1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
#--------------------------------------------------------------
# This file is managed by Juju; ANY CHANGES WILL BE OVERWRITTEN
#--------------------------------------------------------------
import base64
import os
os.environ['SSO_HOST_DIR'] = "{{ hostdir }}"
os.environ.setdefault('SSO_LOGS_DIR', "{{ log_dir }}")
os.environ.setdefault('SSO_ROOT_URL', "https://{{ hostname }}")
from django_project.settings_base import *
ALLOWED_HOSTS = [
"{{ hostname }}",
{% if deployment != 'production' %}
"{{ hostname|replace('login.staging', 'login-lp.staging') }}",
{% endif %}
"{{ hostname|replace('ubuntu.com', 'launchpad.net') }}",
"sso-app",
]
ADMINAUDIT_EMAILS_RECIPIENTS = {{ adminaudit_emails_recipients }}
API_HOST = "http://localhost:{{ port }}"
# only use memcached if we have correctly configured memcached units available
{% set memcached_units = relations.memcached|rejectattr("port", "undefined")|list %}
{% if memcached_units %}
CACHES['default']['BACKEND'] = 'django.core.cache.backends.memcached.MemcachedCache'
CACHES['default']['LOCATION'] = [
{% for unit in memcached_units if 'port' in unit %}
"{{ unit["private-address"] }}:{{ unit['port'] }}",
{% endfor %}
]
{% else %}
CACHES['default']['BACKEND'] = 'django.core.cache.backends.locmem.LocMemCache'
{% endif %}
CAPTCHA_PRIVATE_KEY = '{{ captcha_private_key }}'
CAPTCHA_PUBLIC_KEY = '{{ captcha_public_key }}'
{% if http_captcha_proxy %}
CAPTCHA_PROXIES['http'] = "{{ http_captcha_proxy }}"
{% endif %}
{% if https_captcha_proxy %}
CAPTCHA_PROXIES['https'] = "{{ https_captcha_proxy }}"
{% endif %}
COMBINE = {{ combine }}
{% if crypto_sso_privkey %}
_crypto_sso_raw = base64.b64decode("{{ crypto_sso_privkey }}")
# Try/except is temporary while we transition to devportal.macaroons.crypto,
# once that's deployed we can remove the except and Crypto and RSA.
# crypto from identityprovider imported first because we prefer that if both
# are available.
try:
# importing this here because it should happen in the project's context,
# not in the charm's one
from identityprovider import crypto
CRYPTO_SSO_PRIVKEY = crypto.parse_private_key(_crypto_sso_raw)
except ImportError:
from Crypto.PublicKey import RSA
CRYPTO_SSO_PRIVKEY = RSA.importKey(_crypto_sso_raw)
# importing this here because it should happen in the project's context, not in the charm's one
{% endif %}
DATABASES['default']['USER'] = os.getenv('DB_USER', "{{ db_user }}")
DATABASES['default']['PASSWORD'] = os.getenv('DB_PASSWORD', "{{ db_password }}")
DATABASES['default']['NAME'] = "{{ db_name }}"
DATABASES['default']['HOST'] = "{{ db_host }}"
DATABASES['default']['PORT'] = "{{ db_port }}"
DBFAILOVER_FLAG_DIR = "{{ db_readonly_path }}"
EMAIL_RELAY = "{{ email_hostport }}"
EMAIL_HOST = "localhost"
EMAIL_PORT = 25
EMAIL_USER = "{{ email_user }}"
EMAIL_PASSWORD = "{{ email_password }}"
EMAIL_USE_TLS = {{ email_use_tls }}
EMAIL_WHITELIST_REGEXP_LIST = {{ email_whitelist_regexp_list }}
EMBEDDED_TRUST_ROOT = "{{ embedded_trust_root }}"
GOOGLE_ANALYTICS_ID = "{{ google_analytics_id }}"
GOOGLE_TAG_MANAGER_ID = "{{ google_tag_manager_id }}"
GPGSERVICE_ENDPOINT = "{{ gpgservice_endpoint }}"
GPGSERVICE_TIMEOUT = {{ gpgservice_timeout }}
{% if honeypot_field_name %}
HONEYPOT_FIELD_NAME = "{{ honeypot_field_name }}"
{% endif %}
LP_API_URL = "{{ lp_api_url }}"
LP_API_CONSUMER_KEY = "{{ lp_api_consumer_key }}"
LP_API_TOKEN = "{{ lp_api_token }}"
LP_API_TOKEN_SECRET = "{{ lp_api_token_secret }}"
{% if noreply_from_address %}
NOREPLY_FROM_ADDRESS = "{{ noreply_from_address }}"
{% endif %}
{% if oops_config %}
{# TODO: ensure oops_config is dict? #}
OOPSES['publishers'].append({{ oops_config }})
{% if oops_password %}
OOPSES['publishers'][-1]['password'] = "{{ oops_password }}"
{% endif %}
{% endif %}
OOPSES['template']['reporter'] = '{{ oops_reporter }}'
OPENID_LAUNCHPAD_STAFF_TEAMS = {{ openid_launchpad_staff_teams }}
OPENID_LAUNCHPAD_TEAMS_MAPPING = {{ openid_launchpad_teams_mapping }}
{% if openid_token_ttl %}
OPENID_TOKEN_TTL = {{ openid_token_ttl }}
{% endif %}
{% if deployment != 'production' %}
# enable test consumer
TESTING=True
{% endif %}
{% if saml_remotes %}
SAML2IDP_REMOTES = {{ saml_remotes }}
{% endif %}
{% if google_saml_key and google_saml_cert %}
SAML2IDP_CONFIG['certificate_file'] = "{{ google_saml_cert_path }}"
SAML2IDP_CONFIG['private_key_file'] = "{{ google_saml_key_path }}"
{% endif %}
SECRET_KEY = "{{ secret_key }}"
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
{% if ':' in statsd_hostport %}
STATSD_HOST = "{{ statsd_hostport.split(':')[0] }}"
STATSD_PORT = {{ (statsd_hostport.split(':')[1])|int }}
{% endif %}
STATSD_PREFIX = "{{ statsd_prefix }}"
THROTTLE_WHITELIST_EMAIL_REGEXP_LIST = {{ throttle_whitelist_email_regexp_list }}
TWOFACTOR_FAILURE_NOTIFICATION_EMAILS = {{ twofactor_failure_notification_emails }}
TWOFACTOR_FAILURE_NOTIFICATION_TEAMS = {{ twofactor_failure_notification_teams }}
TWOFACTOR_MANDATORY_TEAMS = {{ twofactor_mandatory_teams }}
TWOFACTOR_SERVICE_IDENT = "{{ twofactor_service_ident }}"
{% if raven_dsn %}
RAVEN_CONFIG['dsn'] = "{{ raven_dsn }}"
{% endif %}
|