Config¶

class gafaelfawr.config.Config(realm, log_level, session_secret, redis_url, redis_password, database_url, database_password, bootstrap_token, token_lifetime, proxies, after_logout_url, error_footer, slack_webhook, cadc_base_uuid, github, oidc, ldap, firestore, forgerock, oidc_server, quota, initial_admins, known_scopes, group_mapping)¶

Bases: object

Configuration for Gafaelfawr.

The internal representation of the configuration, created from the Settings model.

Some configuration parameters from the configuration file are copied into multiple configuration dataclasses. This allows the configuration for each internal component to be self-contained and unaware of the configuration of the rest of the application.

Parameters:

realm (str)
log_level (LogLevel)
session_secret (str)
redis_url (str)
redis_password (str | None)
database_url (str)
database_password (str | None)
bootstrap_token (Token | None)
token_lifetime (timedelta)
proxies (tuple[IPv4Network | IPv6Network, ...])
after_logout_url (str)
error_footer (str | None)
slack_webhook (str | None)
cadc_base_uuid (UUID | None)
github (GitHubConfig | None)
oidc (OIDCConfig | None)
ldap (LDAPConfig | None)
firestore (FirestoreConfig | None)
forgerock (ForgeRockConfig | None)
oidc_server (OIDCServerConfig | None)
quota (Quota | None)
initial_admins (tuple[str, ...])
known_scopes (Mapping[str, str])
group_mapping (Mapping[str, frozenset[str]])

Attributes Summary

`after_logout_url`	Default URL to which to send the user after logging out.
`bootstrap_token`	Bootstrap authentication token.
`cadc_base_uuid`	Namespace UUID used to generate UUIDs for CADC-compatible auth.
`database_password`	Password for the PostgreSQL database.
`database_url`	URL for the PostgreSQL database.
`error_footer`	HTML to add (inside `<p>`) to login error pages.
`firestore`	Settings for Firestore-based UID/GID assignment.
`forgerock`	Configuration for ForgeRock Identity Management server.
`github`	Configuration for GitHub authentication.
`group_mapping`	Mapping of group names to the set of scopes that group grants.
`initial_admins`	Initial token administrators to configure when initializing database.
`known_scopes`	Known scopes (the keys) and their descriptions (the values).
`ldap`	Configuration for LDAP.
`log_level`	Level for logging.
`oidc`	Configuration for OpenID Connect authentication.
`oidc_server`	Configuration for the OpenID Connect server.
`proxies`	Trusted proxy IP netblocks in front of Gafaelfawr.
`quota`	Quota for users.
`realm`	Realm for HTTP authentication.
`redis_password`	Password for the Redis server that stores sessions.
`redis_url`	URL for the Redis server that stores sessions.
`session_secret`	Secret used to encrypt the session cookie and session store.
`slack_webhook`	Slack webhook to which to post alerts.
`token_lifetime`	Maximum lifetime of session, notebook, and internal tokens.

Methods Summary

`configure_logging`()	Configure logging based on the Gafaelfawr configuration.
`from_file`(path)	Construct a Config object from a configuration file.

Attributes Documentation

after_logout_url: str¶: Default URL to which to send the user after logging out.

bootstrap_token: Token | None¶

Bootstrap authentication token.

This token can be used with specific routes in the admin API to change the list of admins and create service and user tokens.

cadc_base_uuid: UUID | None¶: Namespace UUID used to generate UUIDs for CADC-compatible auth.

database_password: str | None¶: Password for the PostgreSQL database.

database_url: str¶: URL for the PostgreSQL database.

error_footer: str | None¶: HTML to add (inside <p>) to login error pages.

firestore: FirestoreConfig | None¶: Settings for Firestore-based UID/GID assignment.

forgerock: ForgeRockConfig | None¶: Configuration for ForgeRock Identity Management server.

github: GitHubConfig | None¶: Configuration for GitHub authentication.

group_mapping: Mapping[str, frozenset[str]]¶: Mapping of group names to the set of scopes that group grants.

initial_admins: tuple[str, ...]¶: Initial token administrators to configure when initializing database.

known_scopes: Mapping[str, str]¶: Known scopes (the keys) and their descriptions (the values).

ldap: LDAPConfig | None¶: Configuration for LDAP.

log_level: LogLevel¶: Level for logging.

oidc: OIDCConfig | None¶: Configuration for OpenID Connect authentication.

oidc_server: OIDCServerConfig | None¶: Configuration for the OpenID Connect server.

proxies: tuple[IPv4Network | IPv6Network, ...]¶

Trusted proxy IP netblocks in front of Gafaelfawr.

If this is set to a non-empty list, it will be used as the trusted list of proxies when parsing X-Forwarded-For for the /auth route. IP addresses from that header will be discarded from the right side when they match an entry in this list until a non-matching IP is reached or there is only one IP left, and then that IP will be used as the remote IP for logging purposes. This will allow logging of accurate client IP addresses.

quota: Quota | None¶: Quota for users.

realm: str¶: Realm for HTTP authentication.

redis_password: str | None¶: Password for the Redis server that stores sessions.

redis_url: str¶: URL for the Redis server that stores sessions.

session_secret: str¶: Secret used to encrypt the session cookie and session store.

slack_webhook: str | None¶: Slack webhook to which to post alerts.

token_lifetime: timedelta¶: Maximum lifetime of session, notebook, and internal tokens.

Methods Documentation

configure_logging()¶

Configure logging based on the Gafaelfawr configuration.

Return type:: None

classmethod from_file(path)¶

Construct a Config object from a configuration file.

Parameters:: path (Path) – Path to the configuration file in YAML.
Returns:: The corresponding Config object.
Return type:: Config