settings.py

# -*- coding: utf-8 -*-
"""
app.settings
~~~~~~~~~~~~

This module implements the app default settings.

:copyright: (c) 2017 European Spallation Source ERIC
:license: BSD 2-Clause, see LICENSE for more details.

"""
import base64
import os
import raven
from pathlib import Path
from datetime import timedelta

SQLALCHEMY_DATABASE_URI = os.environ.get(
    "SQLALCHEMY_DATABASE_URI", "postgresql://ics:icspwd@postgres/csentry_db"
)
SQLALCHEMY_TRACK_MODIFICATIONS = False
BOOTSTRAP_SERVE_LOCAL = True
SECRET_KEY = (
    base64.b64decode(os.environ.get("SECRET_KEY", ""))
    or b"\x0d\x11{\xd3\x13$\xeeel\xa6\xfb\x1d~\xfd\xb2\x9d\x16\x00\xfb5\xd64\xd4\xe0"
)

JWT_BLACKLIST_ENABLED = True
JWT_BLACKLIST_TOKEN_CHECKS = ["access", "refresh"]
JWT_ACCESS_TOKEN_EXPIRES = timedelta(hours=12)

SESSION_TYPE = "redis"
SESSION_REDIS_URL = "redis://redis:6379/0"
CACHE_TYPE = "redis"
CACHE_REDIS_URL = "redis://redis:6379/1"
REDIS_URL = "redis://redis:6379/2"
QUEUES = ["default"]

ELASTICSEARCH_URL = "http://elasticsearch:9200"
ELASTICSEARCH_INDEX_SUFFIX = "-dev"
# Shall only be set to "true" for testing to make
# documents visible for search immediately
# https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-refresh.html
ELASTICSEARCH_REFRESH = "false"

LDAP_HOST = "esss.lu.se"
LDAP_BASE_DN = "DC=esss,DC=lu,DC=se"
LDAP_USER_DN = "OU=ESS Users"
LDAP_GROUP_DN = ""
LDAP_BIND_USER_DN = os.environ.get("LDAP_BIND_USER_DN", "ldapuser")
LDAP_BIND_USER_PASSWORD = os.environ.get("LDAP_BIND_USER_PASSWORD", "secret")
LDAP_USER_RDN_ATTR = "cn"
LDAP_USER_LOGIN_ATTR = "sAMAccountName"
LDAP_ALWAYS_SEARCH_BIND = True
LDAP_USER_OBJECT_FILTER = "(samAccountType=805306368)"
LDAP_GROUP_OBJECT_FILTER = ""
LDAP_USER_SEARCH_SCOPE = "SUBTREE"
LDAP_GROUP_SEARCH_SCOPE = "SUBTREE"
LDAP_GROUP_MEMBERS_ATTR = "member"
LDAP_GET_USER_ATTRIBUTES = ["cn", "sAMAccountName", "mail"]
LDAP_GET_GROUP_ATTRIBUTES = ["cn"]

# Mapping between CSEntry groups and LDAP groups
# The generic "network" group is automatically added based
# on all CSENTRY_DOMAINS_LDAP_GROUPS
CSENTRY_LDAP_GROUPS = {
    "admin": ["ICS Control System Infrastructure group"],
    "inventory": ["ICS Employees", "ICS Consultants"],
}
# Domains the user has access to based on LDAP groups
CSENTRY_DOMAINS_LDAP_GROUPS = {
    "esss.lu.se": ["ICS Control System Infrastructure group"],
    "tn.esss.lu.se": ["ICS Employees", "ICS Consultants"],
    "cslab.esss.lu.se": ["ICS Employees", "ICS Consultants"],
}

NETWORK_DEFAULT_PREFIX = 24
# ICS Ids starting with this prefix are considered temporary and can be changed
# (waiting for a real label to be assigned)
# WARNING: This is defined here as a global settings but should not be changed!
TEMPORARY_ICS_ID = "ZZ"

# CSENTRY MAC organizationally unique identifier
# This is a locally administered address
MAC_OUI = "02:42:42"

DOCUMENTATION_URL = "http://ics-infrastructure.pages.esss.lu.se/csentry/index.html"
# Shall be set to staging|production|development
CSENTRY_ENVIRONMENT = "staging"

AWX_URL = "https://torn.tn.esss.lu.se"
# AWX job templates
AWX_CORE_SERVICES_UPDATE = "ics-ans-core @ DHCP test"
# Shall be set to job or workflow_job
# Assumed to be job if the variable is not defined
AWX_CORE_SERVICES_UPDATE_RESOURCE = "job"
AWX_CREATE_VM = "deploy-vm-in-proxmox"
AWX_CREATE_VIOC = "deploy-vm-in-proxmox"
AWX_ZTP_CONFIGURATION = "ics-ans-ztp"
AWX_POST_INSTALL = {
    "VIOC": {"esss.lu.se": "", "tn.esss.lu.se": "", "cslab.esss.lu.se": ""},
    "VM": {
        "esss.lu.se": "",
        "tn.esss.lu.se": "",
        "cslab.esss.lu.se": "customize-LabVM",
    },
}

AWX_JOB_ENABLED = False
AWX_VM_CREATION_ENABLED = False

VM_CORES_CHOICES = [1, 2, 4, 6, 8, 24]
VM_MEMORY_CHOICES = [2, 4, 8, 16, 32, 128]
VM_DISK_CHOICES = [15, 50, 100, 250]
VIOC_CORES_CHOICES = [1, 2, 4]
VIOC_MEMORY_CHOICES = [2, 4, 8]
VIOC_DISK_CHOICES = [15, 50, 100, 250]

# Sentry integration
CSENTRY_RELEASE = raven.fetch_git_sha(Path(__file__).parents[1])
# Leave to empty string to disable sentry integration
SENTRY_DSN = os.environ.get("SENTRY_DSN", "")
SENTRY_USER_ATTRS = ["username"]
SENTRY_CONFIG = {"release": CSENTRY_RELEASE}

# Static local files
CSENTRY_STATIC_DIR = Path(__file__).parent / "static"
CSENTRY_STATIC_FILES = CSENTRY_STATIC_DIR / "files"