aboutsummaryrefslogtreecommitdiffstats
path: root/ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml')
-rw-r--r--ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml442
1 files changed, 442 insertions, 0 deletions
diff --git a/ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml b/ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml
new file mode 100644
index 0000000..79ad7b2
--- /dev/null
+++ b/ansible/roles/ansible-vvp-templates/files/configmaps/em-configmap.yaml
@@ -0,0 +1,442 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: em-settings
+ namespace: default
+data:
+ uwsgi.ini: |
+ [uwsgi]
+ uwsgi-socket = :80
+ plugin = python
+ chdir = /srv
+ module = vvp.wsgi:application
+ master = True
+ pidfile = /tmp/project-master.pid
+ vacuum = True
+ max-requests = 5000
+ enable-threads = True
+ stats = 0.0.0.0:9000
+ stats-http = True
+ __init__.py: |
+ """
+ Django settings for VVP project.
+
+ Environment variables that must exist:
+
+ ENVIRONMENT
+ SECRET_KEY
+ SECRET_WEBHOOK_TOKEN
+ SECRET_GITLAB_AUTH_TOKEN
+ SECRET_JENKINS_PASSWORD
+ SECRET_CMS_APP_CLIENT_ID
+ SECRET_CMS_APP_CLIENT_SECRET
+
+ Environment variables that must exist in production:
+
+ EMAIL_HOST
+ EMAIL_HOST_PASSWORD
+ EMAIL_HOST_USER
+ EMAIL_PORT
+
+ """
+
+ import os
+ from vvp.settings.envbool import envbool
+ from corsheaders.defaults import default_headers
+ from boto.s3.connection import OrdinaryCallingFormat
+ import datetime
+
+ # With this file at ice/settings/__init__.py, we need three applications of
+ # dirname() to find the project root.
+ import engagementmanager
+ PROJECT_PATH = os.path.dirname(os.path.dirname(engagementmanager.__file__))
+ LOGS_PATH = os.path.join(PROJECT_PATH, "logs")
+
+ ENVIRONMENT = os.environ['ENVIRONMENT']
+ PROGRAM_NAME_URL_PREFIX = os.environ['PROGRAM_NAME_URL_PREFIX']
+
+ # See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
+ SECRET_KEY = os.environ["SECRET_KEY"]
+
+ # https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts
+ # Anything in the Host header that does not match our expected domain should
+ # raise SuspiciousOperation exception.
+ ALLOWED_HOSTS = ['*']
+
+ DEBUG = envbool('DJANGO_DEBUG_MODE', False)
+
+ if ENVIRONMENT == 'production':
+ EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+ EMAIL_HOST = os.environ['EMAIL_HOST']
+ EMAIL_HOST_PASSWORD = os.environ['EMAIL_HOST_PASSWORD']
+ EMAIL_HOST_USER = os.environ['EMAIL_HOST_USER']
+ EMAIL_PORT = os.environ['EMAIL_PORT']
+ else:
+ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+
+ # Note: Only SSL email backends are allowed
+ EMAIL_USE_SSL = True
+
+ REST_FRAMEWORK = {
+ # Use Django's standard `django.contrib.auth` permissions,
+ # or allow read-only access for unauthenticated users.
+ 'EXCEPTION_HANDLER': 'engagementmanager.utils.exception_handler.ice_exception_handler',
+ 'PAGE_SIZE': 10,
+ 'DEFAULT_PERMISSION_CLASSES': (
+ 'rest_framework.permissions.IsAuthenticated',
+ ),
+ 'DEFAULT_AUTHENTICATION_CLASSES': (
+ 'rest_framework.authentication.SessionAuthentication',
+ 'rest_framework.authentication.BasicAuthentication',
+ 'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
+ ),
+ 'DEFAULT_PARSER_CLASSES': (
+ 'engagementmanager.rest.parsers.XSSJSONParser',
+ 'engagementmanager.rest.parsers.XSSFormParser',
+ 'engagementmanager.rest.parsers.XSSMultiPartParser',
+ )
+ }
+
+ JWT_AUTH = {
+ 'JWT_AUTH_HEADER_PREFIX': 'token',
+ 'JWT_ALGORITHM': 'HS256',
+ 'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),
+ 'JWT_DECODE_HANDLER': 'engagementmanager.utils.authentication.ice_jwt_decode_handler',
+ }
+
+ APPEND_SLASH = False
+
+ # Application definition
+ INSTALLED_APPS = [
+ 'django.contrib.auth', # required by d.c.admin
+ 'corsheaders',
+ 'django.contrib.contenttypes', # required by d.c.admin
+ 'django.contrib.sessions', # required by d.c.admin
+ 'django.contrib.messages', # required by d.c.admin
+ 'django.contrib.staticfiles',
+ 'django.contrib.admin', # django admin site
+ 'rest_framework',
+ 'engagementmanager.apps.EngagementmanagerConfig',
+ 'validationmanager.apps.ValidationmanagerConfig',
+ ]
+
+ MIDDLEWARE_CLASSES = [
+ 'django.middleware.security.SecurityMiddleware',
+ 'django.contrib.sessions.middleware.SessionMiddleware',
+ 'django.middleware.common.CommonMiddleware',
+ 'django.contrib.auth.middleware.AuthenticationMiddleware', # required by d.c.admin
+ 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
+ 'django.contrib.messages.middleware.MessageMiddleware',
+ 'django.middleware.clickjacking.XFrameOptionsMiddleware',
+ 'corsheaders.middleware.CorsMiddleware',
+ ]
+
+ ROOT_URLCONF = 'vvp.urls'
+
+ TEMPLATES = [
+ {
+ 'BACKEND': 'django.template.backends.django.DjangoTemplates',
+ 'DIRS': [PROJECT_PATH + '/web/templates'],
+ 'APP_DIRS': True,
+ 'OPTIONS': {
+ 'context_processors': [
+ 'django.template.context_processors.debug',
+ 'django.template.context_processors.request',
+ 'django.contrib.auth.context_processors.auth', # required by d.c.admin
+ 'django.contrib.messages.context_processors.messages', # required by d.c.admin
+ ],
+ },
+ },
+ ]
+
+ WSGI_APPLICATION = 'vvp.wsgi.application'
+
+
+ # Database
+ # https://docs.djangoproject.com/en/1.9/ref/settings/#databases
+ DATABASES = {
+ 'default': {
+ 'ENGINE': 'django.db.backends.postgresql',
+ 'NAME': os.environ['PGDATABASE'],
+ 'USER': os.environ['PGUSER'],
+ 'PASSWORD': os.environ['PGPASSWORD'],
+ 'HOST': os.environ['PGHOST'],
+ 'PORT': os.environ['PGPORT'],
+ }
+ }
+
+
+ # Password validation
+ # https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators
+ AUTH_PASSWORD_VALIDATORS = [
+ {'NAME': 'django.contrib.auth.password_validation.%s' % s} for s in [
+ 'UserAttributeSimilarityValidator',
+ 'MinimumLengthValidator',
+ 'CommonPasswordValidator',
+ 'NumericPasswordValidator',
+ ]]
+
+
+ # Internationalization
+ # https://docs.djangoproject.com/en/1.9/topics/i18n/
+ LANGUAGE_CODE = 'en-us'
+ TIME_ZONE = 'UTC'
+ USE_I18N = True
+ USE_L10N = True
+ USE_TZ = True
+
+ CORS_ALLOW_HEADERS = default_headers + ('ICE-USER-ID',)
+
+ # Static files (CSS, JavaScript, Images)
+ # https://docs.djangoproject.com/en/1.9/howto/static-files/
+ STATIC_ROOT = os.environ['STATIC_ROOT']
+
+
+ LOGGING = {
+ 'version': 1,
+ 'disable_existing_loggers': False,
+ 'formatters': { # All possible attributes are: https://docs.python.org/3/library/logging.html#logrecord-attributes
+ 'verbose': {
+ 'format': '%(asctime)s %(levelname)s %(name)s %(module)s %(lineno)d %(process)d %(thread)d %(message)s'
+ },
+ 'simple': {
+ 'format': '%(asctime)s %(levelname)s %(name)s %(message)s'
+ },
+ },
+ 'handlers': {
+ 'console': {
+ 'class': 'logging.StreamHandler',
+ 'formatter': 'simple'
+ },
+ 'vvp-info.log': {
+ 'level': 'INFO', # handler will ignore DEBUG (only process INFO, WARN, ERROR, CRITICAL, FATAL)
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-info.log'),
+ 'formatter': 'verbose'
+ },
+ 'vvp-debug.log': {
+ 'level': 'DEBUG',
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-debug.log'),
+ 'formatter': 'verbose'
+ },
+ 'vvp-requests.log': {
+ 'level': 'ERROR',
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-requests.log'),
+ 'formatter': 'verbose'
+ },
+ 'vvp-db.log': {
+ 'level': 'ERROR',
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-db.log'),
+ 'formatter': 'verbose',
+ },
+ },
+ 'loggers': {
+ 'vvp.logger': {
+ 'handlers': ['vvp-info.log', 'vvp-debug.log', 'vvp-requests.log', 'vvp-db.log', 'console'],
+ 'level': 'DEBUG' if DEBUG else 'INFO',
+ },
+ 'django': {
+ 'handlers': ['console'],
+ 'level': 'INFO' if DEBUG else 'ERROR',
+ },
+ 'django.request': {
+ 'handlers': ['vvp-requests.log', 'console'],
+ 'level': 'INFO' if DEBUG else 'ERROR',
+ },
+ 'django.db.backends': {
+ 'handlers': ['vvp-db.log', 'console'],
+ 'level': 'DEBUG' if DEBUG else 'ERROR',
+ 'propagate': False,
+ },
+ # silence the hundred lines of useless "missing variable in template"
+ # complaints per admin pageview.
+ 'django.template': {
+ 'level': 'DEBUG',
+ 'handlers': ['vvp-info.log', 'vvp-debug.log', 'console'],
+ 'propagate': False,
+ },
+ }
+ }
+
+
+ #############################
+ # VVP Related Configuration
+ #############################
+ CONTACT_FROM_ADDRESS = os.getenv('CONTACT_FROM_ADDRESS', 'dummy@example.com')
+ CONTACT_EMAILS = [s.strip() for s in os.getenv('CONTACT_EMAILS', 'dummy@example.com')
+ DOMAIN = os.getenv('EM_DOMAIN_NAME')
+ TOKEN_EXPIRATION_IN_HOURS = 48
+ DAILY_SCHEDULED_JOB_HOUR = 20
+ NUMBER_OF_POLLED_ACTIVITIES = 5
+ TEMP_PASSWORD_EXPIRATION_IN_HOURS = 48
+ # This is the DNS name pointing to the private-network ip of the host machine
+ # running (a haproxy that points to) (an nginx frontend for) this app
+ API_DOMAIN = 'em'
+
+ # The authentication token needed by Jenkins or Gitlab to issue webhook updates
+ # to us. This is a "secret" shared by Jenkins and Django. It must be part of
+ # the URL path component for the Jenkins webhook in ValidationManager to accept
+ # a notification. It should be a set of random URL-path-safe characters, with
+ # no slash '/'.
+ # FIXME: Does this authentication scheme actually gain us anything? What's the
+ # threat model
+ WEBHOOK_TOKEN = os.environ['SECRET_WEBHOOK_TOKEN']
+
+ # The authentication token and URL needed for us to issue requests to the GitLab API.
+ GITLAB_TOKEN = os.environ['SECRET_GITLAB_AUTH_TOKEN']
+ GITLAB_URL = "http://gitlab/"
+
+ JENKINS_URL = "http://jenkins:8080/"
+ JENKINS_USERNAME = "admin"
+ JENKINS_PASSWORD = os.environ['SECRET_JENKINS_PASSWORD']
+
+ IS_CL_CREATED_ON_REVIEW_STATE = envbool('IS_CL_CREATED_ON_REVIEW_STATE', False) # Options: True, False
+ IS_SIGNAL_ENABLED = envbool('IS_SIGNAL_ENABLED', True)
+ RECENT_ENG_TTL = 3 # In days
+ CMS_URL = "http://cms/api/"
+ CMS_APP_CLIENT_ID = os.environ['SECRET_CMS_APP_CLIENT_ID']
+ CMS_APP_CLIENT_SECRET = os.environ['SECRET_CMS_APP_CLIENT_SECRET']
+
+ # slack integration
+ SLACK_API_TOKEN = os.environ['SLACK_API_TOKEN']
+ ENGAGEMENTS_CHANNEL = os.getenv('ENGAGEMENTS_CHANNEL', '')
+ ENGAGEMENTS_NOTIFICATIONS_CHANNEL = os.getenv('ENGAGEMENTS_NOTIFICATIONS_CHANNEL:', '')
+ DEVOPS_CHANNEL = os.getenv('DEVOPS_CHANNEL', '')
+ DEVOPS_NOTIFICATIONS_CHANNEL = os.getenv('DEVOPS_NOTIFICATIONS_CHANNEL', '')
+
+ # S3 configuration for static resources storage and media upload
+
+ # used by our custom storage.py
+ MEDIA_BUCKET = "em-media"
+ STATIC_BUCKET = "em-static"
+
+ # django-storages configuration
+ AWS_S3_HOST = os.environ['S3_HOST']
+ AWS_S3_PORT = int(os.environ['S3_PORT'])
+ AWS_S3_CUSTOM_DOMAIN = os.environ['S3_HOST']
+ AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID']
+ AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY']
+ AWS_AUTO_CREATE_BUCKET = True
+ AWS_PRELOAD_METADATA = True
+
+ # Set by custom subclass.
+ # AWS_STORAGE_BUCKET_NAME = "em-static"
+ AWS_S3_CALLING_FORMAT = OrdinaryCallingFormat()
+ DEFAULT_FILE_STORAGE = 'vvp.settings.storage.S3MediaStorage'
+ STATICFILES_STORAGE = 'vvp.settings.storage.S3StaticStorage'
+
+ # These seem to have no effect even when we don't override with custom_domain?
+ STATIC_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, STATIC_BUCKET)
+ MEDIA_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, MEDIA_BUCKET)
+
+ STATIC_ROOT = os.environ['STATIC_ROOT']
+
+ storage.py: |
+ """
+ storage.py
+
+ In order to make Django store trusted static files and untrusted media
+ (user-uploaded) files in separate s3 buckets, we must create two different
+ storage classes.
+
+ https://www.caktusgroup.com/blog/2014/11/10/Using-Amazon-S3-to-store-your-Django-sites-static-and-media-files/
+ http://www.leehodgkinson.com/blog/my-mezzanine-s3-setup/
+
+ """
+
+ # FIXME this module never changes so might not need not be kept in a
+ # configmap. Also it is (almost) the same as what we use in cms.
+
+ # There is a newer storage based on boto3 but that doesn't support changing
+ # the HOST, as we need to for non-amazon s3 services. It does support an
+ # "endpoint"; setting AWS_S3_ENDPOINT_URL may cause it to work.
+ from storages.backends.s3boto import S3BotoStorage
+ from django.conf import settings
+
+
+ # NOTE for some reason, collectstatic uploads to bucket/location but the
+ # urls constructed are domain/location
+ class S3StaticStorage(S3BotoStorage):
+ custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.STATIC_BUCKET)
+ bucket_name = settings.STATIC_BUCKET
+ # location = ...
+
+
+ class S3MediaStorage(S3BotoStorage):
+ custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.MEDIA_BUCKET)
+ bucket_name = settings.MEDIA_BUCKET
+ # location = ...
+
+ envbool.py: |
+ """
+ envbool.py
+
+ Return which environment is currently running on (to setting.py).
+
+ """
+ import os
+
+
+ def envbool(key, default=False, unknown=True):
+ """Return a boolean value based on that of an environment variable.
+
+ Environment variables have no native boolean type. They are always strings, and may be empty or
+ unset (which differs from empty.) Furthermore, notions of what is "truthy" in shell script
+ differ from that of python.
+
+ This function converts environment variables to python boolean True or False in
+ case-insensitive, expected ways to avoid pitfalls:
+
+ "True", "true", and "1" become True
+ "False", "false", and "0" become False
+ unset or empty becomes False by default (toggle with 'default' parameter.)
+ any other value becomes True by default (toggle with 'unknown' parameter.)
+
+ """
+ return {
+ 'true': True, '1': True, # 't': True,
+ 'false': False, '0': False, # 'f': False.
+ '': default,
+ }.get(os.getenv(key, '').lower(), unknown)