Skip to content

Latest commit

 

History

History
120 lines (79 loc) · 10.2 KB

config.adoc

File metadata and controls

120 lines (79 loc) · 10.2 KB

Configuration

The service can be configured by setting various environment variables.

Table of Contents

Standard Django configuration

The following environment variables set directly the Django setting with the same name:

The following environment variables can be used to affect some standard Django settings, but somewhat indirectly:

  • CACHE_URL: Configures the "default" cache using Django-environ. Default is "locmemcache://".

  • DATABASE_URL: Configures the "default" database connection using Django-environ. Default is "postgres://open_city_profile:open_city_profile@localhost/open_city_profile".

  • EMAIL_URL: Configures email for Django using Django-environ. Default is "consolemail://".

  • VAR_ROOT: Provides a base path for the MEDIA_ROOT and STATIC_ROOT Django settings. MEDIA_ROOT will be set to ${VAR_ROOT}/media and STATIC_ROOT to ${VAR_ROOT}/static. If run with Docker (determined by checking that the project is in an /app directory), VAR_ROOT defaults to /var. Otherwise it defaults to a path called var under the project directory.

Authentication and authorization

This project uses Django-helusers for doing authentication. The following environment variables correspond directly to Django-helusers settings:

  • TOKEN_AUTH_ACCEPTED_AUDIENCE: Corresponds to OIDC_API_TOKEN_AUTH.AUDIENCE. Default is empty.

  • TOKEN_AUTH_ACCEPTED_SCOPE_PREFIX: Corresponds to OIDC_API_TOKEN_AUTH. API_SCOPE_PREFIX. Default is empty.

  • TOKEN_AUTH_REQUIRE_SCOPE: Corresponds to OIDC_API_TOKEN_AUTH. REQUIRE_API_SCOPE_FOR_AUTHENTICATION. Default is False.

The following environment variables configure authentication or authorization in other ways:

  • TOKEN_AUTH_AUTHSERVER_URL: Sets the "main" authentication server’s URL. The URL needs to be exactly what the authentication server reports as its issuer value. Default is empty.

  • ADDITIONAL_AUTHSERVER_URLS: Sets additional authentication server URLs as a list of strings. JWTs signed by these servers are accepted for authentication. The URLs need to be exactly what the authentication servers report as their issuer value. Default is empty list.

  • VERIFIED_PERSONAL_INFORMATION_ACCESS_AMR_LIST: Can be used to limit staff users access to verified personal information fields for only those that have authenticated using certain authentication method (Denoted by the "amr" claim in the authentication token). If empty, access is not limited. Default is empty list.

It’s possible to configure open-city-profile to communicate with a Keycloak instance. User data gets synchronised into the Keycloak instance. The Keycloak instance can simultaneously act as an authentication server but it doesn’t have to. All the following settings are needed — if any are missing, then the communication with Keycloak feature is disabled.

  • KEYCLOAK_BASE_URL: The base URL of the Keycloak server, including any configured context path.

  • KEYCLOAK_REALM: The name of the Keycloak realm to use.

  • KEYCLOAK_CLIENT_ID: Authentication to the Keycloak instance happens using a service account. This is the client id.

  • KEYCLOAK_CLIENT_SECRET: …​and this is the client secret.

Application logging

Application logs are output to stderr.

  • OPEN_CITY_PROFILE_LOG_LEVEL: sets logging level. Use any string representation of a Python logging level. Default is "DEBUG" if Django’s DEBUG setting is on, otherwise it’s "INFO".

Audit events

Profile data access produces audit events. Audit events may be output to multiple destinations. The destinations can be enabled individually. By default all outputs are disabled.

Database output

  • AUDIT_LOG_TO_DB_ENABLED: enable audit logging to database by setting to True. Default is False.

Python logger output

Output as JSON using the Python logging module.

  • AUDIT_LOG_TO_LOGGER_ENABLED: enable audit logging to logger by setting to True. Default is False.

  • AUDIT_LOG_LOGGER_FILENAME: by default logger output is sent to stdout. It’s possible to send the output to a file instead, by giving a filename with this setting. The filename may be randomized by including capital "X" characters in it. The "X"s get replaced by random characters.

Database encryption

Django-searchable-encrypted-fields library is used to encrypt some data in the database. Read that library’s documentation to learn what needs to be considered when handling these encryption keys and other values.

  • FIELD_ENCRYPTION_KEYS: Used to encrypt/decrypt some data in the database. Corresponds directly to the setting with same name in django-searchable-encrypted-fields. Must be set to a valid value.

  • SALT_NATIONAL_IDENTIFICATION_NUMBER: Used as additional salt in calculating search keys for the national identification number field in Profile. Given as the hash_key argument to django-searchable-encrypted-fields’s SearchField instance. If not given and DEBUG is True, defaults to "DEBUG_SALT".

GDPR API

GDPR API functionality needs to communicate with an authentication server. The implementation can use Tunnistamo and/or Keycloak depending on the connected services.

The following settings are required when there are services that are connected to Tunnistamo:

  • TOKEN_AUTH_AUTHSERVER_URL: The authentication server. Needs to point to the correct Tunnistamo instance.

  • OIDC_CLIENT_ID: Client id to use in the authorization code flow

  • OIDC_CLIENT_SECRET: Client secret to use in the authorization code flow

  • TUNNISTAMO_API_TOKENS_URL: Tunnistamo URL from which the backend will fetch API tokens for GDPR API use

Required environment variables when there are services that are connected only to Keycloak:

  • KEYCLOAK_BASE_URL and KEYCLOAK_REALM: Described above

  • KEYCLOAK_GDPR_CLIENT_ID: Client id to use in the authorization code flow.

  • KEYCLOAK_GDPR_CLIENT_SECRET: Client secret to use in the authorization code flow.

Common environment variable that is required in either case:

  • GDPR_AUTH_CALLBACK_URL: Callback URL should be the same which is used by the UI for fetching OAuth/OIDC authorization token for using the GDPR API.

Feature flags

  • ENABLE_GRAPHIQL: Enables GraphiQL testing user interface. If DEBUG is True, this setting has no effect and GraphiQL is always enabled. Default is False.

  • ENABLE_GRAPHQL_INTROSPECTION: Enables GraphQL introspection queries. If DEBUG is True, this setting has no effect and introspection queries are always enabled. Default is False.

  • USE_X_FORWARDED_FOR: Affects the way how a requester’s IP address is figured out. If set to True, the X-Forwarded-For HTTP header is used as one option. Default is False.

Sentry

It’s possible to report errors to Sentry.

  • SENTRY_DSN: Sets the Sentry DSN. If this is not set, nothing is sent to Sentry.

  • SENTRY_ENVIRONMENT: Sets the Sentry environment. Default is "development".

  • COMMIT_HASH: Sets the Sentry release. See COMMIT_HASH in Miscellaneous. If COMMIT_HASH is not set, set module version instead.

Miscellaneous

  • COMMIT_HASH: Sets a commit hash of the installation. Default is empty string.

  • TEMPORARY_PROFILE_READ_ACCESS_TOKEN_VALIDITY_MINUTES: For how long a temporary profile read access token is valid after creation. Value is in minutes. Default is 48 hours.