enhance settings.ini system
This commit is contained in:
parent
971b29c91b
commit
9c7d9161f5
|
@ -1,7 +1,7 @@
|
|||
univnautes-idp : IdP multi-tenants pour UnivNautes
|
||||
|
||||
cp settings.ini.example /somewhere/settings.ini
|
||||
export UNIVNAUTES_IDP_SETTINGS_INI=/somewhere/settings.ini
|
||||
# config :
|
||||
cp settings.ini.example /etc/univnautes-idp/settings.ini
|
||||
|
||||
# creation du schema public
|
||||
python manage.py sync_schemas --shared --noinput
|
||||
|
@ -12,3 +12,4 @@ python manage.py createsuperuser -s public
|
|||
python manage.py create-tenant xyz.univnautes-idp.dev.entrouvert.org xyz
|
||||
python manage.py createsuperuser -s xyz
|
||||
|
||||
|
||||
|
|
|
@ -1,8 +1,22 @@
|
|||
#
|
||||
# override default-settings.ini
|
||||
#
|
||||
|
||||
[general]
|
||||
multitenants_settings_ini: %(base)s/tenants/{tenant}-settings.ini ## currently not used
|
||||
|
||||
[database]
|
||||
name: univnautes_idp
|
||||
host:
|
||||
port:
|
||||
user:
|
||||
password:
|
||||
|
||||
[saml]
|
||||
local_metadata_cache_timeout: 600
|
||||
# Whether to autoload SAML 2.0 identity providers and services metadata
|
||||
# Only https URLS are accepted. Can be none, sp, idp or both
|
||||
metadata_autoload: both
|
||||
metadata_autoload: none
|
||||
# these keys will changed by tenants :
|
||||
signature_public_key: -----BEGIN CERTIFICATE-----
|
||||
MIIDIzCCAgugAwIBAgIJANUBoick1pDpMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
|
||||
|
@ -51,7 +65,6 @@ signature_private_key: -----BEGIN RSA PRIVATE KEY-----
|
|||
TKX6tp6oI+7MIJE6ySZ0cBqOiydAkBePZhu57j6ToBkTa0dbHjn1WA==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
||||
|
||||
[dirs]
|
||||
base: /home/thomas/univnautes-idp
|
||||
template_dirs: %(base)s/templates
|
||||
|
@ -62,13 +75,6 @@ media_root: %(base)s/media
|
|||
static_root: %(base)s/static
|
||||
static_dirs:
|
||||
|
||||
[database]
|
||||
name: univnautes_idp
|
||||
host:
|
||||
port:
|
||||
user:
|
||||
password:
|
||||
|
||||
[cache]
|
||||
memcached: on
|
||||
|
||||
|
@ -92,7 +98,7 @@ template: true
|
|||
toolbar: true
|
||||
internal_ips: 127.0.0.1
|
||||
skip_csrf: true
|
||||
sentry_dsn:
|
||||
sentry_dsn: https://eef065f871974893a88ff14bebec6620:6a3b570aa38c4d6da763ce551b260ef3@sentry.entrouvert.org/30
|
||||
|
||||
[email]
|
||||
server_email: django@localhost
|
||||
|
|
|
@ -0,0 +1,114 @@
|
|||
[saml]
|
||||
local_metadata_cache_timeout: 600
|
||||
# Whether to autoload SAML 2.0 identity providers and services metadata
|
||||
# Only https URLS are accepted. Can be none, sp, idp or both
|
||||
metadata_autoload: both
|
||||
# these keys will changed by tenants :
|
||||
signature_public_key: -----BEGIN CERTIFICATE-----
|
||||
MIIDIzCCAgugAwIBAgIJANUBoick1pDpMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
|
||||
BAoTCkVudHJvdXZlcnQwHhcNMTAxMjE0MTUzMzAyWhcNMTEwMTEzMTUzMzAyWjAV
|
||||
MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
|
||||
CgKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZn9Kqm4Cp
|
||||
06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrUH8QT8NGh
|
||||
ABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59xihSqsoFr
|
||||
kmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9Hri8JRdXi
|
||||
VT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziazZfvvw/VG
|
||||
Tm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABo3YwdDAdBgNVHQ4EFgQUeF8ePnu0
|
||||
fcAK50iBQDgAhHkOu8kwRQYDVR0jBD4wPIAUeF8ePnu0fcAK50iBQDgAhHkOu8mh
|
||||
GaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQDVAaInJNaQ6TAMBgNVHRMEBTAD
|
||||
AQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAy8l3GhUtpPHx0FxzbRHVaaUSgMwYKGPhE
|
||||
IdGhqekKUJIx8et4xpEMFBl5XQjBNq/mp5vO3SPb2h2PVSks7xWnG3cvEkqJSOeo
|
||||
fEEhkqnM45b2MH1S5uxp4i8UilPG6kmQiXU2rEUBdRk9xnRWos7epVivTSIv1Ncp
|
||||
lG6l41SXp6YgIb2ToT+rOKdIGIQuGDlzeR88fDxWEU0vEujZv/v1PE1YOV0xKjTT
|
||||
JumlBc6IViKhJeo1wiBBrVRIIkKKevHKQzteK8pWm9CYWculxT26TZ4VWzGbo06j
|
||||
o2zbumirrLLqnt1gmBDvDvlOwC/zAAyL4chbz66eQHTiIYZZvYgy
|
||||
-----END CERTIFICATE-----
|
||||
signature_private_key: -----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZ
|
||||
n9Kqm4Cp06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrU
|
||||
H8QT8NGhABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59x
|
||||
ihSqsoFrkmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9H
|
||||
ri8JRdXiVT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziaz
|
||||
Zfvvw/VGTm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABAoIBAQCj8t2iKXya10HG
|
||||
V6Saaeih8aftoLBV38VwFqqjPU0+iKqDpk2JSXBhjI6s7uFIsaTNJpR2Ga1qvns1
|
||||
hJQEDMQSLhJvXfBgSkHylRWCpJentr4E3D7mnw5pRsd61Ev9U+uHcdv/WHP4K5hM
|
||||
xsdiwXNXD/RYd1Q1+6bKrCuvnNJVmWe0/RV+r3T8Ni5xdMVFbRWt/VEoE620XX6c
|
||||
a9TQPiA5i/LRVyie+js7Yv+hVjGOlArtuLs6ECQsivfPrqKLOBRWcofKdcf+4N2e
|
||||
3cieUqwzC15C31vcMliD9Hax9c1iuTt9Q3Xzo20fOSazAnQ5YBEExyTtrFBwbfQu
|
||||
ku6hp81pAoGBAN6bc6iJtk5ipYpsaY4ZlbqdjjG9KEXB6G1MExPU7SHXOhOF0cDH
|
||||
/pgMsv9hF2my863MowsOj3OryVhdQhwA6RrV263LRh+JU8NyHV71BwAIfI0BuVfj
|
||||
6r24KudwtUcvMr9pJIrJyMAMaw5ZyNoX7YqFpS6fcisSJYdSBSoxzrzVAoGBANu6
|
||||
xVeMqGavA/EHSOQP3ipDZ3mnWbkDUDxpNhgJG8Q6lZiwKwLoSceJ8z0PNY3VetGA
|
||||
RbqtqBGfR2mcxHyzeqVBpLnXZC4vs/Vy7lrzTiHDRZk2SG5EkHMSKFA53jN6S/nJ
|
||||
JWpYZC8lG8w4OHaUfDHFWbptxdGYCgY4//sjeiuXAoGBANuhurJ99R5PnA8AOgEW
|
||||
4zD1hLc0b4ir8fvshCIcAj9SUB20+afgayRv2ye3Dted1WkUL4WYPxccVhLWKITi
|
||||
rRtqB03o8m3pG3kJnUr0LIzu0px5J/o8iH3ZOJOTE3iBa+uI/KHmxygc2H+XPGFa
|
||||
HGeAxuJCNO2kAN0Losbnz5dlAoGAVsCn94gGWPxSjxA0PC7zpTYVnZdwOjbPr/pO
|
||||
LDE0cEY9GBq98JjrwEd77KibmVMm+Z4uaaT0jXiYhl8pyJ5IFwUS13juCbo1z/u/
|
||||
ldMoDvZ8/R/MexTA/1204u/mBecMJiO/jPw3GdIJ5phv2omHe1MSuSNsDfN8Sbap
|
||||
gmsgaiMCgYB/nrTk89Fp7050VKCNnIt1mHAcO9cBwDV8qrJ5O3rIVmrg1T6vn0aY
|
||||
wRiVcNacaP+BivkrMjr4BlsUM6yH4MOBsNhLURiiCL+tLJV7U0DWlCse/doWij4U
|
||||
TKX6tp6oI+7MIJE6ySZ0cBqOiydAkBePZhu57j6ToBkTa0dbHjn1WA==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
||||
|
||||
[dirs]
|
||||
base: /home/thomas/univnautes-idp
|
||||
template_dirs: %(base)s/templates
|
||||
multitenant_template_dirs: %(base)s/tenants/templates
|
||||
/var/lib/truc/encore
|
||||
/bidule/machin
|
||||
media_root: %(base)s/media
|
||||
static_root: %(base)s/static
|
||||
static_dirs:
|
||||
|
||||
[database]
|
||||
name: univnautes_idp
|
||||
host:
|
||||
port:
|
||||
user:
|
||||
password:
|
||||
|
||||
[cache]
|
||||
memcached: on
|
||||
|
||||
[secrets]
|
||||
secret_key: random-string-of-ascii
|
||||
csrf_secret: random-string-of-ascii
|
||||
|
||||
[session]
|
||||
expire_at_browser_close: yes
|
||||
cookie_age:
|
||||
cookie_name:
|
||||
cookie_path:
|
||||
coolie_secure:
|
||||
cookie_domain:
|
||||
|
||||
# all settings in debug section should be false in production
|
||||
# INTERNAL_IPS should be empty in productive environment
|
||||
[debug]
|
||||
general: true
|
||||
template: true
|
||||
toolbar: true
|
||||
internal_ips: 127.0.0.1
|
||||
skip_csrf: true
|
||||
sentry_dsn:
|
||||
|
||||
[email]
|
||||
server_email: django@localhost
|
||||
default_from_email: django@localhost
|
||||
subject_prefix: [unidp]
|
||||
host: localhost
|
||||
port: 25
|
||||
use_tls: no
|
||||
user:
|
||||
password:
|
||||
|
||||
# the [admins] and [managers] sections are special. Just add lines with
|
||||
# full name: email_address@domain.xx
|
||||
# each section must be present but may be empty.
|
||||
[admins]
|
||||
#Thomas: tnoel+unidp@entrouvert.com
|
||||
[managers]
|
||||
#Thomas: tnoel+unidp@entrouvert.com
|
||||
|
|
@ -1,11 +1,26 @@
|
|||
# Django settings for univnautes_idp project.
|
||||
|
||||
import os
|
||||
from ConfigParser import ConfigParser
|
||||
from django.core.exceptions import ImproperlyConfigured
|
||||
from ConfigParser import SafeConfigParser
|
||||
|
||||
SETTINGS_INI = os.environ.get('UNIVNAUTES_IDP_SETTINGS_INI', '/etc/univnautes-idp/settings.ini')
|
||||
config = ConfigParser()
|
||||
# get configuration files from :
|
||||
# 1. default-settings.ini from source code
|
||||
# 2. os.environ.get('SETTINGS_INI') if it exists
|
||||
# else /etc/univnautes-idp/settings.ini
|
||||
# and then /etc/univnautes-idp/local-settings.ini
|
||||
|
||||
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
|
||||
SETTINGS_INI = (os.path.join(BASE_DIR, 'default-settings.ini'),)
|
||||
if os.environ.get('SETTINGS_INI'):
|
||||
SETTINGS_INI += (os.environ.get('SETTINGS_INI'),)
|
||||
else:
|
||||
ETC_DIR = os.path.join('/', 'etc', 'univnautes-idp')
|
||||
SETTINGS_INI += (
|
||||
os.path.join(ETC_DIR, 'settings.ini'),
|
||||
os.path.join(ETC_DIR, 'local-settings.ini')
|
||||
)
|
||||
|
||||
config = SafeConfigParser()
|
||||
config.read(SETTINGS_INI)
|
||||
|
||||
|
||||
|
|
Reference in New Issue