summaryrefslogtreecommitdiffstats
path: root/kubernetes/vvp/charts/vvp-em-uwsgi/resources
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/vvp/charts/vvp-em-uwsgi/resources')
-rw-r--r--kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/__init__.py332
-rw-r--r--kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/envbool.py44
-rw-r--r--kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/gunicorn.ini20
-rw-r--r--kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/storage.py48
4 files changed, 444 insertions, 0 deletions
diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/__init__.py b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/__init__.py
new file mode 100644
index 0000000000..ed57ca604d
--- /dev/null
+++ b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/__init__.py
@@ -0,0 +1,332 @@
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+Django settings for VVP project.
+
+Environment variables that must exist:
+
+ ENVIRONMENT
+ SECRET_KEY
+ SECRET_WEBHOOK_TOKEN
+ SECRET_GITLAB_AUTH_TOKEN
+ SECRET_JENKINS_PASSWORD
+ SECRET_CMS_APP_CLIENT_ID
+ SECRET_CMS_APP_CLIENT_SECRET
+
+Environment variables that must exist in production:
+
+ EMAIL_HOST
+ EMAIL_HOST_PASSWORD
+ EMAIL_HOST_USER
+ EMAIL_PORT
+
+"""
+
+import os
+from vvp.settings.envbool import envbool
+from corsheaders.defaults import default_headers
+from boto.s3.connection import OrdinaryCallingFormat
+import datetime
+
+# With this file at ice/settings/__init__.py, we need three applications of
+# dirname() to find the project root.
+import engagementmanager
+PROJECT_PATH = os.path.dirname(os.path.dirname(engagementmanager.__file__))
+LOGS_PATH = os.path.join(PROJECT_PATH, "logs")
+
+ENVIRONMENT = os.environ['ENVIRONMENT']
+PROGRAM_NAME_URL_PREFIX = os.environ['PROGRAM_NAME_URL_PREFIX']
+SERVICE_PROVIDER = os.environ['SERVICE_PROVIDER']
+PROGRAM_NAME = os.environ['PROGRAM_NAME']
+SERVICE_PROVIDER_DOMAIN = os.environ['SERVICE_PROVIDER_DOMAIN']
+
+# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
+SECRET_KEY = os.environ["SECRET_KEY"]
+
+# https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts
+# Anything in the Host header that does not match our expected domain should
+# raise SuspiciousOperation exception.
+ALLOWED_HOSTS = ['*']
+
+DEBUG = envbool('DJANGO_DEBUG_MODE', False)
+
+if ENVIRONMENT == 'production':
+ EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+ EMAIL_HOST = os.environ['EMAIL_HOST']
+ EMAIL_HOST_PASSWORD = os.environ['EMAIL_HOST_PASSWORD']
+ EMAIL_HOST_USER = os.environ['EMAIL_HOST_USER']
+ EMAIL_PORT = os.environ['EMAIL_PORT']
+else:
+ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+
+# Note: Only SSL email backends are allowed
+EMAIL_USE_SSL = True
+
+REST_FRAMEWORK = {
+ # Use Django's standard `django.contrib.auth` permissions,
+ # or allow read-only access for unauthenticated users.
+ 'EXCEPTION_HANDLER': 'engagementmanager.utils.exception_handler.ice_exception_handler',
+ 'PAGE_SIZE': 10,
+ 'DEFAULT_PERMISSION_CLASSES': (
+ 'rest_framework.permissions.IsAuthenticated',
+ ),
+ 'DEFAULT_AUTHENTICATION_CLASSES': (
+ 'rest_framework.authentication.SessionAuthentication',
+ 'rest_framework.authentication.BasicAuthentication',
+ 'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
+ ),
+ 'DEFAULT_PARSER_CLASSES': (
+ 'engagementmanager.rest.parsers.XSSJSONParser',
+ 'engagementmanager.rest.parsers.XSSFormParser',
+ 'engagementmanager.rest.parsers.XSSMultiPartParser',
+ )
+}
+
+JWT_AUTH = {
+ 'JWT_AUTH_HEADER_PREFIX': 'token',
+ 'JWT_ALGORITHM': 'HS256',
+ 'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),
+ 'JWT_DECODE_HANDLER': 'engagementmanager.utils.authentication.ice_jwt_decode_handler',
+}
+
+APPEND_SLASH = False
+
+# Application definition
+INSTALLED_APPS = [
+ 'django.contrib.auth', # required by d.c.admin
+ 'corsheaders',
+ 'django.contrib.contenttypes', # required by d.c.admin
+ 'django.contrib.sessions', # required by d.c.admin
+ 'django.contrib.messages', # required by d.c.admin
+ 'django.contrib.staticfiles',
+ 'django.contrib.admin', # django admin site
+ 'rest_framework',
+ 'engagementmanager.apps.EngagementmanagerConfig',
+ 'validationmanager.apps.ValidationmanagerConfig',
+]
+
+MIDDLEWARE_CLASSES = [
+ 'django.middleware.security.SecurityMiddleware',
+ 'django.contrib.sessions.middleware.SessionMiddleware',
+ 'django.middleware.common.CommonMiddleware',
+ 'django.contrib.auth.middleware.AuthenticationMiddleware', # required by d.c.admin
+ 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
+ 'django.contrib.messages.middleware.MessageMiddleware',
+ 'django.middleware.clickjacking.XFrameOptionsMiddleware',
+ 'corsheaders.middleware.CorsMiddleware',
+]
+
+ROOT_URLCONF = 'vvp.urls'
+
+TEMPLATES = [
+ {
+ 'BACKEND': 'django.template.backends.django.DjangoTemplates',
+ 'DIRS': [PROJECT_PATH + '/web/templates'],
+ 'APP_DIRS': True,
+ 'OPTIONS': {
+ 'context_processors': [
+ 'django.template.context_processors.debug',
+ 'django.template.context_processors.request',
+ 'django.contrib.auth.context_processors.auth', # required by d.c.admin
+ 'django.contrib.messages.context_processors.messages', # required by d.c.admin
+ ],
+ },
+ },
+]
+
+WSGI_APPLICATION = 'vvp.wsgi.application'
+
+
+# Database
+# https://docs.djangoproject.com/en/1.9/ref/settings/#databases
+DATABASES = {
+ 'default': {
+ 'ENGINE': 'django.db.backends.postgresql',
+ 'NAME': os.environ['PGDATABASE'],
+ 'USER': os.environ['PGUSER'],
+ 'PASSWORD': os.environ['PGPASSWORD'],
+ 'HOST': os.environ['PGHOST'],
+ 'PORT': os.environ['PGPORT'],
+ }
+}
+
+
+# Password validation
+# https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators
+AUTH_PASSWORD_VALIDATORS = [
+ {'NAME': 'django.contrib.auth.password_validation.%s' % s} for s in [
+ 'UserAttributeSimilarityValidator',
+ 'MinimumLengthValidator',
+ 'CommonPasswordValidator',
+ 'NumericPasswordValidator',
+ ]]
+
+
+# Internationalization
+# https://docs.djangoproject.com/en/1.9/topics/i18n/
+LANGUAGE_CODE = 'en-us'
+TIME_ZONE = 'UTC'
+USE_I18N = True
+USE_L10N = True
+USE_TZ = True
+
+CORS_ALLOW_HEADERS = default_headers + ('ICE-USER-ID',)
+
+# Static files (CSS, JavaScript, Images)
+# https://docs.djangoproject.com/en/1.9/howto/static-files/
+STATIC_ROOT = os.environ['STATIC_ROOT']
+
+
+LOGGING = {
+ 'version': 1,
+ 'disable_existing_loggers': False,
+ 'formatters': { # All possible attributes are: https://docs.python.org/3/library/logging.html#logrecord-attributes
+ 'verbose': {
+ 'format': '%(asctime)s %(levelname)s %(name)s %(module)s %(lineno)d %(process)d %(thread)d %(message)s'
+ },
+ 'simple': {
+ 'format': '%(asctime)s %(levelname)s %(name)s %(message)s'
+ },
+ },
+ 'handlers': {
+ 'console': {
+ 'class': 'logging.StreamHandler',
+ 'formatter': 'simple'
+ },
+ 'vvp-info.log': {
+ 'level': 'INFO', # handler will ignore DEBUG (only process INFO, WARN, ERROR, CRITICAL, FATAL)
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-info.log'),
+ 'formatter': 'verbose'
+ },
+ 'vvp-debug.log': {
+ 'level': 'DEBUG',
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-debug.log'),
+ 'formatter': 'verbose'
+ },
+ 'vvp-requests.log': {
+ 'level': 'ERROR',
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-requests.log'),
+ 'formatter': 'verbose'
+ },
+ 'vvp-db.log': {
+ 'level': 'ERROR',
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-db.log'),
+ 'formatter': 'verbose',
+ },
+ },
+ 'loggers': {
+ 'vvp.logger': {
+ 'handlers': ['vvp-info.log', 'vvp-debug.log', 'vvp-requests.log', 'vvp-db.log', 'console'],
+ 'level': 'DEBUG' if DEBUG else 'INFO',
+ },
+ 'django': {
+ 'handlers': ['console'],
+ 'level': 'INFO' if DEBUG else 'ERROR',
+ },
+ 'django.request': {
+ 'handlers': ['vvp-requests.log', 'console'],
+ 'level': 'INFO' if DEBUG else 'ERROR',
+ },
+ 'django.db.backends': {
+ 'handlers': ['vvp-db.log', 'console'],
+ 'level': 'DEBUG' if DEBUG else 'ERROR',
+ 'propagate': False,
+ },
+ # silence the hundred lines of useless "missing variable in template"
+ # complaints per admin pageview.
+ 'django.template': {
+ 'level': 'DEBUG',
+ 'handlers': ['vvp-info.log', 'vvp-debug.log', 'console'],
+ 'propagate': False,
+ },
+ }
+}
+
+
+#############################
+# VVP Related Configuration
+#############################
+CONTACT_FROM_ADDRESS = os.getenv('CONTACT_FROM_ADDRESS', 'dummy@example.com')
+CONTACT_EMAILS = [s.strip() for s in os.getenv('CONTACT_EMAILS', 'user@example.com').split(',') if s]
+DOMAIN = os.getenv('EM_DOMAIN_NAME')
+TOKEN_EXPIRATION_IN_HOURS = 48
+DAILY_SCHEDULED_JOB_HOUR = 20
+NUMBER_OF_POLLED_ACTIVITIES = 5
+TEMP_PASSWORD_EXPIRATION_IN_HOURS = 48
+# This is the DNS name pointing to the private-network ip of the host machine
+# running (a haproxy that points to) (an nginx frontend for) this app
+API_DOMAIN = 'em'
+
+# The authentication token needed by Jenkins or Gitlab to issue webhook updates
+# to us. This is a "secret" shared by Jenkins and Django. It must be part of
+# the URL path component for the Jenkins webhook in ValidationManager to accept
+# a notification. It should be a set of random URL-path-safe characters, with
+# no slash '/'.
+# FIXME: Does this authentication scheme actually gain us anything? What's the
+# threat model
+WEBHOOK_TOKEN = os.environ['SECRET_WEBHOOK_TOKEN']
+
+# The authentication token and URL needed for us to issue requests to the GitLab API.
+GITLAB_TOKEN = os.environ['SECRET_GITLAB_AUTH_TOKEN']
+GITLAB_URL = "http://vvp-gitlab/"
+
+JENKINS_URL = "http://vvp-jenkins:8080/"
+JENKINS_USERNAME = "admin"
+JENKINS_PASSWORD = os.environ['SECRET_JENKINS_PASSWORD']
+
+IS_CL_CREATED_ON_REVIEW_STATE = envbool('IS_CL_CREATED_ON_REVIEW_STATE', False) # Options: True, False
+IS_SIGNAL_ENABLED = envbool('IS_SIGNAL_ENABLED', True)
+RECENT_ENG_TTL = 3 # In days
+CMS_URL = "http://vvp-cms-uwsgi/api/"
+CMS_APP_CLIENT_ID = os.environ['SECRET_CMS_APP_CLIENT_ID']
+CMS_APP_CLIENT_SECRET = os.environ['SECRET_CMS_APP_CLIENT_SECRET']
+
+# slack integration
+SLACK_API_TOKEN = os.environ['SLACK_API_TOKEN']
+ENGAGEMENTS_CHANNEL = os.getenv('ENGAGEMENTS_CHANNEL', '')
+ENGAGEMENTS_NOTIFICATIONS_CHANNEL = os.getenv('ENGAGEMENTS_NOTIFICATIONS_CHANNEL:', '')
+DEVOPS_CHANNEL = os.getenv('DEVOPS_CHANNEL', '')
+DEVOPS_NOTIFICATIONS_CHANNEL = os.getenv('DEVOPS_NOTIFICATIONS_CHANNEL', '')
+
+# S3 configuration for static resources storage and media upload
+
+# used by our custom storage.py
+MEDIA_BUCKET = "em-media"
+STATIC_BUCKET = "em-static"
+
+# django-storages configuration
+AWS_S3_HOST = os.environ['S3_HOST']
+AWS_S3_PORT = int(os.environ['S3_PORT'])
+AWS_S3_CUSTOM_DOMAIN = os.environ['S3_HOST']
+AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID']
+AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY']
+AWS_AUTO_CREATE_BUCKET = True
+AWS_PRELOAD_METADATA = True
+
+# Set by custom subclass.
+# AWS_STORAGE_BUCKET_NAME = "em-static"
+AWS_S3_CALLING_FORMAT = OrdinaryCallingFormat()
+DEFAULT_FILE_STORAGE = 'vvp.settings.storage.S3MediaStorage'
+STATICFILES_STORAGE = 'vvp.settings.storage.S3StaticStorage'
+
+# These seem to have no effect even when we don't override with custom_domain?
+STATIC_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, STATIC_BUCKET)
+MEDIA_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, MEDIA_BUCKET)
+
+STATIC_ROOT = os.environ['STATIC_ROOT']
diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/envbool.py b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/envbool.py
new file mode 100644
index 0000000000..31f4385d16
--- /dev/null
+++ b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/envbool.py
@@ -0,0 +1,44 @@
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+envbool.py
+
+Return which environment is currently running on (to setting.py).
+
+"""
+import os
+
+
+def envbool(key, default=False, unknown=True):
+ """Return a boolean value based on that of an environment variable.
+
+ Environment variables have no native boolean type. They are always strings, and may be empty or
+ unset (which differs from empty.) Furthermore, notions of what is "truthy" in shell script
+ differ from that of python.
+
+ This function converts environment variables to python boolean True or False in
+ case-insensitive, expected ways to avoid pitfalls:
+
+ "True", "true", and "1" become True
+ "False", "false", and "0" become False
+ unset or empty becomes False by default (toggle with 'default' parameter.)
+ any other value becomes True by default (toggle with 'unknown' parameter.)
+
+ """
+ return {
+ 'true': True, '1': True, # 't': True,
+ 'false': False, '0': False, # 'f': False.
+ '': default,
+ }.get(os.getenv(key, '').lower(), unknown)
diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/gunicorn.ini b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/gunicorn.ini
new file mode 100644
index 0000000000..29cca7db93
--- /dev/null
+++ b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/gunicorn.ini
@@ -0,0 +1,20 @@
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+bind = ":80"
+chdir = '/srv'
+pidfile = '/tmp/ice-project-master.pid'
+backlog = '5000'
+errorlog = '-'
+loglevel = 'info'
diff --git a/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/storage.py b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/storage.py
new file mode 100644
index 0000000000..c76046a329
--- /dev/null
+++ b/kubernetes/vvp/charts/vvp-em-uwsgi/resources/config/em/storage.py
@@ -0,0 +1,48 @@
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+storage.py
+
+In order to make Django store trusted static files and untrusted media
+(user-uploaded) files in separate s3 buckets, we must create two different
+storage classes.
+
+https://www.caktusgroup.com/blog/2014/11/10/Using-Amazon-S3-to-store-your-Django-sites-static-and-media-files/
+http://www.leehodgkinson.com/blog/my-mezzanine-s3-setup/
+
+"""
+
+# FIXME this module never changes so might not need not be kept in a
+# configmap. Also it is (almost) the same as what we use in cms.
+
+# There is a newer storage based on boto3 but that doesn't support changing
+# the HOST, as we need to for non-amazon s3 services. It does support an
+# "endpoint"; setting AWS_S3_ENDPOINT_URL may cause it to work.
+from storages.backends.s3boto import S3BotoStorage
+from django.conf import settings
+
+
+# NOTE for some reason, collectstatic uploads to bucket/location but the
+# urls constructed are domain/location
+class S3StaticStorage(S3BotoStorage):
+ custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.STATIC_BUCKET)
+ bucket_name = settings.STATIC_BUCKET
+ # location = ...
+
+
+class S3MediaStorage(S3BotoStorage):
+ custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.MEDIA_BUCKET)
+ bucket_name = settings.MEDIA_BUCKET
+ # location = ...