from coldfront.config.base import INSTALLED_APPS, MIDDLEWARE, AUTHENTICATION_BACKENDS from coldfront.config.env import ENV #------------------------------------------------------------------------------ # Enable OpenID Connect Authentication Backend #------------------------------------------------------------------------------ INSTALLED_APPS += [ 'mozilla_django_oidc', ] if ENV.bool('PLUGIN_MOKEY', default=False): #------------------------------------------------------------------------------ # Enable Mokey/Hydra OpenID Connect Authentication Backend #------------------------------------------------------------------------------ INSTALLED_APPS += [ 'coldfront.plugins.mokey_oidc', ] AUTHENTICATION_BACKENDS += [ 'coldfront.plugins.mokey_oidc.auth.OIDCMokeyAuthenticationBackend', ] else: AUTHENTICATION_BACKENDS += [ 'mozilla_django_oidc.auth.OIDCAuthenticationBackend', ] MIDDLEWARE += [ 'mozilla_django_oidc.middleware.SessionRefresh', ] OIDC_OP_JWKS_ENDPOINT = ENV.str('OIDC_OP_JWKS_ENDPOINT')
import os from split_settings.tools import optional, include from coldfront.config.env import ENV, PROJECT_ROOT # ColdFront split settings coldfront_configs = [ 'base.py', 'database.py', 'auth.py', 'logging.py', 'core.py', ] if ENV.bool('EMAIL_ENABLED', default=False): coldfront_configs.append('email.py') # ColdFront plugin settings plugin_configs = { 'PLUGIN_SLURM': 'plugins/slurm.py', 'PLUGIN_IQUOTA': 'plugins/iquota.py', 'PLUGIN_FREEIPA': 'plugins/freeipa.py', 'PLUGIN_SYSMON': 'plugins/system_montior.py', 'PLUGIN_XDMOD': 'plugins/xdmod.py', 'PLUGIN_AUTH_OIDC': 'plugins/openid.py', 'PLUGIN_AUTH_LDAP': 'plugins/ldap.py', 'PLUGIN_LDAP_USER_SEARCH': 'plugins/ldap_user_search.py', } # This allows plugins to be enabled via environment variables. Can alternatively # add the relevant configs to local_settings.py for key, pc in plugin_configs.items():
""" Base Django settings for ColdFront project. """ import os import coldfront from django.core.exceptions import ImproperlyConfigured from django.core.management.utils import get_random_secret_key from coldfront.config.env import ENV, PROJECT_ROOT #------------------------------------------------------------------------------ # Base Django config for ColdFront #------------------------------------------------------------------------------ VERSION = coldfront.VERSION BASE_DIR = PROJECT_ROOT() ALLOWED_HOSTS = ENV.list('ALLOWED_HOSTS', default=['*']) DEBUG = ENV.bool('DEBUG', default=False) WSGI_APPLICATION = 'coldfront.config.wsgi.application' ROOT_URLCONF = 'coldfront.config.urls' SECRET_KEY = ENV.str('SECRET_KEY', default='') if len(SECRET_KEY) == 0: SECRET_KEY = get_random_secret_key() #------------------------------------------------------------------------------ # Locale settings #------------------------------------------------------------------------------ LANGUAGE_CODE = ENV.str('LANGUAGE_CODE', default='en-us') TIME_ZONE = ENV.str('TIME_ZONE', default='America/New_York') USE_I18N = True USE_L10N = True USE_TZ = True
# Advanced ColdFront configurations #------------------------------------------------------------------------------ #------------------------------------------------------------------------------ # General Center Information #------------------------------------------------------------------------------ CENTER_NAME = ENV.str('CENTER_NAME', default='HPC Resources') CENTER_HELP_URL = ENV.str('CENTER_HELP_URL', default='') CENTER_PROJECT_RENEWAL_HELP_URL = ENV.str('CENTER_PROJECT_RENEWAL_HELP_URL', default='') CENTER_BASE_URL = ENV.str('CENTER_BASE_URL', default='') #------------------------------------------------------------------------------ # Enable Project Review #------------------------------------------------------------------------------ PROJECT_ENABLE_PROJECT_REVIEW = ENV.bool('PROJECT_ENABLE_PROJECT_REVIEW', default=True) #------------------------------------------------------------------------------ # Allocation related #------------------------------------------------------------------------------ ALLOCATION_ENABLE_CHANGE_REQUESTS_BY_DEFAULT = ENV.bool( 'ALLOCATION_ENABLE_CHANGE_REQUESTS', default=True) ALLOCATION_CHANGE_REQUEST_EXTENSION_DAYS = ENV.list( 'ALLOCATION_CHANGE_REQUEST_EXTENSION_DAYS', cast=int, default=[30, 60, 90]) ALLOCATION_ENABLE_ALLOCATION_RENEWAL = ENV.bool( 'ALLOCATION_ENABLE_ALLOCATION_RENEWAL', default=True) ALLOCATION_FUNCS_ON_EXPIRE = [ 'coldfront.core.allocation.utils.test_allocation_function', ] # This is in days
from coldfront.config.env import ENV from django.core.exceptions import ImproperlyConfigured try: import ldap except ImportError: raise ImproperlyConfigured('Please run: pip install ldap3') #------------------------------------------------------------------------------ # This enables searching for users via LDAP #------------------------------------------------------------------------------ LDAP_USER_SEARCH_SERVER_URI = ENV.str('LDAP_USER_SEARCH_SERVER_URI') LDAP_USER_SEARCH_BASE = ENV.str('LDAP_USER_SEARCH_BASE') LDAP_USER_SEARCH_BIND_DN = ENV.str('LDAP_USER_SEARCH_BIND_DN') LDAP_USER_SEARCH_BIND_PASSWORD = ENV.str('LDAP_USER_SEARCH_BIND_PASSWORD') LDAP_USER_SEARCH_CONNECT_TIMEOUT = ENV.float('LDAP_USER_SEARCH_CONNECT_TIMEOUT', default=2.5) LDAP_USER_SEARCH_USE_SSL = ENV.bool('LDAP_USER_SEARCH_USE_SSL', default=True) ADDITIONAL_USER_SEARCH_CLASSES = ['coldfront.plugins.ldap_user_search.utils.LDAPUserSearch',]
#------------------------------------------------------------------------------ # ColdFront default authentication settings #------------------------------------------------------------------------------ AUTHENTICATION_BACKENDS += [ 'django.contrib.auth.backends.ModelBackend', ] LOGIN_URL = '/user/login' LOGIN_REDIRECT_URL = '/' LOGOUT_REDIRECT_URL = '/' SU_LOGIN_CALLBACK = "coldfront.core.utils.common.su_login_callback" SU_LOGOUT_REDIRECT_URL = "/admin/auth/user/" SESSION_COOKIE_AGE = 60 * 15 SESSION_SAVE_EVERY_REQUEST = True SESSION_COOKIE_SAMESITE = 'Strict' SESSION_COOKIE_SECURE = True #------------------------------------------------------------------------------ # Enable administrators to login as other users #------------------------------------------------------------------------------ if ENV.bool('ENABLE_SU', default=True): AUTHENTICATION_BACKENDS += [ 'django_su.backends.SuBackend', ] INSTALLED_APPS.insert(0, 'django_su') TEMPLATES[0]['OPTIONS']['context_processors'].extend([ 'django_su.context_processors.is_su', ])
from django.core.exceptions import ImproperlyConfigured try: import ldap from django_auth_ldap.config import GroupOfNamesType, LDAPSearch except ImportError: raise ImproperlyConfigured( 'Please run: pip install ldap3 django_auth_ldap') #------------------------------------------------------------------------------ # LDAP user authentication using django-auth-ldap. This will enable LDAP # user/password logins. You can also override this in local_settings.py #------------------------------------------------------------------------------ AUTH_LDAP_SERVER_URI = ENV.str('AUTH_LDAP_SERVER_URI') AUTH_LDAP_USER_SEARCH_BASE = ENV.str('AUTH_LDAP_USER_SEARCH_BASE') AUTH_LDAP_START_TLS = ENV.bool('AUTH_LDAP_START_TLS', default=True) AUTH_LDAP_BIND_DN = ENV.str('AUTH_LDAP_BIND_DN', default='') AUTH_LDAP_BIND_PASSWORD = ENV.str('AUTH_LDAP_BIND_PASSWORD', default='') AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = ENV.bool( 'AUTH_LDAP_BIND_AS_AUTHENTICATING_USER', default=False) AUTH_LDAP_MIRROR_GROUPS = ENV.bool('AUTH_LDAP_MIRROR_GROUPS', default=True) AUTH_LDAP_GROUP_SEARCH_BASE = ENV.str('AUTH_LDAP_GROUP_SEARCH_BASE') AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER_SEARCH_BASE, ldap.SCOPE_ONELEVEL, '(uid=%(user)s)') AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_BASE, ldap.SCOPE_ONELEVEL, '(objectClass=groupOfNames)') AUTH_LDAP_GROUP_TYPE = GroupOfNamesType() AUTH_LDAP_USER_ATTR_MAP = ENV.dict('AUTH_LDAP_USER_ATTR_MAP', default={ 'username': '******',
from coldfront.config.env import ENV #------------------------------------------------------------------------------ # Email/Notification settings #------------------------------------------------------------------------------ EMAIL_ENABLED = ENV.bool('EMAIL_ENABLED', default=False) EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_HOST = ENV.str('EMAIL_HOST', default='localhost') EMAIL_PORT = ENV.int('EMAIL_PORT', default=25) EMAIL_HOST_USER = ENV.str('EMAIL_HOST_USER', default='') EMAIL_HOST_PASSWORD = ENV.str('EMAIL_HOST_PASSWORD', default='') EMAIL_USE_TLS = ENV.bool('EMAIL_USE_TLS', default=False) EMAIL_TIMEOUT = ENV.int('EMAIL_TIMEOUT', default=3) EMAIL_SUBJECT_PREFIX = ENV.str('EMAIL_SUBJECT_PREFIX', default='[ColdFront]') EMAIL_ADMIN_LIST = ENV.list('EMAIL_ADMIN_LIST') EMAIL_SENDER = ENV.str('EMAIL_SENDER') EMAIL_TICKET_SYSTEM_ADDRESS = ENV.str('EMAIL_TICKET_SYSTEM_ADDRESS') EMAIL_DIRECTOR_EMAIL_ADDRESS = ENV.str('EMAIL_DIRECTOR_EMAIL_ADDRESS') EMAIL_PROJECT_REVIEW_CONTACT = ENV.str('EMAIL_PROJECT_REVIEW_CONTACT') EMAIL_DEVELOPMENT_EMAIL_LIST = ENV.list('EMAIL_DEVELOPMENT_EMAIL_LIST') EMAIL_OPT_OUT_INSTRUCTION_URL = ENV.str('EMAIL_OPT_OUT_INSTRUCTION_URL', default='') EMAIL_ALLOCATION_EXPIRING_NOTIFICATION_DAYS = ENV.list( 'EMAIL_ALLOCATION_EXPIRING_NOTIFICATION_DAYS', cast=int, default=[7, 14, 30]) EMAIL_SIGNATURE = ENV.str('EMAIL_SIGNATURE', default='', multiline=True)
from django.core.exceptions import ImproperlyConfigured try: import ldap from django_auth_ldap.config import GroupOfNamesType, LDAPSearch except ImportError: raise ImproperlyConfigured( 'Please run: pip install ldap3 django_auth_ldap') #------------------------------------------------------------------------------ # LDAP user authentication using django-auth-ldap. This will enable LDAP # user/password logins. You can also override this in local_settings.py #------------------------------------------------------------------------------ AUTH_LDAP_SERVER_URI = ENV.str('AUTH_LDAP_SERVER_URI') AUTH_LDAP_USER_SEARCH_BASE = ENV.str('AUTH_LDAP_USER_SEARCH_BASE') AUTH_LDAP_START_TLS = ENV.bool('AUTH_LDAP_START_TLS', default=True) AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True AUTH_LDAP_MIRROR_GROUPS = ENV.bool('AUTH_LDAP_MIRROR_GROUPS', default=True) AUTH_LDAP_GROUP_SEARCH_BASE = ENV.str('AUTH_LDAP_GROUP_SEARCH_BASE') AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER_SEARCH_BASE, ldap.SCOPE_ONELEVEL, '(uid=%(user)s)') AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_BASE, ldap.SCOPE_ONELEVEL, '(objectClass=groupOfNames)') AUTH_LDAP_GROUP_TYPE = GroupOfNamesType() AUTH_LDAP_USER_ATTR_MAP = ENV.dict('AUTH_LDAP_USER_ATTR_MAP', default={ 'username': '******', 'first_name': 'givenName', 'last_name': 'sn', 'email': 'mail',