class AWS:
"""AWS configuration"""
# If you all you know is the queue *name* and its AWS region,
# make the URL be:
# aws://https://sqs.$NAME_OF_REGION.amazonaws.com/$NAME_OF_QUEUE
SQS_QUEUE_URL = values.URLValue(
'https://sqs.us-west-2.amazonaws.com/927034868273/buildhub-s3-events')
S3_BUCKET_URL = values.URLValue(
'https://s3-us-west-2.amazonaws.com/buildhub-sqs-test')
# For more details, see:
# http://boto3.readthedocs.io/en/latest/reference/services/sqs.html#SQS.Queue.receive_messages
# The duration (in seconds) for which the call waits for a message
# to arrive in the queue before returning.
SQS_QUEUE_WAIT_TIME_SECONDS = values.IntegerValue(10)
# The duration (in seconds) that the received messages are hidden
# from subsequent retrieve requests after being retrieved by
# a ReceiveMessage request.
# Note! This only really matters when multiple concurrent consumers run
# daemons that consume the queue.
SQS_QUEUE_VISIBILITY_TIMEOUT = values.IntegerValue(5)
# The maximum number of messages to return.
# Valid values are 1 to 10. Default is 1.
SQS_QUEUE_MAX_NUMBER_OF_MESSAGES = values.IntegerValue(1)
class HerokuPostmark(Heroku):
SECRET_URLS = values.DictValue({
"admin": "admin",
"postmark_inbound": "postmark_inbound",
"postmark_bounce": "postmark_bounce"
})
FOI_EMAIL_TEMPLATE = values.Value('request+{secret}@{domain}')
FOI_EMAIL_DOMAIN = values.Value('inbound.postmarkapp.com')
SERVER_EMAIL = values.Value(os_env('POSTMARK_INBOUND_ADDRESS'))
DEFAULT_FROM_EMAIL = values.Value(os_env('POSTMARK_INBOUND_ADDRESS'))
# Official Notification Mail goes through
# the normal Django SMTP Backend
EMAIL_HOST = os_env('POSTMARK_SMTP_SERVER')
EMAIL_PORT = values.IntegerValue(2525)
EMAIL_HOST_USER = os_env('POSTMARK_API_KEY')
EMAIL_HOST_PASSWORD = os_env('POSTMARK_API_KEY')
EMAIL_USE_TLS = values.BooleanValue(True)
# SMTP settings for sending FoI mail
FOI_EMAIL_FIXED_FROM_ADDRESS = values.BooleanValue(False)
FOI_EMAIL_HOST_FROM = os_env('POSTMARK_INBOUND_ADDRESS')
FOI_EMAIL_HOST_USER = os_env('POSTMARK_API_KEY')
FOI_EMAIL_HOST_PASSWORD = os_env('POSTMARK_API_KEY')
FOI_EMAIL_HOST = os_env('POSTMARK_SMTP_SERVER')
FOI_EMAIL_PORT = values.IntegerValue(2525)
FOI_EMAIL_USE_TLS = values.BooleanValue(True)
class _Gunicorn:
"""Configure Gunicorn"""
# As whom Gunicorn should run the server
GUNICORN_USER = values.Value(environ_prefix=None)
GUNICORN_GROUP = values.Value(environ_prefix=None)
# Path to Gunicorn
GUNICORN_PATH = values.PathValue('~/.virtualenvs/pactf/bin/gunicorn',
environ_prefix=None,
check_exists=False)
# Whether to use a socket or serve directly to an address
GUNICORN_USE_SOCKFILE = values.BooleanValue(False, environ_prefix=None)
# Socket to communicate with
GUNICORN_SOCKFILE = values.PathValue(join(BASE_DIR, 'run',
'gunicorn.sock'),
environ_prefix=None,
check_exists=False)
# Url to directly serve to
GUNICORN_IP = values.IPValue('127.0.0.1', environ_prefix=None)
GUNICORN_PORT = values.IntegerValue(8001, environ_prefix=None)
# Number of worker processes Gunicorn should spawn
GUNICORN_NUM_WORKERS = values.IntegerValue(1, environ_prefix=None)
class BigQuery:
BQ_ENABLED = values.BooleanValue(False)
BQ_PROJECT_ID = values.Value("")
BQ_DATASET_ID = values.Value("buildhub2")
BQ_TABLE_ID = values.Value("builds")
BQ_REBUILD_MAX_ERROR_COUNT = values.IntegerValue(1000)
BQ_REBUILD_CHUNK_SIZE = values.IntegerValue(10000)
class S3:
# How many max seconds to wait for a S3 connection when
# doing a lookup.
S3_LOOKUP_CONNECT_TIMEOUT = values.IntegerValue(2) # seconds
S3_LOOKUP_READ_TIMEOUT = values.IntegerValue(4) # seconds
# The timeouts for doing S3 uploads.
# When testing S3 PUT in Stage, the longest PUTs take 20 seconds.
S3_PUT_CONNECT_TIMEOUT = values.IntegerValue(10) # seconds
# If upload takes longer than this it's probably best to back off.
# The client will likely get a 504 error and will retry soon again.
S3_PUT_READ_TIMEOUT = values.IntegerValue(30) # seconds
class AWS:
"""AWS configuration"""
# If you all you know is the queue *name* and its AWS region,
# make the URL be:
# aws://https://sqs.$NAME_OF_REGION.amazonaws.com/$NAME_OF_QUEUE
SQS_QUEUE_URL = values.URLValue(
"https://sqs.us-west-2.amazonaws.com/927034868273/buildhub-s3-events")
S3_BUCKET_URL = values.URLValue(
"https://s3-us-east-1.amazonaws.com/"
"net-mozaws-prod-delivery-inventory-us-east-1")
# For more details, see:
# http://boto3.readthedocs.io/en/latest/reference/services/sqs.html#SQS.Queue.receive_messages
# The duration (in seconds) for which the call waits for a message
# to arrive in the queue before returning.
SQS_QUEUE_WAIT_TIME_SECONDS = values.IntegerValue(10)
# The duration (in seconds) that the received messages are hidden
# from subsequent retrieve requests after being retrieved by
# a ReceiveMessage request.
# Note! This only really matters when multiple concurrent consumers run
# daemons that consume the queue.
SQS_QUEUE_VISIBILITY_TIMEOUT = values.IntegerValue(5)
# The maximum number of messages to return.
# Valid values are 1 to 10. Default is 1.
SQS_QUEUE_MAX_NUMBER_OF_MESSAGES = values.IntegerValue(1)
# When we ingest the SQS queue we get a payload that contains an S3 key and
# a S3 bucket name. We then assume that we can use our boto client to connect
# to that bucket to read the key to download its file. That S3 bucket name
# comes at runtime so it depends on the payloads which aren't know yet.
# However, if you *do* know the bucket set this variable in advance so access
# to it can be healthchecked.
# Note that it's optional! Unset by default.
# In real product it should probably be:
# https://s3.amazonaws.com/net-mozaws-prod-delivery-firefox
SQS_S3_BUCKET_URL = values.URLValue()
# If, the S3 bucket that SQS mentioned by name is a public you can connect
# to is with an unsigned client. If you don't do this, the request might
# fail with:
# "An error occurred (403) when calling the HeadObject operation: Forbidden"
# If however, like during local development, you use a non-public bucket this
# need to be set to false.
UNSIGNED_SQS_S3_CLIENT = values.BooleanValue(True)
class Staging(Common):
"""
The in-staging settings.
"""
# Security
BASE_DIR = os.path.dirname(os.path.dirname(__file__))
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000)
SECURE_REDIRECT_EXEMPT = values.ListValue([])
SECURE_SSL_HOST = values.Value(None)
SECURE_SSL_REDIRECT = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(
('HTTP_X_FORWARDED_PROTO', 'https')
)
WEBPACK_LOADER = {
'DEFAULT': {
'BUNDLE_DIR_NAME': 'bundles/',
'STATS_FILE': os.path.join(BASE_DIR, 'webpack-stats.prod.json'),
}
}
class Staging(Base):
"""
Depends on environment variables that SHOULD be defined (in addition to the
base environment variables):
EMAIL_HOST=smtp.example.org
EMAIL_PORT=587
EMAIL_HOST_USER=babar
EMAIL_HOST_PASSWORD=KingOfTheElephants
"""
ALLOWED_HOSTS = [
'staging.pixel.candihub.eu',
]
EMAIL_HOST = values.Value('',
environ_name='EMAIL_HOST',
environ_prefix=None)
EMAIL_PORT = values.IntegerValue(587,
environ_name='EMAIL_PORT',
environ_prefix=None)
EMAIL_HOST_USER = values.Value('',
environ_name='EMAIL_HOST_USER',
environ_prefix=None)
EMAIL_HOST_PASSWORD = values.Value('',
environ_name='EMAIL_HOST_PASSWORD',
environ_prefix=None)
EMAIL_USE_TLS = True
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_SUBJECT_PREFIX = '[Pixel/staging] '
DEFAULT_FROM_EMAIL = "Pixel Admin <*****@*****.**>"
SERVER_EMAIL = DEFAULT_FROM_EMAIL
class Production(Common):
ALLOWED_HOSTS = values.ListValue(environ_prefix="", default=[])
SECURE_BROWSER_XSS_FILTER = True
SESSION_COOKIE_SECURE = True
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
SECURE_SSL_REDIRECT = True
SECURE_HSTS_SECONDS = values.IntegerValue(environ_prefix="", default=3600)
MIDDLEWARE = [
"django.middleware.http.ConditionalGetMiddleware",
"django.middleware.gzip.GZipMiddleware",
] + Common.MIDDLEWARE
SENTRY_CONFIG = {
"dsn": os.getenv("SENTRY_DSN", ""),
"environment": _environment,
"release": _release,
}
@classmethod
def post_setup(cls):
super().post_setup()
sentry_sdk.init(integrations=[DjangoIntegration()],
**cls.SENTRY_CONFIG,
send_default_pii=True)
class Production(Common):
INSTALLED_APPS = Common.INSTALLED_APPS + (
"raven.contrib.django.raven_compat", )
# django-secure settings
PROTOCOL = "https"
SESSION_COOKIE_SECURE = True
SECURE_SSL_REDIRECT = True
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_FRAME_DENY = True
SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_BROWSER_XSS_FILTER = True
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
STATICFILES_STORAGE = "storages.backends.s3boto.S3BotoStorage"
STATIC_URL = "https://d2kmfhumajdz54.cloudfront.net/"
EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
EMAIL_HOST = values.Value()
EMAIL_HOST_USER = values.Value()
EMAIL_HOST_PASSWORD = values.SecretValue()
EMAIL_PORT = values.IntegerValue()
EMAIL_USE_TLS = values.BooleanValue(True)
DEFAULT_FROM_EMAIL = values.Value(environ_prefix=None)
# cached sessions
SESSION_ENGINE = "django.contrib.sessions.backends.cached_db"
CACHES = {
"default": {
"BACKEND": "django.core.cache.backends.locmem.LocMemCache"
}
}
class Staging(Common):
"""
The in-staging settings.
"""
ALLOWED_HOSTS = ['carlos-shortener.herokuapp.com', 'cour.fun']
# Security
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000)
SECURE_REDIRECT_EXEMPT = values.ListValue([])
SECURE_SSL_HOST = values.Value(None)
SECURE_SSL_REDIRECT = values.BooleanValue(False)
#SECURE_PROXY_SSL_HEADER = values.TupleValue(
# ('HTTP_X_FORWARDED_PROTO', 'https')
#)
HOSTNAME = 'cour.fun'
EMAIL_BACKEND = "sendgrid_backend.SendgridBackend"
SENDGRID_API_KEY = values.SecretValue()
SENTRY_DSN = values.SecretValue()
@classmethod
def post_setup(cls):
sentry_sdk.init(dsn=cls.SENTRY_DSN, integrations=[DjangoIntegration()])
def QUERYCOUNT(self):
return {
'IGNORE_REQUEST_PATTERNS': [r'^/admin/'],
'IGNORE_SQL_PATTERNS': [r'^silk_'],
'DISPLAY_DUPLICATES':
values.IntegerValue(environ_name='QUERYCOUNT_DISPLAY_DUPLICATES'),
}
class Staging(Common):
"""
The in-staging settings.
"""
INSTALLED_APPS = Common.INSTALLED_APPS + ('storages', )
# django-secure now integrated inside django 1.8+
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_SSL_REDIRECT = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_FRAME_DENY = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(
('HTTP_X_FORWARDED_PROTO', 'https'))
AWS_ACCESS_KEY_ID = values.Value(environ_prefix=None)
AWS_SECRET_ACCESS_KEY = values.Value(environ_prefix=None)
AWS_STORAGE_BUCKET_NAME = 'grp-portfolio-media'
AWS_QUERYSTRING_AUTH = values.BooleanValue(False)
S3_URL = 'http://%s.s3.amazonaws.com/' % AWS_STORAGE_BUCKET_NAME
MEDIA_ROOT = '/media/'
MEDIA_URL = S3_URL + MEDIA_ROOT
DEFAULT_FILE_STORAGE = 'storages.backends.s3boto.S3BotoStorage'
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
PROTOCOL = 'https'
class ProductionInsecure(Production):
"""
Settings for a production-like environment that lacks many security features.
Useful for testing and setups where security is provided by other means.
Not intended for general use on the public internet.
"""
SECRET_KEY = values.Value("not a secret")
ALLOWED_HOSTS = values.ListValue(["*"])
SECURE_SSL_REDIRECT = values.BooleanValue(False)
CSRF_COOKIE_SECURE = values.BooleanValue(False)
SECURE_HSTS_SECONDS = values.IntegerValue(0)
SESSION_COOKIE_SECURE = values.BooleanValue(False)
# These checks aren't useful for a purposefully insecure environment
SILENCED_SYSTEM_CHECKS = values.ListValue([
"security.W001", # security middleware check
"security.W003", # CSRF middleware check
"security.W004", # check hsts seconds
"security.W008", # Secure SSL redirect
"security.W009", # Secret key length
"security.W012", # Check session cookie secure
"security.W016", # Check CSRF cookie secure
])
class Production(Base):
"""Settings for the production environment."""
USE_X_FORWARDED_HOST = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(('HTTP_X_FORWARDED_PROTO', 'https'))
LOGGING_USE_JSON = values.Value(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000) # 1 year
DEFAULT_FILE_STORAGE = values.Value('storages.backends.s3boto3.S3Boto3Storage')
class Email(object):
"""Email settings for public projects."""
EMAIL_HOST = values.Value('localhost')
EMAIL_PORT = values.IntegerValue(25) # Alternate TLS port is 587
EMAIL_USE_TLS = values.BooleanValue(True)
EMAIL_HOST_USER = values.Value('*****@*****.**')
EMAIL_HOST_PASSWORD = values.SecretValue()
class Development(Base):
"""Settings for local development."""
DOTENV_EXISTS = os.path.exists(os.path.join(Core.BASE_DIR, ".env"))
DOTENV = ".env" if DOTENV_EXISTS else None
SECRET_KEY = values.Value("not a secret")
DEBUG = values.BooleanValue(True)
AUTH_PASSWORD_VALIDATORS = values.ListValue([])
INSTALLED_APPS = Base.INSTALLED_APPS + ["sslserver"]
EMAIL_BACKEND = values.Value(
"django.core.mail.backends.console.EmailBackend")
SECURE_SSL_REDIRECT = values.Value(False)
REQUIRE_RECIPE_AUTH = values.BooleanValue(False)
PEER_APPROVAL_ENFORCED = values.BooleanValue(False)
CSP_REPORT_URI = values.Value("")
DEFAULT_FILE_STORAGE = values.Value(
"django.core.files.storage.FileSystemStorage")
API_CACHE_ENABLED = values.BooleanValue(False)
API_CACHE_TIME = values.IntegerValue(0)
SWAGGER_SETTINGS = Base.SWAGGER_SETTINGS
SWAGGER_SETTINGS["VALIDATOR_URL"] = None
SILENCED_SYSTEM_CHECKS = values.ListValue(["normandy.recipes.E006"
]) # geoip db not available
class ProductionInsecure(Production):
"""
Settings for a production-like environment that lacks many security features.
Useful for testing and setups where security is provided by other means.
Not intended for general use on the public internet.
"""
INSTALLED_APPS = Production.INSTALLED_APPS + ['sslserver']
SECRET_KEY = values.Value('not a secret')
ALLOWED_HOSTS = values.ListValue(['*'])
SECURE_SSL_REDIRECT = values.BooleanValue(False)
CSRF_COOKIE_SECURE = values.BooleanValue(False)
SECURE_HSTS_SECONDS = values.IntegerValue(0)
SESSION_COOKIE_SECURE = values.BooleanValue(False)
# These checks aren't useful for a purposefully insecure environment
SILENCED_SYSTEM_CHECKS = values.ListValue([
'security.W001', # security middleware check
'security.W004', # check hsts seconds
'security.W008', # Secure SSL redirect
'security.W009', # Secret key length
'security.W012', # Check session cookie secure
'security.W016', # Check CSRF cookie secure
'security.W017', # Check CSRF cookie http only
])
class Production(Common):
"""
The production settings.
"""
INSTALLED_APPS = Common.INSTALLED_APPS + (
'djangosecure',
'raven.contrib.django.raven_compat',
)
SPEAKER_SUBMISSION = False
ALLOWED_HOSTS = [
'speakers.herokuapp.com',
'calltospeakers.com',
'www.calltospeakers.com',
]
# django-secure
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_SSL_REDIRECT = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_FRAME_DENY = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(
('HTTP_X_FORWARDED_PROTO', 'https'))
class Production(Base):
"""Settings for the production environment."""
USE_X_FORWARDED_HOST = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(('HTTP_X_FORWARDED_PROTO', 'https'))
LOGGING_USE_JSON = values.Value(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000) # 1 year
DEFAULT_FILE_STORAGE = values.Value('normandy.base.storage.S3Boto3PermissiveStorage')
AWS_S3_FILE_OVERWRITE = False
class Databases(object):
"""Settings for PostgreSQL databases."""
DATABASES = {'default': dj_database_url.config(env='DEFAULT_DATABASE_URL')}
# Number of seconds database connections should persist for
DATABASES['default']['CONN_MAX_AGE'] = values.IntegerValue(
600, environ_prefix='', environ_name='DEFAULT_CONN_MAX_AGE')
def RAVEN_CONFIG(self):
return {
'dsn':
values.URLValue(None, environ_name='RAVEN_CONFIG_DSN'),
'string_max_length':
values.IntegerValue(2000,
environ_name='RAVEN_CONFIG_STRING_MAX_LENGTH')
}
class Production(Base):
"""Settings for the production environment."""
SECURE_PROXY_SSL_HEADER = values.TupleValue(("HTTP_X_FORWARDED_PROTO", "https"))
LOGGING_USE_JSON = values.Value(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000) # 1 year
DEFAULT_FILE_STORAGE = values.Value("normandy.base.storage.NormandyS3Boto3Storage")
AWS_S3_FILE_OVERWRITE = False
METRICS_USE_STATSD = values.Value(True)
class RedisSettings(object):
"""
Base Redis settings using both common REDIS_* settings, or 12factor.
REDIS_URL builds from REDIS_* settings. When supplied, the REDIS_* settings superseed REDIS_URL.
"""
REDIS_HOST = values.Value('localhost',
environ_prefix=None,
environ_required=False)
REDIS_PORT = values.IntegerValue(_DEFAULT_REDIS_PORT,
environ_prefix=None,
environ_required=False)
REDIS_DB = values.IntegerValue(_DEFAULT_REDIS_DB,
environ_prefix=None,
environ_required=False)
@property
def REDIS_URL(self):
return os.getenv('REDIS_URL', mk_redis_db_url(_DEFAULT_REDIS_DB))
class Production(Common):
# See https://docs.djangoproject.com/en/2.0/ref/settings/ for a description
# of each Django setting.
# django-cors-headers SETTINGS
# --------------------------------------------------------------------------
# TODO: Re-enable this.
# CORS_ORIGIN_WHITELIST = values.ListValue([], environ_required=True)
# SECURITY SETTINGS
# --------------------------------------------------------------------------
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'
SESSION_CACHE_ALIAS = 'default'
if Common.SITE_SCHEME == 'https':
# WARNING: Set this to 518400 (6 days) after the web application is
# configured correctly to confidently serve HTTPS.
SECURE_HSTS_SECONDS = values.IntegerValue(60)
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
# MIDDLEWARE SETTINGS
# --------------------------------------------------------------------------
MIDDLEWARE = [
'raven.contrib.django.raven_compat.middleware.SentryResponseErrorIdMiddleware',
'django_auth_wall.middleware.BasicAuthMiddleware',
] + Common.MIDDLEWARE
# EMAIL SETTINGS
# The settings below are suitable for using SendGrid's Web API for sending
# email from Django.
# --------------------------------------------------------------------------
EMAIL_BACKEND = 'anymail.backends.sendgrid.EmailBackend'
ANYMAIL = {
'SENDGRID_API_KEY':
values.Value('',
environ_name='SENDGRID_API_KEY',
environ_required=True),
}
# TEMPLATE SETTINGS
# --------------------------------------------------------------------------
Common.TEMPLATES[0]['OPTIONS']['loaders'] = [
('django.template.loaders.cached.Loader',
Common.TEMPLATES[0]['OPTIONS']['loaders']),
]
# INSTALLED APPS SETTINGS
# --------------------------------------------------------------------------
INSTALLED_APPS = Common.INSTALLED_APPS + [
'gunicorn',
'anymail',
]
class Stage(Base):
"""Configuration for the Stage server."""
# Defaulting to 'localhost' here because that's where the Datadog
# agent is expected to run in production.
STATSD_HOST = values.Value("localhost")
STATSD_PORT = values.Value(8125)
STATSD_NAMESPACE = values.Value("")
@property
def MARKUS_BACKENDS(self):
return [{
"class": "markus.backends.datadog.DatadogMetrics",
"options": {
"statsd_host": self.STATSD_HOST,
"statsd_port": self.STATSD_PORT,
"statsd_namespace": self.STATSD_NAMESPACE,
},
}]
ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
@property
def DATABASES(self):
"require encrypted connections to Postgres"
DATABASES = super().DATABASES.copy()
DATABASES["default"].setdefault("OPTIONS", {})["sslmode"] = "require"
return DATABASES
# Sentry setup
SENTRY_DSN = values.Value(environ_prefix=None)
MIDDLEWARE = [
"raven.contrib.django.raven_compat.middleware"
".SentryResponseErrorIdMiddleware"
] + Base.MIDDLEWARE
INSTALLED_APPS = Base.INSTALLED_APPS + [
"raven.contrib.django.raven_compat"
]
@property
def RAVEN_CONFIG(self):
config = {
"dsn": self.SENTRY_DSN,
# "transport": RequestsHTTPTransport
}
if self.VERSION:
config["release"] = (self.VERSION.get("version")
or self.VERSION.get("commit") or "")
return config
SECURE_HSTS_SECONDS = values.IntegerValue(31536000) # 1 year
class Production(Staging):
"""
The in-production settings.
"""
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000)
SECURE_REDIRECT_EXEMPT = values.ListValue(["localhost", "127.0.0.1"])
SECURE_SSL_HOST = values.Value(None)
SECURE_SSL_REDIRECT = values.BooleanValue(True)
class Production(Common):
# Security
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000)
SECURE_REDIRECT_EXEMPT = values.ListValue([])
SECURE_SSL_HOST = values.Value(None)
SECURE_SSL_REDIRECT = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(
('HTTP_X_FORWARDED_PROTO', 'https'))
ALLOWED_HOSTS = ['*']
class ProductionInsecure(Production):
"""
Settings for a production-like environment that lacks many security features.
Useful for testing and setups where security is provided by other means.
Not intended for general use on the public internet.
"""
SECRET_KEY = values.Value('not a secret')
ALLOWED_HOSTS = values.ListValue(['*'])
SECURE_SSL_REDIRECT = values.BooleanValue(False)
CSRF_COOKIE_SECURE = values.BooleanValue(False)
SECURE_HSTS_SECONDS = values.IntegerValue(0)
SESSION_COOKIE_SECURE = values.BooleanValue(False)
class Email(object):
"""Email settings for SMTP."""
EMAIL_HOST = values.Value('localhost')
EMAIL_HOST_PASSWORD = values.SecretValue()
EMAIL_HOST_USER = values.Value('*****@*****.**')
EMAIL_PORT = values.IntegerValue(465)
EMAIL_USE_SSL = values.BooleanValue(True)
EMAIL_USE_TLS = values.BooleanValue(False)
