Starting with a reminder, the configuration file is a .py file, which means you can code in it, making a more dynamic configuration, and that’s what we did.
Starting top to bottom:
Over here we start the actual configuration, and addressing the elephant in the room… Yes the configuration is in a variable CONFIG, which is a dictionary.
CORS (Cross-Origin Resource Sharing), controls the access to reasources for external request.
Note |
---|
* means all |
Logging options for the entire server, from the message format, date format to handlers
List of search engine connections to handle, all the connections can be access accessed via the connection manager, all across the code
From the properties, the ones to highlight are:
Reference name, you gave to this engine connection, by default is the constant DEFAULT_ENGINE_NAME (= Elastic), but you can choose a different name
Tip |
---|
You can add the name as a constant in the file utils/constants/__init__.py, that way you can reference your engine name anywhere in the code |
Type of search engine, currently Opensearch or Elasticsearch, by default EngineTypes.ELASTIC
Tip | |||||||
---|---|---|---|---|---|---|---|
Use enum class EngineTypes, you can import EngineType with
|
Info |
---|
You can get a more detail explanation in Engine Framework |
In security section we found authentication, encryption, and roles (currently under development)
Secret Key
Info |
---|
You can get a more detail explanation in Security |
Search API also allows to configure a mail service, to sent emails based on templates extension .tlp
Currently supports sending emails via Gmail or a custom SMTP
If enable, it will accept messages via web socket with the activity done in the UI (if one is used)
It will also record activity performed in the server, where it has been recorded
Each message is sent to the default engine connection, to an analytics index to be later process
If you need to modify configuration for different environments, you need to create this new configuration in config/env. This configuration files can be exactly the same as the default configuration in config/config.py or just fragments of the overwrite configuration needed, like in the example below
Code Block | ||||
---|---|---|---|---|
| ||||
from os.path import join from models.security import AuthenticationType from utils.constants import SERVER_PATH CONFIG = { 'security': { 'authentication': { 'enabled': True, 'type': AuthenticationType.LOCAL, 'local': { 'file': join(SERVER_PATH, 'config', 'auth', 'users.csv') }, } } } |
This configuration will just overwrite the security authentication section, enabling the local type authentication and adding the configuration for it, everything else not specified will remain as it is in the default configuration.
Info | ||
---|---|---|
| ||
By default there is not environment set, so only config.py applies |
To specify which environment file you want to use, there are 2 options from which to choose, in both cases the environment name must match the name of the environment file
Note |
---|
Environment name = Environment File Name |
By adding the argument --env and the name of the environment
Code Block | ||
---|---|---|
| ||
python uvicorn_server.py --env=value |
Or if executing in docker
Code Block | ||
---|---|---|
| ||
CMD ["uvicorn", "app.webapp:app", "--host", "0.0.0.0", "--port", "8085", "--env", "value"] |
By adding the environment variable SA_ENV and the name of the environment
To set an environment variable in Windows using CMD, you can use the set command:
Code Block | ||||
---|---|---|---|---|
| ||||
:: Set a temporary environment variable for the current session set SA_ENV=value :: Set a permanent environment variable for the current user (requires admin privileges) setx SA_ENV value :: Set a permanent environment variable for all users (requires admin privileges) setx SA_ENV value /M |
To set an environment variable in PowerShell, you can use either Set-Item or New-ItemProperty cmdlets:
Code Block | ||||
---|---|---|---|---|
| ||||
# Set a temporary environment variable for the current session $env:SA_ENV = "value" # Set a permanent environment variable for the current user (requires admin privileges) New-ItemProperty -Path "HKCU:\Environment" -Name "SA_ENV" -Value "value" -Force # Set a permanent environment variable for all users (requires admin privileges) New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Session Manager\Environment" -Name "SA_ENV" -Value "value" -PropertyType "String" -Force |
To set an environment variable in macOS or Linux using the terminal (bash), you can use the export
command:
Code Block | ||||
---|---|---|---|---|
| ||||
# Set a temporary environment variable for the current session export SA_ENV=value # Set a permanent environment variable for the current user echo 'export SA_ENV=value' >> ~/.bashrc # After updating the configuration file, apply the changes without restarting source ~/.bashrc |
The Search API provides access to the Server configuration through the use of SERVER_CONFIG from the config module. By importing SERVER_CONFIG, developers can access all the server configuration properties as if they were regular objects. This allows for seamless interaction with and customization of the server configuration within your application.
To access the Server configuration using the Search API, follow these steps:
Import the SERVER_CONFIG object from the config module in your Python code.
Utilize SERVER_CONFIG to access the desired server configuration properties.
Code Block | ||||
---|---|---|---|---|
| ||||
from config import SERVER_CONFIG # Accessing the server configuration properties host = SERVER_CONFIG.host port = SERVER_CONFIG.port auth_type = SERVER_CONFIG.security.authentication.type # Use the server configuration properties in your application print(f"Server Host: {host}") print(f"Server Port: {port}") print(f"Max Results: {auth_type}") |
In the above example, the SERVER_CONFIG object is imported from the config module. The server configuration properties such as host, port, and auth_type are accessed directly from SERVER_CONFIG as regular object attributes. These properties can then be used within your application for further processing or customization.
Note |
---|
Ensure that the config module is properly imported and available in your application environment to access the SERVER_CONFIG object. |
Info |
---|
The current default configuration can be found here in case the sample below is outdated config.py |
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
# ============================================================================== # Copyright ©2023 Accenture and/or its affiliates. All Rights Reserved. # # Permission to any use, copy, modify, and distribute this software and its # documentation for any purpose is subject to a licensing agreement duly # entered into with the copyright owner or its affiliate. # # All information contained herein is, and remains the property of Accenture # and/or its affiliates and its suppliers, if any. The intellectual and # technical concepts contained herein are proprietary to Accenture and/or # its affiliates and its suppliers and may be covered by one or more patents # or pending patent applications in one or more jurisdictions worldwide, and # are protected by trade secret or copyright law. Dissemination of this # information or reproduction of this material is strictly forbidden unless # prior written permission is obtained from Accenture and/or its affiliates. # ============================================================================== # # import os from os.path import basename, join, abspath from models.engines import Authentications, EngineTypes from models.security import AuthenticationType from utils.constants import DEFAULT_ENGINE_NAME from utils.str import DEFAULT_ENCODING os.environ['PORT'] = os.getenv('PORT', default='8085') os.environ['HOST'] = os.getenv('HOST', default='0.0.0.0') os.environ['DOMAIN_NAME'] = os.getenv('DOMAIN_NAME', default='localhost') os.environ['ENGINE_URL'] = os.getenv('ENGINE_URL', default='http://localhost:9200') # ******************************************************************************* # AWS Elasticsearch Credentials # ******************************************************************************* # Domain. If service is set then the AWS will be used # os.environ['AWS_SERVICE'] = os.getenv('AWS_SERVICE', default='es') # os.environ['AWS_REGION'] = os.getenv('AWS_REGION', default='us-east-1') # ------------------------------------------------------ # Uncomment only if using Access Key and Session Token # ------------------------------------------------------ # os.environ['AWS_ACCESS_KEY_ID'] = os.getenv('AWS_ACCESS_KEY_ID', default='default-key') # os.environ['AWS_SECRET_ACCESS_KEY'] = os.getenv('AWS_SECRET_ACCESS_KEY', default='default-secret') # os.environ['AWS_SESSION_TOKEN'] = os.getenv('AWS_SESSION_TOKEN', default='default-token') SERVER_PATH = abspath(join(__file__[:-len(basename(__file__))], '', '..')) CONFIG = { 'host': os.getenv('HOST'), 'port': os.getenv('PORT'), 'workers': 1, 'cors': { 'allow_origins': [ 'http://localhost:8085', 'http://localhost:3000', 'https://login.microsoftonline.com' f'{os.getenv("HOST")}:3000', f'{os.getenv("HOST")}:{os.getenv("PORT")}' ], 'allow_credentials': True, 'allow_methods': ['*'], 'allow_headers': ['*'], 'expose_headers': ['*'], 'max_age': 600 }, 'web_app_config': { 'title': '', 'description': '', 'default_lang': 'en', 'available_langs': ['en'], 'default_webview': 'config', 'web_views': ['config'], }, 'logging': { 'msgFormat': '%(asctime)s\t%(levelname)s\t%(name)s\t%(message)s', 'dateFormat': '%Y-%m-%dT%H:%M:%S%z', 'level': 'INFO', 'handlers': { 'file': { 'enable': True, 'encoding': DEFAULT_ENCODING, 'backupCount': 5, 'maxBytes': 5242880, # 5Mb }, 'console': { 'enable': True }, 'nonSQL': { 'enable': True } }, 'loggers': { 'werkzeug': 'info', 'django.utils.autoreload': 'warning', 'ldap3': 'info', 'fastapi': 'notset', 'passlib.utils.compat': 'info', 'urllib3.connectionpool': 'info', 'passlib.registry': 'info', 'app.rest': 'info', 'uvicorn.error': 'error' } }, # ******************************************************************************* # Engines Configuration for ES features # ******************************************************************************* 'engines': [ { 'name': DEFAULT_ENGINE_NAME, # Name of the connection 'type': EngineTypes.ELASTIC, # EngineType is an enum with the available engine types 'default': True, 'headers': { 'Accept-Encoding': 'gzip' }, 'engine_url': os.getenv('ENGINE_URL').split(), 'pool_connections': 10, 'pool_maxsize': 100, 'pool_block': True, 'verify': True, 'max_redirects': 30, 'max_retries': 10, 'retry_wait_time': 10, 'timeout': 60, 'allow_redirects': True, 'trust_env': True, 'use_throttling': True, 'throttling_rate': 5000, 'throttling_connection_rate': 50, 'auth': { 'type': Authentications.NONE, # With Authentications.BASIC # #### For Basic Auth #### # 'username': '', # 'password': '' # With Authentications.AWS # #### For AWS Auth #### # 'aws_region': '', # 'aws_service': '', # 'aws_access_key': '', # 'aws_secret_key': '' # With Authentications.AWS # #### For AWS Auth With Credentials Provider (AWS)#### # 'credentials_provider': True, # 'aws_region': '', # 'aws_service': '' }, 'log_requests': False } ], # ******************************************************************************* # Security Configuration # ******************************************************************************* 'security': { # ******************************************************************************* # Authentication # ******************************************************************************* 'authentication': { 'enabled': False, 'type': AuthenticationType.LOCAL, 'secret': '52ecfd60e01b800355a8ce59780f9243b4662c3a236394ee', 'anonymous': { 'id': 'Anonymous', 'account': '[email protected]', 'name': 'Anonymous', 'displayName': 'Anonymous' }, # ******************************************************************* # Local Authentication based on a CSV implements FORM and BASIC Auth # # NOTE: Only recommended for testing # ******************************************************************* 'local': { 'file': join(SERVER_PATH, 'config', 'auth', 'users.csv') }, # ************************************** # DELEGATED Authentication # ************************************** 'delegated': { 'jwks_url': 'https://f783425db-fdd6-dadaf-8e10-11543f234fads4e7.io/JWKS', 'audience': 'AudienceIDMPrototype', 'attributesMapping': { # key is the property name stored in the SEIA user profile, # the value is the user attribute in LDAP 'id': 'email', # _id is required 'account': 'email', # account is for roles and group expansion } }, # ************************************** # LDAP Authentication # ************************************** 'ldap': { 'authentication': 'SIMPLE', 'url': 'ldap://localhost:10389', 'bindDN': 'uid=admin,ou=system', # Bind DN or User 'bindCredentials': 'secret', # password 'searchBase': 'ou=users,ou=system', 'searchFilter': '(uid=%s)', 'searchAttributes': ['uid', 'cn', 'sn', 'displayName'], 'attributesMapping': { # key is the property name stored in the SEIA user profile, # the value is the user attribute in LDAP 'id': 'uid', # _id is required 'account': 'uid', # account is for roles and group expansion 'email': 'uid', 'firstName': 'cn', 'lastName': 'sn', 'name': 'cn', 'displayName': 'alias', # if the alias is not given, one is created from the first and last name or roles 'groups': 'ou', 'photo': 'photo' } }, # ************************************** # OIDC Authentication # ************************************** 'oidc': { 'client_id': 'd55227c4-8b8d-4801-9dd3-22ad25ebc31e', # Audience can be omitted in which case the aud value defaults to client_id 'openid_configuration_uri': 'https://login.microsoftonline.com/cc4e4bb7-5cce-4b65-80e1-f282b630ca4b/v2.0/.well-known/openid-configuration', 'attributesMapping': { 'id': 'oid', 'account': 'email' }, 'cookie': { 'path': '/', 'samesite': 'lax', 'httponly': False, 'secure': False } }, # ************************************** # SAML2 Authentication # ************************************** 'saml': { 'debug': True, 'entity_id': 'f6d3696a-1780-4614-9792-7744b67ab462', 'single_sign_on_service_url': 'https://login.microsoftonline.com/cc4e4bb7-5cce-4b65-80e1-f282b630ca4b/saml2', 'single_logout_service_url': 'https://login.microsoftonline.com/cc4e4bb7-5cce-4b65-80e1-f282b630ca4b/saml2', 'x509cert': 'MIIDBTCCAe2gAwIBAgIQH4FlYNA+UJlF0G3vy9ZrhTANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTIyMDUyMjIwMDI0OVoXDTI3MDUyMjIwMDI0OVowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBDDCbY/cjEHfEEulZ5ud/CuRjdT6/yN9fy1JffjgmLvvfw6w7zxo1YkCvZDogowX8qqAC/qQXnJ/fl12kvguMWU59WUcPvhhC2m7qNLvlOq90yo+NsRQxD/v0eUaThrIaAveZayolObXroZ+HwTN130dhgdHVTHKczd4ePtDjLwSv/2a/bZEAlPys102zQo8gO8m7W6/NzRfZNyo6U8jsmNkvqrxW2PgKKjIS/UafK9hwY/767K+kV+hnokscY2xMwxQNlSHEim0h72zQRHltioy15M+kBti4ys+V7GC6epL//pPZT0Acv1ewouGZIQDfuo9UtSnKufGi26dMAzSkCAwEAAaMhMB8wHQYDVR0OBBYEFLFr+sjUQ+IdzGh3eaDkzue2qkTZMA0GCSqGSIb3DQEBCwUAA4IBAQCiVN2A6ErzBinGYafC7vFv5u1QD6nbvY32A8KycJwKWy1sa83CbLFbFi92SGkKyPZqMzVyQcF5aaRZpkPGqjhzM+iEfsR2RIf+/noZBlR/esINfBhk4oBruj7SY+kPjYzV03NeY0cfO4JEf6kXpCqRCgp9VDRM44GD8mUV/ooN+XZVFIWs5Gai8FGZX9H8ZSgkIKbxMbVOhisMqNhhp5U3fT7VPsl94rilJ8gKXP/KBbpldrfmOAdVDgUC+MHw3sSXSt+VnorB4DU4mUQLcMriQmbXdQc8d1HUZYZEkcKaSgbygHLtByOJF44XUsBotsTfZ4i/zVjnYcjgUQmwmAWD', 'attributesMapping': { 'id': 'http://schemas.microsoft.com/identity/claims/objectidentifier', 'account': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name', 'displayName': 'http://schemas.microsoft.com/identity/claims/displayname' }, 'cookie': { 'path': '/', 'samesite': 'lax', 'httponly': False, 'secure': False } } }, # ******************************************************************************* # Encryption # ******************************************************************************* 'encryption': { 'secret_key': join(SERVER_PATH, 'config', 'auth', 'secret_key') }, # ******************************************************************************* # Roles # ****************************************************************************** 'roles': { 'file': join(SERVER_PATH, 'config', 'auth', 'roles.csv') } }, # ******************************************************************************* # Mailer # ******************************************************************************* 'mailer': { 'enable': False, # Enables an endpoint for direct access through http request 'mailer_config': { # ********************** # Using Gmail # ********************** 'service': 'gmail', 'auth': { 'user': '[email protected]', 'pass': 'test' } # ********************** # Using a Custom SMTP # ********************** # 'host': os.getenv('SMTP_RELAY', default='localhost'), # 'port': os.getenv('SMTP_PORT', default=22), # 'secure': False, # 'logger': True, # 'debug': True, # 'tls': { # 'ca':[ Path(os.getenv('CERTIFICATES_PATH')).read_text() ], # 'rejectUnauthorized': False, # }, }, 'from': '[email protected]', # From to display in the email 'test': True, # send the emails to the to_test_email, instead to the actual destiny 'to_test_email': '[email protected]', # Test destination for all email send 'default_subject': 'Email Suibject', # default subject, if none is specified in code 'data': { # This body will be injected as _data, un the actual, body used to map the email # templates (e.g {{{_data.url}}}) 'url': 'http://example.com/' }, # ********************** # Templates # ********************** 'plain_template_path': join(SERVER_PATH, 'config', 'templates', 'email_text.tlp'), 'html_template_path': join(SERVER_PATH, 'config', 'templates', 'email_html.tlp') }, # ***************************************************************************************** # Analytics Logs all activity in the UI, and activity triggered by the user in the Server # ***************************************************************************************** 'analytics': { 'enable': True }, # ******************************************************************************* # Chat # ******************************************************************************* 'chat_forum': { 'enabled': False, 'history_size': 100, # Amount of messages to store in memory and display } } |