2b9873483a
Allows superusers to disable login to the UI via credentials if at least one OIDC provider is configured
87 lines
3.8 KiB
Python
87 lines
3.8 KiB
Python
from random import SystemRandom
|
|
from uuid import uuid4
|
|
|
|
def generate_secret_key():
|
|
cryptogen = SystemRandom()
|
|
return str(cryptogen.getrandbits(256))
|
|
|
|
|
|
def add_enterprise_config_defaults(config_obj, current_secret_key, hostname):
|
|
""" Adds/Sets the config defaults for enterprise registry config. """
|
|
# These have to be false.
|
|
config_obj['TESTING'] = False
|
|
config_obj['USE_CDN'] = False
|
|
|
|
# Default features that are on.
|
|
config_obj['FEATURE_USER_LOG_ACCESS'] = config_obj.get('FEATURE_USER_LOG_ACCESS', True)
|
|
config_obj['FEATURE_USER_CREATION'] = config_obj.get('FEATURE_USER_CREATION', True)
|
|
config_obj['FEATURE_ANONYMOUS_ACCESS'] = config_obj.get('FEATURE_ANONYMOUS_ACCESS', True)
|
|
config_obj['FEATURE_REQUIRE_TEAM_INVITE'] = config_obj.get('FEATURE_REQUIRE_TEAM_INVITE', True)
|
|
config_obj['FEATURE_CHANGE_TAG_EXPIRATION'] = config_obj.get('FEATURE_CHANGE_TAG_EXPIRATION',
|
|
True)
|
|
config_obj['FEATURE_DIRECT_LOGIN'] = config_obj.get('FEATURE_DIRECT_LOGIN', True)
|
|
|
|
# Default features that are off.
|
|
config_obj['FEATURE_MAILING'] = config_obj.get('FEATURE_MAILING', False)
|
|
config_obj['FEATURE_BUILD_SUPPORT'] = config_obj.get('FEATURE_BUILD_SUPPORT', False)
|
|
config_obj['FEATURE_ACI_CONVERSION'] = config_obj.get('FEATURE_ACI_CONVERSION', False)
|
|
|
|
# Default the signer config.
|
|
config_obj['GPG2_PRIVATE_KEY_FILENAME'] = config_obj.get('GPG2_PRIVATE_KEY_FILENAME',
|
|
'signing-private.gpg')
|
|
config_obj['GPG2_PUBLIC_KEY_FILENAME'] = config_obj.get('GPG2_PUBLIC_KEY_FILENAME',
|
|
'signing-public.gpg')
|
|
config_obj['SIGNING_ENGINE'] = config_obj.get('SIGNING_ENGINE', 'gpg2')
|
|
|
|
# Default security scanner config.
|
|
config_obj['FEATURE_SECURITY_NOTIFICATIONS'] = config_obj.get(
|
|
'FEATURE_SECURITY_NOTIFICATIONS', True)
|
|
|
|
config_obj['FEATURE_SECURITY_SCANNER'] = config_obj.get(
|
|
'FEATURE_SECURITY_SCANNER', False)
|
|
|
|
config_obj['SECURITY_SCANNER_ISSUER_NAME'] = config_obj.get(
|
|
'SECURITY_SCANNER_ISSUER_NAME', 'security_scanner')
|
|
|
|
# Default time machine config.
|
|
config_obj['TAG_EXPIRATION_OPTIONS'] = config_obj.get('TAG_EXPIRATION_OPTIONS',
|
|
['0s', '1d', '1w', '2w', '4w'])
|
|
config_obj['DEFAULT_TAG_EXPIRATION'] = config_obj.get('DEFAULT_TAG_EXPIRATION', '2w')
|
|
|
|
# Default mail setings.
|
|
config_obj['MAIL_USE_TLS'] = config_obj.get('MAIL_USE_TLS', True)
|
|
config_obj['MAIL_PORT'] = config_obj.get('MAIL_PORT', 587)
|
|
config_obj['MAIL_DEFAULT_SENDER'] = config_obj.get('MAIL_DEFAULT_SENDER', 'support@quay.io')
|
|
|
|
# Default auth type.
|
|
if not 'AUTHENTICATION_TYPE' in config_obj:
|
|
config_obj['AUTHENTICATION_TYPE'] = 'Database'
|
|
|
|
# Default secret key.
|
|
if not 'SECRET_KEY' in config_obj:
|
|
config_obj['SECRET_KEY'] = current_secret_key
|
|
|
|
# Default torrent pepper.
|
|
if not 'BITTORRENT_FILENAME_PEPPER' in config_obj:
|
|
config_obj['BITTORRENT_FILENAME_PEPPER'] = str(uuid4())
|
|
|
|
# Default storage configuration.
|
|
if not 'DISTRIBUTED_STORAGE_CONFIG' in config_obj:
|
|
config_obj['DISTRIBUTED_STORAGE_PREFERENCE'] = ['default']
|
|
config_obj['DISTRIBUTED_STORAGE_CONFIG'] = {
|
|
'default': ['LocalStorage', {'storage_path': '/datastorage/registry'}]
|
|
}
|
|
|
|
config_obj['USERFILES_LOCATION'] = 'default'
|
|
config_obj['USERFILES_PATH'] = 'userfiles/'
|
|
|
|
config_obj['LOG_ARCHIVE_LOCATION'] = 'default'
|
|
|
|
if not 'SERVER_HOSTNAME' in config_obj:
|
|
config_obj['SERVER_HOSTNAME'] = hostname
|
|
|
|
# Misc configuration.
|
|
config_obj['PREFERRED_URL_SCHEME'] = config_obj.get('PREFERRED_URL_SCHEME', 'http')
|
|
config_obj['ENTERPRISE_LOGO_URL'] = config_obj.get(
|
|
'ENTERPRISE_LOGO_URL', '/static/img/quay-logo.png')
|
|
config_obj['TEAM_RESYNC_STALE_TIME'] = '60m'
|