Config#
- class gafaelfawr.config.Config(realm, log_level, session_secret, redis_url, redis_password, database_url, database_password, bootstrap_token, token_lifetime, proxies, after_logout_url, error_footer, slack_webhook, github, oidc, ldap, firestore, forgerock, oidc_server, quota, initial_admins, known_scopes, group_mapping)#
Bases:
objectConfiguration for Gafaelfawr.
The internal representation of the configuration, created from the
Settingsmodel.Some configuration parameters from the configuration file are copied into multiple configuration dataclasses. This allows the configuration for each internal component to be self-contained and unaware of the configuration of the rest of the application.
- Parameters:
realm (
str) –log_level (
LogLevel) –session_secret (
str) –redis_url (
str) –database_url (
str) –token_lifetime (
timedelta) –proxies (
tuple[IPv4Network|IPv6Network,...]) –after_logout_url (
str) –github (
Optional[GitHubConfig]) –oidc (
Optional[OIDCConfig]) –ldap (
Optional[LDAPConfig]) –firestore (
Optional[FirestoreConfig]) –forgerock (
Optional[ForgeRockConfig]) –oidc_server (
Optional[OIDCServerConfig]) –
Attributes Summary
Default URL to which to send the user after logging out.
Bootstrap authentication token.
Password for the PostgreSQL database.
URL for the PostgreSQL database.
HTML to add (inside
<p>) to login error pages.Settings for Firestore-based UID/GID assignment.
Configuration for ForgeRock Identity Management server.
Configuration for GitHub authentication.
Mapping of group names to the set of scopes that group grants.
Initial token administrators to configure when initializing database.
Known scopes (the keys) and their descriptions (the values).
Configuration for LDAP.
Level for logging.
Configuration for OpenID Connect authentication.
Configuration for the OpenID Connect server.
Trusted proxy IP netblocks in front of Gafaelfawr.
Quota for users.
Realm for HTTP authentication.
Password for the Redis server that stores sessions.
URL for the Redis server that stores sessions.
Secret used to encrypt the session cookie and session store.
Slack webhook to which to post alerts.
Maximum lifetime of session, notebook, and internal tokens.
Attributes Documentation
-
bootstrap_token:
Optional[Token]# Bootstrap authentication token.
This token can be used with specific routes in the admin API to change the list of admins and create service and user tokens.
HTML to add (inside
<p>) to login error pages.
-
firestore:
Optional[FirestoreConfig]# Settings for Firestore-based UID/GID assignment.
-
forgerock:
Optional[ForgeRockConfig]# Configuration for ForgeRock Identity Management server.
-
github:
Optional[GitHubConfig]# Configuration for GitHub authentication.
-
group_mapping:
Mapping[str,frozenset[str]]# Mapping of group names to the set of scopes that group grants.
-
initial_admins:
tuple[str,...]# Initial token administrators to configure when initializing database.
-
ldap:
Optional[LDAPConfig]# Configuration for LDAP.
-
oidc:
Optional[OIDCConfig]# Configuration for OpenID Connect authentication.
-
oidc_server:
Optional[OIDCServerConfig]# Configuration for the OpenID Connect server.
-
proxies:
tuple[IPv4Network|IPv6Network,...]# Trusted proxy IP netblocks in front of Gafaelfawr.
If this is set to a non-empty list, it will be used as the trusted list of proxies when parsing
X-Forwarded-Forfor the/authroute. IP addresses from that header will be discarded from the right side when they match an entry in this list until a non-matching IP is reached or there is only one IP left, and then that IP will be used as the remote IP for logging purposes. This will allow logging of accurate client IP addresses.