2
# Martin Nagy <mnagy@redhat.com>
3
# Jason Gerard DeRose <jderose@redhat.com>
5
# Copyright (C) 2008 Red Hat
6
# see file 'COPYING' for use and warranty information
8
# This program is free software; you can redistribute it and/or modify
9
# it under the terms of the GNU General Public License as published by
10
# the Free Software Foundation, either version 3 of the License, or
11
# (at your option) any later version.
13
# This program is distributed in the hope that it will be useful,
14
# but WITHOUT ANY WARRANTY; without even the implied warranty of
15
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
# GNU General Public License for more details.
18
# You should have received a copy of the GNU General Public License
19
# along with this program. If not, see <http://www.gnu.org/licenses/>.
22
All constants centralised in one file.
25
from ipapython.dn import DN
26
from ipapython.version import VERSION
28
FQDN = socket.getfqdn()
31
FQDN = socket.gethostname()
35
# The parameter system treats all these values as None:
36
NULLS = (None, '', u'', tuple(), [])
38
# regular expression NameSpace member names must match:
39
NAME_REGEX = r'^[a-z][_a-z0-9]*[a-z0-9]$|^[a-z]$'
41
# Format for ValueError raised when name does not match above regex:
42
NAME_ERROR = "name must match '%s'; got '%s'"
44
# Standard format for TypeError message:
45
TYPE_ERROR = '%s: need a %r; got %r (a %r)'
47
# Stardard format for TypeError message when a callable is expected:
48
CALLABLE_ERROR = '%s: need a callable; got %r (which is a %r)'
50
# Standard format for StandardError message when overriding an attribute:
51
OVERRIDE_ERROR = 'cannot override %s.%s value %r with %r'
53
# Standard format for AttributeError message when a read-only attribute is
55
SET_ERROR = 'locked: cannot set %s.%s to %r'
56
DEL_ERROR = 'locked: cannot delete %s.%s'
58
# Used for a tab (or indentation level) when formatting for CLI:
59
CLI_TAB = ' ' # Two spaces
61
# The section to read in the config files, i.e. [global]
62
CONFIG_SECTION = 'global'
64
# The default configuration for api.env
65
# This is a tuple instead of a dict so that it is immutable.
66
# To create a dict with this config, just "d = dict(DEFAULT_CONFIG)".
70
# Domain, realm, basedn:
71
('domain', 'example.com'),
72
('realm', 'EXAMPLE.COM'),
73
('basedn', DN(('dc', 'example'), ('dc', 'com'))),
76
('container_accounts', DN(('cn', 'accounts'))),
77
('container_user', DN(('cn', 'users'), ('cn', 'accounts'))),
78
('container_group', DN(('cn', 'groups'), ('cn', 'accounts'))),
79
('container_service', DN(('cn', 'services'), ('cn', 'accounts'))),
80
('container_host', DN(('cn', 'computers'), ('cn', 'accounts'))),
81
('container_hostgroup', DN(('cn', 'hostgroups'), ('cn', 'accounts'))),
82
('container_rolegroup', DN(('cn', 'roles'), ('cn', 'accounts'))),
83
('container_permission', DN(('cn', 'permissions'), ('cn', 'pbac'))),
84
('container_privilege', DN(('cn', 'privileges'), ('cn', 'pbac'))),
85
('container_automount', DN(('cn', 'automount'))),
86
('container_policies', DN(('cn', 'policies'))),
87
('container_configs', DN(('cn', 'configs'), ('cn', 'policies'))),
88
('container_roles', DN(('cn', 'roles'), ('cn', 'policies'))),
89
('container_applications', DN(('cn', 'applications'), ('cn', 'configs'), ('cn', 'policies'))),
90
('container_policygroups', DN(('cn', 'policygroups'), ('cn', 'configs'), ('cn', 'policies'))),
91
('container_policylinks', DN(('cn', 'policylinks'), ('cn', 'configs'), ('cn', 'policies'))),
92
('container_netgroup', DN(('cn', 'ng'), ('cn', 'alt'))),
93
('container_hbac', DN(('cn', 'hbac'))),
94
('container_hbacservice', DN(('cn', 'hbacservices'), ('cn', 'hbac'))),
95
('container_hbacservicegroup', DN(('cn', 'hbacservicegroups'), ('cn', 'hbac'))),
96
('container_dns', DN(('cn', 'dns'))),
97
('container_virtual', DN(('cn', 'virtual operations'), ('cn', 'etc'))),
98
('container_sudorule', DN(('cn', 'sudorules'), ('cn', 'sudo'))),
99
('container_sudocmd', DN(('cn', 'sudocmds'), ('cn', 'sudo'))),
100
('container_sudocmdgroup', DN(('cn', 'sudocmdgroups'), ('cn', 'sudo'))),
101
('container_automember', DN(('cn', 'automember'), ('cn', 'etc'))),
102
('container_selinux', DN(('cn', 'usermap'), ('cn', 'selinux'))),
103
('container_s4u2proxy', DN(('cn', 's4u2proxy'), ('cn', 'etc'))),
104
('container_cifsdomains', DN(('cn', 'ad'), ('cn', 'etc'))),
105
('container_trusts', DN(('cn', 'trusts'))),
106
('container_adtrusts', DN(('cn', 'ad'), ('cn', 'trusts'))),
107
('container_ranges', DN(('cn', 'ranges'), ('cn', 'etc'))),
108
('container_dna', DN(('cn', 'dna'), ('cn', 'ipa'), ('cn', 'etc'))),
109
('container_dna_posix_ids', DN(('cn', 'posix-ids'), ('cn', 'dna'), ('cn', 'ipa'), ('cn', 'etc'))),
110
('container_realm_domains', DN(('cn', 'Realm Domains'), ('cn', 'ipa'), ('cn', 'etc'))),
111
('container_otp', DN(('cn', 'otp'))),
113
# Ports, hosts, and URIs:
114
# FIXME: let's renamed xmlrpc_uri to rpc_xml_uri
115
('xmlrpc_uri', 'http://localhost:8888/ipa/xml'),
116
('rpc_json_uri', 'http://localhost:8888/ipa/json'),
117
('ldap_uri', 'ldap://localhost:389'),
118
# Time to wait for a service to start, in seconds
119
('startup_timeout', 300),
121
# Web Application mount points
122
('mount_ipa', '/ipa/'),
125
('webui_prod', True),
129
# Maximum time before a session expires forcing credentials to be reacquired.
130
('session_auth_duration', '20 minutes'),
131
# How a session expiration is computed, see SessionManager.set_session_expiration_time()
132
('session_duration_type', 'inactivity_timeout'),
137
('startup_traceback', False),
138
('mode', 'production'),
141
('ca_host', FQDN), # Set in Env._finalize_core()
143
('ca_agent_port', 443),
145
# For the following ports, None means a default specific to the installed
147
('ca_install_port', None),
148
('ca_agent_install_port', None),
149
('ca_ee_install_port', None),
153
('prompt_all', False),
154
('interactive', True),
158
# Enable certain optional plugins:
159
('enable_ra', False),
160
('ra_plugin', 'selfsign'),
161
('dogtag_version', 9),
163
# Used when verifying that the API hasn't changed. Not for production.
164
('validate_api', False),
166
# ********************************************************
167
# The remaining keys are never set from the values here!
168
# ********************************************************
170
# Env._bootstrap() or Env._finalize_core() will have filled in all the keys
171
# below by the time DEFAULT_CONFIG is merged in, so the values below are
172
# never actually used. They are listed both to provide a big picture and
173
# also so DEFAULT_CONFIG contains at least all the keys that should be
174
# present after Env._finalize_core() is called.
176
# Each environment variable below is sent to ``object``, which just happens
177
# to be an invalid value for an environment variable, so if for some reason
178
# any of these keys were set from the values here, an exception will be
181
# Non-overridable vars set in Env._bootstrap():
183
('ipalib', object), # The directory containing ipalib/__init__.py
184
('site_packages', object), # The directory contaning ipalib
185
('script', object), # sys.argv[0]
186
('bin', object), # The directory containing the script
187
('home', object), # $HOME
189
# Vars set in Env._bootstrap():
190
('in_tree', object), # Whether or not running in-tree (bool)
191
('dot_ipa', object), # ~/.ipa directory
192
('context', object), # Name of context, default is 'default'
193
('confdir', object), # Directory containing config files
194
('conf', object), # File containing context specific config
195
('conf_default', object), # File containing context independent config
196
('plugins_on_demand', object), # Whether to finalize plugins on-demand (bool)
198
# Set in Env._finalize_core():
199
('in_server', object), # Whether or not running in-server (bool)
200
('logdir', object), # Directory containing log files
201
('log', object), # Path to context specific log file