mirror of https://github.com/sipwise/repoapi.git
149 lines
5.0 KiB
149 lines
5.0 KiB
# Copyright (C) 2015-2022 The Sipwise Team - http://sipwise.com
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify it
|
|
# under the terms of the GNU General Public License as published by the Free
|
|
# Software Foundation, either version 3 of the License, or (at your option)
|
|
# any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful, but WITHOUT
|
|
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
|
# more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License along
|
|
# with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
# Build paths inside the project like this: join(BASE_DIR, ...)
|
|
import os
|
|
from configparser import RawConfigParser
|
|
from functools import reduce
|
|
from pathlib import Path
|
|
from urllib.parse import urlparse
|
|
|
|
import ldap
|
|
from celery.schedules import crontab
|
|
from django_auth_ldap.config import LDAPGroupQuery
|
|
from django_auth_ldap.config import LDAPSearch
|
|
from django_auth_ldap.config import PosixGroupType
|
|
|
|
from .common import * # noqa
|
|
|
|
# pylint: disable=W0401,W0614
|
|
|
|
# Build paths inside the project like this: BASE_DIR / 'subdir'.
|
|
BASE_DIR = Path(__file__).resolve(strict=True).parent.parent.parent
|
|
|
|
VAR_DIR = Path("/var/lib/repoapi")
|
|
if not VAR_DIR.exists():
|
|
VAR_DIR = BASE_DIR
|
|
|
|
# Quick-start development settings - unsuitable for production
|
|
# See https://docs.djangoproject.com/en/1.8/howto/deployment/checklist/
|
|
|
|
# SECURITY WARNING: keep the secret key used in production secret!
|
|
# read it from external file
|
|
SECRET_KEY = (VAR_DIR / ".secret_key").read_text().strip()
|
|
|
|
# SECURITY WARNING: don't run with debug turned on in production!
|
|
DEBUG = False
|
|
|
|
ALLOWED_HOSTS = [".mgm.sipwise.com"]
|
|
|
|
LOGGING["loggers"]["repoapi"]["level"] = os.getenv( # noqa
|
|
"DJANGO_LOG_LEVEL", "INFO"
|
|
) # noqa
|
|
|
|
server_config = RawConfigParser()
|
|
server_config.read(VAR_DIR / "server.ini")
|
|
|
|
JENKINS_URL = server_config.get("jenkins", "URL")
|
|
JENKINS_HTTP_USER = server_config.get("jenkins", "HTTP_USER")
|
|
JENKINS_HTTP_PASSWD = server_config.get("jenkins", "HTTP_PASSWD")
|
|
|
|
GERRIT_URL = server_config.get("gerrit", "URL")
|
|
GERRIT_REST_HTTP_USER = server_config.get("gerrit", "HTTP_USER")
|
|
GERRIT_REST_HTTP_PASSWD = server_config.get("gerrit", "HTTP_PASSWD")
|
|
|
|
DOCKER_REGISTRY_URL = server_config.get("server", "DOCKER_REGISTRY_URL")
|
|
AUTH_LDAP_SERVER_URI = server_config.get("server", "AUTH_LDAP_SERVER_URI")
|
|
AUTH_LDAP_USER_BASE = server_config.get("server", "AUTH_LDAP_USER_BASE")
|
|
AUTH_LDAP_GROUP_BASE = server_config.get("server", "AUTH_LDAP_GROUP_BASE")
|
|
AUTH_LDAP_REQUIRE_GROUP_LIST = server_config.get(
|
|
"server", "AUTH_LDAP_REQUIRE_GROUP_LIST"
|
|
).split(",")
|
|
require_grp_list_size = len(AUTH_LDAP_REQUIRE_GROUP_LIST)
|
|
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s," + AUTH_LDAP_USER_BASE
|
|
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
|
|
AUTH_LDAP_GROUP_BASE, ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)"
|
|
)
|
|
AUTH_LDAP_GROUP_TYPE = PosixGroupType()
|
|
|
|
if require_grp_list_size > 1:
|
|
AUTH_LDAP_REQUIRE_GROUP = reduce(
|
|
lambda x, y: LDAPGroupQuery(f"cn={x},{AUTH_LDAP_GROUP_BASE}")
|
|
| LDAPGroupQuery(f"cn={y},{AUTH_LDAP_GROUP_BASE}"),
|
|
AUTH_LDAP_REQUIRE_GROUP_LIST,
|
|
)
|
|
elif require_grp_list_size == 1:
|
|
for x in AUTH_LDAP_REQUIRE_GROUP_LIST:
|
|
AUTH_LDAP_REQUIRE_GROUP = LDAPGroupQuery(
|
|
f"cn={x},{AUTH_LDAP_GROUP_BASE}"
|
|
)
|
|
|
|
BUILD_POOL = server_config.getint("server", "BUILD_POOL")
|
|
|
|
# Keep ModelBackend around for per-user permissions and maybe a local
|
|
# superuser.
|
|
AUTHENTICATION_BACKENDS = (
|
|
"django_auth_ldap.backend.LDAPBackend",
|
|
"django.contrib.auth.backends.ModelBackend",
|
|
)
|
|
|
|
# Database
|
|
# https://docs.djangoproject.com/en/1.8/ref/settings/#databases
|
|
|
|
DATABASES = {
|
|
"default": {
|
|
"ENGINE": "django.db.backends.postgresql_psycopg2",
|
|
"NAME": server_config.get("server", "DB_NAME"),
|
|
"USER": server_config.get("server", "DB_USER"),
|
|
"PASSWORD": server_config.get("server", "DB_PWD"),
|
|
"HOST": "localhost",
|
|
"PORT": "",
|
|
}
|
|
}
|
|
STATICFILES_STORAGE = (
|
|
"django.contrib.staticfiles.storage.ManifestStaticFilesStorage"
|
|
)
|
|
GITWEB_URL = "https://git.mgm.sipwise.com/gitweb/?p={}.git;a=commit;h={}"
|
|
WORKFRONT_CREDENTIALS = BASE_DIR / "/etc/jenkins_jobs/workfront.ini"
|
|
WORKFRONT_NOTE = True
|
|
|
|
# build app
|
|
BUILD_REPOS_SCRIPTS_CONFIG_DIR = Path(
|
|
"/usr/share/sipwise-repos-scripts/config"
|
|
)
|
|
|
|
# celery
|
|
CELERY_BROKER_URL = server_config.get("server", "BROKER_URL")
|
|
CELERY_BEAT_SCHEDULE = {
|
|
# Executes every Sunday morning at 7:30 A.M
|
|
"purge-trunk": {
|
|
"task": "repoapi.tasks.jbi_purge",
|
|
"schedule": crontab(hour=7, minute=30, day_of_week="sunday"),
|
|
"args": ("none", 4),
|
|
},
|
|
"purge-none": {
|
|
"task": "repoapi.tasks.jbi_purge",
|
|
"schedule": crontab(hour=7, minute=30, day_of_week="sunday"),
|
|
"args": (None, 1),
|
|
},
|
|
}
|
|
CELERY_TIMEZONE = "UTC"
|
|
|
|
JBI_BASEDIR = VAR_DIR / "jbi_files"
|
|
JBI_ARTIFACT_JOBS = [
|
|
"release-tools-runner",
|
|
]
|
|
JBI_ALLOWED_HOSTS = [urlparse(JENKINS_URL).netloc]
|