summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Noel <thomas@univnautes-idp.dev>2014-03-21 18:10:29 (GMT)
committerThomas Noel <thomas@univnautes-idp.dev>2014-03-21 18:10:29 (GMT)
commit9c7d9161f501d6569128b127485b236759bcc2cb (patch)
tree9a13f8f9c9dc0c5695b5983bb5c8bffaf90a88c0
parent971b29c91b0c79a59b3266bb52e709ae302f8b8b (diff)
downloadunivnautes-idp-9c7d9161f501d6569128b127485b236759bcc2cb.zip
univnautes-idp-9c7d9161f501d6569128b127485b236759bcc2cb.tar.gz
univnautes-idp-9c7d9161f501d6569128b127485b236759bcc2cb.tar.bz2
enhance settings.ini systemHEADmaster
-rw-r--r--README.md5
-rw-r--r--settings.ini.example26
-rw-r--r--univnautes_idp/default-settings.ini114
-rw-r--r--univnautes_idp/settings.py25
4 files changed, 153 insertions, 17 deletions
diff --git a/README.md b/README.md
index 3a4f72e..7dac75f 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
univnautes-idp : IdP multi-tenants pour UnivNautes
-cp settings.ini.example /somewhere/settings.ini
-export UNIVNAUTES_IDP_SETTINGS_INI=/somewhere/settings.ini
+# config :
+cp settings.ini.example /etc/univnautes-idp/settings.ini
# creation du schema public
python manage.py sync_schemas --shared --noinput
@@ -12,3 +12,4 @@ python manage.py createsuperuser -s public
python manage.py create-tenant xyz.univnautes-idp.dev.entrouvert.org xyz
python manage.py createsuperuser -s xyz
+
diff --git a/settings.ini.example b/settings.ini.example
index 5d9beac..225b158 100644
--- a/settings.ini.example
+++ b/settings.ini.example
@@ -1,8 +1,22 @@
+#
+# override default-settings.ini
+#
+
+[general]
+multitenants_settings_ini: %(base)s/tenants/{tenant}-settings.ini ## currently not used
+
+[database]
+name: univnautes_idp
+host:
+port:
+user:
+password:
+
[saml]
local_metadata_cache_timeout: 600
# Whether to autoload SAML 2.0 identity providers and services metadata
# Only https URLS are accepted. Can be none, sp, idp or both
-metadata_autoload: both
+metadata_autoload: none
# these keys will changed by tenants :
signature_public_key: -----BEGIN CERTIFICATE-----
MIIDIzCCAgugAwIBAgIJANUBoick1pDpMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
@@ -51,7 +65,6 @@ signature_private_key: -----BEGIN RSA PRIVATE KEY-----
TKX6tp6oI+7MIJE6ySZ0cBqOiydAkBePZhu57j6ToBkTa0dbHjn1WA==
-----END RSA PRIVATE KEY-----
-
[dirs]
base: /home/thomas/univnautes-idp
template_dirs: %(base)s/templates
@@ -62,13 +75,6 @@ media_root: %(base)s/media
static_root: %(base)s/static
static_dirs:
-[database]
-name: univnautes_idp
-host:
-port:
-user:
-password:
-
[cache]
memcached: on
@@ -92,7 +98,7 @@ template: true
toolbar: true
internal_ips: 127.0.0.1
skip_csrf: true
-sentry_dsn:
+sentry_dsn: https://eef065f871974893a88ff14bebec6620:6a3b570aa38c4d6da763ce551b260ef3@sentry.entrouvert.org/30
[email]
server_email: django@localhost
diff --git a/univnautes_idp/default-settings.ini b/univnautes_idp/default-settings.ini
new file mode 100644
index 0000000..5d9beac
--- /dev/null
+++ b/univnautes_idp/default-settings.ini
@@ -0,0 +1,114 @@
+[saml]
+local_metadata_cache_timeout: 600
+# Whether to autoload SAML 2.0 identity providers and services metadata
+# Only https URLS are accepted. Can be none, sp, idp or both
+metadata_autoload: both
+# these keys will changed by tenants :
+signature_public_key: -----BEGIN CERTIFICATE-----
+ MIIDIzCCAgugAwIBAgIJANUBoick1pDpMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
+ BAoTCkVudHJvdXZlcnQwHhcNMTAxMjE0MTUzMzAyWhcNMTEwMTEzMTUzMzAyWjAV
+ MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+ CgKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZn9Kqm4Cp
+ 06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrUH8QT8NGh
+ ABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59xihSqsoFr
+ kmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9Hri8JRdXi
+ VT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziazZfvvw/VG
+ Tm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABo3YwdDAdBgNVHQ4EFgQUeF8ePnu0
+ fcAK50iBQDgAhHkOu8kwRQYDVR0jBD4wPIAUeF8ePnu0fcAK50iBQDgAhHkOu8mh
+ GaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQDVAaInJNaQ6TAMBgNVHRMEBTAD
+ AQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAy8l3GhUtpPHx0FxzbRHVaaUSgMwYKGPhE
+ IdGhqekKUJIx8et4xpEMFBl5XQjBNq/mp5vO3SPb2h2PVSks7xWnG3cvEkqJSOeo
+ fEEhkqnM45b2MH1S5uxp4i8UilPG6kmQiXU2rEUBdRk9xnRWos7epVivTSIv1Ncp
+ lG6l41SXp6YgIb2ToT+rOKdIGIQuGDlzeR88fDxWEU0vEujZv/v1PE1YOV0xKjTT
+ JumlBc6IViKhJeo1wiBBrVRIIkKKevHKQzteK8pWm9CYWculxT26TZ4VWzGbo06j
+ o2zbumirrLLqnt1gmBDvDvlOwC/zAAyL4chbz66eQHTiIYZZvYgy
+ -----END CERTIFICATE-----
+signature_private_key: -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZ
+ n9Kqm4Cp06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrU
+ H8QT8NGhABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59x
+ ihSqsoFrkmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9H
+ ri8JRdXiVT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziaz
+ Zfvvw/VGTm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABAoIBAQCj8t2iKXya10HG
+ V6Saaeih8aftoLBV38VwFqqjPU0+iKqDpk2JSXBhjI6s7uFIsaTNJpR2Ga1qvns1
+ hJQEDMQSLhJvXfBgSkHylRWCpJentr4E3D7mnw5pRsd61Ev9U+uHcdv/WHP4K5hM
+ xsdiwXNXD/RYd1Q1+6bKrCuvnNJVmWe0/RV+r3T8Ni5xdMVFbRWt/VEoE620XX6c
+ a9TQPiA5i/LRVyie+js7Yv+hVjGOlArtuLs6ECQsivfPrqKLOBRWcofKdcf+4N2e
+ 3cieUqwzC15C31vcMliD9Hax9c1iuTt9Q3Xzo20fOSazAnQ5YBEExyTtrFBwbfQu
+ ku6hp81pAoGBAN6bc6iJtk5ipYpsaY4ZlbqdjjG9KEXB6G1MExPU7SHXOhOF0cDH
+ /pgMsv9hF2my863MowsOj3OryVhdQhwA6RrV263LRh+JU8NyHV71BwAIfI0BuVfj
+ 6r24KudwtUcvMr9pJIrJyMAMaw5ZyNoX7YqFpS6fcisSJYdSBSoxzrzVAoGBANu6
+ xVeMqGavA/EHSOQP3ipDZ3mnWbkDUDxpNhgJG8Q6lZiwKwLoSceJ8z0PNY3VetGA
+ RbqtqBGfR2mcxHyzeqVBpLnXZC4vs/Vy7lrzTiHDRZk2SG5EkHMSKFA53jN6S/nJ
+ JWpYZC8lG8w4OHaUfDHFWbptxdGYCgY4//sjeiuXAoGBANuhurJ99R5PnA8AOgEW
+ 4zD1hLc0b4ir8fvshCIcAj9SUB20+afgayRv2ye3Dted1WkUL4WYPxccVhLWKITi
+ rRtqB03o8m3pG3kJnUr0LIzu0px5J/o8iH3ZOJOTE3iBa+uI/KHmxygc2H+XPGFa
+ HGeAxuJCNO2kAN0Losbnz5dlAoGAVsCn94gGWPxSjxA0PC7zpTYVnZdwOjbPr/pO
+ LDE0cEY9GBq98JjrwEd77KibmVMm+Z4uaaT0jXiYhl8pyJ5IFwUS13juCbo1z/u/
+ ldMoDvZ8/R/MexTA/1204u/mBecMJiO/jPw3GdIJ5phv2omHe1MSuSNsDfN8Sbap
+ gmsgaiMCgYB/nrTk89Fp7050VKCNnIt1mHAcO9cBwDV8qrJ5O3rIVmrg1T6vn0aY
+ wRiVcNacaP+BivkrMjr4BlsUM6yH4MOBsNhLURiiCL+tLJV7U0DWlCse/doWij4U
+ TKX6tp6oI+7MIJE6ySZ0cBqOiydAkBePZhu57j6ToBkTa0dbHjn1WA==
+ -----END RSA PRIVATE KEY-----
+
+
+[dirs]
+base: /home/thomas/univnautes-idp
+template_dirs: %(base)s/templates
+multitenant_template_dirs: %(base)s/tenants/templates
+ /var/lib/truc/encore
+ /bidule/machin
+media_root: %(base)s/media
+static_root: %(base)s/static
+static_dirs:
+
+[database]
+name: univnautes_idp
+host:
+port:
+user:
+password:
+
+[cache]
+memcached: on
+
+[secrets]
+secret_key: random-string-of-ascii
+csrf_secret: random-string-of-ascii
+
+[session]
+expire_at_browser_close: yes
+cookie_age:
+cookie_name:
+cookie_path:
+coolie_secure:
+cookie_domain:
+
+# all settings in debug section should be false in production
+# INTERNAL_IPS should be empty in productive environment
+[debug]
+general: true
+template: true
+toolbar: true
+internal_ips: 127.0.0.1
+skip_csrf: true
+sentry_dsn:
+
+[email]
+server_email: django@localhost
+default_from_email: django@localhost
+subject_prefix: [unidp]
+host: localhost
+port: 25
+use_tls: no
+user:
+password:
+
+# the [admins] and [managers] sections are special. Just add lines with
+# full name: email_address@domain.xx
+# each section must be present but may be empty.
+[admins]
+#Thomas: tnoel+unidp@entrouvert.com
+[managers]
+#Thomas: tnoel+unidp@entrouvert.com
+
diff --git a/univnautes_idp/settings.py b/univnautes_idp/settings.py
index 1c6232e..1c50089 100644
--- a/univnautes_idp/settings.py
+++ b/univnautes_idp/settings.py
@@ -1,11 +1,26 @@
# Django settings for univnautes_idp project.
import os
-from ConfigParser import ConfigParser
-from django.core.exceptions import ImproperlyConfigured
-
-SETTINGS_INI = os.environ.get('UNIVNAUTES_IDP_SETTINGS_INI', '/etc/univnautes-idp/settings.ini')
-config = ConfigParser()
+from ConfigParser import SafeConfigParser
+
+# get configuration files from :
+# 1. default-settings.ini from source code
+# 2. os.environ.get('SETTINGS_INI') if it exists
+# else /etc/univnautes-idp/settings.ini
+# and then /etc/univnautes-idp/local-settings.ini
+
+BASE_DIR = os.path.dirname(os.path.abspath(__file__))
+SETTINGS_INI = (os.path.join(BASE_DIR, 'default-settings.ini'),)
+if os.environ.get('SETTINGS_INI'):
+ SETTINGS_INI += (os.environ.get('SETTINGS_INI'),)
+else:
+ ETC_DIR = os.path.join('/', 'etc', 'univnautes-idp')
+ SETTINGS_INI += (
+ os.path.join(ETC_DIR, 'settings.ini'),
+ os.path.join(ETC_DIR, 'local-settings.ini')
+ )
+
+config = SafeConfigParser()
config.read(SETTINGS_INI)