pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1212 from dod-ccpo/document-config

Browse Source 
Configuration Guide
This commit is contained in:
dandds 2019-11-27 11:10:58 -05:00 committed by GitHub
commit 55e95b09af
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 40 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.secrets.baseline
View File

@ -3,7 +3,7 @@
"files": "^.secrets.baseline$|^.*pgsslrootcert.yml$", "files": "^.secrets.baseline$|^.*pgsslrootcert.yml$",
"lines": null "lines": null
}, },
"generated_at": "2019-11-19T18:28:27Z", "generated_at": "2019-11-26T21:33:43Z",
"plugins_used": [ "plugins_used": [
{ {
"base64_limit": 4.5, "base64_limit": 4.5,
@ -46,7 +46,7 @@
"hashed_secret": "81b127e2222d9bfc4609053faec85300f7525463", "hashed_secret": "81b127e2222d9bfc4609053faec85300f7525463",
"is_secret": false, "is_secret": false,
"is_verified": false, "is_verified": false,
"line_number": 244, "line_number": 290,
"type": "Secret Keyword" "type": "Secret Keyword"
} }
], ],

38
README.md
View File

@ -220,6 +220,44 @@ To generate coverage reports for the Javascript tests:
yarn test:coverage yarn test:coverage
## Configuration
- `ASSETS_URL`: URL to host which serves static assets (such as a CDN).
- `BLOB_STORAGE_URL`: URL to Azure blob storage container.
- `CAC_URL`: URL for the CAC authentication route.
- `CA_CHAIN`: Path to the CA chain file.
- `CDN_ORIGIN`: URL for the origin host for asset files.
- `CELERY_DEFAULT_QUEUE`: String specifying the name of the queue that background tasks will be added to.
- `CONTRACT_END_DATE`: String specifying the end date of the JEDI contract. Used for task order validation. Example: 2019-09-14
- `CONTRACT_START_DATE`: String specifying the start date of the JEDI contract. Used for task order validation. Example: 2019-09-14.
- `CRL_FAIL_OPEN`: Boolean specifying if expired CRLs should fail open, rather than closed.
- `CRL_STORAGE_CONTAINER`: Path to a directory where the CRL cache will be stored.
- `CSP`: String specifying the cloud service provider to use. Acceptable values: "azure", "mock", "mock-csp".
- `DEBUG`: Boolean. A truthy value enables Flask's debug mode. https://flask.palletsprojects.com/en/1.1.x/config/#DEBUG
- `DISABLE_CRL_CHECK`: Boolean specifying if CRL check should be bypassed. Useful for instances of the application container that are not serving HTTP requests, such as Celery workers.
- `ENVIRONMENT`: String specifying the current environment. Acceptable values: "dev", "prod".
- `LIMIT_CONCURRENT_SESSIONS`: Boolean specifying if users should be allowed only one active session at a time.
- `LOG_JSON`: Boolean specifying whether app should log in a json format.
- `PERMANENT_SESSION_LIFETIME`: Integer specifying how many seconds a user's session can stay valid for. https://flask.palletsprojects.com/en/1.1.x/config/#PERMANENT_SESSION_LIFETIME
- `PGDATABASE`: String specifying the name of the postgres database.
- `PGHOST`: String specifying the hostname of the postgres database.
- `PGPASSWORD`: String specifying the password of the postgres database.
- `PGPORT`: Integer specifying the port number of the postgres database.
- `PGSSLMODE`: String specifying the ssl mode to use when connecting to the postgres database. https://www.postgresql.org/docs/9.1/libpq-ssl.html
- `PGSSLROOTCERT`: Path to the root SSL certificate for the postgres database.
- `PGUSER`: String specifying the username to use when connecting to the postgres database.
- `PORT`: Integer specifying the port to bind to when running the flask server. Used only for local development.
- `REDIS_URI`: URI for the redis server.
- `SECRET_KEY`: String key which will be used to sign the session cookie. Should be a long string of random bytes. https://flask.palletsprojects.com/en/1.1.x/config/#SECRET_KEY
- `SERVER_NAME`: Hostname for ATAT. Only needs to be specified in contexts where the hostname cannot be inferred from the request, such as Celery workers. https://flask.palletsprojects.com/en/1.1.x/config/#SERVER_NAME
- `SESSION_COOKIE_NAME`: String value specifying the name to use for the session cookie. https://flask.palletsprojects.com/en/1.1.x/config/#SESSION_COOKIE_NAME
- `SESSION_TYPE`: String value specifying the cookie storage backend. https://pythonhosted.org/Flask-Session/
- `SESSION_USE_SIGNER`: Boolean value specifying if the cookie sid should be signed.
- `SQLALCHEMY_ECHO`: Boolean value specifying if SQLAlchemy should log queries to stdout.
- `STATIC_URL`: URL specifying where static assets are hosted.
- `USE_AUDIT_LOG`: Boolean value describing if ATAT should write to the audit log table in the database. Set to "false" by default for performance reasons.
- `WTF_CSRF_ENABLED`: Boolean value specifying if WTForms should protect against CSRF. Should be set to "true" unless running automated tests.
### UI Test Automation ### UI Test Automation
AT-AT uses [Ghost Inpsector](https://app.ghostinspector.com/), a testing PaaS AT-AT uses [Ghost Inpsector](https://app.ghostinspector.com/), a testing PaaS

3
atst/app.py
View File

@ -160,7 +160,6 @@ def map_config(config):
"BROKER_URL": config["default"]["REDIS_URI"], "BROKER_URL": config["default"]["REDIS_URI"],
"DEBUG": config["default"].getboolean("DEBUG"), "DEBUG": config["default"].getboolean("DEBUG"),
"SQLALCHEMY_ECHO": config["default"].getboolean("SQLALCHEMY_ECHO"), "SQLALCHEMY_ECHO": config["default"].getboolean("SQLALCHEMY_ECHO"),
"CLASSIFIED": config["default"].getboolean("CLASSIFIED"),
"PORT": int(config["default"]["PORT"]), "PORT": int(config["default"]["PORT"]),
"SQLALCHEMY_DATABASE_URI": config["default"]["DATABASE_URI"], "SQLALCHEMY_DATABASE_URI": config["default"]["DATABASE_URI"],
"SQLALCHEMY_TRACK_MODIFICATIONS": False, "SQLALCHEMY_TRACK_MODIFICATIONS": False,
@ -175,8 +174,6 @@ def map_config(config):
"PERMANENT_SESSION_LIFETIME": config.getint( "PERMANENT_SESSION_LIFETIME": config.getint(
"default", "PERMANENT_SESSION_LIFETIME" "default", "PERMANENT_SESSION_LIFETIME"
), ),
"RQ_REDIS_URL": config["default"]["REDIS_URI"],
"RQ_QUEUES": [config["default"]["RQ_QUEUES"]],
"DISABLE_CRL_CHECK": config.getboolean("default", "DISABLE_CRL_CHECK"), "DISABLE_CRL_CHECK": config.getboolean("default", "DISABLE_CRL_CHECK"),
"CRL_FAIL_OPEN": config.getboolean("default", "CRL_FAIL_OPEN"), "CRL_FAIL_OPEN": config.getboolean("default", "CRL_FAIL_OPEN"),
"LOG_JSON": config.getboolean("default", "LOG_JSON"), "LOG_JSON": config.getboolean("default", "LOG_JSON"),

4
config/base.ini
View File

@ -5,7 +5,6 @@ CAC_URL = http://localhost:8000/login-redirect
CA_CHAIN = ssl/server-certs/ca-chain.pem CA_CHAIN = ssl/server-certs/ca-chain.pem
CDN_ORIGIN=http://localhost:8000 CDN_ORIGIN=http://localhost:8000
CELERY_DEFAULT_QUEUE=celery CELERY_DEFAULT_QUEUE=celery
CLASSIFIED = false
CONTRACT_END_DATE = 2022-09-14 CONTRACT_END_DATE = 2022-09-14
CONTRACT_START_DATE = 2019-09-14 CONTRACT_START_DATE = 2019-09-14
CRL_FAIL_OPEN = false CRL_FAIL_OPEN = false
@ -17,8 +16,6 @@ ENVIRONMENT = dev
LIMIT_CONCURRENT_SESSIONS = false LIMIT_CONCURRENT_SESSIONS = false
LOG_JSON = false LOG_JSON = false
PERMANENT_SESSION_LIFETIME = 1800 PERMANENT_SESSION_LIFETIME = 1800
PE_NUMBER_CSV_URL = http://c95e1ebb198426ee57b8-174bb05a294821bedbf46b6384fe9b1f.r31.cf5.rackcdn.com/penumbers.csv
PGAPPNAME = atst
PGDATABASE = atat PGDATABASE = atat
PGHOST = localhost PGHOST = localhost
PGPASSWORD = postgres PGPASSWORD = postgres
@ -28,7 +25,6 @@ PGSSLROOTCERT
PGUSER = postgres PGUSER = postgres
PORT=8000 PORT=8000
REDIS_URI = redis://localhost:6379 REDIS_URI = redis://localhost:6379
RQ_QUEUES = atat_%(ENVIRONMENT)s
SECRET_KEY = change_me_into_something_secret SECRET_KEY = change_me_into_something_secret
SERVER_NAME SERVER_NAME
SESSION_COOKIE_NAME=atat SESSION_COOKIE_NAME=atat