Config¶
- pydantic settings gafaelfawr.config.Config¶
Configuration for Gafaelfawr.
- Parameters:
data (
Any
)- Fields:
- Validators:
_validate_bootstrap_token
»bootstrapToken
_validate_initial_admins
»initialAdmins
_validate_known_scopes
»knownScopes
_validate_optional
»all fields
_validate_scopes
»all fields
_validate_token_lifetime
»tokenLifetime
_validate_userinfo
»all fields
- field afterLogoutUrl: HttpUrl [Required] (name 'after_logout_url')¶
Default URL to which to send the user after logging out
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field baseInternalUrl: HttpUrl [Required] (name 'base_internal_url')¶
Base URL for internal-only routes such as
/ingress/auth
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field baseUrl: HttpUrl [Required] (name 'base_url')¶
Base URL for user-facing routes such as
/login
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field bootstrapToken: SecretStr [Required] (name 'bootstrap_token')¶
File containing the bootstrap authentication token. This token can be used with specific routes in the admin API to change the list of admins and create service and user tokens.
- Validated by:
_validate_bootstrap_token
_validate_optional
_validate_scopes
_validate_userinfo
- field cilogon: CILogonConfig | None = None¶
Configuration for the CILogon authentication provider
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field databasePassword: SecretStr [Required] (name 'database_password')¶
Password for the PostgreSQL database
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field databaseUrl: EnvAsyncPostgresDsn [Required] (name 'database_url')¶
DSN for the PostgreSQL database
- Constraints:
allowed_schemes = [‘postgresql’, ‘postgresql+asyncpg’]
host_required = True
func = <function _validate_env_async_postgres_dsn at 0x7f7d8232cfe0>
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field enableSentry: bool = False (name 'enable_sentry')¶
Send trace and telemetry information to Sentry if the Sentry environment variables are set
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
HTML to add (inside
<p>
) to login error pages- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field firestore: FirestoreConfig | None = None¶
Configuration for UID/GID allocation using Firestore
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field github: GitHubConfig | None = None¶
Configuration for the GitHub authentication provider
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field groupMapping: dict[str, list[str | GitHubGroup]] = {} (name 'group_mapping')¶
Mappings of scopes to lists of groups that provide them
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field initialAdmins: list[str] = [] (name 'initial_admins')¶
List of usernames to mark as admins during database initialization
- Validated by:
_validate_initial_admins
_validate_optional
_validate_scopes
_validate_userinfo
- field internalDatabase: bool = False (name 'internal_database')¶
Whether to use a cluster-internal database. This setting is only used by Helm, not by Gafaelfawr itself.
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field knownScopes: dict[str, str] = {} (name 'known_scopes')¶
Known scopes (the keys) and their descriptions (the values)
- Validated by:
_validate_known_scopes
_validate_optional
_validate_scopes
_validate_userinfo
- field ldap: LDAPConfig | None = None¶
Configuration for retrieving user information from LDAP
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field logLevel: LogLevel = LogLevel.INFO (name 'log_level')¶
Python logging level
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field metrics: MetricsConfiguration [Required]¶
Configuration for reporting metrics to Kafka
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field oidc: OIDCConfig | None = None¶
Configuration for the OpenID Connect authentication provider
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field oidcServer: OIDCServerConfig | None = None (name 'oidc_server')¶
Configuration for Gafaelfawr’s internal OpenID Connect server
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field proxies: list[IPv4Network | IPv6Network] | None = None¶
If this is set to a non-empty list, it will be used as the trusted list of proxies when parsing the
X-Forwarded-For
HTTP header in incoming requests. IP addresses from that header will be discarded from the right side when they are within a netblock in this list until a non-matching IP is reached or there is only one IP left, and then that IP will be used as the remote IP for logging purposes. This allows logging of accurate client IP addresses.- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field quota: QuotaConfig | None = None¶
Rules for assigning quota to users
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field realm: str [Required]¶
Realm for HTTP authentication
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field redisPassword: SecretStr | None = None (name 'redis_password')¶
Password for the Redis server that stores tokens
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field redisUrl: EnvRedisDsn [Required] (name 'redis_url')¶
DSN for the Redis server that stores tokens
- Constraints:
allowed_schemes = [‘redis’]
default_host = localhost
default_port = 6379
default_path = /0
func = <function _validate_env_redis_dsn at 0x7f7d8232eca0>
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field sessionSecret: SecretStr [Required] (name 'session_secret')¶
Fernet encryption key used for session cookie and store
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field slackAlerts: bool = False (name 'slack_alerts')¶
Whether to enable Slack alerts. If true,
slack_webhook
must also be set.- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field slackWebhook: SecretStr | None = None (name 'slack_webhook')¶
If set, alerts will be posted to this Slack webhook
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- field tokenLifetime: HumanTimedelta = datetime.timedelta(days=30) (name 'token_lifetime')¶
Lifetime of newly-created session tokens
- Constraints:
func = <function <lambda> at 0x7f7d8232ee80>
json_schema_input_type = PydanticUndefined
return_type = <class ‘float’>
when_used = json
- Validated by:
_validate_optional
_validate_scopes
_validate_token_lifetime
_validate_userinfo
- field updateSchema: bool = False (name 'update_schema')¶
This setting is interpreted by Helm and triggers a SQL schema update via a Helm hook. It is not used by Gafaelfawr directly.
- Validated by:
_validate_optional
_validate_scopes
_validate_userinfo
- classmethod from_file(path)¶
Construct a Config object from a configuration file.
- get_scopes_for_group(group)¶
Return the scopes granted by a given group membership.
- model_post_init(context, /)¶
This function is meant to behave like a BaseModel method to initialise private attributes.
It takes context as an argument since that’s what pydantic-core passes when calling it.
- Args:
self: The BaseModel instance. context: The context.