322 lines
11 KiB
YAML
322 lines
11 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: django-configmap
|
|
namespace: django
|
|
data:
|
|
production.py: |
|
|
import ast
|
|
import os
|
|
from .base import *
|
|
from logging.handlers import SysLogHandler
|
|
from datetime import timedelta
|
|
|
|
def _load_env_file(path):
|
|
try:
|
|
with open(path, "r", encoding="utf-8") as f:
|
|
for raw_line in f:
|
|
line = raw_line.strip()
|
|
if not line or line.startswith("#") or "=" not in line:
|
|
continue
|
|
key, value = line.split("=", 1)
|
|
key = key.strip()
|
|
value = value.strip()
|
|
if len(value) >= 2 and value[0] == value[-1] and value[0] in ("'", '"'):
|
|
try:
|
|
value = ast.literal_eval(value)
|
|
except (ValueError, SyntaxError):
|
|
value = value[1:-1]
|
|
if key and key not in os.environ:
|
|
os.environ[key] = value
|
|
except FileNotFoundError:
|
|
pass
|
|
|
|
def _read_secret_file(path, default=""):
|
|
try:
|
|
with open(path, "r", encoding="utf-8") as f:
|
|
return f.read().strip()
|
|
except FileNotFoundError:
|
|
return default
|
|
|
|
# Fallback for manage.py launched via `kubectl exec` (outside entrypoint),
|
|
# so Django can still read DB/JWT values from Vault-injected files.
|
|
_load_env_file("/vault/secrets/django-postgresql")
|
|
_load_env_file("/vault/secrets/django-rabbitmq")
|
|
_load_env_file("/vault/secrets/django-s3")
|
|
_load_env_file("/vault/secrets/django-kafka")
|
|
_load_env_file("/vault/secrets/django-common")
|
|
|
|
if not os.environ.get("JWT_PRIVATE_KEY"):
|
|
os.environ["JWT_PRIVATE_KEY"] = _read_secret_file("/vault/secrets/django-jwt-private")
|
|
if not os.environ.get("JWT_PUBLIC_KEY"):
|
|
os.environ["JWT_PUBLIC_KEY"] = _read_secret_file("/vault/secrets/django-jwt-public")
|
|
|
|
ALLOWED_HOSTS = ["*"]
|
|
FILE_UPLOAD_PERMISSIONS = 0o644
|
|
DEBUG = False
|
|
CSRF_COOKIE_SECURE = True
|
|
CSRF_TRUSTED_ORIGINS = ["https://lk.srx.wb.ru:30443", "https://lk.srx.wb.ru"]
|
|
SESSION_COOKIE_SECURE = True
|
|
SECURE_SSL_REDIRECT = False
|
|
|
|
SECRET_KEY = 't2=9+($2f%7ptsdy4!rby$)mcfl1l%o2e@vs^d(g&(wwi&%k1v'
|
|
|
|
CORS_ORIGIN_ALLOW_ALL = True
|
|
SERVERSETTINGS.cache_enabled = True
|
|
INSTALLED_APPS = list(INSTALLED_APPS) + ['corsheaders']
|
|
|
|
CORS_ALLOW_METHODS = (
|
|
'DELETE',
|
|
'GET',
|
|
'OPTIONS',
|
|
'PATCH',
|
|
'POST',
|
|
'PUT',
|
|
)
|
|
BASIC_USER_ID = 2
|
|
|
|
CORS_ALLOW_HEADERS = (
|
|
'accept',
|
|
'accept-encoding',
|
|
'authorization',
|
|
'content-type',
|
|
'user-agent',
|
|
'x-csrftoken',
|
|
'x-requested-with',
|
|
'x-token',
|
|
'Bearer',
|
|
)
|
|
|
|
HOST = "https://wb.sarex.io"
|
|
|
|
POSTGRES_DATABASE = os.environ.get('DJANGO_POSTGRES_DATABASE')
|
|
POSTGRES_USER = os.environ.get('DJANGO_POSTGRES_USER')
|
|
POSTGRES_PASSWORD = os.environ.get('DJANGO_POSTGRES_PASSWORD')
|
|
POSTGRES_HOST = os.environ.get('DJANGO_POSTGRES_HOST')
|
|
POSTGRES_PORTS = os.environ.get('DJANGO_POSTGRES_PORTS', "5432")
|
|
|
|
DATABASES = {
|
|
'default': {
|
|
'ENGINE': 'django_prometheus.db.backends.postgresql',
|
|
'NAME': POSTGRES_DATABASE,
|
|
'USER': POSTGRES_USER,
|
|
'PASSWORD': POSTGRES_PASSWORD,
|
|
'HOST': POSTGRES_HOST,
|
|
'PORT': POSTGRES_PORTS,
|
|
}
|
|
}
|
|
|
|
LOGGING = {
|
|
'version': 1,
|
|
'disable_existing_loggers': False,
|
|
'filters': {
|
|
'require_debug_false': {
|
|
'()': 'django.utils.log.RequireDebugFalse',
|
|
}
|
|
},
|
|
'formatters': {
|
|
'verbose': {
|
|
'format': '[contactor] %(levelname)s %(asctime)s %(message)s',
|
|
},
|
|
},
|
|
'handlers': {
|
|
'console': {
|
|
'level': 'DEBUG',
|
|
'class': 'logging.StreamHandler',
|
|
},
|
|
'sentry': {
|
|
'level': 'ERROR',
|
|
'filters': ['require_debug_false'],
|
|
'class': 'logging.StreamHandler',
|
|
},
|
|
},
|
|
'loggers': {
|
|
'': {
|
|
'handlers': ['console', 'sentry'],
|
|
'level': 'INFO',
|
|
'propagate': False,
|
|
},
|
|
}
|
|
}
|
|
|
|
COMPARATOR_JWT = os.environ.get("COMPARATOR_JWT", "default_jwt")
|
|
COMPARATOR_URL = os.environ.get("COMPARATOR_URL", "https://wb.sarex.io/comparator")
|
|
COMPARATOR_SECTION = os.environ.get("COMPARATOR_SECTION", "sarex-production-storage")
|
|
|
|
SIMPLE_JWT = {
|
|
'ACCESS_TOKEN_LIFETIME': timedelta(hours=1),
|
|
'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
|
|
'ROTATE_REFRESH_TOKENS': False,
|
|
'BLACKLIST_AFTER_ROTATION': True,
|
|
'UPDATE_LAST_LOGIN': False,
|
|
'ALGORITHM': 'RS512',
|
|
'SIGNING_KEY': os.environ.get("JWT_PRIVATE_KEY", "").replace("\\n", "\n"),
|
|
'VERIFYING_KEY': os.environ.get("JWT_PUBLIC_KEY", "").replace("\\n", "\n"),
|
|
'AUDIENCE': None,
|
|
'ISSUER': os.environ.get('SIMPLE_JWT_ISSUER', 'default_issuer'),
|
|
'AUTH_HEADER_TYPES': ('Bearer',),
|
|
'AUTH_HEADER_NAME': 'HTTP_AUTHORIZATION',
|
|
'USER_ID_FIELD': 'id',
|
|
'USER_ID_CLAIM': 'user_id',
|
|
'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',),
|
|
'TOKEN_TYPE_CLAIM': 'token_type',
|
|
'JTI_CLAIM': 'jti',
|
|
'SLIDING_TOKEN_REFRESH_EXP_CLAIM': 'refresh_exp',
|
|
'SLIDING_TOKEN_LIFETIME': timedelta(minutes=5),
|
|
'SLIDING_TOKEN_REFRESH_LIFETIME': timedelta(days=1),
|
|
}
|
|
|
|
os.environ["DJANGO_ALLOW_ASYNC_UNSAFE"] = "true"
|
|
DEFAULT_FILE_STORAGE = 'sarex.core.storages.CustomS3Boto3Storage'
|
|
DATA_UPLOAD_MAX_MEMORY_SIZE = 268435456
|
|
|
|
if not os.environ.get('ISOLATED', False):
|
|
import sentry_sdk
|
|
from sentry_sdk.integrations.django import DjangoIntegration
|
|
|
|
sentry_sdk.init(
|
|
dsn="https://3df2f4b8d3d14595a06c92e9d7c562cb@sentry.io/1501541",
|
|
integrations=[DjangoIntegration()],
|
|
environment=os.environ.get('SENTRY_ENVIRONMENT', 'production'),
|
|
send_default_pii=True,
|
|
)
|
|
|
|
COMPARISON_API_URL = f"{os.environ.get('WORKFLOWSSETTINGS_HOST')}/comparisons"
|
|
DOCUMENTATION_API_URL = f"{os.environ.get('WORKFLOWSSETTINGS_HOST')}/documentations"
|
|
PDM_FILES_API_URL = f"{os.environ.get('WORKFLOWSSETTINGS_HOST')}/files"
|
|
|
|
WORKFLOWS_TASKS = {
|
|
"update_orthomosaic_data": {
|
|
"image": f"{os.environ.get('WORKFLOWSSETTINGS_REGISTRY')}/update-orthomosaic-data:dev",
|
|
"service_requests": ["django-auth"],
|
|
"backoff_limit": 3,
|
|
},
|
|
}
|
|
|
|
REST_FRAMEWORK = { 'DEFAULT_PAGINATION_CLASS': (
|
|
'rest_framework.pagination.LimitOffsetPagination' ),
|
|
'DEFAULT_SCHEMA_CLASS': 'rest_framework.schemas.coreapi.AutoSchema',
|
|
'PAGE_SIZE': 1000, 'DEFAULT_FILTER_BACKENDS': [
|
|
'django_filters.rest_framework.DjangoFilterBackend' ],
|
|
'DEFAULT_AUTHENTICATION_CLASSES': [
|
|
# 'sarex.authentication.backends.ZitadelJWTAuthentication',
|
|
'rest_framework.authentication.RemoteUserAuthentication',
|
|
'rest_framework_simplejwt.authentication.JWTAuthentication',
|
|
'rest_framework.authentication.BasicAuthentication',
|
|
'rest_framework.authentication.SessionAuthentication',
|
|
'sarex.authentication.backends.JWTAuthentication' ],
|
|
'DEFAULT_PERMISSION_CLASSES': [
|
|
'rest_framework.permissions.IsAuthenticated', ] }
|
|
|
|
AUTHENTICATION_BACKENDS = [
|
|
'sarex.authentication.backends.CustomRemoteUserBackend',
|
|
'django.contrib.auth.backends.ModelBackend',
|
|
'guardian.backends.ObjectPermissionBackend',
|
|
]
|
|
|
|
MIDDLEWARE = [
|
|
'django_prometheus.middleware.PrometheusBeforeMiddleware',
|
|
'django.middleware.security.SecurityMiddleware',
|
|
'django.contrib.sessions.middleware.SessionMiddleware',
|
|
'django.middleware.common.CommonMiddleware',
|
|
'django.middleware.csrf.CsrfViewMiddleware',
|
|
#'django_keycloak.middlewares.AuthorizationHeaderMiddleware',
|
|
#'django_keycloak.middlewares.KeycloakSessionMiddleware',
|
|
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
|
#'django.contrib.auth.middleware.RemoteUserMiddleware',
|
|
'django.contrib.messages.middleware.MessageMiddleware',
|
|
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
|
'django_user_agents.middleware.UserAgentMiddleware',
|
|
'simple_history.middleware.HistoryRequestMiddleware',
|
|
'django_prometheus.middleware.PrometheusAfterMiddleware', ]
|
|
|
|
|
|
class KeyCloakSettings(BaseSettings):
|
|
client_id: str = "client_id"
|
|
client_secret: str = "client_secret"
|
|
discovery_url: str = "https://login.wb.sarex.io/realms/sarex/.well-known/openid-configuration"
|
|
staff: Optional[str] = "Sarex staff"
|
|
superuser: Optional[str] = "Sarex superusers"
|
|
sync_with_django: bool = True
|
|
sync_admin: bool = False
|
|
group_prefix: str = 'Sarex-Role'
|
|
company_prefix: str = 'Sarex-Company'
|
|
department_prefix: str = 'Sarex-Department'
|
|
position_prefix: str = 'Sarex-Position'
|
|
separator: str = '__'
|
|
sync_user_groups: bool = False
|
|
sync_user_positions: bool = False
|
|
sync_user_departments: bool = False
|
|
sync_user_companies: bool = False
|
|
use_redirect_logout: bool = False
|
|
logout_redirect_uri: str = "/"
|
|
default_group_name: Optional[str] = 'Тест'
|
|
default_company_name: Optional[str] = 'Брусника'
|
|
trusted_uri: List[str] = ['/api/core/orthophotos/', '/api/token', '/api/token/me']
|
|
trusted_uri: List[str] = []
|
|
|
|
class Config:
|
|
env_prefix = "KC_"
|
|
|
|
|
|
KEYCLOAKSETTINGS = KeyCloakSettings()
|
|
|
|
REMOTE_USER_DEFAULT_COMPANY_ID = 1
|
|
SAREX_MODULES = [
|
|
{
|
|
"name": "Замечания",
|
|
"uri": "/remarks"
|
|
},
|
|
# {
|
|
# "name": "Управление проектами",
|
|
# "uri": "/management/projects",
|
|
# },
|
|
{
|
|
"name": "Замечания V2",
|
|
"uri": "/issues"
|
|
},
|
|
{
|
|
"name": "Документация",
|
|
"uri": "/documentations",
|
|
},
|
|
{
|
|
"name": "Согласование документов",
|
|
"uri": "/reviews"
|
|
},
|
|
{
|
|
"name": "Рабочие процессы",
|
|
"uri": "/processes"
|
|
},
|
|
{
|
|
"name": "Запросы",
|
|
"uri": "/rfi"
|
|
},
|
|
# {
|
|
# "name": "Обзор",
|
|
# "uri": "/projects"
|
|
# },
|
|
{
|
|
"name": "Передача документации",
|
|
"uri": "/transmittal"
|
|
},
|
|
]
|
|
AUTH_SETTINGS = {
|
|
"refresh_token": False,
|
|
"refresh_token_uri": "/api/token/me",
|
|
"refresh_oauth_token": True,
|
|
"refresh_oauth_token_uri": "/oauth/token",
|
|
"refresh_time": 240,
|
|
}
|
|
|
|
|
|
DEBUG=True
|
|
#WEB_APP_AUTH_MODE='jwt-session-based'
|
|
|
|
|
|
SAREX_MODULES_SETTINGS = {
|
|
"aero": {
|
|
"enable_new_media": True
|
|
},
|
|
"sso_logout_redirect": True
|
|
}
|