Merge pull request #1212 from dod-ccpo/document-config

Configuration Guide

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "^.secrets.baseline$|^.*pgsslrootcert.yml$",
     "lines": null
   },
-  "generated_at": "2019-11-19T18:28:27Z",
+  "generated_at": "2019-11-26T21:33:43Z",
   "plugins_used": [
     {
       "base64_limit": 4.5,
@@ -46,7 +46,7 @@
         "hashed_secret": "81b127e2222d9bfc4609053faec85300f7525463",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 244,
+        "line_number": 290,
         "type": "Secret Keyword"
       }
     ],

README.md

@@ -220,6 +220,44 @@ To generate coverage reports for the Javascript tests:
 
     yarn test:coverage
 
+## Configuration
+
+- `ASSETS_URL`: URL to host which serves static assets (such as a CDN).
+- `BLOB_STORAGE_URL`: URL to Azure blob storage container.
+- `CAC_URL`: URL for the CAC authentication route.
+- `CA_CHAIN`: Path to the CA chain file.
+- `CDN_ORIGIN`: URL for the origin host for asset files.
+- `CELERY_DEFAULT_QUEUE`: String specifying the name of the queue that background tasks will be added to.
+- `CONTRACT_END_DATE`: String specifying the end date of the JEDI contract. Used for task order validation. Example: 2019-09-14
+- `CONTRACT_START_DATE`: String specifying the start date of the JEDI contract. Used for task order validation. Example: 2019-09-14.
+- `CRL_FAIL_OPEN`: Boolean specifying if expired CRLs should fail open, rather than closed.
+- `CRL_STORAGE_CONTAINER`: Path to a directory where the CRL cache will be stored.
+- `CSP`: String specifying the cloud service provider to use. Acceptable values: "azure", "mock", "mock-csp".
+- `DEBUG`: Boolean. A truthy value enables Flask's debug mode. https://flask.palletsprojects.com/en/1.1.x/config/#DEBUG
+- `DISABLE_CRL_CHECK`: Boolean specifying if CRL check should be bypassed. Useful for instances of the application container that are not serving HTTP requests, such as Celery workers.
+- `ENVIRONMENT`: String specifying the current environment. Acceptable values: "dev", "prod".
+- `LIMIT_CONCURRENT_SESSIONS`: Boolean specifying if users should be allowed only one active session at a time.
+- `LOG_JSON`: Boolean specifying whether app should log in a json format.
+- `PERMANENT_SESSION_LIFETIME`: Integer specifying how many seconds a user's session can stay valid for. https://flask.palletsprojects.com/en/1.1.x/config/#PERMANENT_SESSION_LIFETIME
+- `PGDATABASE`: String specifying the name of the postgres database.
+- `PGHOST`: String specifying the hostname of the postgres database.
+- `PGPASSWORD`: String specifying the password of the postgres database.
+- `PGPORT`: Integer specifying the port number of the postgres database.
+- `PGSSLMODE`: String specifying the ssl mode to use when connecting to the postgres database. https://www.postgresql.org/docs/9.1/libpq-ssl.html
+- `PGSSLROOTCERT`: Path to the root SSL certificate for the postgres database.
+- `PGUSER`: String specifying the username to use when connecting to the postgres database.
+- `PORT`: Integer specifying the port to bind to when running the flask server. Used only for local development.
+- `REDIS_URI`: URI for the redis server.
+- `SECRET_KEY`: String key which will be used to sign the session cookie. Should be a long string of random bytes. https://flask.palletsprojects.com/en/1.1.x/config/#SECRET_KEY
+- `SERVER_NAME`: Hostname for ATAT. Only needs to be specified in contexts where the hostname cannot be inferred from the request, such as Celery workers. https://flask.palletsprojects.com/en/1.1.x/config/#SERVER_NAME
+- `SESSION_COOKIE_NAME`: String value specifying the name to use for the session cookie. https://flask.palletsprojects.com/en/1.1.x/config/#SESSION_COOKIE_NAME
+- `SESSION_TYPE`: String value specifying the cookie storage backend. https://pythonhosted.org/Flask-Session/
+- `SESSION_USE_SIGNER`: Boolean value specifying if the cookie sid should be signed.
+- `SQLALCHEMY_ECHO`: Boolean value specifying if SQLAlchemy should log queries to stdout.
+- `STATIC_URL`: URL specifying where static assets are hosted.
+- `USE_AUDIT_LOG`: Boolean value describing if ATAT should write to the audit log table in the database. Set to "false" by default for performance reasons.
+- `WTF_CSRF_ENABLED`: Boolean value specifying if WTForms should protect against CSRF. Should be set to "true" unless running automated tests.
+
 ### UI Test Automation
 
 AT-AT uses [Ghost Inpsector](https://app.ghostinspector.com/), a testing PaaS

atst/app.py

@@ -160,7 +160,6 @@ def map_config(config):
         "BROKER_URL": config["default"]["REDIS_URI"],
         "DEBUG": config["default"].getboolean("DEBUG"),
         "SQLALCHEMY_ECHO": config["default"].getboolean("SQLALCHEMY_ECHO"),
-        "CLASSIFIED": config["default"].getboolean("CLASSIFIED"),
         "PORT": int(config["default"]["PORT"]),
         "SQLALCHEMY_DATABASE_URI": config["default"]["DATABASE_URI"],
         "SQLALCHEMY_TRACK_MODIFICATIONS": False,
@@ -175,8 +174,6 @@ def map_config(config):
         "PERMANENT_SESSION_LIFETIME": config.getint(
             "default", "PERMANENT_SESSION_LIFETIME"
         ),
-        "RQ_REDIS_URL": config["default"]["REDIS_URI"],
-        "RQ_QUEUES": [config["default"]["RQ_QUEUES"]],
         "DISABLE_CRL_CHECK": config.getboolean("default", "DISABLE_CRL_CHECK"),
         "CRL_FAIL_OPEN": config.getboolean("default", "CRL_FAIL_OPEN"),
         "LOG_JSON": config.getboolean("default", "LOG_JSON"),

config/base.ini

@@ -5,7 +5,6 @@ CAC_URL = http://localhost:8000/login-redirect
 CA_CHAIN = ssl/server-certs/ca-chain.pem
 CDN_ORIGIN=http://localhost:8000
 CELERY_DEFAULT_QUEUE=celery
-CLASSIFIED = false
 CONTRACT_END_DATE = 2022-09-14
 CONTRACT_START_DATE = 2019-09-14
 CRL_FAIL_OPEN = false
@@ -17,8 +16,6 @@ ENVIRONMENT = dev
 LIMIT_CONCURRENT_SESSIONS = false
 LOG_JSON = false
 PERMANENT_SESSION_LIFETIME = 1800
-PE_NUMBER_CSV_URL = http://c95e1ebb198426ee57b8-174bb05a294821bedbf46b6384fe9b1f.r31.cf5.rackcdn.com/penumbers.csv
-PGAPPNAME = atst
 PGDATABASE = atat
 PGHOST = localhost
 PGPASSWORD = postgres
@@ -28,7 +25,6 @@ PGSSLROOTCERT
 PGUSER = postgres
 PORT=8000
 REDIS_URI = redis://localhost:6379
-RQ_QUEUES = atat_%(ENVIRONMENT)s
 SECRET_KEY = change_me_into_something_secret
 SERVER_NAME
 SESSION_COOKIE_NAME=atat