Update docker stuff and bug fixes

configs/development.py

@@ -1,124 +1,94 @@
 import os
-basedir = os.path.abspath(os.path.dirname(__file__))
+basedir = os.path.abspath(os.path.abspath(os.path.dirname(__file__)))
 
-# BASIC APP CONFIG
-SECRET_KEY = 'changeme'
-LOG_LEVEL = 'DEBUG'
-LOG_FILE = os.path.join(basedir, 'logs/log.txt')
+### BASIC APP CONFIG
 SALT = '$2b$12$yLUMTIfl21FKJQpTkRQXCu'
-# TIMEOUT - for large zones
-TIMEOUT = 10
+SECRET_KEY = 'e951e5a1f4b94151b360f47edf596dd2'
+BIND_ADDRESS = '0.0.0.0'
+PORT = 9191
 
-# UPLOAD DIR
-UPLOAD_DIR = os.path.join(basedir, 'upload')
-
-# DATABASE CONFIG FOR MYSQL
-DB_HOST = os.environ.get('PDA_DB_HOST')
-DB_PORT = os.environ.get('PDA_DB_PORT', 3306 )
-DB_NAME = os.environ.get('PDA_DB_NAME')
-DB_USER = os.environ.get('PDA_DB_USER')
-DB_PASSWORD = os.environ.get('PDA_DB_PASSWORD')
-#MySQL
-SQLALCHEMY_DATABASE_URI = 'mysql://'+DB_USER+':'+DB_PASSWORD+'@'+DB_HOST+':'+ str(DB_PORT) + '/'+DB_NAME
-SQLALCHEMY_MIGRATE_REPO = os.path.join(basedir, 'db_repository')
+### DATABASE CONFIG
+SQLA_DB_USER = 'pda'
+SQLA_DB_PASSWORD = 'changeme'
+SQLA_DB_HOST = '127.0.0.1'
+SQLA_DB_NAME = 'pda'
 SQLALCHEMY_TRACK_MODIFICATIONS = True
 
-# SAML Authentication
+### DATBASE - MySQL
+# SQLALCHEMY_DATABASE_URI = 'mysql://' + SQLA_DB_USER + ':' + SQLA_DB_PASSWORD + '@' + SQLA_DB_HOST + '/' + SQLA_DB_NAME
+
+### DATABSE - SQLite
+SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'pdns.db')
+
+# SAML Authnetication
 SAML_ENABLED = False
-SAML_DEBUG = True
-SAML_PATH = os.path.join(os.path.dirname(__file__), 'saml')
-##Example for ADFS Metadata-URL
-SAML_METADATA_URL = 'https://<hostname>/FederationMetadata/2007-06/FederationMetadata.xml'
-#Cache Lifetime in Seconds
-SAML_METADATA_CACHE_LIFETIME = 1
+# SAML_DEBUG = True
+# SAML_PATH = os.path.join(os.path.dirname(__file__), 'saml')
+# ##Example for ADFS Metadata-URL
+# SAML_METADATA_URL = 'https://<hostname>/FederationMetadata/2007-06/FederationMetadata.xml'
+# #Cache Lifetime in Seconds
+# SAML_METADATA_CACHE_LIFETIME = 1
 
-# SAML SSO binding format to use
-## Default: library default (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect)
-#SAML_IDP_SSO_BINDING = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
+# # SAML SSO binding format to use
+# ## Default: library default (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect)
+# #SAML_IDP_SSO_BINDING = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
 
-## EntityID of the IdP to use. Only needed if more than one IdP is
-##   in the SAML_METADATA_URL
-### Default: First (only) IdP in the SAML_METADATA_URL
-### Example: https://idp.example.edu/idp
-#SAML_IDP_ENTITY_ID = 'https://idp.example.edu/idp'
-## NameID format to request
-### Default: The SAML NameID Format in the metadata if present,
-###   otherwise urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
-### Example: urn:oid:0.9.2342.19200300.100.1.1
-#SAML_NAMEID_FORMAT = 'urn:oid:0.9.2342.19200300.100.1.1'
+# ## EntityID of the IdP to use. Only needed if more than one IdP is
+# ##   in the SAML_METADATA_URL
+# ### Default: First (only) IdP in the SAML_METADATA_URL
+# ### Example: https://idp.example.edu/idp
+# #SAML_IDP_ENTITY_ID = 'https://idp.example.edu/idp'
+# ## NameID format to request
+# ### Default: The SAML NameID Format in the metadata if present,
+# ###   otherwise urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+# ### Example: urn:oid:0.9.2342.19200300.100.1.1
+# #SAML_NAMEID_FORMAT = 'urn:oid:0.9.2342.19200300.100.1.1'
 
-## Attribute to use for Email address
-### Default: email
-### Example: urn:oid:0.9.2342.19200300.100.1.3
-#SAML_ATTRIBUTE_EMAIL = 'urn:oid:0.9.2342.19200300.100.1.3'
+# ## Attribute to use for Email address
+# ### Default: email
+# ### Example: urn:oid:0.9.2342.19200300.100.1.3
+# #SAML_ATTRIBUTE_EMAIL = 'urn:oid:0.9.2342.19200300.100.1.3'
 
-## Attribute to use for Given name
-### Default: givenname
-### Example: urn:oid:2.5.4.42
-#SAML_ATTRIBUTE_GIVENNAME = 'urn:oid:2.5.4.42'
+# ## Attribute to use for Given name
+# ### Default: givenname
+# ### Example: urn:oid:2.5.4.42
+# #SAML_ATTRIBUTE_GIVENNAME = 'urn:oid:2.5.4.42'
 
-## Attribute to use for Surname
-### Default: surname
-### Example: urn:oid:2.5.4.4
-#SAML_ATTRIBUTE_SURNAME = 'urn:oid:2.5.4.4'
+# ## Attribute to use for Surname
+# ### Default: surname
+# ### Example: urn:oid:2.5.4.4
+# #SAML_ATTRIBUTE_SURNAME = 'urn:oid:2.5.4.4'
 
-## Split into Given name and Surname
-## Useful if your IDP only gives a display name
-### Default: none
-### Example: http://schemas.microsoft.com/identity/claims/displayname
-#SAML_ATTRIBUTE_NAME = 'http://schemas.microsoft.com/identity/claims/displayname'
+# ## Attribute to use for username
+# ### Default: Use NameID instead
+# ### Example: urn:oid:0.9.2342.19200300.100.1.1
+# #SAML_ATTRIBUTE_USERNAME = 'urn:oid:0.9.2342.19200300.100.1.1'
 
-## Attribute to use for username
-### Default: Use NameID instead
-### Example: urn:oid:0.9.2342.19200300.100.1.1
-#SAML_ATTRIBUTE_USERNAME = 'urn:oid:0.9.2342.19200300.100.1.1'
+# ## Attribute to get admin status from
+# ### Default: Don't control admin with SAML attribute
+# ### Example: https://example.edu/pdns-admin
+# ### If set, look for the value 'true' to set a user as an administrator
+# ### If not included in assertion, or set to something other than 'true',
+# ###  the user is set as a non-administrator user.
+# #SAML_ATTRIBUTE_ADMIN = 'https://example.edu/pdns-admin'
 
-## Attribute to get admin status from
-### Default: Don't control admin with SAML attribute
-### Example: https://example.edu/pdns-admin
-### If set, look for the value 'true' to set a user as an administrator
-### If not included in assertion, or set to something other than 'true',
-###  the user is set as a non-administrator user.
-#SAML_ATTRIBUTE_ADMIN = 'https://example.edu/pdns-admin'
+# ## Attribute to get account names from
+# ### Default: Don't control accounts with SAML attribute
+# ### If set, the user will be added and removed from accounts to match
+# ###  what's in the login assertion. Accounts that don't exist will
+# ###  be created and the user added to them.
+# SAML_ATTRIBUTE_ACCOUNT = 'https://example.edu/pdns-account'
 
-## Attribute to get group from
-### Default: Don't use groups from SAML attribute
-### Example: https://example.edu/pdns-admin-group
-#SAML_ATTRIBUTE_GROUP = 'https://example.edu/pdns-admin'
-
-## Group namem to get admin status from
-### Default: Don't control admin with SAML group
-### Example: https://example.edu/pdns-admin
-#SAML_GROUP_ADMIN_NAME = 'powerdns-admin'
-
-## Attribute to get group to account mappings from
-### Default: None
-### If set, the user will be added and removed from accounts to match
-###  what's in the login assertion if they are in the required group
-#SAML_GROUP_TO_ACCOUNT_MAPPING = 'dev-admins=dev,prod-admins=prod'
-
-## Attribute to get account names from
-### Default: Don't control accounts with SAML attribute
-### If set, the user will be added and removed from accounts to match
-###  what's in the login assertion. Accounts that don't exist will
-###  be created and the user added to them.
-SAML_ATTRIBUTE_ACCOUNT = 'https://example.edu/pdns-account'
-
-SAML_SP_ENTITY_ID = 'http://<SAML SP Entity ID>'
-SAML_SP_CONTACT_NAME = '<contact name>'
-SAML_SP_CONTACT_MAIL = '<contact mail>'
-#Configures if SAML tokens should be encrypted.
-#If enabled a new app certificate will be generated on restart
-SAML_SIGN_REQUEST = False
-
-# Configures if you want to request the IDP to sign the message
-# Default is True
-#SAML_WANT_MESSAGE_SIGNED = True
-
-#Use SAML standard logout mechanism retrieved from idp metadata
-#If configured false don't care about SAML session on logout.
-#Logout from PowerDNS-Admin only and keep SAML session authenticated.
-SAML_LOGOUT = False
-#Configure to redirect to a different url then PowerDNS-Admin login after SAML logout
-#for example redirect to google.com after successful saml logout
-#SAML_LOGOUT_URL = 'https://google.com'
+# SAML_SP_ENTITY_ID = 'http://<SAML SP Entity ID>'
+# SAML_SP_CONTACT_NAME = '<contact name>'
+# SAML_SP_CONTACT_MAIL = '<contact mail>'
+# #Cofigures if SAML tokens should be encrypted.
+# #If enabled a new app certificate will be generated on restart
+# SAML_SIGN_REQUEST = False
+# #Use SAML standard logout mechanism retreived from idp metadata
+# #If configured false don't care about SAML session on logout.
+# #Logout from PowerDNS-Admin only and keep SAML session authenticated.
+# SAML_LOGOUT = False
+# #Configure to redirect to a different url then PowerDNS-Admin login after SAML logout
+# #for example redirect to google.com after successful saml logout
+# #SAML_LOGOUT_URL = 'https://google.com'

configs/docker_config.py

@@ -0,0 +1,65 @@
+# Defaults for Docker image
+BIND_ADDRESS='0.0.0.0'
+PORT=80
+
+legal_envvars = (
+    'SECRET_KEY',
+    'BIND_ADDRESS',
+    'PORT',
+    'LOG_LEVEL',
+    'SALT',
+    'SQLALCHEMY_TRACK_MODIFICATIONS',
+    'SQLALCHEMY_DATABASE_URI',
+    'SAML_ENABLED',
+    'SAML_DEBUG',
+    'SAML_PATH',
+    'SAML_METADATA_URL',
+    'SAML_METADATA_CACHE_LIFETIME',
+    'SAML_IDP_SSO_BINDING',
+    'SAML_IDP_ENTITY_ID',
+    'SAML_NAMEID_FORMAT',
+    'SAML_ATTRIBUTE_EMAIL',
+    'SAML_ATTRIBUTE_GIVENNAME',
+    'SAML_ATTRIBUTE_SURNAME',
+    'SAML_ATTRIBUTE_NAME',
+    'SAML_ATTRIBUTE_USERNAME',
+    'SAML_ATTRIBUTE_ADMIN',
+    'SAML_ATTRIBUTE_GROUP',
+    'SAML_GROUP_ADMIN_NAME',
+    'SAML_GROUP_TO_ACCOUNT_MAPPING',
+    'SAML_ATTRIBUTE_ACCOUNT',
+    'SAML_SP_ENTITY_ID',
+    'SAML_SP_CONTACT_NAME',
+    'SAML_SP_CONTACT_MAIL',
+    'SAML_SIGN_REQUEST',
+    'SAML_WANT_MESSAGE_SIGNED',
+    'SAML_LOGOUT',
+    'SAML_LOGOUT_URL',
+)
+
+legal_envvars_int = (
+    'PORT',
+    'SAML_METADATA_CACHE_LIFETIME',
+)
+
+legal_envvars_bool = (
+    'SQLALCHEMY_TRACK_MODIFICATIONS',
+    'HSTS_ENABLED',
+    'SAML_ENABLED',
+    'SAML_DEBUG',
+    'SAML_SIGN_REQUEST',
+    'SAML_WANT_MESSAGE_SIGNED',
+    'SAML_LOGOUT',
+)
+
+# import everything from environment variables
+import os
+import sys
+for v in legal_envvars:
+    if v in os.environ:
+        ret = os.environ[v]
+        if v in legal_envvars_bool:
+            ret = bool(ret)
+        if v in legal_envvars_int:
+            ret = int(ret)
+        sys.modules[__name__].__dict__[v] = ret

configs/test.py

@@ -1,131 +0,0 @@
-import os
-basedir = os.path.abspath(os.path.dirname(__file__))
-
-# BASIC APP CONFIG
-SECRET_KEY = 'changeme'
-LOG_LEVEL = 'DEBUG'
-LOG_FILE = os.path.join(basedir, 'logs/log.txt')
-SALT = '$2b$12$yLUMTIfl21FKJQpTkRQXCu'
-# TIMEOUT - for large zones
-TIMEOUT = 10
-
-# UPLOAD DIR
-UPLOAD_DIR = os.path.join(basedir, 'upload')
-TEST_USER_PASSWORD = 'test'
-TEST_USER = 'test'
-TEST_ADMIN_USER = 'admin'
-TEST_ADMIN_PASSWORD = 'admin'
-TEST_USER_APIKEY = 'wewdsfewrfsfsdf'
-TEST_ADMIN_APIKEY = 'nghnbnhtghrtert'
-# DATABASE CONFIG FOR MYSQL
-# DB_HOST = os.environ.get('PDA_DB_HOST')
-# DB_PORT = os.environ.get('PDA_DB_PORT', 3306 )
-# DB_NAME = os.environ.get('PDA_DB_NAME')
-# DB_USER = os.environ.get('PDA_DB_USER')
-# DB_PASSWORD = os.environ.get('PDA_DB_PASSWORD')
-# #MySQL
-# SQLALCHEMY_DATABASE_URI = 'mysql://'+DB_USER+':'+DB_PASSWORD+'@'+DB_HOST+':'+ str(DB_PORT) + '/'+DB_NAME
-# SQLALCHEMY_MIGRATE_REPO = os.path.join(basedir, 'db_repository')
-TEST_DB_LOCATION = '/tmp/testing.sqlite'
-SQLALCHEMY_DATABASE_URI = 'sqlite:///{0}'.format(TEST_DB_LOCATION)
-SQLALCHEMY_TRACK_MODIFICATIONS = False
-
-# SAML Authentication
-SAML_ENABLED = False
-SAML_DEBUG = True
-SAML_PATH = os.path.join(os.path.dirname(__file__), 'saml')
-##Example for ADFS Metadata-URL
-SAML_METADATA_URL = 'https://<hostname>/FederationMetadata/2007-06/FederationMetadata.xml'
-#Cache Lifetime in Seconds
-SAML_METADATA_CACHE_LIFETIME = 1
-
-# SAML SSO binding format to use
-## Default: library default (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect)
-#SAML_IDP_SSO_BINDING = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
-
-## EntityID of the IdP to use. Only needed if more than one IdP is
-##   in the SAML_METADATA_URL
-### Default: First (only) IdP in the SAML_METADATA_URL
-### Example: https://idp.example.edu/idp
-#SAML_IDP_ENTITY_ID = 'https://idp.example.edu/idp'
-## NameID format to request
-### Default: The SAML NameID Format in the metadata if present,
-###   otherwise urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
-### Example: urn:oid:0.9.2342.19200300.100.1.1
-#SAML_NAMEID_FORMAT = 'urn:oid:0.9.2342.19200300.100.1.1'
-
-## Attribute to use for Email address
-### Default: email
-### Example: urn:oid:0.9.2342.19200300.100.1.3
-#SAML_ATTRIBUTE_EMAIL = 'urn:oid:0.9.2342.19200300.100.1.3'
-
-## Attribute to use for Given name
-### Default: givenname
-### Example: urn:oid:2.5.4.42
-#SAML_ATTRIBUTE_GIVENNAME = 'urn:oid:2.5.4.42'
-
-## Attribute to use for Surname
-### Default: surname
-### Example: urn:oid:2.5.4.4
-#SAML_ATTRIBUTE_SURNAME = 'urn:oid:2.5.4.4'
-
-## Split into Given name and Surname
-## Useful if your IDP only gives a display name
-### Default: none
-### Example: http://schemas.microsoft.com/identity/claims/displayname
-#SAML_ATTRIBUTE_NAME = 'http://schemas.microsoft.com/identity/claims/displayname'
-
-## Attribute to use for username
-### Default: Use NameID instead
-### Example: urn:oid:0.9.2342.19200300.100.1.1
-#SAML_ATTRIBUTE_USERNAME = 'urn:oid:0.9.2342.19200300.100.1.1'
-
-## Attribute to get admin status from
-### Default: Don't control admin with SAML attribute
-### Example: https://example.edu/pdns-admin
-### If set, look for the value 'true' to set a user as an administrator
-### If not included in assertion, or set to something other than 'true',
-###  the user is set as a non-administrator user.
-#SAML_ATTRIBUTE_ADMIN = 'https://example.edu/pdns-admin'
-
-## Attribute to get group from
-### Default: Don't use groups from SAML attribute
-### Example: https://example.edu/pdns-admin-group
-#SAML_ATTRIBUTE_GROUP = 'https://example.edu/pdns-admin'
-
-## Group namem to get admin status from
-### Default: Don't control admin with SAML group
-### Example: https://example.edu/pdns-admin
-#SAML_GROUP_ADMIN_NAME = 'powerdns-admin'
-
-## Attribute to get group to account mappings from
-### Default: None
-### If set, the user will be added and removed from accounts to match
-###  what's in the login assertion if they are in the required group
-#SAML_GROUP_TO_ACCOUNT_MAPPING = 'dev-admins=dev,prod-admins=prod'
-
-## Attribute to get account names from
-### Default: Don't control accounts with SAML attribute
-### If set, the user will be added and removed from accounts to match
-###  what's in the login assertion. Accounts that don't exist will
-###  be created and the user added to them.
-SAML_ATTRIBUTE_ACCOUNT = 'https://example.edu/pdns-account'
-
-SAML_SP_ENTITY_ID = 'http://<SAML SP Entity ID>'
-SAML_SP_CONTACT_NAME = '<contact name>'
-SAML_SP_CONTACT_MAIL = '<contact mail>'
-#Configures if SAML tokens should be encrypted.
-#If enabled a new app certificate will be generated on restart
-SAML_SIGN_REQUEST = False
-
-# Configures if you want to request the IDP to sign the message
-# Default is True
-#SAML_WANT_MESSAGE_SIGNED = True
-
-#Use SAML standard logout mechanism retrieved from idp metadata
-#If configured false don't care about SAML session on logout.
-#Logout from PowerDNS-Admin only and keep SAML session authenticated.
-SAML_LOGOUT = False
-#Configure to redirect to a different url then PowerDNS-Admin login after SAML logout
-#for example redirect to google.com after successful saml logout
-#SAML_LOGOUT_URL = 'https://google.com'