3. Configuration¶
- AD_BASE_DN¶
Type:
str()
Default:
override_me
A base DN of the form ‘dc=mgrid,dc=net’ that is used as the root for all queries.
- AD_ENABLED¶
Type:
bool()
Default:
False
Enable or disable Active Directory integration.
- AD_PASSWORD¶
Type:
password()
Default:
override_me
AD administrator password.
- AD_URL¶
Type:
str()
Default:
override_me
An url of the form ‘ldap://ad:389’ that describes the location of the Active Directory. Note that in the query active directory mannerisms are used, so a normal ldap will not suffice.
- AD_USER_DOMAIN¶
Type:
str()
Default:
override_me
A user domain that is added to all user names when they authenticate without a backslash or at sign in the username. Typical example MGRID\
- AD_USER¶
Type:
str()
Default:
override_me
AD administrator account. This account is used to retrieve user information after login, when the user password is no longer in context and available.
- AUDIT_APPLICATION_CODE¶
Type:
str()
Default:
das
Name of the application to send to the central FluentD server.
- AUDIT_APPLICATION_INSTANCE¶
Type:
str()
Default:
default
Instance name of the application to send to the central FluentD server.
- AUDIT_APPLICATION_IP¶
Type:
ip()
Default:
127.0.0.1
IP address of the application instance to send to the central FluentD server.
- AUDIT_ENABLED¶
Type:
bool()
Default:
False
Enable or disable audit logging to a central FluentD server.
- AUDIT_LABEL¶
Type:
str()
Default:
log
Label used for all logs sent to the central FluentD server.
- AUDIT_PORT¶
Type:
int()
Default:
24224
Port number of the central FluentD server.
- AUDIT_SERVER¶
Type:
str()
Default:
override_me
Hostname of the central FluentD server.
- AUDIT_TAG¶
Type:
str()
Default:
audit
Tag used for all logs sent to the central FluentD server.
- AZURE_CLIENT_ID¶
Type:
str()
Default:
override_me
Identifier for the Azure client.
- AZURE_CLIENT_SECRET¶
Type:
password()
Default:
override_me
Secret for the Azure client.
- AZURE_USER_AUTH_URL¶
Type:
url()
Default:
https://mgrid.b2clogin.com/mgrid.onmicrosoft.com/B2C_1_signuplogin/oauth2/v2.0/authorize
The url for user authentication. This is where the user will be redirected to for logging in.
- AZURE_REDIRECT_URI¶
Type:
url()
Default:
https://das.example.com/api/v1/auth/azure
The uri where the user is redirected to when the login was successful.
- AZURE_GRAPH_AUTH_URL¶
Type:
url()
Default:
https://login.microsoftonline.com/mgrid.onmicrosoft.com
The url where DAS asks for an
access_token
to be able to fetch data from the Graph API.
- AZURE_GRAPH_API_URL¶
Type:
url()
Default:
https://graph.microsoft.com
The url of the Graph API.
- AZURE_GRAPH_QUERY_URL¶
Type:
str()
Default:
https://graph.microsoft.com/v1.0/myorganization/users/{user_id}/memberOf?$select=displayName
The url for asking group membership of a specific user. Ensure there is a
{user_id}
part which will be substituted with the actual user id.
- AZURE_VERIFY_ID_TOKEN¶
Type:
bool()
Default:
True
Whether to verify the
id_token
received from the Azure login page.
- AZURE_KEYS_URL¶
Type:
url()
Default:
https://mgrid.b2clogin.com/mgrid.onmicrosoft.com/discovery/v2.0/keys?p=B2C_1_signuplogin
The url for fetching the public key the
id_token
is signed with. This value only needs to be set whenAZURE_VERIFY_ID_TOKEN
is true.
- AZURE_LOGOUT_URI¶
Type:
url()
Default:
https://mgrid.b2clogin.com/mgrid.onmicrosoft.com/B2C_1_signuplogin/oauth2/v2.0/logout
The uri where the user is redirected to when logout is clicked.
- CONTACT_EMAIL¶
Type:
email()
Default:
support@example.com
Support email address for e.g. users having trouble logging in.
- DB_HOST¶
Type:
str()
Default:
override_me
The hostname of the application model database, e.g.
postgres
.
- DB_NAME¶
Type:
str()
Default:
override_me
The name of the application model database, e.g.
das
.
- DB_PASSWORD¶
Type:
password()
Default:
override_me
The password for the application model database, e.g.
secret
.
- DB_PORT¶
Type:
int()
Default:
5432
The port number of the application model database, e.g.
5432
.
- DB_USER¶
Type:
str()
Default:
override_me
The username for the application model database, e.g.
das
.
- DUO_APIHOSTNAME¶
Type:
domain()
Default:
api-00000000.duosecurity.com
Hostname of the DUO server to interact with, e.g.
api-ffffffff.duosecurity.com
.
- DUO_ENABLED¶
Type:
bool()
Default:
False
Enable or disable DUO 2 factor authentication.
- DUO_IKEY¶
Type:
password()
Default:
override_me
One of the keys needed to interact with the DUO servers.
- DUO_SKEY¶
Type:
password()
Default:
override_me
One of the keys needed to interact with the DUO servers.
- HOST¶
Type:
ip()
Default:
0.0.0.0
IP address the server binds to.
- JWT_ACCESS_TOKEN_EXPIRES¶
Type:
int()
Default:
300
How long an access token should be valid before it expires.
- JWT_ALGORITHM¶
Type:
str()
Default:
HS512
Which algorithm to sign the JWT with. See https://pyjwt.readthedocs.io/en/latest/algorithms.html for the available algorithms.
- JWT_HEADER_NAME¶
Type:
str()
Default:
Authorization
What header should contain the JWT in a request.
- JWT_HEADER_TYPE¶
Type:
str()
Default:
Bearer
What type of header the JWT is in.
- JWT_SECRET_KEY¶
Type:
password()
Default:
override_me
The JWT secret key that is used to authenticate requests to the management API
- JWT_TOKEN_LOCATION¶
Type:
enum('headers', 'cookies', 'query_string', 'json')
Default:
headers
Where to look for a JWT when processing a request.
- LOGO_EMAIL¶
Type:
url()
Default:
https://example.com/logo.svg
Location of the logo image for emails that are sent out, e.g.
https://das.example.com/logo.png
. Depending on the mail client that receives the email message, this may show as the actual logo, a broken image or not show up at all. If set toNone
, the logo will not be included in email messages.
- LOGO_UI¶
Type:
any(path(), url())
Default:
/static/images/mgrid_logo.svg
Location of the logo image for the UI. May be a relative path, e.g.
/static/images/mgrid_logo.svg
if the logo is present in the DAS Docker image, or an absolute URL, e.g.https://das.example.com/logo.png
. In the case of an absolute URL, make sure that the CORS settings of the nginx proxy in the Docker image allow this URL.
- MAIL_DEBUG¶
Type:
bool()
Default:
False
Enable or disable debugging of mail.
- MAIL_DEFAULT_SENDER¶
Type:
email()
Default:
no-reply@example.com
E-mail address of default sender.
- MAIL_PASSWORD¶
Type:
password()
Default:
override_me
Password for authentication with the mail server. May be set to
None
if no authentication is needed.
- MAIL_PORT¶
Type:
int()
Default:
25
SMTP port of the mailserver.
- MAIL_SERVER¶
Type:
ip()
Default:
0.0.0.0
Hostname of the mailserver.
- MAIL_SUPPRESS_SEND¶
Type:
bool()
Default:
False
- MAIL_USERNAME¶
Type:
str()
Default:
override_me
Username for authentication with the mail server. May be set to
None
if no authentication is needed.
- PERMANENT_SESSION_LIFETIME¶
Type:
int()
Default:
3600
The cookie’s expiration will be set this number of seconds in the future.
- PORT¶
Type:
int()
Default:
5000
IP port the server binds to.
- ROOT_URL¶
Type:
url()
Default:
https://example.com/api/v1
The root URL for the application.
- SECRET_KEY¶
Type:
password()
Default:
override_me
The secret key that is used to authenticate requests to the UI.
- SESSION_COOKIE_HTTPONLY¶
Type:
bool()
Default:
True
Browsers will not allow JavaScript access to cookies marked as “HTTP only” for security.
- SESSION_COOKIE_NAME¶
Type:
str()
Default:
session
The name of the session cookie.
- SESSION_COOKIE_PATH¶
Type:
path()
Default:
/
The path that the session cookie will be valid for.
- SESSION_COOKIE_SECURE¶
Type:
bool()
Default:
True
Browsers will only send cookies with requests over HTTPS if the cookie is marked “secure”.
- SESSION_COPY_PROTECTION¶
Type:
bool()
Default:
True
Enable or disable session protection.
- SESSION_FILE_DIR¶
Type:
path()
Default:
/tmp/flask_session
The directory where session files are stored.
- SESSION_TYPE¶
Type:
enum('null', 'filesystem', 'sqlalchemy')
Default:
filesystem
Specifies which type of session interface to use.
- SQLALCHEMY_ENGINE_OPTIONS¶
Type:
map()
Default:
{'pool_pre_ping': True, 'pool_size': 1}
A dictionary that can contain options for the model database engine, most notably to change the connection pool characteristics.
- SQLALCHEMY_TRACK_MODIFICATIONS¶
Type:
bool()
Default:
False
If set to True, Flask-SQLAlchemy will track modifications of objects and emit signals.
- SSL_ENABLED¶
Type:
bool()
Default:
False
Enable or disable SSL. There is an NGINX instance of front of this application that handles SSL, so this should be set to false.
- UI_URL¶
Type:
url()
Default:
https://example.com/ui
The URL for the UI.
- WORKERS¶
Type:
int()
Default:
2
The number of worker processes that will be forked to handle incoming requests. Setting this is optional, but may be required in environments where the default value of 2 is not sufficient.