apiVersion: v1 kind: ConfigMap metadata: name: django-configmap namespace: django data: production.py: | import os from .base import * from logging.handlers import SysLogHandler from datetime import timedelta ALLOWED_HOSTS = ["*"] FILE_UPLOAD_PERMISSIONS = 0o644 DEBUG = False CSRF_COOKIE_SECURE = True CSRF_TRUSTED_ORIGINS = ["https://lk.srx.wb.ru:30443", "https://lk.srx.wb.ru"] SESSION_COOKIE_SECURE = True SECURE_SSL_REDIRECT = False SECRET_KEY = 't2=9+($2f%7ptsdy4!rby$)mcfl1l%o2e@vs^d(g&(wwi&%k1v' CORS_ORIGIN_ALLOW_ALL = True SERVERSETTINGS.cache_enabled = True INSTALLED_APPS = list(INSTALLED_APPS) + ['corsheaders'] CORS_ALLOW_METHODS = ( 'DELETE', 'GET', 'OPTIONS', 'PATCH', 'POST', 'PUT', ) BASIC_USER_ID = 2 CORS_ALLOW_HEADERS = ( 'accept', 'accept-encoding', 'authorization', 'content-type', 'user-agent', 'x-csrftoken', 'x-requested-with', 'x-token', 'Bearer', ) HOST = "https://wb.sarex.io" POSTGRES_DATABASE = os.environ.get('DJANGO_POSTGRES_DATABASE') POSTGRES_USER = os.environ.get('DJANGO_POSTGRES_USER') POSTGRES_PASSWORD = os.environ.get('DJANGO_POSTGRES_PASSWORD') POSTGRES_HOST = os.environ.get('DJANGO_POSTGRES_HOST') POSTGRES_PORTS = os.environ.get('DJANGO_POSTGRES_PORTS', "5432") DATABASES = { 'default': { 'ENGINE': 'django_prometheus.db.backends.postgresql', 'NAME': POSTGRES_DATABASE, 'USER': POSTGRES_USER, 'PASSWORD': POSTGRES_PASSWORD, 'HOST': POSTGRES_HOST, 'PORT': POSTGRES_PORTS, } } LOGGING = { 'version': 1, 'disable_existing_loggers': False, 'filters': { 'require_debug_false': { '()': 'django.utils.log.RequireDebugFalse', } }, 'formatters': { 'verbose': { 'format': '[contactor] %(levelname)s %(asctime)s %(message)s', }, }, 'handlers': { 'console': { 'level': 'DEBUG', 'class': 'logging.StreamHandler', }, 'sentry': { 'level': 'ERROR', 'filters': ['require_debug_false'], 'class': 'logging.StreamHandler', }, }, 'loggers': { '': { 'handlers': ['console', 'sentry'], 'level': 'INFO', 'propagate': False, }, } } COMPARATOR_JWT = os.environ.get("COMPARATOR_JWT", "default_jwt") COMPARATOR_URL = os.environ.get("COMPARATOR_URL", "https://wb.sarex.io/comparator") COMPARATOR_SECTION = os.environ.get("COMPARATOR_SECTION", "sarex-production-storage") SIMPLE_JWT = { 'ACCESS_TOKEN_LIFETIME': timedelta(hours=1), 'REFRESH_TOKEN_LIFETIME': timedelta(days=1), 'ROTATE_REFRESH_TOKENS': False, 'BLACKLIST_AFTER_ROTATION': True, 'UPDATE_LAST_LOGIN': False, 'ALGORITHM': 'RS512', 'SIGNING_KEY': os.environ.get("JWT_PRIVATE_KEY").replace("\\n", "\n"), 'VERIFYING_KEY': os.environ.get("JWT_PUBLIC_KEY").replace("\\n", "\n"), 'AUDIENCE': None, 'ISSUER': os.environ.get('SIMPLE_JWT_ISSUER', 'default_issuer'), 'AUTH_HEADER_TYPES': ('Bearer',), 'AUTH_HEADER_NAME': 'HTTP_AUTHORIZATION', 'USER_ID_FIELD': 'id', 'USER_ID_CLAIM': 'user_id', 'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',), 'TOKEN_TYPE_CLAIM': 'token_type', 'JTI_CLAIM': 'jti', 'SLIDING_TOKEN_REFRESH_EXP_CLAIM': 'refresh_exp', 'SLIDING_TOKEN_LIFETIME': timedelta(minutes=5), 'SLIDING_TOKEN_REFRESH_LIFETIME': timedelta(days=1), } os.environ["DJANGO_ALLOW_ASYNC_UNSAFE"] = "true" DEFAULT_FILE_STORAGE = 'sarex.core.storages.CustomS3Boto3Storage' DATA_UPLOAD_MAX_MEMORY_SIZE = 268435456 if not os.environ.get('ISOLATED', False): import sentry_sdk from sentry_sdk.integrations.django import DjangoIntegration sentry_sdk.init( dsn="https://3df2f4b8d3d14595a06c92e9d7c562cb@sentry.io/1501541", integrations=[DjangoIntegration()], environment=os.environ.get('SENTRY_ENVIRONMENT', 'production'), send_default_pii=True, ) COMPARISON_API_URL = f"{os.environ.get('WORKFLOWSSETTINGS_HOST')}/comparisons" DOCUMENTATION_API_URL = f"{os.environ.get('WORKFLOWSSETTINGS_HOST')}/documentations" PDM_FILES_API_URL = f"{os.environ.get('WORKFLOWSSETTINGS_HOST')}/files" WORKFLOWS_TASKS = { "update_orthomosaic_data": { "image": f"{os.environ.get('WORKFLOWSSETTINGS_REGISTRY')}/update-orthomosaic-data:dev", "service_requests": ["django-auth"], "backoff_limit": 3, }, } REST_FRAMEWORK = { 'DEFAULT_PAGINATION_CLASS': ( 'rest_framework.pagination.LimitOffsetPagination' ), 'DEFAULT_SCHEMA_CLASS': 'rest_framework.schemas.coreapi.AutoSchema', 'PAGE_SIZE': 1000, 'DEFAULT_FILTER_BACKENDS': [ 'django_filters.rest_framework.DjangoFilterBackend' ], 'DEFAULT_AUTHENTICATION_CLASSES': [ # 'sarex.authentication.backends.ZitadelJWTAuthentication', 'rest_framework.authentication.RemoteUserAuthentication', 'rest_framework_simplejwt.authentication.JWTAuthentication', 'rest_framework.authentication.BasicAuthentication', 'rest_framework.authentication.SessionAuthentication', 'sarex.authentication.backends.JWTAuthentication' ], 'DEFAULT_PERMISSION_CLASSES': [ 'rest_framework.permissions.IsAuthenticated', ] } AUTHENTICATION_BACKENDS = [ 'sarex.authentication.backends.CustomRemoteUserBackend', 'django.contrib.auth.backends.ModelBackend', 'guardian.backends.ObjectPermissionBackend', ] MIDDLEWARE = [ 'django_prometheus.middleware.PrometheusBeforeMiddleware', 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', #'django_keycloak.middlewares.AuthorizationHeaderMiddleware', #'django_keycloak.middlewares.KeycloakSessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', #'django.contrib.auth.middleware.RemoteUserMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django_user_agents.middleware.UserAgentMiddleware', 'simple_history.middleware.HistoryRequestMiddleware', 'django_prometheus.middleware.PrometheusAfterMiddleware', ] class KeyCloakSettings(BaseSettings): client_id: str = "client_id" client_secret: str = "client_secret" discovery_url: str = "https://login.wb.sarex.io/realms/sarex/.well-known/openid-configuration" staff: Optional[str] = "Sarex staff" superuser: Optional[str] = "Sarex superusers" sync_with_django: bool = True sync_admin: bool = False group_prefix: str = 'Sarex-Role' company_prefix: str = 'Sarex-Company' department_prefix: str = 'Sarex-Department' position_prefix: str = 'Sarex-Position' separator: str = '__' sync_user_groups: bool = False sync_user_positions: bool = False sync_user_departments: bool = False sync_user_companies: bool = False use_redirect_logout: bool = False logout_redirect_uri: str = "/" default_group_name: Optional[str] = 'Тест' default_company_name: Optional[str] = 'Брусника' trusted_uri: List[str] = ['/api/core/orthophotos/', '/api/token', '/api/token/me'] trusted_uri: List[str] = [] class Config: env_prefix = "KC_" KEYCLOAKSETTINGS = KeyCloakSettings() REMOTE_USER_DEFAULT_COMPANY_ID = 1 SAREX_MODULES = [ { "name": "Замечания", "uri": "/remarks" }, # { # "name": "Управление проектами", # "uri": "/management/projects", # }, { "name": "Замечания V2", "uri": "/issues" }, { "name": "Документация", "uri": "/documentations", }, { "name": "Согласование документов", "uri": "/reviews" }, { "name": "Рабочие процессы", "uri": "/processes" }, { "name": "Запросы", "uri": "/rfi" }, # { # "name": "Обзор", # "uri": "/projects" # }, { "name": "Передача документации", "uri": "/transmittal" }, ] AUTH_SETTINGS = { "refresh_token": False, "refresh_token_uri": "/api/token/me", "refresh_oauth_token": True, "refresh_oauth_token_uri": "/oauth/token", "refresh_time": 240, } DEBUG=True #WEB_APP_AUTH_MODE='jwt-session-based' SAREX_MODULES_SETTINGS = { "aero": { "enable_new_media": True }, "sso_logout_redirect": True }