
The certificate configuration is not validated on startup. If any of the configured certificates cannot be loaded during the execution of a webhook, an error will be logged, and they will be ignored. You can check if the configuration is working by testing the execution of a webhook that connects to the server with the self signed certificate by following these instructions https://docs.pact.io/pact_broker/webhooks/debugging_webhooks#testing-webhook-execution
When setting the content in the YAML file, use the syntax "content: |-" followed by a new line, and then the contents of the certificate chain in PEM format, indented by 2 more characters.
When setting the path, the full path to the certificate file in PEM format must be specified. When using Docker, you must ensure the certificate file is mounted into the container.
YAML Example:
webhook_certificates:
- description: "An example self signed certificate with content"
content: |-
-----BEGIN CERTIFICATE-----
MIIDZDCCAkygAwIBAgIBATANBgkqhkiG9w0BAQsFADBCMRMwEQYKCZImiZPyLGQB
<REST OF CERTIFICATE>
jHT1Ty2CglM=
-----END CERTIFICATE-----
- description: "An example self signed certificate with a path"
path: "/full/path/to/the/cert.pem"
Environment variable example:
PACT_BROKER_WEBHOOK_CERTIFICATES__0__LABEL="An example self signed certificate with content"
PACT_BROKER_WEBHOOK_CERTIFICATES__0__CONTENT="-----BEGIN CERTIFICATE-----
MIIDZDCCAkygAwIBAgIBATANBgkqhkiG9w0BAQsFADBCMRMwEQYKCZImiZPyLGQB
<REST OF CERTIFICATE>
jHT1Ty2CglM=
-----END CERTIFICATE-----"
PACT_BROKER_WEBHOOK_CERTIFICATES__1__LABEL="An example self signed certificate with a path"
PACT_BROKER_WEBHOOK_CERTIFICATES__1__PATH="/full/path/to/the/cert.pem"
Supported versions: From v2.90.0 for YAML and 2.97.0 for environment variables.
Environment variable name: PACT_BROKER_WEBHOOK_CERTIFICATES
YAML configuration key name: webhook_certificates
disable_ssl_verification
If set to true, SSL verification will be disabled for the HTTP requests made by the webhooks
Environment variable name: PACT_BROKER_DISABLE_SSL_VERIFICATION
YAML configuration key name: disable_ssl_verification
Default: false
Allowed values: true
, false
user_agent
The user agent to set when making HTTP requests for webhooks.
Environment variable name: PACT_BROKER_USER_AGENT
YAML configuration key name: user_agent
Default: Pact Broker v{VERSION}
Resources
port
The HTTP port that the Pact Broker application will run on. This will only be honoured if you are deploying the Pact Broker using
a package that actually reads this property (eg. one of the supported Docker images). If you are running the vanilla Ruby application,
the application will run on the port the server has been configured to run on (eg. bundle exec rackup -p 9393
)
Environment variable name: PACT_BROKER_PORT
YAML configuration key name: port
Default: 9292
base_url
The full URL (including port, if non-standard for the protocol) at which the application will be made available to users. This is used to create the links in the API. The application may run correctly without this attribute, however, it is strongly recommended to set it when deploying the Pact Broker to production as it prevents cache poisoning security vulnerabilities. It is also required when deploying the Broker behind a reverse proxy, and when the application has been mounted at a non-root context. Note that this attribute does not change where the application is actually mounted (that is the concern of the deployment configuration) - it just changes the links.
Environment variable name: PACT_BROKER_BASE_URL
YAML configuration key name: base_url
Examples: https://pact-broker.mycompany.com
, https://my-company.com:9292/pact-broker
base_urls
An alias of base_url. From version 2.79.0, multiple base URLs can be configured for architectures that use gateways or proxies that allow the same Pact Broker instance to be addressed with different base URLs.
Environment variable name: PACT_BROKER_BASE_URLS
YAML configuration key name: base_urls
Format: A space separated list.
Example: http://my-internal-pact-broker:9292 https://my-external-pact-broker
shields_io_base_url
The URL of the shields.io server used to generate the README badges.
Environment variable name: PACT_BROKER_SHIELDS_IO_BASE_URL
YAML configuration key name: shields_io_base_url
Default: https://img.shields.io
More information: https://shields.io
badge_provider_mode
The method by which the badges are generated. When set to redirect
, a request to the Pact Broker for a badge will be sent a redirect response
to render the badge from the shields.io server directly in the browser. This is the recommended value.
When set to proxy
, the Pact Broker will make a request directly to the configured shields.io server, and then send the returned file
back to the browser. This mode is not recommended for security and performance reasons.
Environment variable name: PACT_BROKER_BADGE_PROVIDER_MODE
YAML configuration key name: badge_provider_mode
Default: redirect
Allowed values: redirect
, proxy
enable_diagnostic_endpoints
Whether or not to enable the diagnostic endpoints at /diagnostic/status/heartbeat
and "diagnostic/status/dependencies
.
The heartbeat endpoint is for use by load balancers, and the dependencies endpoint is for checking that the database
is available (do not use this for load balancing, as it makes a database connection).
Environment variable name: PACT_BROKER_ENABLE_DIAGNOSTIC_ENDPOINTS
YAML configuration key name: enable_diagnostic_endpoints
Default: true
Allowed values: true
, false
use_hal_browser
Whether or not to enable the embedded HAL Browser.
Environment variable name: PACT_BROKER_USE_HAL_BROWSER
YAML configuration key name: use_hal_browser
Default: true
Allowed values: true
, false
More information: https://github.com/mikekelly/hal-browser
Domain
check_for_potential_duplicate_pacticipant_names
When a pact is published, the consumer, provider and consumer version resources are automatically created.
To prevent a pacticipant (consumer or provider) being created multiple times with slightly different name variants (eg. FooBar/foo-bar/foo bar/Foo Bar Service), a check is performed to determine if a new pacticipant name is likely to be a duplicate of any existing applications. If it is deemed similar enough to an existing name, a 409 will be returned.
The response body will contain instructions indicating that the pacticipant name should be corrected if it was intended to be an existing one, or that the pacticipant should be created manually if it was intended to be a new one.
To turn this feature off, set check_for_potential_duplicate_pacticipant_names
to false
, and make sure everyone is very careful with their naming!
The usefulness of the Broker depends on the integrity of the data, which in turn depends on the correctness of the pacticipant names.
Environment variable name: PACT_BROKER_CHECK_FOR_POTENTIAL_DUPLICATE_PACTICIPANT_NAMES
YAML configuration key name: check_for_potential_duplicate_pacticipant_names
Default: true
Allowed values: true
, false
create_deployed_versions_for_tags
When create_deployed_versions_for_tags
is true
and a tag is created, if there is an environment with the name of the newly created tag, a deployed version is
also created for the pacticipant version.
This is to assist in the migration from using tags to track deployments to using the deployed and released versions feature.
Supported versions: From v2.81.0
Environment variable name: PACT_BROKER_CREATE_DEPLOYED_VERSIONS_FOR_TAGS
YAML configuration key name: create_deployed_versions_for_tags
Default: true
Allowed values: true
, false
More information: https://docs.pact.io/pact_broker/recording_deployments_and_releases/
use_first_tag_as_branch
When use_first_tag_as_branch
is true
, the first tag applied to a version within the use_first_tag_as_branch_time_limit
(10 seconds)
will be used to populate the branch
property of the version.
This is to assist in the migration from using tags to track branches to using the branches feature.
Supported versions: From v2.82.0
Environment variable name: PACT_BROKER_USE_FIRST_TAG_AS_BRANCH
YAML configuration key name: use_first_tag_as_branch
Default: true
Allowed values: true
, false
auto_detect_main_branch
When true
and a pacticipant version is created with a tag or a branch that matches one of the names in main_branch_candidates
,
the mainBranch
property is set for that pacticipant if it is not already set.
This is to assist in the migration from using tags to track branches to using the branches feature.
Supported versions: From v2.82.0
Environment variable name: PACT_BROKER_AUTO_DETECT_MAIN_BRANCH
YAML configuration key name: auto_detect_main_branch
Default: true
Allowed values: true
, false
main_branch_candidates
An array of potential main branch names used when automatically detecting the main branch for a pacticipant.
Supported versions: From v2.82.0
Environment variable name: PACT_BROKER_MAIN_BRANCH_CANDIDATES
YAML configuration key name: main_branch_candidates
Format: A space delimited list.
Default: develop main master
allow_dangerous_contract_modification
Whether or not to allow the pact content for an existing consumer version to be modified. It is strongly recommended that this is set to false, as allowing modification makes the results of can-i-deploy unreliable. When this is set to false as recommended, each commit must publish pacts with a unique version number.
If modification of an existing contract is attempted when the value is set to false
, an HTTP 409 status will be returned.
Supported versions: From v2.82.0
Environment variable name: PACT_BROKER_ALLOW_DANGEROUS_CONTRACT_MODIFICATION
YAML configuration key name: allow_dangerous_contract_modification
Default: For new installations of v2.102 and later, this defaults to false
(the recommended value). Previous installations will have the default value of true
(not recommended).
Allowed values: true
, false
More information: https://docs.pact.io/versioning
pact_content_diff_timeout
The maximum amount of time in seconds to attempt to generate the diff between two pacts before aborting the request. This is required due to performance issues in the underlying diff generation code.
Supported versions: From 2.99.0
Environment variable name: PACT_BROKER_PACT_CONTENT_DIFF_TIMEOUT
YAML configuration key name: pact_content_diff_timeout
Default: 15
network_diagram_max_pacticipants
The maximum number of pacticipants to include in the network diagram. When too many pacticipants are included, the diagram becomes unreadable, and at large numbers, the graph will not render due to browser performance issues.
Environment variable name: PACT_BROKER_NETWORK_DIAGRAM_MAX_PACTICIPANTS
YAML configuration key name: network_diagram_max_pacticipants
Default: 150
Allowed values: A positive integer
Miscellaneous
features
A list of features to enable in the Pact Broker for beta testing before public release.
Environment variable name: PACT_BROKER_FEATURES
YAML configuration key name: features
Format: A space separated list.