diff --git a/README.md b/README.md index 3a4f72e..7dac75f 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ univnautes-idp : IdP multi-tenants pour UnivNautes -cp settings.ini.example /somewhere/settings.ini -export UNIVNAUTES_IDP_SETTINGS_INI=/somewhere/settings.ini +# config : +cp settings.ini.example /etc/univnautes-idp/settings.ini # creation du schema public python manage.py sync_schemas --shared --noinput @@ -12,3 +12,4 @@ python manage.py createsuperuser -s public python manage.py create-tenant xyz.univnautes-idp.dev.entrouvert.org xyz python manage.py createsuperuser -s xyz + diff --git a/settings.ini.example b/settings.ini.example index 5d9beac..225b158 100644 --- a/settings.ini.example +++ b/settings.ini.example @@ -1,8 +1,22 @@ +# +# override default-settings.ini +# + +[general] +multitenants_settings_ini: %(base)s/tenants/{tenant}-settings.ini ## currently not used + +[database] +name: univnautes_idp +host: +port: +user: +password: + [saml] local_metadata_cache_timeout: 600 # Whether to autoload SAML 2.0 identity providers and services metadata # Only https URLS are accepted. Can be none, sp, idp or both -metadata_autoload: both +metadata_autoload: none # these keys will changed by tenants : signature_public_key: -----BEGIN CERTIFICATE----- MIIDIzCCAgugAwIBAgIJANUBoick1pDpMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV @@ -51,7 +65,6 @@ signature_private_key: -----BEGIN RSA PRIVATE KEY----- TKX6tp6oI+7MIJE6ySZ0cBqOiydAkBePZhu57j6ToBkTa0dbHjn1WA== -----END RSA PRIVATE KEY----- - [dirs] base: /home/thomas/univnautes-idp template_dirs: %(base)s/templates @@ -62,13 +75,6 @@ media_root: %(base)s/media static_root: %(base)s/static static_dirs: -[database] -name: univnautes_idp -host: -port: -user: -password: - [cache] memcached: on @@ -92,7 +98,7 @@ template: true toolbar: true internal_ips: 127.0.0.1 skip_csrf: true -sentry_dsn: +sentry_dsn: https://eef065f871974893a88ff14bebec6620:6a3b570aa38c4d6da763ce551b260ef3@sentry.entrouvert.org/30 [email] server_email: django@localhost diff --git a/univnautes_idp/default-settings.ini b/univnautes_idp/default-settings.ini new file mode 100644 index 0000000..5d9beac --- /dev/null +++ b/univnautes_idp/default-settings.ini @@ -0,0 +1,114 @@ +[saml] +local_metadata_cache_timeout: 600 +# Whether to autoload SAML 2.0 identity providers and services metadata +# Only https URLS are accepted. Can be none, sp, idp or both +metadata_autoload: both +# these keys will changed by tenants : +signature_public_key: -----BEGIN CERTIFICATE----- + MIIDIzCCAgugAwIBAgIJANUBoick1pDpMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV + BAoTCkVudHJvdXZlcnQwHhcNMTAxMjE0MTUzMzAyWhcNMTEwMTEzMTUzMzAyWjAV + MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB + CgKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZn9Kqm4Cp + 06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrUH8QT8NGh + ABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59xihSqsoFr + kmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9Hri8JRdXi + VT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziazZfvvw/VG + Tm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABo3YwdDAdBgNVHQ4EFgQUeF8ePnu0 + fcAK50iBQDgAhHkOu8kwRQYDVR0jBD4wPIAUeF8ePnu0fcAK50iBQDgAhHkOu8mh + GaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQDVAaInJNaQ6TAMBgNVHRMEBTAD + AQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAy8l3GhUtpPHx0FxzbRHVaaUSgMwYKGPhE + IdGhqekKUJIx8et4xpEMFBl5XQjBNq/mp5vO3SPb2h2PVSks7xWnG3cvEkqJSOeo + fEEhkqnM45b2MH1S5uxp4i8UilPG6kmQiXU2rEUBdRk9xnRWos7epVivTSIv1Ncp + lG6l41SXp6YgIb2ToT+rOKdIGIQuGDlzeR88fDxWEU0vEujZv/v1PE1YOV0xKjTT + JumlBc6IViKhJeo1wiBBrVRIIkKKevHKQzteK8pWm9CYWculxT26TZ4VWzGbo06j + o2zbumirrLLqnt1gmBDvDvlOwC/zAAyL4chbz66eQHTiIYZZvYgy + -----END CERTIFICATE----- +signature_private_key: -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZ + n9Kqm4Cp06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrU + H8QT8NGhABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59x + ihSqsoFrkmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9H + ri8JRdXiVT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziaz + Zfvvw/VGTm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABAoIBAQCj8t2iKXya10HG + V6Saaeih8aftoLBV38VwFqqjPU0+iKqDpk2JSXBhjI6s7uFIsaTNJpR2Ga1qvns1 + hJQEDMQSLhJvXfBgSkHylRWCpJentr4E3D7mnw5pRsd61Ev9U+uHcdv/WHP4K5hM + xsdiwXNXD/RYd1Q1+6bKrCuvnNJVmWe0/RV+r3T8Ni5xdMVFbRWt/VEoE620XX6c + a9TQPiA5i/LRVyie+js7Yv+hVjGOlArtuLs6ECQsivfPrqKLOBRWcofKdcf+4N2e + 3cieUqwzC15C31vcMliD9Hax9c1iuTt9Q3Xzo20fOSazAnQ5YBEExyTtrFBwbfQu + ku6hp81pAoGBAN6bc6iJtk5ipYpsaY4ZlbqdjjG9KEXB6G1MExPU7SHXOhOF0cDH + /pgMsv9hF2my863MowsOj3OryVhdQhwA6RrV263LRh+JU8NyHV71BwAIfI0BuVfj + 6r24KudwtUcvMr9pJIrJyMAMaw5ZyNoX7YqFpS6fcisSJYdSBSoxzrzVAoGBANu6 + xVeMqGavA/EHSOQP3ipDZ3mnWbkDUDxpNhgJG8Q6lZiwKwLoSceJ8z0PNY3VetGA + RbqtqBGfR2mcxHyzeqVBpLnXZC4vs/Vy7lrzTiHDRZk2SG5EkHMSKFA53jN6S/nJ + JWpYZC8lG8w4OHaUfDHFWbptxdGYCgY4//sjeiuXAoGBANuhurJ99R5PnA8AOgEW + 4zD1hLc0b4ir8fvshCIcAj9SUB20+afgayRv2ye3Dted1WkUL4WYPxccVhLWKITi + rRtqB03o8m3pG3kJnUr0LIzu0px5J/o8iH3ZOJOTE3iBa+uI/KHmxygc2H+XPGFa + HGeAxuJCNO2kAN0Losbnz5dlAoGAVsCn94gGWPxSjxA0PC7zpTYVnZdwOjbPr/pO + LDE0cEY9GBq98JjrwEd77KibmVMm+Z4uaaT0jXiYhl8pyJ5IFwUS13juCbo1z/u/ + ldMoDvZ8/R/MexTA/1204u/mBecMJiO/jPw3GdIJ5phv2omHe1MSuSNsDfN8Sbap + gmsgaiMCgYB/nrTk89Fp7050VKCNnIt1mHAcO9cBwDV8qrJ5O3rIVmrg1T6vn0aY + wRiVcNacaP+BivkrMjr4BlsUM6yH4MOBsNhLURiiCL+tLJV7U0DWlCse/doWij4U + TKX6tp6oI+7MIJE6ySZ0cBqOiydAkBePZhu57j6ToBkTa0dbHjn1WA== + -----END RSA PRIVATE KEY----- + + +[dirs] +base: /home/thomas/univnautes-idp +template_dirs: %(base)s/templates +multitenant_template_dirs: %(base)s/tenants/templates + /var/lib/truc/encore + /bidule/machin +media_root: %(base)s/media +static_root: %(base)s/static +static_dirs: + +[database] +name: univnautes_idp +host: +port: +user: +password: + +[cache] +memcached: on + +[secrets] +secret_key: random-string-of-ascii +csrf_secret: random-string-of-ascii + +[session] +expire_at_browser_close: yes +cookie_age: +cookie_name: +cookie_path: +coolie_secure: +cookie_domain: + +# all settings in debug section should be false in production +# INTERNAL_IPS should be empty in productive environment +[debug] +general: true +template: true +toolbar: true +internal_ips: 127.0.0.1 +skip_csrf: true +sentry_dsn: + +[email] +server_email: django@localhost +default_from_email: django@localhost +subject_prefix: [unidp] +host: localhost +port: 25 +use_tls: no +user: +password: + +# the [admins] and [managers] sections are special. Just add lines with +# full name: email_address@domain.xx +# each section must be present but may be empty. +[admins] +#Thomas: tnoel+unidp@entrouvert.com +[managers] +#Thomas: tnoel+unidp@entrouvert.com + diff --git a/univnautes_idp/settings.py b/univnautes_idp/settings.py index 1c6232e..1c50089 100644 --- a/univnautes_idp/settings.py +++ b/univnautes_idp/settings.py @@ -1,11 +1,26 @@ # Django settings for univnautes_idp project. import os -from ConfigParser import ConfigParser -from django.core.exceptions import ImproperlyConfigured +from ConfigParser import SafeConfigParser -SETTINGS_INI = os.environ.get('UNIVNAUTES_IDP_SETTINGS_INI', '/etc/univnautes-idp/settings.ini') -config = ConfigParser() +# get configuration files from : +# 1. default-settings.ini from source code +# 2. os.environ.get('SETTINGS_INI') if it exists +# else /etc/univnautes-idp/settings.ini +# and then /etc/univnautes-idp/local-settings.ini + +BASE_DIR = os.path.dirname(os.path.abspath(__file__)) +SETTINGS_INI = (os.path.join(BASE_DIR, 'default-settings.ini'),) +if os.environ.get('SETTINGS_INI'): + SETTINGS_INI += (os.environ.get('SETTINGS_INI'),) +else: + ETC_DIR = os.path.join('/', 'etc', 'univnautes-idp') + SETTINGS_INI += ( + os.path.join(ETC_DIR, 'settings.ini'), + os.path.join(ETC_DIR, 'local-settings.ini') + ) + +config = SafeConfigParser() config.read(SETTINGS_INI)