From 12504c9bc3b84b7faedd97f1e8831cd6681e365f Mon Sep 17 00:00:00 2001 From: mabashian Date: Thu, 3 Jun 2021 14:47:35 -0400 Subject: [PATCH] Changes settings revert all to send DELETE on individual endpoint rather than PATCHing --- awx/ui_next/src/api/models/Settings.js | 4 + .../ActivityStreamDetail.test.jsx | 88 - .../ActivityStreamDetail/index.js | 1 - .../ActivityStreamEdit/ActivityStreamEdit.jsx | 130 - .../ActivityStreamEdit/index.js | 1 - .../screens/Setting/ActivityStream/index.js | 1 - .../AzureAD/AzureADEdit/AzureADEdit.jsx | 18 +- .../AzureAD/AzureADEdit/AzureADEdit.test.jsx | 12 +- .../Setting/GitHub/GitHubEdit/GitHubEdit.jsx | 18 +- .../GitHub/GitHubEdit/GitHubEdit.test.jsx | 12 +- .../GitHubEnterpriseEdit.jsx | 18 +- .../GitHubEnterpriseEdit.test.jsx | 16 +- .../GitHubEnterpriseOrgEdit.jsx | 18 +- .../GitHubEnterpriseOrgEdit.test.jsx | 17 +- .../GitHubEnterpriseTeamEdit.jsx | 18 +- .../GitHubEnterpriseTeamEdit.test.jsx | 17 +- .../GitHub/GitHubOrgEdit/GitHubOrgEdit.jsx | 18 +- .../GitHubOrgEdit/GitHubOrgEdit.test.jsx | 13 +- .../GitHub/GitHubTeamEdit/GitHubTeamEdit.jsx | 18 +- .../GitHubTeamEdit/GitHubTeamEdit.test.jsx | 13 +- .../GoogleOAuth2Edit/GoogleOAuth2Edit.jsx | 18 +- .../GoogleOAuth2Edit.test.jsx | 14 +- .../Setting/Jobs/JobsEdit/JobsEdit.jsx | 17 +- .../Setting/Jobs/JobsEdit/JobsEdit.test.jsx | 8 +- .../Logging/LoggingEdit/LoggingEdit.jsx | 18 +- .../Logging/LoggingEdit/LoggingEdit.test.jsx | 30 +- .../MiscAuthentication.jsx} | 17 +- .../MiscAuthentication.test.jsx} | 48 +- .../MiscAuthenticationDetail.jsx} | 35 +- .../MiscAuthenticationDetail.test.jsx | 128 + .../MiscAuthenticationDetail/index.js | 1 + .../MiscAuthenticationEdit.jsx | 270 + .../MiscAuthenticationEdit.test.jsx} | 126 +- .../MiscAuthenticationEdit/index.js | 1 + .../Setting/MiscAuthentication/index.js | 1 + .../screens/Setting/MiscSystem/MiscSystem.jsx | 1 - .../MiscSystemDetail/MiscSystemDetail.jsx | 71 +- .../MiscSystemDetail.test.jsx | 69 +- .../MiscSystemEdit/MiscSystemEdit.jsx | 188 +- .../MiscSystemEdit/MiscSystemEdit.test.jsx | 25 +- .../Setting/RADIUS/RADIUSEdit/RADIUSEdit.jsx | 18 +- .../RADIUS/RADIUSEdit/RADIUSEdit.test.jsx | 11 +- .../Setting/SAML/SAMLEdit/SAMLEdit.jsx | 18 +- .../Setting/SAML/SAMLEdit/SAMLEdit.test.jsx | 25 +- .../src/screens/Setting/SettingList.jsx | 4 +- awx/ui_next/src/screens/Setting/Settings.jsx | 12 +- .../Setting/TACACS/TACACSEdit/TACACSEdit.jsx | 18 +- .../TACACS/TACACSEdit/TACACSEdit.test.jsx | 13 +- .../src/screens/Setting/UI/UIEdit/UIEdit.jsx | 21 +- .../screens/Setting/UI/UIEdit/UIEdit.test.jsx | 11 +- .../shared/data.allSettingOptions.json | 13251 ++++++++-------- 51 files changed, 7174 insertions(+), 7765 deletions(-) delete mode 100644 awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamDetail/ActivityStreamDetail.test.jsx delete mode 100644 awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamDetail/index.js delete mode 100644 awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamEdit/ActivityStreamEdit.jsx delete mode 100644 awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamEdit/index.js delete mode 100644 awx/ui_next/src/screens/Setting/ActivityStream/index.js rename awx/ui_next/src/screens/Setting/{ActivityStream/ActivityStream.jsx => MiscAuthentication/MiscAuthentication.jsx} (70%) rename awx/ui_next/src/screens/Setting/{ActivityStream/ActivityStream.test.jsx => MiscAuthentication/MiscAuthentication.test.jsx} (51%) rename awx/ui_next/src/screens/Setting/{ActivityStream/ActivityStreamDetail/ActivityStreamDetail.jsx => MiscAuthentication/MiscAuthenticationDetail/MiscAuthenticationDetail.jsx} (74%) create mode 100644 awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationDetail/MiscAuthenticationDetail.test.jsx create mode 100644 awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationDetail/index.js create mode 100644 awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationEdit/MiscAuthenticationEdit.jsx rename awx/ui_next/src/screens/Setting/{ActivityStream/ActivityStreamEdit/ActivityStreamEdit.test.jsx => MiscAuthentication/MiscAuthenticationEdit/MiscAuthenticationEdit.test.jsx} (62%) create mode 100644 awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationEdit/index.js create mode 100644 awx/ui_next/src/screens/Setting/MiscAuthentication/index.js diff --git a/awx/ui_next/src/api/models/Settings.js b/awx/ui_next/src/api/models/Settings.js index 55babf213d..b5d0679e9c 100644 --- a/awx/ui_next/src/api/models/Settings.js +++ b/awx/ui_next/src/api/models/Settings.js @@ -29,6 +29,10 @@ class Settings extends Base { createTest(category, data) { return this.http.post(`${this.baseUrl}${category}/test/`, data); } + + revertCategory(category) { + return this.http.delete(`${this.baseUrl}${category}/`); + } } export default Settings; diff --git a/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamDetail/ActivityStreamDetail.test.jsx b/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamDetail/ActivityStreamDetail.test.jsx deleted file mode 100644 index 2bcc60701b..0000000000 --- a/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamDetail/ActivityStreamDetail.test.jsx +++ /dev/null @@ -1,88 +0,0 @@ -import React from 'react'; -import { act } from 'react-dom/test-utils'; -import { - mountWithContexts, - waitForElement, -} from '../../../../../testUtils/enzymeHelpers'; -import { SettingsProvider } from '../../../../contexts/Settings'; -import { SettingsAPI } from '../../../../api'; -import { assertDetail } from '../../shared/settingTestUtils'; -import mockAllOptions from '../../shared/data.allSettingOptions.json'; -import ActivityStreamDetail from './ActivityStreamDetail'; - -jest.mock('../../../../api'); - -describe('', () => { - let wrapper; - - beforeAll(async () => { - SettingsAPI.readCategory.mockResolvedValue({ - data: { - ACTIVITY_STREAM_ENABLED: true, - ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC: false, - }, - }); - await act(async () => { - wrapper = mountWithContexts( - - - - ); - }); - await waitForElement(wrapper, 'ContentLoading', el => el.length === 0); - }); - - afterAll(() => { - wrapper.unmount(); - jest.clearAllMocks(); - }); - - test('initially renders without crashing', () => { - expect(wrapper.find('ActivityStreamDetail').length).toBe(1); - }); - - test('should render expected tabs', () => { - const expectedTabs = ['Back to Settings', 'Details']; - wrapper.find('RoutedTabs li').forEach((tab, index) => { - expect(tab.text()).toEqual(expectedTabs[index]); - }); - }); - - test('should render expected details', () => { - assertDetail(wrapper, 'Enable Activity Stream', 'On'); - assertDetail(wrapper, 'Enable Activity Stream for Inventory Sync', 'Off'); - }); - - test('should hide edit button from non-superusers', async () => { - const config = { - me: { - is_superuser: false, - }, - }; - await act(async () => { - wrapper = mountWithContexts( - - - , - { - context: { config }, - } - ); - }); - await waitForElement(wrapper, 'ContentLoading', el => el.length === 0); - expect(wrapper.find('Button[aria-label="Edit"]').exists()).toBeFalsy(); - }); - - test('should display content error when api throws error on initial render', async () => { - SettingsAPI.readCategory.mockRejectedValue(new Error()); - await act(async () => { - wrapper = mountWithContexts( - - - - ); - }); - await waitForElement(wrapper, 'ContentLoading', el => el.length === 0); - expect(wrapper.find('ContentError').length).toBe(1); - }); -}); diff --git a/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamDetail/index.js b/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamDetail/index.js deleted file mode 100644 index 442e39b0e7..0000000000 --- a/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamDetail/index.js +++ /dev/null @@ -1 +0,0 @@ -export { default } from './ActivityStreamDetail'; diff --git a/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamEdit/ActivityStreamEdit.jsx b/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamEdit/ActivityStreamEdit.jsx deleted file mode 100644 index 489979c748..0000000000 --- a/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamEdit/ActivityStreamEdit.jsx +++ /dev/null @@ -1,130 +0,0 @@ -import React, { useCallback, useEffect } from 'react'; -import { useHistory } from 'react-router-dom'; -import { Formik } from 'formik'; -import { Form } from '@patternfly/react-core'; -import { CardBody } from '../../../../components/Card'; -import ContentError from '../../../../components/ContentError'; -import ContentLoading from '../../../../components/ContentLoading'; -import { FormSubmitError } from '../../../../components/FormField'; -import { FormColumnLayout } from '../../../../components/FormLayout'; -import { useSettings } from '../../../../contexts/Settings'; -import { - BooleanField, - RevertAllAlert, - RevertFormActionGroup, -} from '../../shared'; -import useModal from '../../../../util/useModal'; -import useRequest from '../../../../util/useRequest'; -import { SettingsAPI } from '../../../../api'; - -function ActivityStreamEdit() { - const history = useHistory(); - const { isModalOpen, toggleModal, closeModal } = useModal(); - const { PUT: options } = useSettings(); - - const { - isLoading, - error, - request, - result: { - ACTIVITY_STREAM_ENABLED, - ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC, - }, - } = useRequest( - useCallback(async () => { - const { data } = await SettingsAPI.readCategory('system'); - return { - ACTIVITY_STREAM_ENABLED: { - ...options.ACTIVITY_STREAM_ENABLED, - value: data.ACTIVITY_STREAM_ENABLED, - }, - ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC: { - ...options.ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC, - value: data.ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC, - }, - }; - }, [options]), - {} - ); - - useEffect(() => { - request(); - }, [request]); - - const { error: submitError, request: submitForm } = useRequest( - useCallback( - async values => { - await SettingsAPI.updateAll(values); - history.push('/settings/activity_stream/details'); - }, - [history] - ), - null - ); - - const handleSubmit = async form => { - await submitForm(form); - }; - - const handleCancel = () => { - history.push('/settings/activity_stream/details'); - }; - - const handleRevertAll = async () => { - const defaultValues = { - ACTIVITY_STREAM_ENABLED: ACTIVITY_STREAM_ENABLED.default, - ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC: - ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC.default, - }; - await submitForm(defaultValues); - closeModal(); - }; - - return ( - - {isLoading && } - {!isLoading && error && } - {!isLoading && ACTIVITY_STREAM_ENABLED && ( - - {formik => { - return ( -
- - - - {submitError && } - - - {isModalOpen && ( - - )} - - ); - }} -
- )} - - ); -} - -export default ActivityStreamEdit; diff --git a/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamEdit/index.js b/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamEdit/index.js deleted file mode 100644 index 0818b2b1a3..0000000000 --- a/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamEdit/index.js +++ /dev/null @@ -1 +0,0 @@ -export { default } from './ActivityStreamEdit'; diff --git a/awx/ui_next/src/screens/Setting/ActivityStream/index.js b/awx/ui_next/src/screens/Setting/ActivityStream/index.js deleted file mode 100644 index 5c0c72d9ef..0000000000 --- a/awx/ui_next/src/screens/Setting/ActivityStream/index.js +++ /dev/null @@ -1 +0,0 @@ -export { default } from './ActivityStream'; diff --git a/awx/ui_next/src/screens/Setting/AzureAD/AzureADEdit/AzureADEdit.jsx b/awx/ui_next/src/screens/Setting/AzureAD/AzureADEdit/AzureADEdit.jsx index b6958388ff..e6a579c92b 100644 --- a/awx/ui_next/src/screens/Setting/AzureAD/AzureADEdit/AzureADEdit.jsx +++ b/awx/ui_next/src/screens/Setting/AzureAD/AzureADEdit/AzureADEdit.jsx @@ -55,6 +55,13 @@ function AzureADEdit() { null ); + const { error: revertError, request: revertAll } = useRequest( + useCallback(async () => { + await SettingsAPI.revertCategory('azuread-oauth2'); + }, []), + null + ); + const handleSubmit = async form => { await submitForm({ ...form, @@ -68,13 +75,11 @@ function AzureADEdit() { }; const handleRevertAll = async () => { - const defaultValues = Object.assign( - ...Object.entries(azure).map(([key, value]) => ({ - [key]: value.default, - })) - ); - await submitForm(defaultValues); + await revertAll(); + closeModal(); + + history.push('/settings/azure/details'); }; const handleCancel = () => { @@ -120,6 +125,7 @@ function AzureADEdit() { config={azure.SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP} /> {submitError && } + {revertError && } ', () => { let history; beforeEach(() => { + SettingsAPI.revertCategory.mockResolvedValue({}); SettingsAPI.updateAll.mockResolvedValue({}); SettingsAPI.readCategory.mockResolvedValue({ data: { @@ -60,7 +61,7 @@ describe('', () => { }); test('should successfully send default values to api on form revert all', async () => { - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(0); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(0); expect(wrapper.find('RevertAllAlert')).toHaveLength(0); await act(async () => { wrapper @@ -75,13 +76,8 @@ describe('', () => { .invoke('onClick')(); }); wrapper.update(); - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1); - expect(SettingsAPI.updateAll).toHaveBeenCalledWith({ - SOCIAL_AUTH_AZUREAD_OAUTH2_KEY: '', - SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET: '', - SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP: null, - SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP: null, - }); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(1); + expect(SettingsAPI.revertCategory).toHaveBeenCalledWith('azuread-oauth2'); }); test('should successfully send request to api on form submission', async () => { diff --git a/awx/ui_next/src/screens/Setting/GitHub/GitHubEdit/GitHubEdit.jsx b/awx/ui_next/src/screens/Setting/GitHub/GitHubEdit/GitHubEdit.jsx index f1b562043d..2e6c958936 100644 --- a/awx/ui_next/src/screens/Setting/GitHub/GitHubEdit/GitHubEdit.jsx +++ b/awx/ui_next/src/screens/Setting/GitHub/GitHubEdit/GitHubEdit.jsx @@ -55,6 +55,13 @@ function GitHubEdit() { null ); + const { error: revertError, request: revertAll } = useRequest( + useCallback(async () => { + await SettingsAPI.revertCategory('github'); + }, []), + null + ); + const handleSubmit = async form => { await submitForm({ ...form, @@ -66,13 +73,11 @@ function GitHubEdit() { }; const handleRevertAll = async () => { - const defaultValues = Object.assign( - ...Object.entries(github).map(([key, value]) => ({ - [key]: value.default, - })) - ); - await submitForm(defaultValues); + await revertAll(); + closeModal(); + + history.push('/settings/github/details'); }; const handleCancel = () => { @@ -118,6 +123,7 @@ function GitHubEdit() { config={github.SOCIAL_AUTH_GITHUB_TEAM_MAP} /> {submitError && } + {revertError && } ', () => { let history; beforeEach(() => { + SettingsAPI.revertCategory.mockResolvedValue({}); SettingsAPI.updateAll.mockResolvedValue({}); SettingsAPI.readCategory.mockResolvedValue({ data: { @@ -72,7 +73,7 @@ describe('', () => { }); test('should successfully send default values to api on form revert all', async () => { - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(0); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(0); expect(wrapper.find('RevertAllAlert')).toHaveLength(0); await act(async () => { wrapper @@ -87,13 +88,8 @@ describe('', () => { .invoke('onClick')(); }); wrapper.update(); - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1); - expect(SettingsAPI.updateAll).toHaveBeenCalledWith({ - SOCIAL_AUTH_GITHUB_KEY: '', - SOCIAL_AUTH_GITHUB_SECRET: '', - SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP: null, - SOCIAL_AUTH_GITHUB_TEAM_MAP: null, - }); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(1); + expect(SettingsAPI.revertCategory).toHaveBeenCalledWith('github'); }); test('should successfully send request to api on form submission', async () => { diff --git a/awx/ui_next/src/screens/Setting/GitHub/GitHubEnterpriseEdit/GitHubEnterpriseEdit.jsx b/awx/ui_next/src/screens/Setting/GitHub/GitHubEnterpriseEdit/GitHubEnterpriseEdit.jsx index 3d6ee60c3e..76c4060037 100644 --- a/awx/ui_next/src/screens/Setting/GitHub/GitHubEnterpriseEdit/GitHubEnterpriseEdit.jsx +++ b/awx/ui_next/src/screens/Setting/GitHub/GitHubEnterpriseEdit/GitHubEnterpriseEdit.jsx @@ -55,6 +55,13 @@ function GitHubEnterpriseEdit() { null ); + const { error: revertError, request: revertAll } = useRequest( + useCallback(async () => { + await SettingsAPI.revertCategory('github-enterprise'); + }, []), + null + ); + const handleSubmit = async form => { await submitForm({ ...form, @@ -68,13 +75,11 @@ function GitHubEnterpriseEdit() { }; const handleRevertAll = async () => { - const defaultValues = Object.assign( - ...Object.entries(github).map(([key, value]) => ({ - [key]: value.default, - })) - ); - await submitForm(defaultValues); + await revertAll(); + closeModal(); + + history.push('/settings/github/enterprise/details'); }; const handleCancel = () => { @@ -128,6 +133,7 @@ function GitHubEnterpriseEdit() { config={github.SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP} /> {submitError && } + {revertError && } ', () => { let history; beforeEach(() => { + SettingsAPI.revertCategory.mockResolvedValue({}); SettingsAPI.updateAll.mockResolvedValue({}); SettingsAPI.readCategory.mockResolvedValue({ data: { @@ -82,7 +83,7 @@ describe('', () => { }); test('should successfully send default values to api on form revert all', async () => { - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(0); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(0); expect(wrapper.find('RevertAllAlert')).toHaveLength(0); await act(async () => { wrapper @@ -97,15 +98,10 @@ describe('', () => { .invoke('onClick')(); }); wrapper.update(); - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1); - expect(SettingsAPI.updateAll).toHaveBeenCalledWith({ - SOCIAL_AUTH_GITHUB_ENTERPRISE_URL: '', - SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL: '', - SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY: '', - SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET: '', - SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP: null, - SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP: null, - }); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(1); + expect(SettingsAPI.revertCategory).toHaveBeenCalledWith( + 'github-enterprise' + ); }); test('should successfully send request to api on form submission', async () => { diff --git a/awx/ui_next/src/screens/Setting/GitHub/GitHubEnterpriseOrgEdit/GitHubEnterpriseOrgEdit.jsx b/awx/ui_next/src/screens/Setting/GitHub/GitHubEnterpriseOrgEdit/GitHubEnterpriseOrgEdit.jsx index 272b1866ff..274468e6fe 100644 --- a/awx/ui_next/src/screens/Setting/GitHub/GitHubEnterpriseOrgEdit/GitHubEnterpriseOrgEdit.jsx +++ b/awx/ui_next/src/screens/Setting/GitHub/GitHubEnterpriseOrgEdit/GitHubEnterpriseOrgEdit.jsx @@ -55,6 +55,13 @@ function GitHubEnterpriseOrgEdit() { null ); + const { error: revertError, request: revertAll } = useRequest( + useCallback(async () => { + await SettingsAPI.revertCategory('github-enterprise-org'); + }, []), + null + ); + const handleSubmit = async form => { await submitForm({ ...form, @@ -68,13 +75,11 @@ function GitHubEnterpriseOrgEdit() { }; const handleRevertAll = async () => { - const defaultValues = Object.assign( - ...Object.entries(github).map(([key, value]) => ({ - [key]: value.default, - })) - ); - await submitForm(defaultValues); + await revertAll(); + closeModal(); + + history.push('/settings/github/enterprise_organization/details'); }; const handleCancel = () => { @@ -134,6 +139,7 @@ function GitHubEnterpriseOrgEdit() { config={github.SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP} /> {submitError && } + {revertError && } ', () => { let history; beforeEach(() => { + SettingsAPI.revertCategory.mockResolvedValue({}); SettingsAPI.updateAll.mockResolvedValue({}); SettingsAPI.readCategory.mockResolvedValue({ data: { @@ -94,7 +95,7 @@ describe('', () => { }); test('should successfully send default values to api on form revert all', async () => { - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(0); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(0); expect(wrapper.find('RevertAllAlert')).toHaveLength(0); await act(async () => { wrapper @@ -109,16 +110,10 @@ describe('', () => { .invoke('onClick')(); }); wrapper.update(); - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1); - expect(SettingsAPI.updateAll).toHaveBeenCalledWith({ - SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL: '', - SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL: '', - SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY: '', - SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET: '', - SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME: '', - SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP: null, - SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP: null, - }); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(1); + expect(SettingsAPI.revertCategory).toHaveBeenCalledWith( + 'github-enterprise-org' + ); }); test('should successfully send request to api on form submission', async () => { diff --git a/awx/ui_next/src/screens/Setting/GitHub/GitHubEnterpriseTeamEdit/GitHubEnterpriseTeamEdit.jsx b/awx/ui_next/src/screens/Setting/GitHub/GitHubEnterpriseTeamEdit/GitHubEnterpriseTeamEdit.jsx index d9b725dc13..f245c2e61d 100644 --- a/awx/ui_next/src/screens/Setting/GitHub/GitHubEnterpriseTeamEdit/GitHubEnterpriseTeamEdit.jsx +++ b/awx/ui_next/src/screens/Setting/GitHub/GitHubEnterpriseTeamEdit/GitHubEnterpriseTeamEdit.jsx @@ -55,6 +55,13 @@ function GitHubEnterpriseTeamEdit() { null ); + const { error: revertError, request: revertAll } = useRequest( + useCallback(async () => { + await SettingsAPI.revertCategory('github-enterprise-team'); + }, []), + null + ); + const handleSubmit = async form => { await submitForm({ ...form, @@ -68,13 +75,11 @@ function GitHubEnterpriseTeamEdit() { }; const handleRevertAll = async () => { - const defaultValues = Object.assign( - ...Object.entries(github).map(([key, value]) => ({ - [key]: value.default, - })) - ); - await submitForm(defaultValues); + await revertAll(); + closeModal(); + + history.push('/settings/github/enterprise_team/details'); }; const handleCancel = () => { @@ -134,6 +139,7 @@ function GitHubEnterpriseTeamEdit() { config={github.SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP} /> {submitError && } + {revertError && } ', () => { let history; beforeEach(() => { + SettingsAPI.revertCategory.mockResolvedValue({}); SettingsAPI.updateAll.mockResolvedValue({}); SettingsAPI.readCategory.mockResolvedValue({ data: { @@ -88,7 +89,7 @@ describe('', () => { }); test('should successfully send default values to api on form revert all', async () => { - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(0); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(0); expect(wrapper.find('RevertAllAlert')).toHaveLength(0); await act(async () => { wrapper @@ -103,16 +104,10 @@ describe('', () => { .invoke('onClick')(); }); wrapper.update(); - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1); - expect(SettingsAPI.updateAll).toHaveBeenCalledWith({ - SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL: '', - SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL: '', - SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY: '', - SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET: '', - SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID: '', - SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP: null, - SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP: null, - }); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(1); + expect(SettingsAPI.revertCategory).toHaveBeenCalledWith( + 'github-enterprise-team' + ); }); test('should successfully send request to api on form submission', async () => { diff --git a/awx/ui_next/src/screens/Setting/GitHub/GitHubOrgEdit/GitHubOrgEdit.jsx b/awx/ui_next/src/screens/Setting/GitHub/GitHubOrgEdit/GitHubOrgEdit.jsx index 6224acb5b7..8a14272467 100644 --- a/awx/ui_next/src/screens/Setting/GitHub/GitHubOrgEdit/GitHubOrgEdit.jsx +++ b/awx/ui_next/src/screens/Setting/GitHub/GitHubOrgEdit/GitHubOrgEdit.jsx @@ -55,6 +55,13 @@ function GitHubOrgEdit() { null ); + const { error: revertError, request: revertAll } = useRequest( + useCallback(async () => { + await SettingsAPI.revertCategory('github-org'); + }, []), + null + ); + const handleSubmit = async form => { await submitForm({ ...form, @@ -68,13 +75,11 @@ function GitHubOrgEdit() { }; const handleRevertAll = async () => { - const defaultValues = Object.assign( - ...Object.entries(github).map(([key, value]) => ({ - [key]: value.default, - })) - ); - await submitForm(defaultValues); + await revertAll(); + closeModal(); + + history.push('/settings/github/organization/details'); }; const handleCancel = () => { @@ -124,6 +129,7 @@ function GitHubOrgEdit() { config={github.SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP} /> {submitError && } + {revertError && } ', () => { let history; beforeEach(() => { + SettingsAPI.revertCategory.mockResolvedValue({}); SettingsAPI.updateAll.mockResolvedValue({}); SettingsAPI.readCategory.mockResolvedValue({ data: { @@ -79,7 +80,7 @@ describe('', () => { }); test('should successfully send default values to api on form revert all', async () => { - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(0); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(0); expect(wrapper.find('RevertAllAlert')).toHaveLength(0); await act(async () => { wrapper @@ -94,14 +95,8 @@ describe('', () => { .invoke('onClick')(); }); wrapper.update(); - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1); - expect(SettingsAPI.updateAll).toHaveBeenCalledWith({ - SOCIAL_AUTH_GITHUB_ORG_KEY: '', - SOCIAL_AUTH_GITHUB_ORG_SECRET: '', - SOCIAL_AUTH_GITHUB_ORG_NAME: '', - SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP: null, - SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP: null, - }); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(1); + expect(SettingsAPI.revertCategory).toHaveBeenCalledWith('github-org'); }); test('should successfully send request to api on form submission', async () => { diff --git a/awx/ui_next/src/screens/Setting/GitHub/GitHubTeamEdit/GitHubTeamEdit.jsx b/awx/ui_next/src/screens/Setting/GitHub/GitHubTeamEdit/GitHubTeamEdit.jsx index f898539283..d49673982e 100644 --- a/awx/ui_next/src/screens/Setting/GitHub/GitHubTeamEdit/GitHubTeamEdit.jsx +++ b/awx/ui_next/src/screens/Setting/GitHub/GitHubTeamEdit/GitHubTeamEdit.jsx @@ -55,6 +55,13 @@ function GitHubTeamEdit() { null ); + const { error: revertError, request: revertAll } = useRequest( + useCallback(async () => { + await SettingsAPI.revertCategory('github-team'); + }, []), + null + ); + const handleSubmit = async form => { await submitForm({ ...form, @@ -68,13 +75,11 @@ function GitHubTeamEdit() { }; const handleRevertAll = async () => { - const defaultValues = Object.assign( - ...Object.entries(github).map(([key, value]) => ({ - [key]: value.default, - })) - ); - await submitForm(defaultValues); + await revertAll(); + closeModal(); + + history.push('/settings/github/team/details'); }; const handleCancel = () => { @@ -124,6 +129,7 @@ function GitHubTeamEdit() { config={github.SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP} /> {submitError && } + {revertError && } ', () => { let history; beforeEach(() => { + SettingsAPI.revertCategory.mockResolvedValue({}); SettingsAPI.updateAll.mockResolvedValue({}); SettingsAPI.readCategory.mockResolvedValue({ data: { @@ -74,7 +75,7 @@ describe('', () => { }); test('should successfully send default values to api on form revert all', async () => { - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(0); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(0); expect(wrapper.find('RevertAllAlert')).toHaveLength(0); await act(async () => { wrapper @@ -89,14 +90,8 @@ describe('', () => { .invoke('onClick')(); }); wrapper.update(); - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1); - expect(SettingsAPI.updateAll).toHaveBeenCalledWith({ - SOCIAL_AUTH_GITHUB_TEAM_KEY: '', - SOCIAL_AUTH_GITHUB_TEAM_SECRET: '', - SOCIAL_AUTH_GITHUB_TEAM_ID: '', - SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP: null, - SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP: null, - }); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(1); + expect(SettingsAPI.revertCategory).toHaveBeenCalledWith('github-team'); }); test('should successfully send request to api on form submission', async () => { diff --git a/awx/ui_next/src/screens/Setting/GoogleOAuth2/GoogleOAuth2Edit/GoogleOAuth2Edit.jsx b/awx/ui_next/src/screens/Setting/GoogleOAuth2/GoogleOAuth2Edit/GoogleOAuth2Edit.jsx index ebc6f3d662..8bedb9095a 100644 --- a/awx/ui_next/src/screens/Setting/GoogleOAuth2/GoogleOAuth2Edit/GoogleOAuth2Edit.jsx +++ b/awx/ui_next/src/screens/Setting/GoogleOAuth2/GoogleOAuth2Edit/GoogleOAuth2Edit.jsx @@ -60,6 +60,13 @@ function GoogleOAuth2Edit() { null ); + const { error: revertError, request: revertAll } = useRequest( + useCallback(async () => { + await SettingsAPI.revertCategory('google-oauth2'); + }, []), + null + ); + const handleSubmit = async form => { await submitForm({ ...form, @@ -79,13 +86,11 @@ function GoogleOAuth2Edit() { }; const handleRevertAll = async () => { - const defaultValues = Object.assign( - ...Object.entries(googleOAuth2).map(([key, value]) => ({ - [key]: value.default, - })) - ); - await submitForm(defaultValues); + await revertAll(); + closeModal(); + + history.push('/settings/google_oauth2/details'); }; const handleCancel = () => { @@ -148,6 +153,7 @@ function GoogleOAuth2Edit() { config={googleOAuth2.SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP} /> {submitError && } + {revertError && } ', () => { let history; beforeEach(() => { + SettingsAPI.revertCategory.mockResolvedValue({}); SettingsAPI.updateAll.mockResolvedValue({}); SettingsAPI.readCategory.mockResolvedValue({ data: { @@ -82,7 +83,7 @@ describe('', () => { }); test('should successfully send default values to api on form revert all', async () => { - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(0); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(0); expect(wrapper.find('RevertAllAlert')).toHaveLength(0); await act(async () => { wrapper @@ -97,15 +98,8 @@ describe('', () => { .invoke('onClick')(); }); wrapper.update(); - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1); - expect(SettingsAPI.updateAll).toHaveBeenCalledWith({ - SOCIAL_AUTH_GOOGLE_OAUTH2_KEY: '', - SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET: '', - SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS: [], - SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS: {}, - SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP: null, - SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP: null, - }); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(1); + expect(SettingsAPI.revertCategory).toHaveBeenCalledWith('google-oauth2'); }); test('should successfully send request to api on form submission', async () => { diff --git a/awx/ui_next/src/screens/Setting/Jobs/JobsEdit/JobsEdit.jsx b/awx/ui_next/src/screens/Setting/Jobs/JobsEdit/JobsEdit.jsx index 7ba1e96f51..2d92b456c2 100644 --- a/awx/ui_next/src/screens/Setting/Jobs/JobsEdit/JobsEdit.jsx +++ b/awx/ui_next/src/screens/Setting/Jobs/JobsEdit/JobsEdit.jsx @@ -63,6 +63,13 @@ function JobsEdit() { null ); + const { error: revertError, request: revertAll } = useRequest( + useCallback(async () => { + await SettingsAPI.revertCategory('jobs'); + }, []), + null + ); + const handleSubmit = async form => { await submitForm({ ...form, @@ -76,12 +83,11 @@ function JobsEdit() { }; const handleRevertAll = async () => { - const defaultValues = {}; - Object.entries(jobs).forEach(([key, value]) => { - defaultValues[key] = value.default; - }); - await submitForm(defaultValues); + await revertAll(); + closeModal(); + + history.push('/settings/jobs/details'); }; const handleCancel = () => { @@ -181,6 +187,7 @@ function JobsEdit() { /> {submitError && } + {revertError && } ', () => { let history; beforeEach(() => { + SettingsAPI.revertCategory.mockResolvedValue({}); SettingsAPI.updateAll.mockResolvedValue({}); SettingsAPI.readCategory.mockResolvedValue({ data: mockJobSettings, @@ -51,7 +51,7 @@ describe('', () => { }); test('should successfully send default values to api on form revert all', async () => { - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(0); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(0); expect(wrapper.find('RevertAllAlert')).toHaveLength(0); await act(async () => { wrapper @@ -66,8 +66,8 @@ describe('', () => { .invoke('onClick')(); }); wrapper.update(); - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1); - expect(SettingsAPI.updateAll).toHaveBeenCalledWith(mockDefaultJobSettings); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(1); + expect(SettingsAPI.revertCategory).toHaveBeenCalledWith('jobs'); }); test('should successfully send request to api on form submission', async () => { diff --git a/awx/ui_next/src/screens/Setting/Logging/LoggingEdit/LoggingEdit.jsx b/awx/ui_next/src/screens/Setting/Logging/LoggingEdit/LoggingEdit.jsx index 6a292cbb38..fd403b67f8 100644 --- a/awx/ui_next/src/screens/Setting/Logging/LoggingEdit/LoggingEdit.jsx +++ b/awx/ui_next/src/screens/Setting/Logging/LoggingEdit/LoggingEdit.jsx @@ -75,14 +75,19 @@ function LoggingEdit() { }); }; - const handleRevertAll = async () => { - const defaultValues = {}; - Object.entries(logging).forEach(([key, value]) => { - defaultValues[key] = value.default; - }); + const { error: revertError, request: revertAll } = useRequest( + useCallback(async () => { + await SettingsAPI.revertCategory('logging'); + }, []), + null + ); + + const handleRevertAll = async () => { + await revertAll(); - await submitForm(defaultValues); closeModal(); + + history.push('/settings/logging/details'); }; const { @@ -221,6 +226,7 @@ function LoggingEdit() { config={logging.LOG_AGGREGATOR_LOGGERS} /> {submitError && } + {revertError && } ', () => { let wrapper; @@ -68,6 +45,7 @@ describe('', () => { }); beforeEach(async () => { + SettingsAPI.revertCategory.mockResolvedValue({}); SettingsAPI.updateAll.mockResolvedValue({}); SettingsAPI.readCategory.mockResolvedValue({ data: mockSettings, @@ -227,7 +205,7 @@ describe('', () => { }); test('should successfully send default values to api on form revert all', async () => { - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(0); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(0); expect(wrapper.find('RevertAllAlert')).toHaveLength(0); await act(async () => { wrapper @@ -242,8 +220,8 @@ describe('', () => { .invoke('onClick')(); }); wrapper.update(); - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1); - expect(SettingsAPI.updateAll).toHaveBeenCalledWith(mockDefaultSettings); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(1); + expect(SettingsAPI.revertCategory).toHaveBeenCalledWith('logging'); }); test('should successfully send request to api on form submission', async () => { diff --git a/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStream.jsx b/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthentication.jsx similarity index 70% rename from awx/ui_next/src/screens/Setting/ActivityStream/ActivityStream.jsx rename to awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthentication.jsx index 3be6063096..bdff141ad8 100644 --- a/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStream.jsx +++ b/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthentication.jsx @@ -1,15 +1,14 @@ import React from 'react'; import { Link, Redirect, Route, Switch } from 'react-router-dom'; - import { t } from '@lingui/macro'; import { PageSection, Card } from '@patternfly/react-core'; import ContentError from '../../../components/ContentError'; import { useConfig } from '../../../contexts/Config'; -import ActivityStreamDetail from './ActivityStreamDetail'; -import ActivityStreamEdit from './ActivityStreamEdit'; +import MiscAuthenticationDetail from './MiscAuthenticationDetail'; +import MiscAuthenticationEdit from './MiscAuthenticationEdit'; -function ActivityStream() { - const baseURL = '/settings/activity_stream'; +function MiscAuthentication() { + const baseURL = '/settings/miscellaneous_authentication'; const { me } = useConfig(); return ( @@ -18,11 +17,11 @@ function ActivityStream() { - + {me?.is_superuser ? ( - + ) : ( )} @@ -30,7 +29,7 @@ function ActivityStream() { - {t`View Activity Stream settings`} + {t`View Miscellaneous Authentication settings`} @@ -40,4 +39,4 @@ function ActivityStream() { ); } -export default ActivityStream; +export default MiscAuthentication; diff --git a/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStream.test.jsx b/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthentication.test.jsx similarity index 51% rename from awx/ui_next/src/screens/Setting/ActivityStream/ActivityStream.test.jsx rename to awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthentication.test.jsx index 14b698cefb..6d23d24933 100644 --- a/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStream.test.jsx +++ b/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthentication.test.jsx @@ -5,55 +5,57 @@ import { mountWithContexts, waitForElement, } from '../../../../testUtils/enzymeHelpers'; -import ActivityStream from './ActivityStream'; import { SettingsAPI } from '../../../api'; +import MiscAuthentication from './MiscAuthentication'; -jest.mock('../../../api/models/Settings'); -SettingsAPI.readCategory.mockResolvedValue({ - data: { - ACTIVITY_STREAM_ENABLED: true, - ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC: false, - }, -}); +jest.mock('../../../api'); -describe('', () => { +describe('', () => { let wrapper; + beforeEach(() => { + SettingsAPI.readCategory.mockResolvedValue({ + data: {}, + }); + }); + afterEach(() => { wrapper.unmount(); jest.clearAllMocks(); }); - test('should render activity stream details', async () => { + test('should render miscellaneous authentication details', async () => { const history = createMemoryHistory({ - initialEntries: ['/settings/activity_stream/details'], + initialEntries: ['/settings/miscellaneous_authentication/details'], }); await act(async () => { - wrapper = mountWithContexts(, { + wrapper = mountWithContexts(, { context: { router: { history } }, }); }); - expect(wrapper.find('ActivityStreamDetail').length).toBe(1); + await waitForElement(wrapper, 'ContentLoading', el => el.length === 0); + expect(wrapper.find('MiscAuthenticationDetail').length).toBe(1); }); - test('should render activity stream edit', async () => { + test('should render miscellaneous authentication edit', async () => { const history = createMemoryHistory({ - initialEntries: ['/settings/activity_stream/edit'], + initialEntries: ['/settings/miscellaneous_authentication/edit'], }); await act(async () => { - wrapper = mountWithContexts(, { + wrapper = mountWithContexts(, { context: { router: { history } }, }); }); - expect(wrapper.find('ActivityStreamEdit').length).toBe(1); + await waitForElement(wrapper, 'ContentLoading', el => el.length === 0); + expect(wrapper.find('MiscAuthenticationEdit').length).toBe(1); }); test('should show content error when user navigates to erroneous route', async () => { const history = createMemoryHistory({ - initialEntries: ['/settings/activity_stream/foo'], + initialEntries: ['/settings/miscellaneous_authentication/foo'], }); await act(async () => { - wrapper = mountWithContexts(, { + wrapper = mountWithContexts(, { context: { router: { history } }, }); }); @@ -62,10 +64,10 @@ describe('', () => { test('should redirect to details for users without system admin permissions', async () => { const history = createMemoryHistory({ - initialEntries: ['/settings/activity_stream/edit'], + initialEntries: ['/settings/miscellaneous_authentication/edit'], }); await act(async () => { - wrapper = mountWithContexts(, { + wrapper = mountWithContexts(, { context: { router: { history, @@ -79,7 +81,7 @@ describe('', () => { }); }); await waitForElement(wrapper, 'ContentLoading', el => el.length === 0); - expect(wrapper.find('ActivityStreamDetail').length).toBe(1); - expect(wrapper.find('ActivityStreamEdit').length).toBe(0); + expect(wrapper.find('MiscAuthenticationDetail').length).toBe(1); + expect(wrapper.find('MiscAuthenticationEdit').length).toBe(0); }); }); diff --git a/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamDetail/ActivityStreamDetail.jsx b/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationDetail/MiscAuthenticationDetail.jsx similarity index 74% rename from awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamDetail/ActivityStreamDetail.jsx rename to awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationDetail/MiscAuthenticationDetail.jsx index b63e1ac96b..dd3f1b655e 100644 --- a/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamDetail/ActivityStreamDetail.jsx +++ b/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationDetail/MiscAuthenticationDetail.jsx @@ -1,36 +1,27 @@ import React, { useEffect, useCallback } from 'react'; import { Link } from 'react-router-dom'; - import { t } from '@lingui/macro'; -import { CaretLeftIcon } from '@patternfly/react-icons'; import { Button } from '@patternfly/react-core'; +import { CaretLeftIcon } from '@patternfly/react-icons'; import { CardBody, CardActionsRow } from '../../../../components/Card'; import ContentLoading from '../../../../components/ContentLoading'; import ContentError from '../../../../components/ContentError'; import { DetailList } from '../../../../components/DetailList'; import RoutedTabs from '../../../../components/RoutedTabs'; -import useRequest from '../../../../util/useRequest'; import { useConfig } from '../../../../contexts/Config'; import { useSettings } from '../../../../contexts/Settings'; +import useRequest from '../../../../util/useRequest'; import { SettingsAPI } from '../../../../api'; import { SettingDetail } from '../../shared'; -function ActivityStreamDetail() { +function MiscAuthenticationDetail() { const { me } = useConfig(); const { GET: options } = useSettings(); - const { isLoading, error, request, result: activityStream } = useRequest( + const { isLoading, error, request, result: authentication } = useRequest( useCallback(async () => { - const { - data: { - ACTIVITY_STREAM_ENABLED, - ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC, - }, - } = await SettingsAPI.readCategory('system'); - return { - ACTIVITY_STREAM_ENABLED, - ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC, - }; + const { data } = await SettingsAPI.readCategory('authentication'); + return data; }, []), null ); @@ -52,7 +43,7 @@ function ActivityStreamDetail() { }, { name: t`Details`, - link: `/settings/activity_stream/details`, + link: `/settings/miscellaneous_authentication/details`, id: 0, }, ]; @@ -63,9 +54,9 @@ function ActivityStreamDetail() { {isLoading && } {!isLoading && error && } - {!isLoading && activityStream && ( + {!isLoading && authentication && ( - {Object.keys(activityStream).map(key => { + {Object.keys(authentication).map(key => { const record = options?.[key]; return ( ); })} @@ -84,10 +75,10 @@ function ActivityStreamDetail() { {me?.is_superuser && ( @@ -98,4 +89,4 @@ function ActivityStreamDetail() { ); } -export default ActivityStreamDetail; +export default MiscAuthenticationDetail; diff --git a/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationDetail/MiscAuthenticationDetail.test.jsx b/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationDetail/MiscAuthenticationDetail.test.jsx new file mode 100644 index 0000000000..3f25df44e4 --- /dev/null +++ b/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationDetail/MiscAuthenticationDetail.test.jsx @@ -0,0 +1,128 @@ +import React from 'react'; +import { act } from 'react-dom/test-utils'; +import { + mountWithContexts, + waitForElement, +} from '../../../../../testUtils/enzymeHelpers'; +import { SettingsProvider } from '../../../../contexts/Settings'; +import { SettingsAPI } from '../../../../api'; +import { + assertDetail, + assertVariableDetail, +} from '../../shared/settingTestUtils'; +import mockAllOptions from '../../shared/data.allSettingOptions.json'; +import MiscAuthenticationDetail from './MiscAuthenticationDetail'; + +jest.mock('../../../../api'); + +describe('', () => { + let wrapper; + + beforeEach(async () => { + SettingsAPI.readCategory = jest.fn(); + SettingsAPI.readCategory.mockResolvedValue({ + data: { + SESSION_COOKIE_AGE: 1800, + SESSIONS_PER_USER: -1, + DISABLE_LOCAL_AUTH: false, + AUTH_BASIC_ENABLED: true, + OAUTH2_PROVIDER: { + ACCESS_TOKEN_EXPIRE_SECONDS: 31536000000, + REFRESH_TOKEN_EXPIRE_SECONDS: 2628000, + AUTHORIZATION_CODE_EXPIRE_SECONDS: 600, + }, + ALLOW_OAUTH2_FOR_EXTERNAL_USERS: false, + LOGIN_REDIRECT_OVERRIDE: 'https://foohost', + AUTHENTICATION_BACKENDS: [ + 'awx.sso.backends.TACACSPlusBackend', + 'awx.main.backends.AWXModelBackend', + ], + SOCIAL_AUTH_ORGANIZATION_MAP: {}, + SOCIAL_AUTH_TEAM_MAP: {}, + SOCIAL_AUTH_USER_FIELDS: [], + }, + }); + await act(async () => { + wrapper = mountWithContexts( + + + + ); + }); + await waitForElement(wrapper, 'ContentLoading', el => el.length === 0); + }); + + test('initially renders without crashing', () => { + expect(wrapper.find('MiscAuthenticationDetail').length).toBe(1); + }); + + test('should render expected tabs', () => { + const expectedTabs = ['Back to Settings', 'Details']; + wrapper.find('RoutedTabs li').forEach((tab, index) => { + expect(tab.text()).toEqual(expectedTabs[index]); + }); + }); + + test('should render expected details', () => { + assertDetail(wrapper, 'Disable the built-in authentication system', 'Off'); + assertVariableDetail( + wrapper, + 'OAuth 2 Timeout Settings', + '{\n "ACCESS_TOKEN_EXPIRE_SECONDS": 31536000000,\n "REFRESH_TOKEN_EXPIRE_SECONDS": 2628000,\n "AUTHORIZATION_CODE_EXPIRE_SECONDS": 600\n}' + ); + assertDetail(wrapper, 'Login redirect override URL', 'https://foohost'); + assertVariableDetail( + wrapper, + 'Authentication Backends', + '[\n "awx.sso.backends.TACACSPlusBackend",\n "awx.main.backends.AWXModelBackend"\n]' + ); + assertVariableDetail(wrapper, 'Social Auth Organization Map', '{}'); + assertVariableDetail(wrapper, 'Social Auth Team Map', '{}'); + assertVariableDetail(wrapper, 'Social Auth User Fields', '[]'); + assertDetail( + wrapper, + 'Allow External Users to Create OAuth2 Tokens', + 'Off' + ); + assertDetail(wrapper, 'Enable HTTP Basic Auth', 'On'); + assertDetail(wrapper, 'Idle Time Force Log Out', '1800 seconds'); + assertDetail( + wrapper, + 'Maximum number of simultaneous logged in sessions', + '-1' + ); + }); + + test('should hide edit button from non-superusers', async () => { + const config = { + me: { + is_superuser: false, + }, + }; + await act(async () => { + wrapper = mountWithContexts( + + + , + { + context: { config }, + } + ); + }); + await waitForElement(wrapper, 'ContentLoading', el => el.length === 0); + expect(wrapper.find('Button[aria-label="Edit"]').exists()).toBeFalsy(); + }); + + test('should display content error when api throws error on initial render', async () => { + SettingsAPI.readCategory.mockRejectedValue(new Error()); + await act(async () => { + wrapper = mountWithContexts( + + + + ); + }); + await waitForElement(wrapper, 'ContentLoading', el => el.length === 0); + expect(wrapper.find('ContentError').length).toBe(1); + }); +}); diff --git a/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationDetail/index.js b/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationDetail/index.js new file mode 100644 index 0000000000..805d3d480b --- /dev/null +++ b/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationDetail/index.js @@ -0,0 +1 @@ +export { default } from './MiscAuthenticationDetail'; diff --git a/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationEdit/MiscAuthenticationEdit.jsx b/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationEdit/MiscAuthenticationEdit.jsx new file mode 100644 index 0000000000..6c748440d9 --- /dev/null +++ b/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationEdit/MiscAuthenticationEdit.jsx @@ -0,0 +1,270 @@ +import React, { useCallback, useEffect } from 'react'; +import { useHistory } from 'react-router-dom'; +import { t } from '@lingui/macro'; +import { Formik } from 'formik'; +import { Form } from '@patternfly/react-core'; +import { CardBody } from '../../../../components/Card'; +import ContentError from '../../../../components/ContentError'; +import ContentLoading from '../../../../components/ContentLoading'; +import { FormSubmitError } from '../../../../components/FormField'; +import { FormColumnLayout } from '../../../../components/FormLayout'; +import { useSettings } from '../../../../contexts/Settings'; +import { RevertAllAlert, RevertFormActionGroup } from '../../shared'; +import { + BooleanField, + InputField, + ObjectField, +} from '../../shared/SharedFields'; +import useModal from '../../../../util/useModal'; +import useRequest from '../../../../util/useRequest'; +import { SettingsAPI } from '../../../../api'; +import { formatJson, pluck } from '../../shared/settingUtils'; + +function MiscAuthenticationEdit() { + const history = useHistory(); + const { isModalOpen, toggleModal, closeModal } = useModal(); + const { PUT: options } = useSettings(); + + const { + isLoading, + error, + request: fetchAuthentication, + result: authentication, + } = useRequest( + useCallback(async () => { + const { data } = await SettingsAPI.readCategory('authentication'); + + const { + OAUTH2_PROVIDER: { + ACCESS_TOKEN_EXPIRE_SECONDS, + REFRESH_TOKEN_EXPIRE_SECONDS, + AUTHORIZATION_CODE_EXPIRE_SECONDS, + }, + ...pluckedAuthenticationData + } = pluck( + data, + 'ALLOW_OAUTH2_FOR_EXTERNAL_USERS', + 'AUTH_BASIC_ENABLED', + 'LOGIN_REDIRECT_OVERRIDE', + 'DISABLE_LOCAL_AUTH', + 'OAUTH2_PROVIDER', + 'SESSIONS_PER_USER', + 'SESSION_COOKIE_AGE', + 'SOCIAL_AUTH_ORGANIZATION_MAP', + 'SOCIAL_AUTH_TEAM_MAP', + 'SOCIAL_AUTH_USER_FIELDS' + ); + + const authenticationData = { + ACCESS_TOKEN_EXPIRE_SECONDS, + REFRESH_TOKEN_EXPIRE_SECONDS, + AUTHORIZATION_CODE_EXPIRE_SECONDS, + ...pluckedAuthenticationData, + }; + + const { + OAUTH2_PROVIDER: OAUTH2_PROVIDER_OPTIONS, + ...restOptions + } = options; + + const authenticationOptions = { + ...restOptions, + ACCESS_TOKEN_EXPIRE_SECONDS: { + ...OAUTH2_PROVIDER_OPTIONS, + default: OAUTH2_PROVIDER_OPTIONS.default.ACCESS_TOKEN_EXPIRE_SECONDS, + type: OAUTH2_PROVIDER_OPTIONS.child.type, + label: t`Access Token Expiration`, + }, + REFRESH_TOKEN_EXPIRE_SECONDS: { + ...OAUTH2_PROVIDER_OPTIONS, + default: OAUTH2_PROVIDER_OPTIONS.default.REFRESH_TOKEN_EXPIRE_SECONDS, + type: OAUTH2_PROVIDER_OPTIONS.child.type, + label: t`Refresh Token Expiration`, + }, + AUTHORIZATION_CODE_EXPIRE_SECONDS: { + ...OAUTH2_PROVIDER_OPTIONS, + default: + OAUTH2_PROVIDER_OPTIONS.default.AUTHORIZATION_CODE_EXPIRE_SECONDS, + type: OAUTH2_PROVIDER_OPTIONS.child.type, + label: t`Authorization Code Expiration`, + }, + }; + + const mergedData = {}; + + Object.keys(authenticationData).forEach(key => { + if (!authenticationOptions[key]) { + return; + } + mergedData[key] = authenticationOptions[key]; + mergedData[key].value = authenticationData[key]; + }); + + return mergedData; + }, [options]), + null + ); + + useEffect(() => { + fetchAuthentication(); + }, [fetchAuthentication]); + + const { error: submitError, request: submitForm } = useRequest( + useCallback( + async values => { + await SettingsAPI.updateAll(values); + history.push('/settings/miscellaneous_authentication/details'); + }, + [history] + ), + null + ); + + const { error: revertError, request: revertAll } = useRequest( + useCallback(async () => { + await SettingsAPI.revertCategory('authentication'); + }, []), + null + ); + + const handleSubmit = async form => { + const { + ACCESS_TOKEN_EXPIRE_SECONDS, + REFRESH_TOKEN_EXPIRE_SECONDS, + AUTHORIZATION_CODE_EXPIRE_SECONDS, + ...formData + } = form; + + await submitForm({ + ...formData, + OAUTH2_PROVIDER: { + ACCESS_TOKEN_EXPIRE_SECONDS, + REFRESH_TOKEN_EXPIRE_SECONDS, + AUTHORIZATION_CODE_EXPIRE_SECONDS, + }, + SOCIAL_AUTH_ORGANIZATION_MAP: formatJson( + formData.SOCIAL_AUTH_ORGANIZATION_MAP + ), + SOCIAL_AUTH_TEAM_MAP: formatJson(formData.SOCIAL_AUTH_TEAM_MAP), + SOCIAL_AUTH_USER_FIELDS: formatJson(formData.SOCIAL_AUTH_USER_FIELDS), + }); + }; + + const handleRevertAll = async () => { + await revertAll(); + + closeModal(); + + history.push('/settings/miscellaneous_authentication/details'); + }; + + const handleCancel = () => { + history.push('/settings/miscellaneous_authentication/details'); + }; + + const initialValues = fields => + Object.keys(fields).reduce((acc, key) => { + if (fields[key].type === 'list' || fields[key].type === 'nested object') { + const emptyDefault = fields[key].type === 'list' ? '[]' : '{}'; + acc[key] = fields[key].value + ? JSON.stringify(fields[key].value, null, 2) + : emptyDefault; + } else { + acc[key] = fields[key].value ?? ''; + } + return acc; + }, {}); + + return ( + + {isLoading && } + {!isLoading && error && } + {!isLoading && authentication && ( + + {formik => ( +
+ + + + + + + + + + + + + + {submitError && } + {revertError && } + + + {isModalOpen && ( + + )} + + )} +
+ )} + + ); +} + +export default MiscAuthenticationEdit; diff --git a/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamEdit/ActivityStreamEdit.test.jsx b/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationEdit/MiscAuthenticationEdit.test.jsx similarity index 62% rename from awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamEdit/ActivityStreamEdit.test.jsx rename to awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationEdit/MiscAuthenticationEdit.test.jsx index 356dfcb61d..516553f55c 100644 --- a/awx/ui_next/src/screens/Setting/ActivityStream/ActivityStreamEdit/ActivityStreamEdit.test.jsx +++ b/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationEdit/MiscAuthenticationEdit.test.jsx @@ -6,36 +6,55 @@ import { waitForElement, } from '../../../../../testUtils/enzymeHelpers'; import mockAllOptions from '../../shared/data.allSettingOptions.json'; +import mockAllSettings from '../../shared/data.allSettings.json'; import { SettingsProvider } from '../../../../contexts/Settings'; import { SettingsAPI } from '../../../../api'; -import ActivityStreamEdit from './ActivityStreamEdit'; +import MiscAuthenticationEdit from './MiscAuthenticationEdit'; jest.mock('../../../../api'); -describe('', () => { +const authenticationData = { + SESSION_COOKIE_AGE: 1800, + SESSIONS_PER_USER: -1, + DISABLE_LOCAL_AUTH: false, + AUTH_BASIC_ENABLED: true, + OAUTH2_PROVIDER: { + ACCESS_TOKEN_EXPIRE_SECONDS: 31536000000, + REFRESH_TOKEN_EXPIRE_SECONDS: 2628000, + AUTHORIZATION_CODE_EXPIRE_SECONDS: 600, + }, + ALLOW_OAUTH2_FOR_EXTERNAL_USERS: false, + LOGIN_REDIRECT_OVERRIDE: '', + AUTHENTICATION_BACKENDS: [ + 'awx.sso.backends.TACACSPlusBackend', + 'awx.main.backends.AWXModelBackend', + ], + SOCIAL_AUTH_ORGANIZATION_MAP: {}, + SOCIAL_AUTH_TEAM_MAP: {}, + SOCIAL_AUTH_USER_FIELDS: [], +}; + +describe('', () => { let wrapper; let history; afterEach(() => { - wrapper.unmount(); jest.clearAllMocks(); }); beforeEach(async () => { - history = createMemoryHistory({ - initialEntries: ['/settings/activity_stream/edit'], - }); - SettingsAPI.readCategory.mockResolvedValue({ - data: { - ACTIVITY_STREAM_ENABLED: false, - ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC: true, - }, - }); + SettingsAPI.revertCategory.mockResolvedValue({}); SettingsAPI.updateAll.mockResolvedValue({}); + SettingsAPI.readCategory.mockResolvedValue({ + data: mockAllSettings, + }); + history = createMemoryHistory({ + initialEntries: ['/settings/miscellaneous_authentication/edit'], + }); await act(async () => { wrapper = mountWithContexts( - + , { context: { router: { history } }, @@ -45,54 +64,23 @@ describe('', () => { await waitForElement(wrapper, 'ContentLoading', el => el.length === 0); }); - test('initially renders without crashing', () => { - expect(wrapper.find('ActivityStreamEdit').length).toBe(1); + test('initially renders without crashing', async () => { + expect(wrapper.find('MiscAuthenticationEdit').length).toBe(1); }); - test('should navigate to activity stream detail when cancel is clicked', async () => { + test('save button should call updateAll', async () => { + expect(wrapper.find('MiscAuthenticationEdit').length).toBe(1); + wrapper.update(); await act(async () => { - wrapper.find('button[aria-label="Cancel"]').invoke('onClick')(); - }); - expect(history.location.pathname).toEqual( - '/settings/activity_stream/details' - ); - }); - - test('should navigate to activity stream detail on successful submission', async () => { - await act(async () => { - wrapper.find('Form').invoke('onSubmit')(); - }); - expect(history.location.pathname).toEqual( - '/settings/activity_stream/details' - ); - }); - - test('should successfully send request to api on form submission', async () => { - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(0); - expect( - wrapper.find('Switch#ACTIVITY_STREAM_ENABLED').prop('isChecked') - ).toEqual(false); - - await act(async () => { - wrapper.find('Switch#ACTIVITY_STREAM_ENABLED').invoke('onChange')(true); + wrapper.find('button[aria-label="Save"]').simulate('click'); }); wrapper.update(); - expect( - wrapper.find('Switch#ACTIVITY_STREAM_ENABLED').prop('isChecked') - ).toEqual(true); - - await act(async () => { - wrapper.find('Form').invoke('onSubmit')(); - }); - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1); - expect(SettingsAPI.updateAll).toHaveBeenCalledWith({ - ACTIVITY_STREAM_ENABLED: true, - ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC: true, - }); + const { AUTHENTICATION_BACKENDS, ...rest } = authenticationData; + expect(SettingsAPI.updateAll).toHaveBeenCalledWith(rest); }); test('should successfully send default values to api on form revert all', async () => { - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(0); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(0); expect(wrapper.find('RevertAllAlert')).toHaveLength(0); await act(async () => { wrapper @@ -107,11 +95,33 @@ describe('', () => { .invoke('onClick')(); }); wrapper.update(); - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1); - expect(SettingsAPI.updateAll).toHaveBeenCalledWith({ - ACTIVITY_STREAM_ENABLED: true, - ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC: false, + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(1); + expect(SettingsAPI.revertCategory).toHaveBeenCalledWith('authentication'); + }); + + test('should successfully send request to api on form submission', async () => { + await act(async () => { + wrapper.find('Form').invoke('onSubmit')(); }); + expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1); + }); + + test('should navigate to miscellaneous detail on successful submission', async () => { + await act(async () => { + wrapper.find('Form').invoke('onSubmit')(); + }); + expect(history.location.pathname).toEqual( + '/settings/miscellaneous_authentication/details' + ); + }); + + test('should navigate to miscellaneous detail when cancel is clicked', async () => { + await act(async () => { + wrapper.find('button[aria-label="Cancel"]').invoke('onClick')(); + }); + expect(history.location.pathname).toEqual( + '/settings/miscellaneous_authentication/details' + ); }); test('should display error message on unsuccessful submission', async () => { @@ -138,7 +148,7 @@ describe('', () => { await act(async () => { wrapper = mountWithContexts( - + ); }); diff --git a/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationEdit/index.js b/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationEdit/index.js new file mode 100644 index 0000000000..56fcea40c0 --- /dev/null +++ b/awx/ui_next/src/screens/Setting/MiscAuthentication/MiscAuthenticationEdit/index.js @@ -0,0 +1 @@ +export { default } from './MiscAuthenticationEdit'; diff --git a/awx/ui_next/src/screens/Setting/MiscAuthentication/index.js b/awx/ui_next/src/screens/Setting/MiscAuthentication/index.js new file mode 100644 index 0000000000..08a9ec6a11 --- /dev/null +++ b/awx/ui_next/src/screens/Setting/MiscAuthentication/index.js @@ -0,0 +1 @@ +export { default } from './MiscAuthentication'; diff --git a/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystem.jsx b/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystem.jsx index a3d79809cd..ea307cf51a 100644 --- a/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystem.jsx +++ b/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystem.jsx @@ -1,6 +1,5 @@ import React from 'react'; import { Link, Redirect, Route, Switch } from 'react-router-dom'; - import { t } from '@lingui/macro'; import { PageSection, Card } from '@patternfly/react-core'; import ContentError from '../../../components/ContentError'; diff --git a/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemDetail/MiscSystemDetail.jsx b/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemDetail/MiscSystemDetail.jsx index de5080eec4..2e51472ea5 100644 --- a/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemDetail/MiscSystemDetail.jsx +++ b/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemDetail/MiscSystemDetail.jsx @@ -18,84 +18,49 @@ import { sortNestedDetails, pluck } from '../../shared/settingUtils'; function MiscSystemDetail() { const { me } = useConfig(); - const { GET: allOptions } = useSettings(); + const { GET: options } = useSettings(); const { isLoading, error, request, result: system } = useRequest( useCallback(async () => { - const { data } = await SettingsAPI.readCategory('all'); - let DEFAULT_EXECUTION_ENVIRONMENT = ''; + const { data } = await SettingsAPI.readCategory('system'); if (data.DEFAULT_EXECUTION_ENVIRONMENT) { const { data: { name }, } = await ExecutionEnvironmentsAPI.readDetail( data.DEFAULT_EXECUTION_ENVIRONMENT ); - DEFAULT_EXECUTION_ENVIRONMENT = name; + data.DEFAULT_EXECUTION_ENVIRONMENT = name; } - const { - OAUTH2_PROVIDER: { - ACCESS_TOKEN_EXPIRE_SECONDS, - REFRESH_TOKEN_EXPIRE_SECONDS, - AUTHORIZATION_CODE_EXPIRE_SECONDS, - }, - ...pluckedSystemData - } = pluck( + + const systemData = pluck( data, - 'ALLOW_OAUTH2_FOR_EXTERNAL_USERS', - 'AUTH_BASIC_ENABLED', + 'ACTIVITY_STREAM_ENABLED', + 'ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC', 'AUTOMATION_ANALYTICS_GATHER_INTERVAL', 'AUTOMATION_ANALYTICS_URL', 'INSIGHTS_TRACKING_STATE', - 'LOGIN_REDIRECT_OVERRIDE', 'MANAGE_ORGANIZATION_AUTH', - 'DISABLE_LOCAL_AUTH', - 'OAUTH2_PROVIDER', 'ORG_ADMINS_CAN_SEE_ALL_USERS', - 'REDHAT_PASSWORD', 'REDHAT_USERNAME', - 'REMOTE_HOST_HEADERS', - 'SESSIONS_PER_USER', - 'SESSION_COOKIE_AGE', + 'REDHAT_PASSWORD', 'SUBSCRIPTIONS_USERNAME', 'SUBSCRIPTIONS_PASSWORD', - 'TOWER_URL_BASE' + 'INSTALL_UUID', + 'REMOTE_HOST_HEADERS', + 'TOWER_URL_BASE', + 'DEFAULT_EXECUTION_ENVIRONMENT', + 'PROXY_IP_ALLOWED_LIST', + 'AUTOMATION_ANALYTICS_LAST_GATHER', + 'AUTOMATION_ANALYTICS_LAST_ENTRIES' ); - const systemData = { - ...pluckedSystemData, - ACCESS_TOKEN_EXPIRE_SECONDS, - REFRESH_TOKEN_EXPIRE_SECONDS, - AUTHORIZATION_CODE_EXPIRE_SECONDS, - DEFAULT_EXECUTION_ENVIRONMENT, - }; - const { - OAUTH2_PROVIDER: OAUTH2_PROVIDER_OPTIONS, - ...options - } = allOptions; - const systemOptions = { - ...options, - ACCESS_TOKEN_EXPIRE_SECONDS: { - ...OAUTH2_PROVIDER_OPTIONS, - type: OAUTH2_PROVIDER_OPTIONS.child.type, - label: t`Access Token Expiration`, - }, - REFRESH_TOKEN_EXPIRE_SECONDS: { - ...OAUTH2_PROVIDER_OPTIONS, - type: OAUTH2_PROVIDER_OPTIONS.child.type, - label: t`Refresh Token Expiration`, - }, - AUTHORIZATION_CODE_EXPIRE_SECONDS: { - ...OAUTH2_PROVIDER_OPTIONS, - type: OAUTH2_PROVIDER_OPTIONS.child.type, - label: t`Authorization Code Expiration`, - }, - }; + const mergedData = {}; Object.keys(systemData).forEach(key => { - mergedData[key] = systemOptions[key]; + mergedData[key] = options[key]; mergedData[key].value = systemData[key]; }); return sortNestedDetails(mergedData); - }, [allOptions]), + }, [options]), null ); diff --git a/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemDetail/MiscSystemDetail.test.jsx b/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemDetail/MiscSystemDetail.test.jsx index 2f9dd48dff..f8fae74a08 100644 --- a/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemDetail/MiscSystemDetail.test.jsx +++ b/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemDetail/MiscSystemDetail.test.jsx @@ -22,28 +22,26 @@ describe('', () => { SettingsAPI.readCategory = jest.fn(); SettingsAPI.readCategory.mockResolvedValue({ data: { - ALLOW_OAUTH2_FOR_EXTERNAL_USERS: false, - AUTH_BASIC_ENABLED: true, - AUTOMATION_ANALYTICS_GATHER_INTERVAL: 14400, + ACTIVITY_STREAM_ENABLED: true, + ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC: false, + ORG_ADMINS_CAN_SEE_ALL_USERS: true, + MANAGE_ORGANIZATION_AUTH: true, + TOWER_URL_BASE: 'https://towerhost', + REMOTE_HOST_HEADERS: [], + PROXY_IP_ALLOWED_LIST: [], + LICENSE: null, + REDHAT_USERNAME: 'name1', + REDHAT_PASSWORD: '$encrypted$', + SUBSCRIPTIONS_USERNAME: 'name2', + SUBSCRIPTIONS_PASSWORD: '$encrypted$', AUTOMATION_ANALYTICS_URL: 'https://example.com', + INSTALL_UUID: 'db39b9ec-0c6e-4554-987d-42aw9c732ed8', + DEFAULT_EXECUTION_ENVIRONMENT: 1, CUSTOM_VENV_PATHS: [], INSIGHTS_TRACKING_STATE: false, - LOGIN_REDIRECT_OVERRIDE: 'https://redirect.com', - MANAGE_ORGANIZATION_AUTH: true, - DISABLE_LOCAL_AUTH: false, - OAUTH2_PROVIDER: { - ACCESS_TOKEN_EXPIRE_SECONDS: 1, - AUTHORIZATION_CODE_EXPIRE_SECONDS: 2, - REFRESH_TOKEN_EXPIRE_SECONDS: 3, - }, - ORG_ADMINS_CAN_SEE_ALL_USERS: true, - REDHAT_PASSWORD: '$encrypted$', - REDHAT_USERNAME: 'mock name', - REMOTE_HOST_HEADERS: [], - SESSIONS_PER_USER: -1, - SESSION_COOKIE_AGE: 30000000000, - TOWER_URL_BASE: 'https://towerhost', - DEFAULT_EXECUTION_ENVIRONMENT: 1, + AUTOMATION_ANALYTICS_LAST_GATHER: null, + AUTOMATION_ANALYTICS_LAST_ENTRIES: 'foo', + AUTOMATION_ANALYTICS_GATHER_INTERVAL: 14400, }, }); ExecutionEnvironmentsAPI.readDetail = jest.fn(); @@ -77,14 +75,17 @@ describe('', () => { }); test('should render expected details', () => { - assertDetail(wrapper, 'Access Token Expiration', '1 seconds'); - assertDetail(wrapper, 'All Users Visible to Organization Admins', 'On'); assertDetail( wrapper, - 'Allow External Users to Create OAuth2 Tokens', - 'Off' + 'Unique identifier for an installation', + 'db39b9ec-0c6e-4554-987d-42aw9c732ed8' ); - assertDetail(wrapper, 'Authorization Code Expiration', '2 seconds'); + assertDetail( + wrapper, + 'Last gathered entries for expensive collectors for Insights for Ansible Automation Platform.', + 'foo' + ); + assertDetail(wrapper, 'All Users Visible to Organization Admins', 'On'); assertDetail( wrapper, 'Insights for Ansible Automation Platform Gather Interval', @@ -96,32 +97,24 @@ describe('', () => { 'https://example.com' ); assertDetail(wrapper, 'Base URL of the service', 'https://towerhost'); - assertDetail(wrapper, 'Enable HTTP Basic Auth', 'On'); assertDetail( wrapper, 'Gather data for Insights for Ansible Automation Platform', 'Off' ); - assertDetail(wrapper, 'Idle Time Force Log Out', '30000000000 seconds'); - assertDetail( - wrapper, - 'Login redirect override URL', - 'https://redirect.com' - ); - assertDetail( - wrapper, - 'Maximum number of simultaneous logged in sessions', - '-1' - ); assertDetail( wrapper, 'Organization Admins Can Manage Users and Teams', 'On' ); + assertDetail(wrapper, 'Enable Activity Stream', 'On'); + assertDetail(wrapper, 'Enable Activity Stream for Inventory Sync', 'Off'); assertDetail(wrapper, 'Red Hat customer password', 'Encrypted'); - assertDetail(wrapper, 'Red Hat customer username', 'mock name'); - assertDetail(wrapper, 'Refresh Token Expiration', '3 seconds'); + assertDetail(wrapper, 'Red Hat customer username', 'name1'); + assertDetail(wrapper, 'Red Hat or Satellite password', 'Encrypted'); + assertDetail(wrapper, 'Red Hat or Satellite username', 'name2'); assertVariableDetail(wrapper, 'Remote Host Headers', '[]'); + assertVariableDetail(wrapper, 'Proxy IP Allowed List', '[]'); assertDetail(wrapper, 'Global default execution environment', 'Foo'); }); diff --git a/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemEdit/MiscSystemEdit.jsx b/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemEdit/MiscSystemEdit.jsx index 843a715bca..35b7a81d28 100644 --- a/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemEdit/MiscSystemEdit.jsx +++ b/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemEdit/MiscSystemEdit.jsx @@ -30,76 +30,33 @@ function MiscSystemEdit() { const { isLoading, error, request: fetchSystem, result: system } = useRequest( useCallback(async () => { - const { data } = await SettingsAPI.readCategory('all'); - const { - OAUTH2_PROVIDER: { - ACCESS_TOKEN_EXPIRE_SECONDS, - REFRESH_TOKEN_EXPIRE_SECONDS, - AUTHORIZATION_CODE_EXPIRE_SECONDS, - }, - ...pluckedSystemData - } = pluck( + const { data } = await SettingsAPI.readCategory('system'); + const systemData = pluck( data, - 'ALLOW_OAUTH2_FOR_EXTERNAL_USERS', - 'AUTH_BASIC_ENABLED', + 'ACTIVITY_STREAM_ENABLED', + 'ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC', 'AUTOMATION_ANALYTICS_GATHER_INTERVAL', 'AUTOMATION_ANALYTICS_URL', + 'AUTOMATION_ANALYTICS_LAST_ENTRIES', 'INSIGHTS_TRACKING_STATE', - 'LOGIN_REDIRECT_OVERRIDE', 'MANAGE_ORGANIZATION_AUTH', - 'DISABLE_LOCAL_AUTH', - 'OAUTH2_PROVIDER', 'ORG_ADMINS_CAN_SEE_ALL_USERS', - 'REDHAT_PASSWORD', 'REDHAT_USERNAME', + 'REDHAT_PASSWORD', + 'SUBSCRIPTIONS_USERNAME', + 'SUBSCRIPTIONS_PASSWORD', 'REMOTE_HOST_HEADERS', - 'SESSIONS_PER_USER', - 'SESSION_COOKIE_AGE', 'TOWER_URL_BASE', - 'DEFAULT_EXECUTION_ENVIRONMENT' + 'DEFAULT_EXECUTION_ENVIRONMENT', + 'PROXY_IP_ALLOWED_LIST' ); - const systemData = { - ...pluckedSystemData, - ACCESS_TOKEN_EXPIRE_SECONDS, - REFRESH_TOKEN_EXPIRE_SECONDS, - AUTHORIZATION_CODE_EXPIRE_SECONDS, - }; - - const { - OAUTH2_PROVIDER: OAUTH2_PROVIDER_OPTIONS, - ...restOptions - } = options; - - const systemOptions = { - ...restOptions, - ACCESS_TOKEN_EXPIRE_SECONDS: { - ...OAUTH2_PROVIDER_OPTIONS, - default: OAUTH2_PROVIDER_OPTIONS.default.ACCESS_TOKEN_EXPIRE_SECONDS, - type: OAUTH2_PROVIDER_OPTIONS.child.type, - label: t`Access Token Expiration`, - }, - REFRESH_TOKEN_EXPIRE_SECONDS: { - ...OAUTH2_PROVIDER_OPTIONS, - default: OAUTH2_PROVIDER_OPTIONS.default.REFRESH_TOKEN_EXPIRE_SECONDS, - type: OAUTH2_PROVIDER_OPTIONS.child.type, - label: t`Refresh Token Expiration`, - }, - AUTHORIZATION_CODE_EXPIRE_SECONDS: { - ...OAUTH2_PROVIDER_OPTIONS, - default: - OAUTH2_PROVIDER_OPTIONS.default.AUTHORIZATION_CODE_EXPIRE_SECONDS, - type: OAUTH2_PROVIDER_OPTIONS.child.type, - label: t`Authorization Code Expiration`, - }, - }; - const mergedData = {}; Object.keys(systemData).forEach(key => { - if (!systemOptions[key]) { + if (!options[key]) { return; } - mergedData[key] = systemOptions[key]; + mergedData[key] = options[key]; mergedData[key].value = systemData[key]; }); return mergedData; @@ -122,50 +79,29 @@ function MiscSystemEdit() { null ); - const handleSubmit = async form => { - const { - ACCESS_TOKEN_EXPIRE_SECONDS, - REFRESH_TOKEN_EXPIRE_SECONDS, - AUTHORIZATION_CODE_EXPIRE_SECONDS, - ...formData - } = form; + const { error: revertError, request: revertAll } = useRequest( + useCallback(async () => { + await SettingsAPI.revertCategory('system'); + }, []), + null + ); + const handleSubmit = async form => { await submitForm({ - ...formData, - REMOTE_HOST_HEADERS: formatJson(formData.REMOTE_HOST_HEADERS), - OAUTH2_PROVIDER: { - ACCESS_TOKEN_EXPIRE_SECONDS, - REFRESH_TOKEN_EXPIRE_SECONDS, - AUTHORIZATION_CODE_EXPIRE_SECONDS, - }, + ...form, + PROXY_IP_ALLOWED_LIST: formatJson(form.PROXY_IP_ALLOWED_LIST), + REMOTE_HOST_HEADERS: formatJson(form.REMOTE_HOST_HEADERS), DEFAULT_EXECUTION_ENVIRONMENT: - formData.DEFAULT_EXECUTION_ENVIRONMENT?.id || null, + form.DEFAULT_EXECUTION_ENVIRONMENT?.id || null, }); }; const handleRevertAll = async () => { - const { - ACCESS_TOKEN_EXPIRE_SECONDS, - REFRESH_TOKEN_EXPIRE_SECONDS, - AUTHORIZATION_CODE_EXPIRE_SECONDS, - ...systemData - } = system; + await revertAll(); - const defaultValues = {}; - Object.entries(systemData).forEach(([key, value]) => { - defaultValues[key] = value.default; - }); - - await submitForm({ - ...defaultValues, - OAUTH2_PROVIDER: { - ACCESS_TOKEN_EXPIRE_SECONDS: ACCESS_TOKEN_EXPIRE_SECONDS.default, - REFRESH_TOKEN_EXPIRE_SECONDS: REFRESH_TOKEN_EXPIRE_SECONDS.default, - AUTHORIZATION_CODE_EXPIRE_SECONDS: - AUTHORIZATION_CODE_EXPIRE_SECONDS.default, - }, - }); closeModal(); + + history.push('/settings/miscellaneous_system/details'); }; const handleCancel = () => { @@ -226,6 +162,14 @@ function MiscSystemEdit() { return (
+ + - - - - - - - - - + + + + {submitError && } + {revertError && } ', () => { @@ -55,6 +50,7 @@ describe('', () => { }); beforeEach(async () => { + SettingsAPI.revertCategory.mockResolvedValue({}); SettingsAPI.updateAll.mockResolvedValue({}); SettingsAPI.readCategory.mockResolvedValue({ data: mockAllSettings, @@ -116,7 +112,7 @@ describe('', () => { }); test('should successfully send default values to api on form revert all', async () => { - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(0); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(0); expect(wrapper.find('RevertAllAlert')).toHaveLength(0); await act(async () => { wrapper @@ -131,7 +127,8 @@ describe('', () => { .invoke('onClick')(); }); wrapper.update(); - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(1); + expect(SettingsAPI.revertCategory).toHaveBeenCalledWith('system'); }); test('should successfully send request to api on form submission', async () => { diff --git a/awx/ui_next/src/screens/Setting/RADIUS/RADIUSEdit/RADIUSEdit.jsx b/awx/ui_next/src/screens/Setting/RADIUS/RADIUSEdit/RADIUSEdit.jsx index a29c259f34..2ef8c9d6b1 100644 --- a/awx/ui_next/src/screens/Setting/RADIUS/RADIUSEdit/RADIUSEdit.jsx +++ b/awx/ui_next/src/screens/Setting/RADIUS/RADIUSEdit/RADIUSEdit.jsx @@ -47,18 +47,23 @@ function RADIUSEdit() { null ); + const { error: revertError, request: revertAll } = useRequest( + useCallback(async () => { + await SettingsAPI.revertCategory('radius'); + }, []), + null + ); + const handleSubmit = async form => { await submitForm(form); }; const handleRevertAll = async () => { - const defaultValues = Object.assign( - ...Object.entries(radius).map(([key, value]) => ({ - [key]: value.default, - })) - ); - await submitForm(defaultValues); + await revertAll(); + closeModal(); + + history.push('/settings/radius/details'); }; const handleCancel = () => { @@ -90,6 +95,7 @@ function RADIUSEdit() { config={radius.RADIUS_SECRET} /> {submitError && } + {revertError && } ', () => { let history; beforeEach(() => { + SettingsAPI.revertCategory.mockResolvedValue({}); SettingsAPI.updateAll.mockResolvedValue({}); SettingsAPI.readCategory.mockResolvedValue({ data: { @@ -60,7 +61,7 @@ describe('', () => { }); test('should successfully send default values to api on form revert all', async () => { - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(0); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(0); expect(wrapper.find('RevertAllAlert')).toHaveLength(0); await act(async () => { wrapper @@ -75,12 +76,8 @@ describe('', () => { .invoke('onClick')(); }); wrapper.update(); - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1); - expect(SettingsAPI.updateAll).toHaveBeenCalledWith({ - RADIUS_SERVER: '', - RADIUS_PORT: 1812, - RADIUS_SECRET: '', - }); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(1); + expect(SettingsAPI.revertCategory).toHaveBeenCalledWith('radius'); }); test('should successfully send request to api on form submission', async () => { diff --git a/awx/ui_next/src/screens/Setting/SAML/SAMLEdit/SAMLEdit.jsx b/awx/ui_next/src/screens/Setting/SAML/SAMLEdit/SAMLEdit.jsx index 93010d1ee5..9c1018f786 100644 --- a/awx/ui_next/src/screens/Setting/SAML/SAMLEdit/SAMLEdit.jsx +++ b/awx/ui_next/src/screens/Setting/SAML/SAMLEdit/SAMLEdit.jsx @@ -56,6 +56,13 @@ function SAMLEdit() { null ); + const { error: revertError, request: revertAll } = useRequest( + useCallback(async () => { + await SettingsAPI.revertCategory('saml'); + }, []), + null + ); + const handleSubmit = async form => { await submitForm({ ...form, @@ -86,13 +93,11 @@ function SAMLEdit() { }; const handleRevertAll = async () => { - const defaultValues = Object.assign( - ...Object.entries(saml).map(([key, value]) => ({ - [key]: value.default, - })) - ); - await submitForm(defaultValues); + await revertAll(); + closeModal(); + + history.push('/settings/saml/details'); }; const handleCancel = () => { @@ -185,6 +190,7 @@ function SAMLEdit() { config={saml.SOCIAL_AUTH_SAML_EXTRA_DATA} /> {submitError && } + {revertError && } ', () => { let history; beforeEach(() => { + SettingsAPI.revertCategory.mockResolvedValue({}); SettingsAPI.updateAll.mockResolvedValue({}); SettingsAPI.readCategory.mockResolvedValue({ data: { @@ -131,7 +132,7 @@ describe('', () => { }); test('should successfully send default values to api on form revert all', async () => { - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(0); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(0); expect(wrapper.find('RevertAllAlert')).toHaveLength(0); await act(async () => { wrapper @@ -146,26 +147,8 @@ describe('', () => { .invoke('onClick')(); }); wrapper.update(); - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1); - expect(SettingsAPI.updateAll).toHaveBeenCalledWith({ - SAML_AUTO_CREATE_OBJECTS: true, - SOCIAL_AUTH_SAML_ENABLED_IDPS: {}, - SOCIAL_AUTH_SAML_EXTRA_DATA: null, - SOCIAL_AUTH_SAML_ORGANIZATION_ATTR: {}, - SOCIAL_AUTH_SAML_ORGANIZATION_MAP: null, - SOCIAL_AUTH_SAML_ORG_INFO: {}, - SOCIAL_AUTH_SAML_SP_ENTITY_ID: '', - SOCIAL_AUTH_SAML_SP_EXTRA: null, - SOCIAL_AUTH_SAML_SP_PRIVATE_KEY: '', - SOCIAL_AUTH_SAML_SP_PUBLIC_CERT: '', - SOCIAL_AUTH_SAML_SUPPORT_CONTACT: {}, - SOCIAL_AUTH_SAML_TEAM_ATTR: {}, - SOCIAL_AUTH_SAML_TEAM_MAP: null, - SOCIAL_AUTH_SAML_TECHNICAL_CONTACT: {}, - SOCIAL_AUTH_SAML_SECURITY_CONFIG: { - requestedAuthnContext: false, - }, - }); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(1); + expect(SettingsAPI.revertCategory).toHaveBeenCalledWith('saml'); }); test('should successfully send request to api on form submission', async () => { diff --git a/awx/ui_next/src/screens/Setting/SettingList.jsx b/awx/ui_next/src/screens/Setting/SettingList.jsx index d42eaa2b10..436eb6a60a 100644 --- a/awx/ui_next/src/screens/Setting/SettingList.jsx +++ b/awx/ui_next/src/screens/Setting/SettingList.jsx @@ -107,8 +107,8 @@ function SettingList() { path: '/settings/miscellaneous_system', }, { - title: t`Activity Stream settings`, - path: '/settings/activity_stream', + title: t`Miscellaneous Authentication settings`, + path: '/settings/miscellaneous_authentication', }, { title: t`Logging settings`, diff --git a/awx/ui_next/src/screens/Setting/Settings.jsx b/awx/ui_next/src/screens/Setting/Settings.jsx index f6e5182728..59f4be9794 100644 --- a/awx/ui_next/src/screens/Setting/Settings.jsx +++ b/awx/ui_next/src/screens/Setting/Settings.jsx @@ -1,12 +1,10 @@ import React, { useCallback, useEffect } from 'react'; import { Link, Route, Switch, Redirect } from 'react-router-dom'; - import { t } from '@lingui/macro'; import { PageSection, Card } from '@patternfly/react-core'; import ContentError from '../../components/ContentError'; import ContentLoading from '../../components/ContentLoading'; import ScreenHeader from '../../components/ScreenHeader'; -import ActivityStream from './ActivityStream'; import AzureAD from './AzureAD'; import GitHub from './GitHub'; import GoogleOAuth2 from './GoogleOAuth2'; @@ -14,6 +12,7 @@ import Jobs from './Jobs'; import LDAP from './LDAP'; import Subscription from './Subscription'; import Logging from './Logging'; +import MiscAuthentication from './MiscAuthentication'; import MiscSystem from './MiscSystem'; import RADIUS from './RADIUS'; import SAML from './SAML'; @@ -94,6 +93,9 @@ function Settings() { '/settings/logging': t`Logging`, '/settings/logging/details': t`Details`, '/settings/logging/edit': t`Edit Details`, + '/settings/miscellaneous_authentication': t`Miscellaneous Authentication`, + '/settings/miscellaneous_authentication/details': t`Details`, + '/settings/miscellaneous_authentication/edit': t`Edit Details`, '/settings/miscellaneous_system': t`Miscellaneous System`, '/settings/miscellaneous_system/details': t`Details`, '/settings/miscellaneous_system/edit': t`Edit Details`, @@ -142,9 +144,6 @@ function Settings() { - - - @@ -170,6 +169,9 @@ function Settings() { + + + diff --git a/awx/ui_next/src/screens/Setting/TACACS/TACACSEdit/TACACSEdit.jsx b/awx/ui_next/src/screens/Setting/TACACS/TACACSEdit/TACACSEdit.jsx index a45e59d069..6819d7df29 100644 --- a/awx/ui_next/src/screens/Setting/TACACS/TACACSEdit/TACACSEdit.jsx +++ b/awx/ui_next/src/screens/Setting/TACACS/TACACSEdit/TACACSEdit.jsx @@ -51,18 +51,23 @@ function TACACSEdit() { null ); + const { error: revertError, request: revertAll } = useRequest( + useCallback(async () => { + await SettingsAPI.revertCategory('tacacsplus'); + }, []), + null + ); + const handleSubmit = async form => { await submitForm(form); }; const handleRevertAll = async () => { - const defaultValues = Object.assign( - ...Object.entries(tacacs).map(([key, value]) => ({ - [key]: value.default, - })) - ); - await submitForm(defaultValues); + await revertAll(); + closeModal(); + + history.push('/settings/tacacs/details'); }; const handleCancel = () => { @@ -107,6 +112,7 @@ function TACACSEdit() { config={tacacs.TACACSPLUS_AUTH_PROTOCOL} /> {submitError && } + {revertError && } ', () => { let history; beforeEach(() => { + SettingsAPI.revertCategory.mockResolvedValue({}); SettingsAPI.updateAll.mockResolvedValue({}); SettingsAPI.readCategory.mockResolvedValue({ data: { @@ -68,7 +69,7 @@ describe('', () => { }); test('should successfully send default values to api on form revert all', async () => { - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(0); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(0); expect(wrapper.find('RevertAllAlert')).toHaveLength(0); await act(async () => { wrapper @@ -83,14 +84,8 @@ describe('', () => { .invoke('onClick')(); }); wrapper.update(); - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1); - expect(SettingsAPI.updateAll).toHaveBeenCalledWith({ - TACACSPLUS_HOST: '', - TACACSPLUS_PORT: 49, - TACACSPLUS_SECRET: '', - TACACSPLUS_SESSION_TIMEOUT: 5, - TACACSPLUS_AUTH_PROTOCOL: 'ascii', - }); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(1); + expect(SettingsAPI.revertCategory).toHaveBeenCalledWith('tacacsplus'); }); test('should successfully send request to api on form submission', async () => { diff --git a/awx/ui_next/src/screens/Setting/UI/UIEdit/UIEdit.jsx b/awx/ui_next/src/screens/Setting/UI/UIEdit/UIEdit.jsx index f1b6e64309..c23dea0325 100644 --- a/awx/ui_next/src/screens/Setting/UI/UIEdit/UIEdit.jsx +++ b/awx/ui_next/src/screens/Setting/UI/UIEdit/UIEdit.jsx @@ -65,18 +65,26 @@ function UIEdit() { null ); + const { error: revertError, request: revertAll } = useRequest( + useCallback(async () => { + await SettingsAPI.revertCategory('ui'); + }, []), + null + ); + const handleSubmit = async form => { await submitForm(form); }; const handleRevertAll = async () => { - const defaultValues = Object.assign( - ...Object.entries(uiData).map(([key, value]) => ({ - [key]: value.default, - })) - ); - await submitForm(defaultValues); + await revertAll(); + closeModal(); + + history.push({ + pathname: '/settings/ui/details', + hardReload: true, + }); }; const handleCancel = () => { @@ -115,6 +123,7 @@ function UIEdit() { type="dataURL" /> {submitError && } + {revertError && } ', () => { let history; beforeEach(() => { + SettingsAPI.revertCategory.mockResolvedValue({}); SettingsAPI.updateAll.mockResolvedValue({}); SettingsAPI.readCategory.mockResolvedValue({ data: { @@ -62,7 +63,7 @@ describe('', () => { }); test('should successfully send default values to api on form revert all', async () => { - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(0); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(0); expect(wrapper.find('RevertAllAlert')).toHaveLength(0); await act(async () => { wrapper @@ -77,12 +78,8 @@ describe('', () => { .invoke('onClick')(); }); wrapper.update(); - expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1); - expect(SettingsAPI.updateAll).toHaveBeenCalledWith({ - CUSTOM_LOGIN_INFO: '', - CUSTOM_LOGO: '', - PENDO_TRACKING_STATE: 'off', - }); + expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(1); + expect(SettingsAPI.revertCategory).toHaveBeenCalledWith('ui'); }); test('should successfully send request to api on form submission', async () => { diff --git a/awx/ui_next/src/screens/Setting/shared/data.allSettingOptions.json b/awx/ui_next/src/screens/Setting/shared/data.allSettingOptions.json index 8a0049b899..31fe93cfdb 100644 --- a/awx/ui_next/src/screens/Setting/shared/data.allSettingOptions.json +++ b/awx/ui_next/src/screens/Setting/shared/data.allSettingOptions.json @@ -1,6960 +1,6311 @@ { "name": "Setting Detail", "actions": { - "GET": { - "ACTIVITY_STREAM_ENABLED": { - "type": "boolean", - "label": "Enable Activity Stream", - "help_text": "Enable capturing activity for the activity stream.", - "category": "System", - "category_slug": "system", - "defined_in_file": false - }, - "ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC": { - "type": "boolean", - "label": "Enable Activity Stream for Inventory Sync", - "help_text": "Enable capturing activity for the activity stream when running inventory sync.", - "category": "System", - "category_slug": "system", - "defined_in_file": false - }, - "ORG_ADMINS_CAN_SEE_ALL_USERS": { - "type": "boolean", - "label": "All Users Visible to Organization Admins", - "help_text": "Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.", - "category": "System", - "category_slug": "system", - "defined_in_file": false - }, - "MANAGE_ORGANIZATION_AUTH": { - "type": "boolean", - "label": "Organization Admins Can Manage Users and Teams", - "help_text": "Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration.", - "category": "System", - "category_slug": "system", - "defined_in_file": false - }, - "DISABLE_LOCAL_AUTH": { - "type": "boolean", - "label": "Disable the built-in authentication system", - "help_text": "Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration.", - "category": "Authentication", - "category_slug": "authentication", - "defined_in_file": false - }, - "TOWER_URL_BASE": { - "type": "string", - "label": "Base URL of the service", - "help_text": "This setting is used by services like notifications to render a valid url to the service.", - "category": "System", - "category_slug": "system", - "defined_in_file": false - }, - "REMOTE_HOST_HEADERS": { - "type": "list", - "label": "Remote Host Headers", - "help_text": "HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as \"HTTP_X_FORWARDED_FOR\", if behind a reverse proxy. See the \"Proxy Support\" section of the Adminstrator guide for more details.", - "category": "System", - "category_slug": "system", - "defined_in_file": false, - "child": { - "type": "string" - } - }, - "PROXY_IP_ALLOWED_LIST": { - "type": "list", - "label": "Proxy IP Allowed List", - "help_text": "If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')", - "category": "System", - "category_slug": "system", - "defined_in_file": false, - "child": { - "type": "string" - } - }, - "LICENSE": { - "type": "nested object", - "label": "License", - "help_text": "The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.", - "category": "System", - "category_slug": "system", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "REDHAT_USERNAME": { - "type": "string", - "label": "Red Hat customer username", - "help_text": "This username is used to send data to Insights for Ansible Automation Platform", - "category": "System", - "category_slug": "system", - "defined_in_file": false - }, - "REDHAT_PASSWORD": { - "type": "string", - "label": "Red Hat customer password", - "help_text": "This password is used to send data to Insights for Ansible Automation Platform", - "category": "System", - "category_slug": "system", - "defined_in_file": false - }, - "SUBSCRIPTIONS_USERNAME": { - "type": "string", - "label": "Red Hat or Satellite username", - "help_text": "This username is used to retrieve subscription and content information", - "category": "System", - "category_slug": "system", - "defined_in_file": false - }, - "SUBSCRIPTIONS_PASSWORD": { - "type": "string", - "label": "Red Hat or Satellite password", - "help_text": "This password is used to retrieve subscription and content information", - "category": "System", - "category_slug": "system", - "defined_in_file": false - }, - "AUTOMATION_ANALYTICS_URL": { - "type": "string", - "label": "Insights for Ansible Automation Platform upload URL", - "help_text": "This setting is used to to configure data collection for the Insights for Ansible Automation Platform dashboard", - "category": "System", - "category_slug": "system", - "defined_in_file": false - }, - "INSTALL_UUID": { - "type": "string", - "label": "Unique identifier for an installation", - "category": "System", - "category_slug": "system", - "defined_in_file": false - }, - "CUSTOM_VENV_PATHS": { - "type": "list", - "label": "Custom virtual environment paths", - "help_text": "Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.", - "category": "System", - "category_slug": "system", - "defined_in_file": false, - "child": { - "type": "string" - } - }, - "AD_HOC_COMMANDS": { - "type": "list", - "label": "Ansible Modules Allowed for Ad Hoc Jobs", - "help_text": "List of modules allowed to be used by ad-hoc jobs.", - "category": "Jobs", - "category_slug": "jobs", - "defined_in_file": false, - "child": { - "type": "string" - } - }, - "ALLOW_JINJA_IN_EXTRA_VARS": { - "type": "choice", - "label": "When can extra variables contain Jinja templates?", - "help_text": "Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python. It is recommended that this value be set to \"template\" or \"never\".", - "category": "Jobs", - "category_slug": "jobs", - "defined_in_file": false, - "choices": [ - [ - "always", - "Always" - ], - [ - "never", - "Never" - ], - [ - "template", - "Only On Job Template Definitions" - ] - ] - }, - "AWX_ISOLATION_BASE_PATH": { - "type": "string", - "label": "Job execution path", - "help_text": "The directory where the service will create new temporary directories for job execution and isolation (such as credential files and custom inventory scripts).", - "category": "Jobs", - "category_slug": "jobs", - "defined_in_file": false - }, - "AWX_ISOLATION_SHOW_PATHS": { - "type": "list", - "label": "Paths to expose to isolated jobs", - "help_text": "List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line.", - "category": "Jobs", - "category_slug": "jobs", - "defined_in_file": false, - "child": { - "type": "string" - } - }, - "AWX_TASK_ENV": { - "type": "nested object", - "label": "Extra Environment Variables", - "help_text": "Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.", - "category": "Jobs", - "category_slug": "jobs", - "defined_in_file": false, - "child": { - "type": "string" - } - }, - "INSIGHTS_TRACKING_STATE": { - "type": "boolean", - "label": "Gather data for Insights for Ansible Automation Platform", - "help_text": "Enables gathering of data on automation for Red Hat Insights.", - "category": "System", - "category_slug": "system", - "defined_in_file": false - }, - "PROJECT_UPDATE_VVV": { - "type": "boolean", - "label": "Run Project Updates With Higher Verbosity", - "help_text": "Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates.", - "category": "Jobs", - "category_slug": "jobs", - "defined_in_file": false - }, - "AWX_ROLES_ENABLED": { - "type": "boolean", - "label": "Enable Role Download", - "help_text": "Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects.", - "category": "Jobs", - "category_slug": "jobs", - "defined_in_file": false - }, - "AWX_COLLECTIONS_ENABLED": { - "type": "boolean", - "label": "Enable Collection(s) Download", - "help_text": "Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects.", - "category": "Jobs", - "category_slug": "jobs", - "defined_in_file": false - }, - "AWX_SHOW_PLAYBOOK_LINKS": { - "type": "boolean", - "label": "Follow symlinks", - "help_text": "Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself.", - "category": "Jobs", - "category_slug": "jobs", - "defined_in_file": false - }, - "GALAXY_IGNORE_CERTS": { - "type": "boolean", - "label": "Ignore Ansible Galaxy SSL Certificate Verification", - "help_text": "If set to true, certificate validation will not be done when installing content from any Galaxy server.", - "category": "Jobs", - "category_slug": "jobs", - "defined_in_file": false - }, - "STDOUT_MAX_BYTES_DISPLAY": { - "type": "integer", - "label": "Standard Output Maximum Display Size", - "help_text": "Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.", - "min_value": 0, - "category": "Jobs", - "category_slug": "jobs", - "defined_in_file": false - }, - "EVENT_STDOUT_MAX_BYTES_DISPLAY": { - "type": "integer", - "label": "Job Event Standard Output Maximum Display Size", - "help_text": "Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. `stdout` will end with `…` when truncated.", - "min_value": 0, - "category": "Jobs", - "category_slug": "jobs", - "defined_in_file": false - }, - "SCHEDULE_MAX_JOBS": { - "type": "integer", - "label": "Maximum Scheduled Jobs", - "help_text": "Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.", - "min_value": 1, - "category": "Jobs", - "category_slug": "jobs", - "defined_in_file": false - }, - "AWX_ANSIBLE_CALLBACK_PLUGINS": { - "type": "list", - "label": "Ansible Callback Plugins", - "help_text": "List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.", - "category": "Jobs", - "category_slug": "jobs", - "defined_in_file": false, - "child": { - "type": "string" - } - }, - "DEFAULT_JOB_TIMEOUT": { - "type": "integer", - "label": "Default Job Timeout", - "help_text": "Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this.", - "min_value": 0, - "category": "Jobs", - "category_slug": "jobs", - "defined_in_file": false, - "unit": "seconds" - }, - "DEFAULT_INVENTORY_UPDATE_TIMEOUT": { - "type": "integer", - "label": "Default Inventory Update Timeout", - "help_text": "Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this.", - "min_value": 0, - "category": "Jobs", - "category_slug": "jobs", - "defined_in_file": false, - "unit": "seconds" - }, - "DEFAULT_PROJECT_UPDATE_TIMEOUT": { - "type": "integer", - "label": "Default Project Update Timeout", - "help_text": "Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this.", - "min_value": 0, - "category": "Jobs", - "category_slug": "jobs", - "defined_in_file": false, - "unit": "seconds" - }, - "ANSIBLE_FACT_CACHE_TIMEOUT": { - "type": "integer", - "label": "Per-Host Ansible Fact Cache Timeout", - "help_text": "Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed.", - "min_value": 0, - "category": "Jobs", - "category_slug": "jobs", - "defined_in_file": false, - "unit": "seconds" - }, - "MAX_FORKS": { - "type": "integer", - "label": "Maximum number of forks per job", - "help_text": "Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.", - "category": "Jobs", - "category_slug": "jobs", - "defined_in_file": false - }, - "LOG_AGGREGATOR_HOST": { - "type": "string", - "label": "Logging Aggregator", - "help_text": "Hostname/IP where external logs will be sent to.", - "category": "Logging", - "category_slug": "logging", - "defined_in_file": false - }, - "LOG_AGGREGATOR_PORT": { - "type": "integer", - "label": "Logging Aggregator Port", - "help_text": "Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).", - "category": "Logging", - "category_slug": "logging", - "defined_in_file": false - }, - "LOG_AGGREGATOR_TYPE": { - "type": "choice", - "label": "Logging Aggregator Type", - "help_text": "Format messages for the chosen log aggregator.", - "category": "Logging", - "category_slug": "logging", - "defined_in_file": false, - "choices": [ - [ - null, - "---------" - ], - [ - "logstash", - "logstash" - ], - [ - "splunk", - "splunk" - ], - [ - "loggly", - "loggly" - ], - [ - "sumologic", - "sumologic" - ], - [ - "other", - "other" - ] - ] - }, - "LOG_AGGREGATOR_USERNAME": { - "type": "string", - "label": "Logging Aggregator Username", - "help_text": "Username for external log aggregator (if required; HTTP/s only).", - "category": "Logging", - "category_slug": "logging", - "defined_in_file": false - }, - "LOG_AGGREGATOR_PASSWORD": { - "type": "string", - "label": "Logging Aggregator Password/Token", - "help_text": "Password or authentication token for external log aggregator (if required; HTTP/s only).", - "category": "Logging", - "category_slug": "logging", - "defined_in_file": false - }, - "LOG_AGGREGATOR_LOGGERS": { - "type": "list", - "label": "Loggers Sending Data to Log Aggregator Form", - "help_text": "List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs.", - "category": "Logging", - "category_slug": "logging", - "defined_in_file": false, - "child": { - "type": "string" - } - }, - "LOG_AGGREGATOR_INDIVIDUAL_FACTS": { - "type": "boolean", - "label": "Log System Tracking Facts Individually", - "help_text": "If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing.", - "category": "Logging", - "category_slug": "logging", - "defined_in_file": false - }, - "LOG_AGGREGATOR_ENABLED": { - "type": "boolean", - "label": "Enable External Logging", - "help_text": "Enable sending logs to external log aggregator.", - "category": "Logging", - "category_slug": "logging", - "defined_in_file": false - }, - "LOG_AGGREGATOR_TOWER_UUID": { - "type": "string", - "label": "Cluster-wide unique identifier.", - "help_text": "Useful to uniquely identify instances.", - "category": "Logging", - "category_slug": "logging", - "defined_in_file": false - }, - "LOG_AGGREGATOR_PROTOCOL": { - "type": "choice", - "label": "Logging Aggregator Protocol", - "help_text": "Protocol used to communicate with log aggregator. HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname.", - "category": "Logging", - "category_slug": "logging", - "defined_in_file": false, - "choices": [ - [ - "https", - "HTTPS/HTTP" - ], - [ - "tcp", - "TCP" - ], - [ - "udp", - "UDP" - ] - ] - }, - "LOG_AGGREGATOR_TCP_TIMEOUT": { - "type": "integer", - "label": "TCP Connection Timeout", - "help_text": "Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.", - "category": "Logging", - "category_slug": "logging", - "defined_in_file": false, - "unit": "seconds" - }, - "LOG_AGGREGATOR_VERIFY_CERT": { - "type": "boolean", - "label": "Enable/disable HTTPS certificate verification", - "help_text": "Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is \"https\". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection.", - "category": "Logging", - "category_slug": "logging", - "defined_in_file": false - }, - "LOG_AGGREGATOR_LEVEL": { - "type": "choice", - "label": "Logging Aggregator Level Threshold", - "help_text": "Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting)", - "category": "Logging", - "category_slug": "logging", - "defined_in_file": false, - "choices": [ - [ - "DEBUG", - "DEBUG" - ], - [ - "INFO", - "INFO" - ], - [ - "WARNING", - "WARNING" - ], - [ - "ERROR", - "ERROR" - ], - [ - "CRITICAL", - "CRITICAL" - ] - ] - }, - "LOG_AGGREGATOR_MAX_DISK_USAGE_GB": { - "type": "integer", - "label": "Maximum disk persistance for external log aggregation (in GB)", - "help_text": "Amount of data to store (in gigabytes) during an outage of the external log aggregator (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting.", - "min_value": 1, - "category": "Logging", - "category_slug": "logging", - "defined_in_file": false - }, - "LOG_AGGREGATOR_MAX_DISK_USAGE_PATH": { - "type": "string", - "label": "File system location for rsyslogd disk persistence", - "help_text": "Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting.", - "category": "Logging", - "category_slug": "logging", - "defined_in_file": false - }, - "LOG_AGGREGATOR_RSYSLOGD_DEBUG": { - "type": "boolean", - "label": "Enable rsyslogd debugging", - "help_text": "Enabled high verbosity debugging for rsyslogd. Useful for debugging connection issues for external log aggregation.", - "category": "Logging", - "category_slug": "logging", - "defined_in_file": false - }, - "AUTOMATION_ANALYTICS_LAST_GATHER": { - "type": "datetime", - "label": "Last gather date for Insights for Ansible Automation Platform.", - "category": "System", - "category_slug": "system", - "defined_in_file": false - }, - "AUTOMATION_ANALYTICS_GATHER_INTERVAL": { - "type": "integer", - "label": "Insights for Ansible Automation Platform Gather Interval", - "help_text": "Interval (in seconds) between data gathering.", - "min_value": 1800, - "category": "System", - "category_slug": "system", - "defined_in_file": false, - "unit": "seconds" - }, - "SESSION_COOKIE_AGE": { - "type": "integer", - "label": "Idle Time Force Log Out", - "help_text": "Number of seconds that a user is inactive before they will need to login again.", - "min_value": 60, - "max_value": 30000000000, - "category": "Authentication", - "category_slug": "authentication", - "defined_in_file": false, - "unit": "seconds" - }, - "SESSIONS_PER_USER": { - "type": "integer", - "label": "Maximum number of simultaneous logged in sessions", - "help_text": "Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.", - "min_value": -1, - "category": "Authentication", - "category_slug": "authentication", - "defined_in_file": false - }, - "AUTH_BASIC_ENABLED": { - "type": "boolean", - "label": "Enable HTTP Basic Auth", - "help_text": "Enable HTTP Basic Auth for the API Browser.", - "category": "Authentication", - "category_slug": "authentication", - "defined_in_file": false - }, - "OAUTH2_PROVIDER": { - "type": "nested object", - "label": "OAuth 2 Timeout Settings", - "help_text": "Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.", - "category": "Authentication", - "category_slug": "authentication", - "defined_in_file": false, - "unit": "seconds", - "child": { - "type": "integer", - "min_value": 1 - } - }, - "ALLOW_OAUTH2_FOR_EXTERNAL_USERS": { - "type": "boolean", - "label": "Allow External Users to Create OAuth2 Tokens", - "help_text": "For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off.", - "category": "Authentication", - "category_slug": "authentication", - "defined_in_file": false - }, - "LOGIN_REDIRECT_OVERRIDE": { - "type": "string", - "label": "Login redirect override URL", - "help_text": "URL to which unauthorized users will be redirected to log in. If blank, users will be sent to the login page.", - "category": "Authentication", - "category_slug": "authentication", - "defined_in_file": false - }, - "PENDO_TRACKING_STATE": { - "type": "choice", - "label": "User Analytics Tracking State", - "help_text": "Enable or Disable User Analytics Tracking.", - "category": "UI", - "category_slug": "ui", - "defined_in_file": false, - "choices": [ - [ - "off", - "Off" - ], - [ - "anonymous", - "Anonymous" - ], - [ - "detailed", - "Detailed" - ] - ] - }, - "CUSTOM_LOGIN_INFO": { - "type": "string", - "label": "Custom Login Info", - "help_text": "If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported.", - "category": "UI", - "category_slug": "ui", - "defined_in_file": false - }, - "CUSTOM_LOGO": { - "type": "string", - "label": "Custom Logo", - "help_text": "To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported.", - "category": "UI", - "category_slug": "ui", - "defined_in_file": false - }, - "MAX_UI_JOB_EVENTS": { - "type": "integer", - "label": "Max Job Events Retrieved by UI", - "help_text": "Maximum number of job events for the UI to retrieve within a single request.", - "min_value": 100, - "category": "UI", - "category_slug": "ui", - "defined_in_file": false - }, - "UI_LIVE_UPDATES_ENABLED": { - "type": "boolean", - "label": "Enable Live Updates in the UI", - "help_text": "If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details.", - "category": "UI", - "category_slug": "ui", - "defined_in_file": false - }, - "AUTHENTICATION_BACKENDS": { - "type": "list", - "label": "Authentication Backends", - "help_text": "List of authentication backends that are enabled based on license features and other authentication settings.", - "category": "Authentication", - "category_slug": "authentication", - "defined_in_file": false, - "child": { - "type": "string" - } - }, - "SOCIAL_AUTH_ORGANIZATION_MAP": { - "type": "nested object", - "label": "Social Auth Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "Authentication", - "category_slug": "authentication", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_TEAM_MAP": { - "type": "nested object", - "label": "Social Auth Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in documentation.", - "category": "Authentication", - "category_slug": "authentication", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_USER_FIELDS": { - "type": "list", - "label": "Social Auth User Fields", - "help_text": "When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.", - "category": "Authentication", - "category_slug": "authentication", - "defined_in_file": false, - "child": { - "type": "string" - } - }, - "AUTH_LDAP_SERVER_URI": { - "type": "string", - "label": "LDAP Server URI", - "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_BIND_DN": { - "type": "string", - "label": "LDAP Bind DN", - "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_BIND_PASSWORD": { - "type": "string", - "label": "LDAP Bind Password", - "help_text": "Password used to bind LDAP user account.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_START_TLS": { - "type": "boolean", - "label": "LDAP Start TLS", - "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_CONNECTION_OPTIONS": { - "type": "nested object", - "label": "LDAP Connection Options", - "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_USER_SEARCH": { - "type": "list", - "label": "LDAP User Search", - "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_USER_DN_TEMPLATE": { - "type": "string", - "label": "LDAP User DN Template", - "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_USER_ATTR_MAP": { - "type": "nested object", - "label": "LDAP User Attribute Map", - "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "string" - } - }, - "AUTH_LDAP_GROUP_SEARCH": { - "type": "list", - "label": "LDAP Group Search", - "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_GROUP_TYPE": { - "type": "choice", - "label": "LDAP Group Type", - "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "choices": [ - [ - "PosixGroupType", - "PosixGroupType" - ], - [ - "GroupOfNamesType", - "GroupOfNamesType" - ], - [ - "GroupOfUniqueNamesType", - "GroupOfUniqueNamesType" - ], - [ - "ActiveDirectoryGroupType", - "ActiveDirectoryGroupType" - ], - [ - "OrganizationalRoleGroupType", - "OrganizationalRoleGroupType" - ], - [ - "MemberDNGroupType", - "MemberDNGroupType" - ], - [ - "NestedGroupOfNamesType", - "NestedGroupOfNamesType" - ], - [ - "NestedGroupOfUniqueNamesType", - "NestedGroupOfUniqueNamesType" - ], - [ - "NestedActiveDirectoryGroupType", - "NestedActiveDirectoryGroupType" - ], - [ - "NestedOrganizationalRoleGroupType", - "NestedOrganizationalRoleGroupType" - ], - [ - "NestedMemberDNGroupType", - "NestedMemberDNGroupType" - ], - [ - "PosixUIDGroupType", - "PosixUIDGroupType" - ] - ] - }, - "AUTH_LDAP_GROUP_TYPE_PARAMS": { - "type": "nested object", - "label": "LDAP Group Type Parameters", - "help_text": "Key value parameters to send the chosen group type init method.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_REQUIRE_GROUP": { - "type": "string", - "label": "LDAP Require Group", - "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_DENY_GROUP": { - "type": "string", - "label": "LDAP Deny Group", - "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_USER_FLAGS_BY_GROUP": { - "type": "nested object", - "label": "LDAP User Flags By Group", - "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "list", - "child": { - "type": "string", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_ORGANIZATION_MAP": { - "type": "nested object", - "label": "LDAP Organization Map", - "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_TEAM_MAP": { - "type": "nested object", - "label": "LDAP Team Map", - "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_1_SERVER_URI": { - "type": "string", - "label": "LDAP Server URI", - "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_1_BIND_DN": { - "type": "string", - "label": "LDAP Bind DN", - "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_1_BIND_PASSWORD": { - "type": "string", - "label": "LDAP Bind Password", - "help_text": "Password used to bind LDAP user account.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_1_START_TLS": { - "type": "boolean", - "label": "LDAP Start TLS", - "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_1_CONNECTION_OPTIONS": { - "type": "nested object", - "label": "LDAP Connection Options", - "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_1_USER_SEARCH": { - "type": "list", - "label": "LDAP User Search", - "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_1_USER_DN_TEMPLATE": { - "type": "string", - "label": "LDAP User DN Template", - "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_1_USER_ATTR_MAP": { - "type": "nested object", - "label": "LDAP User Attribute Map", - "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "string" - } - }, - "AUTH_LDAP_1_GROUP_SEARCH": { - "type": "list", - "label": "LDAP Group Search", - "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_1_GROUP_TYPE": { - "type": "choice", - "label": "LDAP Group Type", - "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "choices": [ - [ - "PosixGroupType", - "PosixGroupType" - ], - [ - "GroupOfNamesType", - "GroupOfNamesType" - ], - [ - "GroupOfUniqueNamesType", - "GroupOfUniqueNamesType" - ], - [ - "ActiveDirectoryGroupType", - "ActiveDirectoryGroupType" - ], - [ - "OrganizationalRoleGroupType", - "OrganizationalRoleGroupType" - ], - [ - "MemberDNGroupType", - "MemberDNGroupType" - ], - [ - "NestedGroupOfNamesType", - "NestedGroupOfNamesType" - ], - [ - "NestedGroupOfUniqueNamesType", - "NestedGroupOfUniqueNamesType" - ], - [ - "NestedActiveDirectoryGroupType", - "NestedActiveDirectoryGroupType" - ], - [ - "NestedOrganizationalRoleGroupType", - "NestedOrganizationalRoleGroupType" - ], - [ - "NestedMemberDNGroupType", - "NestedMemberDNGroupType" - ], - [ - "PosixUIDGroupType", - "PosixUIDGroupType" - ] - ] - }, - "AUTH_LDAP_1_GROUP_TYPE_PARAMS": { - "type": "nested object", - "label": "LDAP Group Type Parameters", - "help_text": "Key value parameters to send the chosen group type init method.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_1_REQUIRE_GROUP": { - "type": "string", - "label": "LDAP Require Group", - "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_1_DENY_GROUP": { - "type": "string", - "label": "LDAP Deny Group", - "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_1_USER_FLAGS_BY_GROUP": { - "type": "nested object", - "label": "LDAP User Flags By Group", - "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "list", - "child": { - "type": "string", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_1_ORGANIZATION_MAP": { - "type": "nested object", - "label": "LDAP Organization Map", - "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_1_TEAM_MAP": { - "type": "nested object", - "label": "LDAP Team Map", - "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_2_SERVER_URI": { - "type": "string", - "label": "LDAP Server URI", - "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_2_BIND_DN": { - "type": "string", - "label": "LDAP Bind DN", - "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_2_BIND_PASSWORD": { - "type": "string", - "label": "LDAP Bind Password", - "help_text": "Password used to bind LDAP user account.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_2_START_TLS": { - "type": "boolean", - "label": "LDAP Start TLS", - "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_2_CONNECTION_OPTIONS": { - "type": "nested object", - "label": "LDAP Connection Options", - "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_2_USER_SEARCH": { - "type": "list", - "label": "LDAP User Search", - "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_2_USER_DN_TEMPLATE": { - "type": "string", - "label": "LDAP User DN Template", - "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_2_USER_ATTR_MAP": { - "type": "nested object", - "label": "LDAP User Attribute Map", - "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "string" - } - }, - "AUTH_LDAP_2_GROUP_SEARCH": { - "type": "list", - "label": "LDAP Group Search", - "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_2_GROUP_TYPE": { - "type": "choice", - "label": "LDAP Group Type", - "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "choices": [ - [ - "PosixGroupType", - "PosixGroupType" - ], - [ - "GroupOfNamesType", - "GroupOfNamesType" - ], - [ - "GroupOfUniqueNamesType", - "GroupOfUniqueNamesType" - ], - [ - "ActiveDirectoryGroupType", - "ActiveDirectoryGroupType" - ], - [ - "OrganizationalRoleGroupType", - "OrganizationalRoleGroupType" - ], - [ - "MemberDNGroupType", - "MemberDNGroupType" - ], - [ - "NestedGroupOfNamesType", - "NestedGroupOfNamesType" - ], - [ - "NestedGroupOfUniqueNamesType", - "NestedGroupOfUniqueNamesType" - ], - [ - "NestedActiveDirectoryGroupType", - "NestedActiveDirectoryGroupType" - ], - [ - "NestedOrganizationalRoleGroupType", - "NestedOrganizationalRoleGroupType" - ], - [ - "NestedMemberDNGroupType", - "NestedMemberDNGroupType" - ], - [ - "PosixUIDGroupType", - "PosixUIDGroupType" - ] - ] - }, - "AUTH_LDAP_2_GROUP_TYPE_PARAMS": { - "type": "nested object", - "label": "LDAP Group Type Parameters", - "help_text": "Key value parameters to send the chosen group type init method.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_2_REQUIRE_GROUP": { - "type": "string", - "label": "LDAP Require Group", - "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_2_DENY_GROUP": { - "type": "string", - "label": "LDAP Deny Group", - "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_2_USER_FLAGS_BY_GROUP": { - "type": "nested object", - "label": "LDAP User Flags By Group", - "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "list", - "child": { - "type": "string", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_2_ORGANIZATION_MAP": { - "type": "nested object", - "label": "LDAP Organization Map", - "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_2_TEAM_MAP": { - "type": "nested object", - "label": "LDAP Team Map", - "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_3_SERVER_URI": { - "type": "string", - "label": "LDAP Server URI", - "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_3_BIND_DN": { - "type": "string", - "label": "LDAP Bind DN", - "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_3_BIND_PASSWORD": { - "type": "string", - "label": "LDAP Bind Password", - "help_text": "Password used to bind LDAP user account.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_3_START_TLS": { - "type": "boolean", - "label": "LDAP Start TLS", - "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_3_CONNECTION_OPTIONS": { - "type": "nested object", - "label": "LDAP Connection Options", - "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_3_USER_SEARCH": { - "type": "list", - "label": "LDAP User Search", - "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_3_USER_DN_TEMPLATE": { - "type": "string", - "label": "LDAP User DN Template", - "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_3_USER_ATTR_MAP": { - "type": "nested object", - "label": "LDAP User Attribute Map", - "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "string" - } - }, - "AUTH_LDAP_3_GROUP_SEARCH": { - "type": "list", - "label": "LDAP Group Search", - "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_3_GROUP_TYPE": { - "type": "choice", - "label": "LDAP Group Type", - "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "choices": [ - [ - "PosixGroupType", - "PosixGroupType" - ], - [ - "GroupOfNamesType", - "GroupOfNamesType" - ], - [ - "GroupOfUniqueNamesType", - "GroupOfUniqueNamesType" - ], - [ - "ActiveDirectoryGroupType", - "ActiveDirectoryGroupType" - ], - [ - "OrganizationalRoleGroupType", - "OrganizationalRoleGroupType" - ], - [ - "MemberDNGroupType", - "MemberDNGroupType" - ], - [ - "NestedGroupOfNamesType", - "NestedGroupOfNamesType" - ], - [ - "NestedGroupOfUniqueNamesType", - "NestedGroupOfUniqueNamesType" - ], - [ - "NestedActiveDirectoryGroupType", - "NestedActiveDirectoryGroupType" - ], - [ - "NestedOrganizationalRoleGroupType", - "NestedOrganizationalRoleGroupType" - ], - [ - "NestedMemberDNGroupType", - "NestedMemberDNGroupType" - ], - [ - "PosixUIDGroupType", - "PosixUIDGroupType" - ] - ] - }, - "AUTH_LDAP_3_GROUP_TYPE_PARAMS": { - "type": "nested object", - "label": "LDAP Group Type Parameters", - "help_text": "Key value parameters to send the chosen group type init method.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_3_REQUIRE_GROUP": { - "type": "string", - "label": "LDAP Require Group", - "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_3_DENY_GROUP": { - "type": "string", - "label": "LDAP Deny Group", - "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_3_USER_FLAGS_BY_GROUP": { - "type": "nested object", - "label": "LDAP User Flags By Group", - "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "list", - "child": { - "type": "string", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_3_ORGANIZATION_MAP": { - "type": "nested object", - "label": "LDAP Organization Map", - "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_3_TEAM_MAP": { - "type": "nested object", - "label": "LDAP Team Map", - "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_4_SERVER_URI": { - "type": "string", - "label": "LDAP Server URI", - "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_4_BIND_DN": { - "type": "string", - "label": "LDAP Bind DN", - "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_4_BIND_PASSWORD": { - "type": "string", - "label": "LDAP Bind Password", - "help_text": "Password used to bind LDAP user account.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_4_START_TLS": { - "type": "boolean", - "label": "LDAP Start TLS", - "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_4_CONNECTION_OPTIONS": { - "type": "nested object", - "label": "LDAP Connection Options", - "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_4_USER_SEARCH": { - "type": "list", - "label": "LDAP User Search", - "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_4_USER_DN_TEMPLATE": { - "type": "string", - "label": "LDAP User DN Template", - "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_4_USER_ATTR_MAP": { - "type": "nested object", - "label": "LDAP User Attribute Map", - "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "string" - } - }, - "AUTH_LDAP_4_GROUP_SEARCH": { - "type": "list", - "label": "LDAP Group Search", - "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_4_GROUP_TYPE": { - "type": "choice", - "label": "LDAP Group Type", - "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "choices": [ - [ - "PosixGroupType", - "PosixGroupType" - ], - [ - "GroupOfNamesType", - "GroupOfNamesType" - ], - [ - "GroupOfUniqueNamesType", - "GroupOfUniqueNamesType" - ], - [ - "ActiveDirectoryGroupType", - "ActiveDirectoryGroupType" - ], - [ - "OrganizationalRoleGroupType", - "OrganizationalRoleGroupType" - ], - [ - "MemberDNGroupType", - "MemberDNGroupType" - ], - [ - "NestedGroupOfNamesType", - "NestedGroupOfNamesType" - ], - [ - "NestedGroupOfUniqueNamesType", - "NestedGroupOfUniqueNamesType" - ], - [ - "NestedActiveDirectoryGroupType", - "NestedActiveDirectoryGroupType" - ], - [ - "NestedOrganizationalRoleGroupType", - "NestedOrganizationalRoleGroupType" - ], - [ - "NestedMemberDNGroupType", - "NestedMemberDNGroupType" - ], - [ - "PosixUIDGroupType", - "PosixUIDGroupType" - ] - ] - }, - "AUTH_LDAP_4_GROUP_TYPE_PARAMS": { - "type": "nested object", - "label": "LDAP Group Type Parameters", - "help_text": "Key value parameters to send the chosen group type init method.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_4_REQUIRE_GROUP": { - "type": "string", - "label": "LDAP Require Group", - "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_4_DENY_GROUP": { - "type": "string", - "label": "LDAP Deny Group", - "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_4_USER_FLAGS_BY_GROUP": { - "type": "nested object", - "label": "LDAP User Flags By Group", - "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "list", - "child": { - "type": "string", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_4_ORGANIZATION_MAP": { - "type": "nested object", - "label": "LDAP Organization Map", - "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_4_TEAM_MAP": { - "type": "nested object", - "label": "LDAP Team Map", - "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_5_SERVER_URI": { - "type": "string", - "label": "LDAP Server URI", - "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_5_BIND_DN": { - "type": "string", - "label": "LDAP Bind DN", - "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_5_BIND_PASSWORD": { - "type": "string", - "label": "LDAP Bind Password", - "help_text": "Password used to bind LDAP user account.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_5_START_TLS": { - "type": "boolean", - "label": "LDAP Start TLS", - "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_5_CONNECTION_OPTIONS": { - "type": "nested object", - "label": "LDAP Connection Options", - "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_5_USER_SEARCH": { - "type": "list", - "label": "LDAP User Search", - "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_5_USER_DN_TEMPLATE": { - "type": "string", - "label": "LDAP User DN Template", - "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_5_USER_ATTR_MAP": { - "type": "nested object", - "label": "LDAP User Attribute Map", - "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "string" - } - }, - "AUTH_LDAP_5_GROUP_SEARCH": { - "type": "list", - "label": "LDAP Group Search", - "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_5_GROUP_TYPE": { - "type": "choice", - "label": "LDAP Group Type", - "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "choices": [ - [ - "PosixGroupType", - "PosixGroupType" - ], - [ - "GroupOfNamesType", - "GroupOfNamesType" - ], - [ - "GroupOfUniqueNamesType", - "GroupOfUniqueNamesType" - ], - [ - "ActiveDirectoryGroupType", - "ActiveDirectoryGroupType" - ], - [ - "OrganizationalRoleGroupType", - "OrganizationalRoleGroupType" - ], - [ - "MemberDNGroupType", - "MemberDNGroupType" - ], - [ - "NestedGroupOfNamesType", - "NestedGroupOfNamesType" - ], - [ - "NestedGroupOfUniqueNamesType", - "NestedGroupOfUniqueNamesType" - ], - [ - "NestedActiveDirectoryGroupType", - "NestedActiveDirectoryGroupType" - ], - [ - "NestedOrganizationalRoleGroupType", - "NestedOrganizationalRoleGroupType" - ], - [ - "NestedMemberDNGroupType", - "NestedMemberDNGroupType" - ], - [ - "PosixUIDGroupType", - "PosixUIDGroupType" - ] - ] - }, - "AUTH_LDAP_5_GROUP_TYPE_PARAMS": { - "type": "nested object", - "label": "LDAP Group Type Parameters", - "help_text": "Key value parameters to send the chosen group type init method.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "AUTH_LDAP_5_REQUIRE_GROUP": { - "type": "string", - "label": "LDAP Require Group", - "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_5_DENY_GROUP": { - "type": "string", - "label": "LDAP Deny Group", - "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false - }, - "AUTH_LDAP_5_USER_FLAGS_BY_GROUP": { - "type": "nested object", - "label": "LDAP User Flags By Group", - "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "list", - "child": { - "type": "string", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_5_ORGANIZATION_MAP": { - "type": "nested object", - "label": "LDAP Organization Map", - "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_5_TEAM_MAP": { - "type": "nested object", - "label": "LDAP Team Map", - "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "RADIUS_SERVER": { - "type": "string", - "label": "RADIUS Server", - "help_text": "Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty.", - "category": "RADIUS", - "category_slug": "radius", - "defined_in_file": false - }, - "RADIUS_PORT": { - "type": "integer", - "label": "RADIUS Port", - "help_text": "Port of RADIUS server.", - "min_value": 1, - "max_value": 65535, - "category": "RADIUS", - "category_slug": "radius", - "defined_in_file": false - }, - "RADIUS_SECRET": { - "type": "string", - "label": "RADIUS Secret", - "help_text": "Shared secret for authenticating to RADIUS server.", - "category": "RADIUS", - "category_slug": "radius", - "defined_in_file": false - }, - "TACACSPLUS_HOST": { - "type": "string", - "label": "TACACS+ Server", - "help_text": "Hostname of TACACS+ server.", - "category": "TACACS+", - "category_slug": "tacacsplus", - "defined_in_file": false - }, - "TACACSPLUS_PORT": { - "type": "integer", - "label": "TACACS+ Port", - "help_text": "Port number of TACACS+ server.", - "min_value": 1, - "max_value": 65535, - "category": "TACACS+", - "category_slug": "tacacsplus", - "defined_in_file": false - }, - "TACACSPLUS_SECRET": { - "type": "string", - "label": "TACACS+ Secret", - "help_text": "Shared secret for authenticating to TACACS+ server.", - "category": "TACACS+", - "category_slug": "tacacsplus", - "defined_in_file": false - }, - "TACACSPLUS_SESSION_TIMEOUT": { - "type": "integer", - "label": "TACACS+ Auth Session Timeout", - "help_text": "TACACS+ session timeout value in seconds, 0 disables timeout.", - "min_value": 0, - "category": "TACACS+", - "category_slug": "tacacsplus", - "defined_in_file": false, - "unit": "seconds" - }, - "TACACSPLUS_AUTH_PROTOCOL": { - "type": "choice", - "label": "TACACS+ Authentication Protocol", - "help_text": "Choose the authentication protocol used by TACACS+ client.", - "category": "TACACS+", - "category_slug": "tacacsplus", - "defined_in_file": false, - "choices": [ - [ - "ascii", - "ascii" - ], - [ - "pap", - "pap" - ] - ] - }, - "SOCIAL_AUTH_GOOGLE_OAUTH2_CALLBACK_URL": { - "type": "string", - "label": "Google OAuth2 Callback URL", - "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.", - "category": "Google OAuth2", - "category_slug": "google-oauth2", - "defined_in_file": false - }, - "SOCIAL_AUTH_GOOGLE_OAUTH2_KEY": { - "type": "string", - "label": "Google OAuth2 Key", - "help_text": "The OAuth2 key from your web application.", - "category": "Google OAuth2", - "category_slug": "google-oauth2", - "defined_in_file": false - }, - "SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET": { - "type": "string", - "label": "Google OAuth2 Secret", - "help_text": "The OAuth2 secret from your web application.", - "category": "Google OAuth2", - "category_slug": "google-oauth2", - "defined_in_file": false - }, - "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS": { - "type": "list", - "label": "Google OAuth2 Allowed Domains", - "help_text": "Update this setting to restrict the domains who are allowed to login using Google OAuth2.", - "category": "Google OAuth2", - "category_slug": "google-oauth2", - "defined_in_file": false, - "child": { - "type": "string" - } - }, - "SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS": { - "type": "nested object", - "label": "Google OAuth2 Extra Arguments", - "help_text": "Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.", - "category": "Google OAuth2", - "category_slug": "google-oauth2", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP": { - "type": "nested object", - "label": "Google OAuth2 Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "Google OAuth2", - "category_slug": "google-oauth2", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP": { - "type": "nested object", - "label": "Google OAuth2 Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", - "category": "Google OAuth2", - "category_slug": "google-oauth2", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_CALLBACK_URL": { - "type": "string", - "label": "GitHub OAuth2 Callback URL", - "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.", - "category": "GitHub OAuth2", - "category_slug": "github", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_KEY": { - "type": "string", - "label": "GitHub OAuth2 Key", - "help_text": "The OAuth2 key (Client ID) from your GitHub developer application.", - "category": "GitHub OAuth2", - "category_slug": "github", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_SECRET": { - "type": "string", - "label": "GitHub OAuth2 Secret", - "help_text": "The OAuth2 secret (Client Secret) from your GitHub developer application.", - "category": "GitHub OAuth2", - "category_slug": "github", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP": { - "type": "nested object", - "label": "GitHub OAuth2 Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "GitHub OAuth2", - "category_slug": "github", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_TEAM_MAP": { - "type": "nested object", - "label": "GitHub OAuth2 Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", - "category": "GitHub OAuth2", - "category_slug": "github", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_ORG_CALLBACK_URL": { - "type": "string", - "label": "GitHub Organization OAuth2 Callback URL", - "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.", - "category": "GitHub Organization OAuth2", - "category_slug": "github-org", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ORG_KEY": { - "type": "string", - "label": "GitHub Organization OAuth2 Key", - "help_text": "The OAuth2 key (Client ID) from your GitHub organization application.", - "category": "GitHub Organization OAuth2", - "category_slug": "github-org", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ORG_SECRET": { - "type": "string", - "label": "GitHub Organization OAuth2 Secret", - "help_text": "The OAuth2 secret (Client Secret) from your GitHub organization application.", - "category": "GitHub Organization OAuth2", - "category_slug": "github-org", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ORG_NAME": { - "type": "string", - "label": "GitHub Organization Name", - "help_text": "The name of your GitHub organization, as used in your organization's URL: https://github.com//.", - "category": "GitHub Organization OAuth2", - "category_slug": "github-org", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP": { - "type": "nested object", - "label": "GitHub Organization OAuth2 Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "GitHub Organization OAuth2", - "category_slug": "github-org", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP": { - "type": "nested object", - "label": "GitHub Organization OAuth2 Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", - "category": "GitHub Organization OAuth2", - "category_slug": "github-org", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_TEAM_CALLBACK_URL": { - "type": "string", - "label": "GitHub Team OAuth2 Callback URL", - "help_text": "Create an organization-owned application at https://github.com/organizations//settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.", - "category": "GitHub Team OAuth2", - "category_slug": "github-team", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_TEAM_KEY": { - "type": "string", - "label": "GitHub Team OAuth2 Key", - "help_text": "The OAuth2 key (Client ID) from your GitHub organization application.", - "category": "GitHub Team OAuth2", - "category_slug": "github-team", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_TEAM_SECRET": { - "type": "string", - "label": "GitHub Team OAuth2 Secret", - "help_text": "The OAuth2 secret (Client Secret) from your GitHub organization application.", - "category": "GitHub Team OAuth2", - "category_slug": "github-team", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_TEAM_ID": { - "type": "string", - "label": "GitHub Team ID", - "help_text": "Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.", - "category": "GitHub Team OAuth2", - "category_slug": "github-team", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP": { - "type": "nested object", - "label": "GitHub Team OAuth2 Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "GitHub Team OAuth2", - "category_slug": "github-team", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP": { - "type": "nested object", - "label": "GitHub Team OAuth2 Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", - "category": "GitHub Team OAuth2", - "category_slug": "github-team", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_CALLBACK_URL": { - "type": "string", - "label": "GitHub Enterprise OAuth2 Callback URL", - "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.", - "category": "GitHub Enterprise OAuth2", - "category_slug": "github-enterprise", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_URL": { - "type": "string", - "label": "GitHub Enterprise URL", - "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.", - "category": "GitHub Enterprise OAuth2", - "category_slug": "github-enterprise", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL": { - "type": "string", - "label": "GitHub Enterprise API URL", - "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.", - "category": "GitHub Enterprise OAuth2", - "category_slug": "github-enterprise", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY": { - "type": "string", - "label": "GitHub Enterprise OAuth2 Key", - "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise developer application.", - "category": "GitHub Enterprise OAuth2", - "category_slug": "github-enterprise", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET": { - "type": "string", - "label": "GitHub Enterprise OAuth2 Secret", - "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application.", - "category": "GitHub OAuth2", - "category_slug": "github-enterprise", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP": { - "type": "nested object", - "label": "GitHub Enterprise OAuth2 Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "GitHub Enterprise OAuth2", - "category_slug": "github-enterprise", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP": { - "type": "nested object", - "label": "GitHub Enterprise OAuth2 Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", - "category": "GitHub Enterprise OAuth2", - "category_slug": "github-enterprise", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_CALLBACK_URL": { - "type": "string", - "label": "GitHub Enterprise Organization OAuth2 Callback URL", - "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.", - "category": "GitHub Enterprise Organization OAuth2", - "category_slug": "github-enterprise-org", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL": { - "type": "string", - "label": "GitHub Enterprise Organization URL", - "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.", - "category": "GitHub Enterprise OAuth2", - "category_slug": "github-enterprise-org", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL": { - "type": "string", - "label": "GitHub Enterprise Organization API URL", - "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.", - "category": "GitHub Enterprise OAuth2", - "category_slug": "github-enterprise-org", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY": { - "type": "string", - "label": "GitHub Enterprise Organization OAuth2 Key", - "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise organization application.", - "category": "GitHub Enterprise Organization OAuth2", - "category_slug": "github-enterprise-org", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET": { - "type": "string", - "label": "GitHub Enterprise Organization OAuth2 Secret", - "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.", - "category": "GitHub Enterprise Organization OAuth2", - "category_slug": "github-enterprise-org", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME": { - "type": "string", - "label": "GitHub Enterprise Organization Name", - "help_text": "The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com//.", - "category": "GitHub Enterprise Organization OAuth2", - "category_slug": "github-enterprise-org", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP": { - "type": "nested object", - "label": "GitHub Enterprise Organization OAuth2 Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "GitHub Enterprise Organization OAuth2", - "category_slug": "github-enterprise-org", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP": { - "type": "nested object", - "label": "GitHub Enterprise Organization OAuth2 Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", - "category": "GitHub Enterprise Organization OAuth2", - "category_slug": "github-enterprise-org", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_CALLBACK_URL": { - "type": "string", - "label": "GitHub Enterprise Team OAuth2 Callback URL", - "help_text": "Create an organization-owned application at https://github.com/organizations//settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.", - "category": "GitHub Enterprise Team OAuth2", - "category_slug": "github-enterprise-team", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL": { - "type": "string", - "label": "GitHub Enterprise Team URL", - "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.", - "category": "GitHub Enterprise OAuth2", - "category_slug": "github-enterprise-team", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL": { - "type": "string", - "label": "GitHub Enterprise Team API URL", - "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.", - "category": "GitHub Enterprise OAuth2", - "category_slug": "github-enterprise-team", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY": { - "type": "string", - "label": "GitHub Enterprise Team OAuth2 Key", - "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise organization application.", - "category": "GitHub Enterprise Team OAuth2", - "category_slug": "github-enterprise-team", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET": { - "type": "string", - "label": "GitHub Enterprise Team OAuth2 Secret", - "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.", - "category": "GitHub Enterprise Team OAuth2", - "category_slug": "github-enterprise-team", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID": { - "type": "string", - "label": "GitHub Enterprise Team ID", - "help_text": "Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.", - "category": "GitHub Enterprise Team OAuth2", - "category_slug": "github-enterprise-team", - "defined_in_file": false - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP": { - "type": "nested object", - "label": "GitHub Enterprise Team OAuth2 Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "GitHub Enterprise Team OAuth2", - "category_slug": "github-enterprise-team", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP": { - "type": "nested object", - "label": "GitHub Enterprise Team OAuth2 Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", - "category": "GitHub Enterprise Team OAuth2", - "category_slug": "github-enterprise-team", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_AZUREAD_OAUTH2_CALLBACK_URL": { - "type": "string", - "label": "Azure AD OAuth2 Callback URL", - "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail. ", - "category": "Azure AD OAuth2", - "category_slug": "azuread-oauth2", - "defined_in_file": false - }, - "SOCIAL_AUTH_AZUREAD_OAUTH2_KEY": { - "type": "string", - "label": "Azure AD OAuth2 Key", - "help_text": "The OAuth2 key (Client ID) from your Azure AD application.", - "category": "Azure AD OAuth2", - "category_slug": "azuread-oauth2", - "defined_in_file": false - }, - "SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET": { - "type": "string", - "label": "Azure AD OAuth2 Secret", - "help_text": "The OAuth2 secret (Client Secret) from your Azure AD application.", - "category": "Azure AD OAuth2", - "category_slug": "azuread-oauth2", - "defined_in_file": false - }, - "SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP": { - "type": "nested object", - "label": "Azure AD OAuth2 Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "Azure AD OAuth2", - "category_slug": "azuread-oauth2", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP": { - "type": "nested object", - "label": "Azure AD OAuth2 Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", - "category": "Azure AD OAuth2", - "category_slug": "azuread-oauth2", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SAML_AUTO_CREATE_OBJECTS": { - "type": "boolean", - "label": "Automatically Create Organizations and Teams on SAML Login", - "help_text": "When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login.", - "category": "SAML", - "category_slug": "saml", - "defined_in_file": false - }, - "SOCIAL_AUTH_SAML_CALLBACK_URL": { - "type": "string", - "label": "SAML Assertion Consumer Service (ACS) URL", - "help_text": "Register the application as a service provider (SP) with each identity provider (IdP) you have configured. Provide your SP Entity ID and this ACS URL for your application.", - "category": "SAML", - "category_slug": "saml", - "defined_in_file": false - }, - "SOCIAL_AUTH_SAML_METADATA_URL": { - "type": "string", - "label": "SAML Service Provider Metadata URL", - "help_text": "If your identity provider (IdP) allows uploading an XML metadata file, you can download one from this URL.", - "category": "SAML", - "category_slug": "saml", - "defined_in_file": false - }, - "SOCIAL_AUTH_SAML_SP_ENTITY_ID": { - "type": "string", - "label": "SAML Service Provider Entity ID", - "help_text": "The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for the service.", - "category": "SAML", - "category_slug": "saml", - "defined_in_file": false - }, - "SOCIAL_AUTH_SAML_SP_PUBLIC_CERT": { - "type": "string", - "label": "SAML Service Provider Public Certificate", - "help_text": "Create a keypair to use as a service provider (SP) and include the certificate content here.", - "category": "SAML", - "category_slug": "saml", - "defined_in_file": false - }, - "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY": { - "type": "string", - "label": "SAML Service Provider Private Key", - "help_text": "Create a keypair to use as a service provider (SP) and include the private key content here.", - "category": "SAML", - "category_slug": "saml", - "defined_in_file": false - }, - "SOCIAL_AUTH_SAML_ORG_INFO": { - "type": "nested object", - "label": "SAML Service Provider Organization Info", - "help_text": "Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.", - "category": "SAML", - "category_slug": "saml", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_SAML_TECHNICAL_CONTACT": { - "type": "nested object", - "label": "SAML Service Provider Technical Contact", - "help_text": "Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.", - "category": "SAML", - "category_slug": "saml", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "SOCIAL_AUTH_SAML_SUPPORT_CONTACT": { - "type": "nested object", - "label": "SAML Service Provider Support Contact", - "help_text": "Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.", - "category": "SAML", - "category_slug": "saml", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "SOCIAL_AUTH_SAML_ENABLED_IDPS": { - "type": "nested object", - "label": "SAML Enabled Identity Providers", - "help_text": "Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.", - "category": "SAML", - "category_slug": "saml", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_SAML_SECURITY_CONFIG": { - "type": "nested object", - "label": "SAML Security Config", - "help_text": "A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings", - "category": "SAML", - "category_slug": "saml", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "SOCIAL_AUTH_SAML_SP_EXTRA": { - "type": "nested object", - "label": "SAML Service Provider extra configuration data", - "help_text": "A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.", - "category": "SAML", - "category_slug": "saml", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "SOCIAL_AUTH_SAML_EXTRA_DATA": { - "type": "list", - "label": "SAML IDP to extra_data attribute mapping", - "help_text": "A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.", - "category": "SAML", - "category_slug": "saml", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "SOCIAL_AUTH_SAML_ORGANIZATION_MAP": { - "type": "nested object", - "label": "SAML Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "SAML", - "category_slug": "saml", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_SAML_TEAM_MAP": { - "type": "nested object", - "label": "SAML Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", - "category": "SAML", - "category_slug": "saml", - "defined_in_file": false, - "child": { - "type": "nested object", - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_SAML_ORGANIZATION_ATTR": { - "type": "nested object", - "label": "SAML Organization Attribute Mapping", - "help_text": "Used to translate user organization membership.", - "category": "SAML", - "category_slug": "saml", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "SOCIAL_AUTH_SAML_TEAM_ATTR": { - "type": "nested object", - "label": "SAML Team Attribute Mapping", - "help_text": "Used to translate user team membership.", - "category": "SAML", - "category_slug": "saml", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "NAMED_URL_FORMATS": { - "type": "nested object", - "label": "Formats of all available named urls", - "help_text": "Read-only list of key-value pairs that shows the standard format of all available named URLs.", - "category": "Named URL", - "category_slug": "named-url", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "NAMED_URL_GRAPH_NODES": { - "type": "nested object", - "label": "List of all named url graph nodes.", - "help_text": "Read-only list of key-value pairs that exposes named URL graph topology. Use this list to programmatically generate named URLs for resources", - "category": "Named URL", - "category_slug": "named-url", - "defined_in_file": false, - "child": { - "type": "field" - } - }, - "DEFAULT_EXECUTION_ENVIRONMENT": { - "type": "field", - "label": "Global default execution environment", - "help_text": "The Execution Environment to be used when one has not been configured for a job template.", - "category": "System", - "category_slug": "system", - "defined_in_file": false + "PUT": { + "ACTIVITY_STREAM_ENABLED": { + "type": "boolean", + "required": true, + "label": "Enable Activity Stream", + "help_text": "Enable capturing activity for the activity stream.", + "category": "System", + "category_slug": "system", + "default": true + }, + "ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC": { + "type": "boolean", + "required": true, + "label": "Enable Activity Stream for Inventory Sync", + "help_text": "Enable capturing activity for the activity stream when running inventory sync.", + "category": "System", + "category_slug": "system", + "default": false + }, + "ORG_ADMINS_CAN_SEE_ALL_USERS": { + "type": "boolean", + "required": true, + "label": "All Users Visible to Organization Admins", + "help_text": "Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.", + "category": "System", + "category_slug": "system", + "default": true + }, + "MANAGE_ORGANIZATION_AUTH": { + "type": "boolean", + "required": true, + "label": "Organization Admins Can Manage Users and Teams", + "help_text": "Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration.", + "category": "System", + "category_slug": "system", + "default": true + }, + "TOWER_URL_BASE": { + "type": "string", + "required": true, + "label": "Base URL of the service", + "help_text": "This setting is used by services like notifications to render a valid url to the service.", + "category": "System", + "category_slug": "system", + "default": "https://localhost:8043" + }, + "REMOTE_HOST_HEADERS": { + "type": "list", + "required": true, + "label": "Remote Host Headers", + "help_text": "HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as \"HTTP_X_FORWARDED_FOR\", if behind a reverse proxy. See the \"Proxy Support\" section of the Adminstrator guide for more details.", + "category": "System", + "category_slug": "system", + "default": ["REMOTE_ADDR", "REMOTE_HOST"], + "child": { + "type": "string", + "required": true, + "read_only": false } }, - "PUT": { - "ACTIVITY_STREAM_ENABLED": { - "type": "boolean", - "required": true, - "label": "Enable Activity Stream", - "help_text": "Enable capturing activity for the activity stream.", - "category": "System", - "category_slug": "system", - "default": true - }, - "ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC": { - "type": "boolean", - "required": true, - "label": "Enable Activity Stream for Inventory Sync", - "help_text": "Enable capturing activity for the activity stream when running inventory sync.", - "category": "System", - "category_slug": "system", - "default": false - }, - "ORG_ADMINS_CAN_SEE_ALL_USERS": { - "type": "boolean", - "required": true, - "label": "All Users Visible to Organization Admins", - "help_text": "Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.", - "category": "System", - "category_slug": "system", - "default": true - }, - "MANAGE_ORGANIZATION_AUTH": { - "type": "boolean", - "required": true, - "label": "Organization Admins Can Manage Users and Teams", - "help_text": "Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration.", - "category": "System", - "category_slug": "system", - "default": true - }, - "DISABLE_LOCAL_AUTH": { - "type": "boolean", - "required": true, - "label": "Disable the built-in authentication system", - "help_text": "Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration.", - "category": "Authentication", - "category_slug": "authentication", - "default": false - }, - "TOWER_URL_BASE": { - "type": "string", - "required": true, - "label": "Base URL of the service", - "help_text": "This setting is used by services like notifications to render a valid url to the service.", - "category": "System", - "category_slug": "system", - "default": "https://localhost:8043" - }, - "REMOTE_HOST_HEADERS": { - "type": "list", - "required": true, - "label": "Remote Host Headers", - "help_text": "HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as \"HTTP_X_FORWARDED_FOR\", if behind a reverse proxy. See the \"Proxy Support\" section of the Adminstrator guide for more details.", - "category": "System", - "category_slug": "system", - "default": [ - "REMOTE_ADDR", - "REMOTE_HOST" - ], - "child": { - "type": "string", - "required": true, - "read_only": false - } - }, - "PROXY_IP_ALLOWED_LIST": { - "type": "list", - "required": true, - "label": "Proxy IP Allowed List", - "help_text": "If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')", - "category": "System", - "category_slug": "system", - "default": [], - "child": { - "type": "string", - "required": true, - "read_only": false - } - }, - "REDHAT_USERNAME": { - "type": "string", - "required": false, - "label": "Red Hat customer username", - "help_text": "This username is used to send data to Insights for Ansible Automation Platform", - "category": "System", - "category_slug": "system", - "default": "" - }, - "REDHAT_PASSWORD": { - "type": "string", - "required": false, - "label": "Red Hat customer password", - "help_text": "This password is used to send data to Insights for Ansible Automation Platform", - "category": "System", - "category_slug": "system", - "default": "" - }, - "SUBSCRIPTIONS_USERNAME": { - "type": "string", - "required": false, - "label": "Red Hat or Satellite username", - "help_text": "This username is used to retrieve subscription and content information", - "category": "System", - "category_slug": "system", - "default": "" - }, - "SUBSCRIPTIONS_PASSWORD": { - "type": "string", - "required": false, - "label": "Red Hat or Satellite password", - "help_text": "This password is used to retrieve subscription and content information", - "category": "System", - "category_slug": "system", - "default": "" - }, - "AUTOMATION_ANALYTICS_URL": { - "type": "string", - "required": false, - "label": "Insights for Ansible Automation Platform upload URL", - "help_text": "This setting is used to to configure data collection for the Insights for Ansible Automation Platform dashboard", - "category": "System", - "category_slug": "system", - "default": "https://example.com" - }, - "CUSTOM_VENV_PATHS": { - "type": "list", - "required": false, - "label": "Custom virtual environment paths", - "help_text": "Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.", - "category": "System", - "category_slug": "system", - "default": [], - "child": { - "type": "string", - "required": true, - "read_only": false - } - }, - "AD_HOC_COMMANDS": { - "type": "list", - "required": false, - "label": "Ansible Modules Allowed for Ad Hoc Jobs", - "help_text": "List of modules allowed to be used by ad-hoc jobs.", - "category": "Jobs", - "category_slug": "jobs", - "default": [ - "command", - "shell", - "yum", - "apt", - "apt_key", - "apt_repository", - "apt_rpm", - "service", - "group", - "user", - "mount", - "ping", - "selinux", - "setup", - "win_ping", - "win_service", - "win_updates", - "win_group", - "win_user" - ], - "child": { - "type": "string", - "required": true, - "read_only": false - } - }, - "ALLOW_JINJA_IN_EXTRA_VARS": { - "type": "choice", - "required": true, - "label": "When can extra variables contain Jinja templates?", - "help_text": "Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python. It is recommended that this value be set to \"template\" or \"never\".", - "category": "Jobs", - "category_slug": "jobs", - "default": "template", - "choices": [ - [ - "always", - "Always" - ], - [ - "never", - "Never" - ], - [ - "template", - "Only On Job Template Definitions" - ] - ] - }, - "AWX_ISOLATION_BASE_PATH": { - "type": "string", - "required": true, - "label": "Job execution path", - "help_text": "The directory in which the service will create new temporary directories for job execution and isolation (such as credential files and custom inventory scripts).", - "category": "Jobs", - "category_slug": "jobs", - "default": "/tmp" - }, - "AWX_ISOLATION_SHOW_PATHS": { - "type": "list", - "required": false, - "label": "Paths to expose to isolated jobs", - "help_text": "List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line.", - "category": "Jobs", - "category_slug": "jobs", - "default": [], - "child": { - "type": "string", - "required": true, - "read_only": false - } - }, - "AWX_TASK_ENV": { - "type": "nested object", - "required": false, - "label": "Extra Environment Variables", - "help_text": "Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.", - "category": "Jobs", - "category_slug": "jobs", - "placeholder": { - "HTTP_PROXY": "myproxy.local:8080" - }, - "default": {}, - "child": { - "type": "string", - "required": true, - "read_only": false - } - }, - "INSIGHTS_TRACKING_STATE": { - "type": "boolean", - "required": false, - "label": "Gather data for Insights for Ansible Automation Platform", - "help_text": "Enables the service to gather data on automation for Red Hat Insights.", - "category": "System", - "category_slug": "system", - "default": false - }, - "PROJECT_UPDATE_VVV": { - "type": "boolean", - "required": true, - "label": "Run Project Updates With Higher Verbosity", - "help_text": "Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates.", - "category": "Jobs", - "category_slug": "jobs", - "default": false - }, - "AWX_ROLES_ENABLED": { - "type": "boolean", - "required": false, - "label": "Enable Role Download", - "help_text": "Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects.", - "category": "Jobs", - "category_slug": "jobs", - "default": true - }, - "AWX_COLLECTIONS_ENABLED": { - "type": "boolean", - "required": false, - "label": "Enable Collection(s) Download", - "help_text": "Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects.", - "category": "Jobs", - "category_slug": "jobs", - "default": true - }, - "AWX_SHOW_PLAYBOOK_LINKS": { - "type": "boolean", - "required": false, - "label": "Follow symlinks", - "help_text": "Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself.", - "category": "Jobs", - "category_slug": "jobs", - "default": false - }, - "GALAXY_IGNORE_CERTS": { - "type": "boolean", - "required": false, - "label": "Ignore Ansible Galaxy SSL Certificate Verification", - "help_text": "If set to true, certificate validation will not be done when installing content from any Galaxy server.", - "category": "Jobs", - "category_slug": "jobs", - "default": false - }, - "STDOUT_MAX_BYTES_DISPLAY": { - "type": "integer", - "required": true, - "label": "Standard Output Maximum Display Size", - "help_text": "Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.", - "min_value": 0, - "category": "Jobs", - "category_slug": "jobs", - "default": 1048576 - }, - "EVENT_STDOUT_MAX_BYTES_DISPLAY": { - "type": "integer", - "required": true, - "label": "Job Event Standard Output Maximum Display Size", - "help_text": "Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. `stdout` will end with `…` when truncated.", - "min_value": 0, - "category": "Jobs", - "category_slug": "jobs", - "default": 1024 - }, - "SCHEDULE_MAX_JOBS": { - "type": "integer", - "required": true, - "label": "Maximum Scheduled Jobs", - "help_text": "Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.", - "min_value": 1, - "category": "Jobs", - "category_slug": "jobs", - "default": 10 - }, - "AWX_ANSIBLE_CALLBACK_PLUGINS": { - "type": "list", - "required": false, - "label": "Ansible Callback Plugins", - "help_text": "List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.", - "category": "Jobs", - "category_slug": "jobs", - "default": [], - "child": { - "type": "string", - "required": true, - "read_only": false - } - }, - "DEFAULT_JOB_TIMEOUT": { - "type": "integer", - "required": false, - "label": "Default Job Timeout", - "help_text": "Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this.", - "min_value": 0, - "category": "Jobs", - "category_slug": "jobs", - "unit": "seconds", - "default": 0 - }, - "DEFAULT_INVENTORY_UPDATE_TIMEOUT": { - "type": "integer", - "required": false, - "label": "Default Inventory Update Timeout", - "help_text": "Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this.", - "min_value": 0, - "category": "Jobs", - "category_slug": "jobs", - "unit": "seconds", - "default": 0 - }, - "DEFAULT_PROJECT_UPDATE_TIMEOUT": { - "type": "integer", - "required": false, - "label": "Default Project Update Timeout", - "help_text": "Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this.", - "min_value": 0, - "category": "Jobs", - "category_slug": "jobs", - "unit": "seconds", - "default": 0 - }, - "ANSIBLE_FACT_CACHE_TIMEOUT": { - "type": "integer", - "required": false, - "label": "Per-Host Ansible Fact Cache Timeout", - "help_text": "Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed.", - "min_value": 0, - "category": "Jobs", - "category_slug": "jobs", - "unit": "seconds", - "default": 0 - }, - "MAX_FORKS": { - "type": "integer", - "required": false, - "label": "Maximum number of forks per job", - "help_text": "Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.", - "category": "Jobs", - "category_slug": "jobs", - "default": 200 - }, - "LOG_AGGREGATOR_HOST": { - "type": "string", - "required": false, - "label": "Logging Aggregator", - "help_text": "Hostname/IP where external logs will be sent to.", - "category": "Logging", - "category_slug": "logging", - "default": null - }, - "LOG_AGGREGATOR_PORT": { - "type": "integer", - "required": false, - "label": "Logging Aggregator Port", - "help_text": "Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).", - "category": "Logging", - "category_slug": "logging", - "default": null - }, - "LOG_AGGREGATOR_TYPE": { - "type": "choice", - "required": false, - "label": "Logging Aggregator Type", - "help_text": "Format messages for the chosen log aggregator.", - "category": "Logging", - "category_slug": "logging", - "default": null, - "choices": [ - [ - null, - "---------" - ], - [ - "logstash", - "logstash" - ], - [ - "splunk", - "splunk" - ], - [ - "loggly", - "loggly" - ], - [ - "sumologic", - "sumologic" - ], - [ - "other", - "other" - ] - ] - }, - "LOG_AGGREGATOR_USERNAME": { - "type": "string", - "required": false, - "label": "Logging Aggregator Username", - "help_text": "Username for external log aggregator (if required; HTTP/s only).", - "category": "Logging", - "category_slug": "logging", - "default": "" - }, - "LOG_AGGREGATOR_PASSWORD": { - "type": "string", - "required": false, - "label": "Logging Aggregator Password/Token", - "help_text": "Password or authentication token for external log aggregator (if required; HTTP/s only).", - "category": "Logging", - "category_slug": "logging", - "default": "" - }, - "LOG_AGGREGATOR_LOGGERS": { - "type": "list", - "required": false, - "label": "Loggers Sending Data to Log Aggregator Form", - "help_text": "List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs.", - "category": "Logging", - "category_slug": "logging", - "default": [ - "awx", - "activity_stream", - "job_events", - "system_tracking" - ], - "child": { - "type": "string", - "required": true, - "read_only": false - } - }, - "LOG_AGGREGATOR_INDIVIDUAL_FACTS": { - "type": "boolean", - "required": false, - "label": "Log System Tracking Facts Individually", - "help_text": "If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing.", - "category": "Logging", - "category_slug": "logging", - "default": false - }, - "LOG_AGGREGATOR_ENABLED": { - "type": "boolean", - "required": false, - "label": "Enable External Logging", - "help_text": "Enable sending logs to external log aggregator.", - "category": "Logging", - "category_slug": "logging", - "default": false - }, - "LOG_AGGREGATOR_TOWER_UUID": { - "type": "string", - "required": false, - "label": "Cluster-wide unique identifier.", - "help_text": "Useful to uniquely identify instances.", - "category": "Logging", - "category_slug": "logging", - "default": "" - }, - "LOG_AGGREGATOR_PROTOCOL": { - "type": "choice", - "required": false, - "label": "Logging Aggregator Protocol", - "help_text": "Protocol used to communicate with log aggregator. HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname.", - "category": "Logging", - "category_slug": "logging", - "default": "https", - "choices": [ - [ - "https", - "HTTPS/HTTP" - ], - [ - "tcp", - "TCP" - ], - [ - "udp", - "UDP" - ] - ] - }, - "LOG_AGGREGATOR_TCP_TIMEOUT": { - "type": "integer", - "required": false, - "label": "TCP Connection Timeout", - "help_text": "Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.", - "category": "Logging", - "category_slug": "logging", - "unit": "seconds", - "default": 5 - }, - "LOG_AGGREGATOR_VERIFY_CERT": { - "type": "boolean", - "required": false, - "label": "Enable/disable HTTPS certificate verification", - "help_text": "Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is \"https\". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection.", - "category": "Logging", - "category_slug": "logging", - "default": true - }, - "LOG_AGGREGATOR_LEVEL": { - "type": "choice", - "required": false, - "label": "Logging Aggregator Level Threshold", - "help_text": "Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting)", - "category": "Logging", - "category_slug": "logging", - "default": "INFO", - "choices": [ - [ - "DEBUG", - "DEBUG" - ], - [ - "INFO", - "INFO" - ], - [ - "WARNING", - "WARNING" - ], - [ - "ERROR", - "ERROR" - ], - [ - "CRITICAL", - "CRITICAL" - ] - ] - }, - "LOG_AGGREGATOR_MAX_DISK_USAGE_GB": { - "type": "integer", - "required": false, - "label": "Maximum disk persistance for external log aggregation (in GB)", - "help_text": "Amount of data to store (in gigabytes) during an outage of the external log aggregator (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting.", - "min_value": 1, - "category": "Logging", - "category_slug": "logging", - "default": 1 - }, - "LOG_AGGREGATOR_MAX_DISK_USAGE_PATH": { - "type": "string", - "required": false, - "label": "File system location for rsyslogd disk persistence", - "help_text": "Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting.", - "category": "Logging", - "category_slug": "logging", - "default": "/var/lib/awx" - }, - "LOG_AGGREGATOR_RSYSLOGD_DEBUG": { - "type": "boolean", - "required": false, - "label": "Enable rsyslogd debugging", - "help_text": "Enabled high verbosity debugging for rsyslogd. Useful for debugging connection issues for external log aggregation.", - "category": "Logging", - "category_slug": "logging", - "default": false - }, - "AUTOMATION_ANALYTICS_LAST_GATHER": { - "type": "datetime", - "required": true, - "label": "Last gather date for Insights for Ansible Automation Platform.", - "category": "System", - "category_slug": "system", - "default": null - }, - "AUTOMATION_ANALYTICS_GATHER_INTERVAL": { - "type": "integer", - "required": false, - "label": "Insights for Ansible Automation Platform Gather Interval", - "help_text": "Interval (in seconds) between data gathering.", - "min_value": 1800, - "category": "System", - "category_slug": "system", - "unit": "seconds", - "default": 14400 - }, - "SESSION_COOKIE_AGE": { - "type": "integer", - "required": true, - "label": "Idle Time Force Log Out", - "help_text": "Number of seconds that a user is inactive before they will need to login again.", - "min_value": 60, - "max_value": 30000000000, - "category": "Authentication", - "category_slug": "authentication", - "unit": "seconds", - "default": 1800 - }, - "SESSIONS_PER_USER": { - "type": "integer", - "required": true, - "label": "Maximum number of simultaneous logged in sessions", - "help_text": "Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.", - "min_value": -1, - "category": "Authentication", - "category_slug": "authentication", - "default": -1 - }, - "AUTH_BASIC_ENABLED": { - "type": "boolean", - "required": true, - "label": "Enable HTTP Basic Auth", - "help_text": "Enable HTTP Basic Auth for the API Browser.", - "category": "Authentication", - "category_slug": "authentication", - "default": true - }, - "OAUTH2_PROVIDER": { - "type": "nested object", - "required": false, - "label": "OAuth 2 Timeout Settings", - "help_text": "Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.", - "category": "Authentication", - "category_slug": "authentication", - "unit": "seconds", - "default": { - "ACCESS_TOKEN_EXPIRE_SECONDS": 31536000000, - "AUTHORIZATION_CODE_EXPIRE_SECONDS": 600, - "REFRESH_TOKEN_EXPIRE_SECONDS": 2628000 - }, - "child": { - "type": "integer", - "required": true, - "read_only": false, - "min_value": 1 - } - }, - "ALLOW_OAUTH2_FOR_EXTERNAL_USERS": { - "type": "boolean", - "required": false, - "label": "Allow External Users to Create OAuth2 Tokens", - "help_text": "For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off.", - "category": "Authentication", - "category_slug": "authentication", - "default": false - }, - "LOGIN_REDIRECT_OVERRIDE": { - "type": "string", - "required": false, - "label": "Login redirect override URL", - "help_text": "URL to which unauthorized users will be redirected to log in. If blank, users will be sent to the login page.", - "category": "Authentication", - "category_slug": "authentication", - "default": "" - }, - "PENDO_TRACKING_STATE": { - "default": "off", - "type": "choice", - "required": true, - "label": "User Analytics Tracking State", - "help_text": "Enable or Disable User Analytics Tracking.", - "category": "UI", - "category_slug": "ui", - "choices": [ - [ - "off", - "Off" - ], - [ - "anonymous", - "Anonymous" - ], - [ - "detailed", - "Detailed" - ] - ] - }, - "CUSTOM_LOGIN_INFO": { - "type": "string", - "required": false, - "label": "Custom Login Info", - "help_text": "If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported.", - "category": "UI", - "category_slug": "ui", - "default": "" - }, - "CUSTOM_LOGO": { - "type": "string", - "required": false, - "label": "Custom Logo", - "help_text": "To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported.", - "category": "UI", - "category_slug": "ui", - "placeholder": "data:image/gif;base64,R0lGODlhAQABAIABAP///wAAACwAAAAAAQABAAACAkQBADs=", - "default": "" - }, - "MAX_UI_JOB_EVENTS": { - "type": "integer", - "required": true, - "label": "Max Job Events Retrieved by UI", - "help_text": "Maximum number of job events for the UI to retrieve within a single request.", - "min_value": 100, - "category": "UI", - "category_slug": "ui", - "default": 4000 - }, - "UI_LIVE_UPDATES_ENABLED": { - "type": "boolean", - "required": true, - "label": "Enable Live Updates in the UI", - "help_text": "If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details.", - "category": "UI", - "category_slug": "ui", - "default": true - }, - "SOCIAL_AUTH_ORGANIZATION_MAP": { - "type": "nested object", - "required": false, - "label": "Social Auth Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "Authentication", - "category_slug": "authentication", - "placeholder": { - "Default": { - "users": true - }, - "Test Org": { - "admins": [ - "admin@example.com" - ], - "auditors": [ - "auditor@example.com" - ], - "users": true - }, - "Test Org 2": { - "admins": [ - "admin@example.com", - "/^tower-[^@]+*?@.*$/" - ], - "remove_admins": true, - "users": "/^[^@].*?@example\\.com$/i", - "remove_users": true - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_TEAM_MAP": { - "type": "nested object", - "required": false, - "label": "Social Auth Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", - "category": "Authentication", - "category_slug": "authentication", - "placeholder": { - "My Team": { - "organization": "Test Org", - "users": [ - "/^[^@]+?@test\\.example\\.com$/" - ], - "remove": true - }, - "Other Team": { - "organization": "Test Org 2", - "users": "/^[^@]+?@test2\\.example\\.com$/i", - "remove": false - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_USER_FIELDS": { - "type": "list", - "required": false, - "label": "Social Auth User Fields", - "help_text": "When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.", - "category": "Authentication", - "category_slug": "authentication", - "placeholder": [ - "username", - "email" - ], - "default": null, - "child": { - "type": "string", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_SERVER_URI": { - "type": "string", - "required": false, - "label": "LDAP Server URI", - "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "ldaps://ldap.example.com:636", - "default": "" - }, - "AUTH_LDAP_BIND_DN": { - "type": "string", - "required": false, - "label": "LDAP Bind DN", - "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", - "category": "LDAP", - "category_slug": "ldap", - "default": "" - }, - "AUTH_LDAP_BIND_PASSWORD": { - "type": "string", - "required": false, - "label": "LDAP Bind Password", - "help_text": "Password used to bind LDAP user account.", - "category": "LDAP", - "category_slug": "ldap", - "default": "" - }, - "AUTH_LDAP_START_TLS": { - "type": "boolean", - "required": false, - "label": "LDAP Start TLS", - "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", - "category": "LDAP", - "category_slug": "ldap", - "default": false - }, - "AUTH_LDAP_CONNECTION_OPTIONS": { - "type": "nested object", - "required": false, - "label": "LDAP Connection Options", - "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "OPT_REFERRALS": 0, - "OPT_NETWORK_TIMEOUT": 30 - }, - "default": { - "OPT_REFERRALS": 0, - "OPT_NETWORK_TIMEOUT": 30 - }, - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_USER_SEARCH": { - "type": "list", - "required": false, - "label": "LDAP User Search", - "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": [ - "OU=Users,DC=example,DC=com", - "SCOPE_SUBTREE", - "(sAMAccountName=%(user)s)" - ], - "default": [], - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_USER_DN_TEMPLATE": { - "type": "string", - "required": false, - "label": "LDAP User DN Template", - "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com", - "default": null - }, - "AUTH_LDAP_USER_ATTR_MAP": { - "type": "nested object", - "required": false, - "label": "LDAP User Attribute Map", - "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "first_name": "givenName", - "last_name": "sn", - "email": "mail" - }, - "default": {}, - "child": { - "type": "string", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_GROUP_SEARCH": { - "type": "list", - "required": false, - "label": "LDAP Group Search", - "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": [ - "DC=example,DC=com", - "SCOPE_SUBTREE", - "(objectClass=group)" - ], - "default": [], - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_GROUP_TYPE": { - "type": "choice", - "required": false, - "label": "LDAP Group Type", - "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", - "category": "LDAP", - "category_slug": "ldap", - "default": "MemberDNGroupType", - "choices": [ - [ - "PosixGroupType", - "PosixGroupType" - ], - [ - "GroupOfNamesType", - "GroupOfNamesType" - ], - [ - "GroupOfUniqueNamesType", - "GroupOfUniqueNamesType" - ], - [ - "ActiveDirectoryGroupType", - "ActiveDirectoryGroupType" - ], - [ - "OrganizationalRoleGroupType", - "OrganizationalRoleGroupType" - ], - [ - "MemberDNGroupType", - "MemberDNGroupType" - ], - [ - "NestedGroupOfNamesType", - "NestedGroupOfNamesType" - ], - [ - "NestedGroupOfUniqueNamesType", - "NestedGroupOfUniqueNamesType" - ], - [ - "NestedActiveDirectoryGroupType", - "NestedActiveDirectoryGroupType" - ], - [ - "NestedOrganizationalRoleGroupType", - "NestedOrganizationalRoleGroupType" - ], - [ - "NestedMemberDNGroupType", - "NestedMemberDNGroupType" - ], - [ - "PosixUIDGroupType", - "PosixUIDGroupType" - ] - ] - }, - "AUTH_LDAP_GROUP_TYPE_PARAMS": { - "type": "nested object", - "required": false, - "label": "LDAP Group Type Parameters", - "help_text": "Key value parameters to send the chosen group type init method.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "ldap_group_user_attr": "legacyuid", - "member_attr": "member", - "name_attr": "cn" - }, - "default": { - "member_attr": "member", - "name_attr": "cn" - }, - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_REQUIRE_GROUP": { - "type": "string", - "required": false, - "label": "LDAP Require Group", - "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com", - "default": null - }, - "AUTH_LDAP_DENY_GROUP": { - "type": "string", - "required": false, - "label": "LDAP Deny Group", - "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com", - "default": null - }, - "AUTH_LDAP_USER_FLAGS_BY_GROUP": { - "type": "nested object", - "required": false, - "label": "LDAP User Flags By Group", - "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com", - "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com" - }, - "default": {}, - "child": { - "type": "list", - "required": true, - "read_only": false, - "child": { - "type": "string", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_ORGANIZATION_MAP": { - "type": "nested object", - "required": false, - "label": "LDAP Organization Map", - "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "Test Org": { - "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com", - "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com", - "users": [ - "CN=Domain Users,CN=Users,DC=example,DC=com" - ], - "remove_users": true, - "remove_admins": true - }, - "Test Org 2": { - "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com", - "users": true, - "remove_users": true, - "remove_admins": true - } - }, - "default": {}, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_TEAM_MAP": { - "type": "nested object", - "required": false, - "label": "LDAP Team Map", - "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "My Team": { - "organization": "Test Org", - "users": [ - "CN=Domain Users,CN=Users,DC=example,DC=com" - ], - "remove": true - }, - "Other Team": { - "organization": "Test Org 2", - "users": "CN=Other Users,CN=Users,DC=example,DC=com", - "remove": false - } - }, - "default": {}, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_1_SERVER_URI": { - "type": "string", - "required": false, - "label": "LDAP Server URI", - "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "ldaps://ldap.example.com:636", - "default": "" - }, - "AUTH_LDAP_1_BIND_DN": { - "type": "string", - "required": false, - "label": "LDAP Bind DN", - "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", - "category": "LDAP", - "category_slug": "ldap", - "default": "" - }, - "AUTH_LDAP_1_BIND_PASSWORD": { - "type": "string", - "required": false, - "label": "LDAP Bind Password", - "help_text": "Password used to bind LDAP user account.", - "category": "LDAP", - "category_slug": "ldap", - "default": "" - }, - "AUTH_LDAP_1_START_TLS": { - "type": "boolean", - "required": false, - "label": "LDAP Start TLS", - "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", - "category": "LDAP", - "category_slug": "ldap", - "default": false - }, - "AUTH_LDAP_1_CONNECTION_OPTIONS": { - "type": "nested object", - "required": false, - "label": "LDAP Connection Options", - "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "OPT_REFERRALS": 0, - "OPT_NETWORK_TIMEOUT": 30 - }, - "default": { - "OPT_REFERRALS": 0, - "OPT_NETWORK_TIMEOUT": 30 - }, - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_1_USER_SEARCH": { - "type": "list", - "required": false, - "label": "LDAP User Search", - "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": [ - "OU=Users,DC=example,DC=com", - "SCOPE_SUBTREE", - "(sAMAccountName=%(user)s)" - ], - "default": [], - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_1_USER_DN_TEMPLATE": { - "type": "string", - "required": false, - "label": "LDAP User DN Template", - "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com", - "default": null - }, - "AUTH_LDAP_1_USER_ATTR_MAP": { - "type": "nested object", - "required": false, - "label": "LDAP User Attribute Map", - "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "first_name": "givenName", - "last_name": "sn", - "email": "mail" - }, - "default": {}, - "child": { - "type": "string", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_1_GROUP_SEARCH": { - "type": "list", - "required": false, - "label": "LDAP Group Search", - "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": [ - "DC=example,DC=com", - "SCOPE_SUBTREE", - "(objectClass=group)" - ], - "default": [], - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_1_GROUP_TYPE": { - "type": "choice", - "required": false, - "label": "LDAP Group Type", - "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", - "category": "LDAP", - "category_slug": "ldap", - "default": "MemberDNGroupType", - "choices": [ - [ - "PosixGroupType", - "PosixGroupType" - ], - [ - "GroupOfNamesType", - "GroupOfNamesType" - ], - [ - "GroupOfUniqueNamesType", - "GroupOfUniqueNamesType" - ], - [ - "ActiveDirectoryGroupType", - "ActiveDirectoryGroupType" - ], - [ - "OrganizationalRoleGroupType", - "OrganizationalRoleGroupType" - ], - [ - "MemberDNGroupType", - "MemberDNGroupType" - ], - [ - "NestedGroupOfNamesType", - "NestedGroupOfNamesType" - ], - [ - "NestedGroupOfUniqueNamesType", - "NestedGroupOfUniqueNamesType" - ], - [ - "NestedActiveDirectoryGroupType", - "NestedActiveDirectoryGroupType" - ], - [ - "NestedOrganizationalRoleGroupType", - "NestedOrganizationalRoleGroupType" - ], - [ - "NestedMemberDNGroupType", - "NestedMemberDNGroupType" - ], - [ - "PosixUIDGroupType", - "PosixUIDGroupType" - ] - ] - }, - "AUTH_LDAP_1_GROUP_TYPE_PARAMS": { - "type": "nested object", - "required": false, - "label": "LDAP Group Type Parameters", - "help_text": "Key value parameters to send the chosen group type init method.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "ldap_group_user_attr": "legacyuid", - "member_attr": "member", - "name_attr": "cn" - }, - "default": { - "member_attr": "member", - "name_attr": "cn" - }, - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_1_REQUIRE_GROUP": { - "type": "string", - "required": false, - "label": "LDAP Require Group", - "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com", - "default": null - }, - "AUTH_LDAP_1_DENY_GROUP": { - "type": "string", - "required": false, - "label": "LDAP Deny Group", - "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com", - "default": null - }, - "AUTH_LDAP_1_USER_FLAGS_BY_GROUP": { - "type": "nested object", - "required": false, - "label": "LDAP User Flags By Group", - "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com", - "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com" - }, - "default": {}, - "child": { - "type": "list", - "required": true, - "read_only": false, - "child": { - "type": "string", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_1_ORGANIZATION_MAP": { - "type": "nested object", - "required": false, - "label": "LDAP Organization Map", - "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "Test Org": { - "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com", - "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com", - "users": [ - "CN=Domain Users,CN=Users,DC=example,DC=com" - ], - "remove_users": true, - "remove_admins": true - }, - "Test Org 2": { - "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com", - "users": true, - "remove_users": true, - "remove_admins": true - } - }, - "default": {}, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_1_TEAM_MAP": { - "type": "nested object", - "required": false, - "label": "LDAP Team Map", - "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "My Team": { - "organization": "Test Org", - "users": [ - "CN=Domain Users,CN=Users,DC=example,DC=com" - ], - "remove": true - }, - "Other Team": { - "organization": "Test Org 2", - "users": "CN=Other Users,CN=Users,DC=example,DC=com", - "remove": false - } - }, - "default": {}, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_2_SERVER_URI": { - "type": "string", - "required": false, - "label": "LDAP Server URI", - "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "ldaps://ldap.example.com:636", - "default": "" - }, - "AUTH_LDAP_2_BIND_DN": { - "type": "string", - "required": false, - "label": "LDAP Bind DN", - "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", - "category": "LDAP", - "category_slug": "ldap", - "default": "" - }, - "AUTH_LDAP_2_BIND_PASSWORD": { - "type": "string", - "required": false, - "label": "LDAP Bind Password", - "help_text": "Password used to bind LDAP user account.", - "category": "LDAP", - "category_slug": "ldap", - "default": "" - }, - "AUTH_LDAP_2_START_TLS": { - "type": "boolean", - "required": false, - "label": "LDAP Start TLS", - "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", - "category": "LDAP", - "category_slug": "ldap", - "default": false - }, - "AUTH_LDAP_2_CONNECTION_OPTIONS": { - "type": "nested object", - "required": false, - "label": "LDAP Connection Options", - "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "OPT_REFERRALS": 0, - "OPT_NETWORK_TIMEOUT": 30 - }, - "default": { - "OPT_REFERRALS": 0, - "OPT_NETWORK_TIMEOUT": 30 - }, - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_2_USER_SEARCH": { - "type": "list", - "required": false, - "label": "LDAP User Search", - "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": [ - "OU=Users,DC=example,DC=com", - "SCOPE_SUBTREE", - "(sAMAccountName=%(user)s)" - ], - "default": [], - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_2_USER_DN_TEMPLATE": { - "type": "string", - "required": false, - "label": "LDAP User DN Template", - "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com", - "default": null - }, - "AUTH_LDAP_2_USER_ATTR_MAP": { - "type": "nested object", - "required": false, - "label": "LDAP User Attribute Map", - "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "first_name": "givenName", - "last_name": "sn", - "email": "mail" - }, - "default": {}, - "child": { - "type": "string", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_2_GROUP_SEARCH": { - "type": "list", - "required": false, - "label": "LDAP Group Search", - "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": [ - "DC=example,DC=com", - "SCOPE_SUBTREE", - "(objectClass=group)" - ], - "default": [], - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_2_GROUP_TYPE": { - "type": "choice", - "required": false, - "label": "LDAP Group Type", - "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", - "category": "LDAP", - "category_slug": "ldap", - "default": "MemberDNGroupType", - "choices": [ - [ - "PosixGroupType", - "PosixGroupType" - ], - [ - "GroupOfNamesType", - "GroupOfNamesType" - ], - [ - "GroupOfUniqueNamesType", - "GroupOfUniqueNamesType" - ], - [ - "ActiveDirectoryGroupType", - "ActiveDirectoryGroupType" - ], - [ - "OrganizationalRoleGroupType", - "OrganizationalRoleGroupType" - ], - [ - "MemberDNGroupType", - "MemberDNGroupType" - ], - [ - "NestedGroupOfNamesType", - "NestedGroupOfNamesType" - ], - [ - "NestedGroupOfUniqueNamesType", - "NestedGroupOfUniqueNamesType" - ], - [ - "NestedActiveDirectoryGroupType", - "NestedActiveDirectoryGroupType" - ], - [ - "NestedOrganizationalRoleGroupType", - "NestedOrganizationalRoleGroupType" - ], - [ - "NestedMemberDNGroupType", - "NestedMemberDNGroupType" - ], - [ - "PosixUIDGroupType", - "PosixUIDGroupType" - ] - ] - }, - "AUTH_LDAP_2_GROUP_TYPE_PARAMS": { - "type": "nested object", - "required": false, - "label": "LDAP Group Type Parameters", - "help_text": "Key value parameters to send the chosen group type init method.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "ldap_group_user_attr": "legacyuid", - "member_attr": "member", - "name_attr": "cn" - }, - "default": { - "member_attr": "member", - "name_attr": "cn" - }, - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_2_REQUIRE_GROUP": { - "type": "string", - "required": false, - "label": "LDAP Require Group", - "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com", - "default": null - }, - "AUTH_LDAP_2_DENY_GROUP": { - "type": "string", - "required": false, - "label": "LDAP Deny Group", - "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com", - "default": null - }, - "AUTH_LDAP_2_USER_FLAGS_BY_GROUP": { - "type": "nested object", - "required": false, - "label": "LDAP User Flags By Group", - "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com", - "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com" - }, - "default": {}, - "child": { - "type": "list", - "required": true, - "read_only": false, - "child": { - "type": "string", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_2_ORGANIZATION_MAP": { - "type": "nested object", - "required": false, - "label": "LDAP Organization Map", - "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "Test Org": { - "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com", - "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com", - "users": [ - "CN=Domain Users,CN=Users,DC=example,DC=com" - ], - "remove_users": true, - "remove_admins": true - }, - "Test Org 2": { - "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com", - "users": true, - "remove_users": true, - "remove_admins": true - } - }, - "default": {}, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_2_TEAM_MAP": { - "type": "nested object", - "required": false, - "label": "LDAP Team Map", - "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "My Team": { - "organization": "Test Org", - "users": [ - "CN=Domain Users,CN=Users,DC=example,DC=com" - ], - "remove": true - }, - "Other Team": { - "organization": "Test Org 2", - "users": "CN=Other Users,CN=Users,DC=example,DC=com", - "remove": false - } - }, - "default": {}, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_3_SERVER_URI": { - "type": "string", - "required": false, - "label": "LDAP Server URI", - "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "ldaps://ldap.example.com:636", - "default": "" - }, - "AUTH_LDAP_3_BIND_DN": { - "type": "string", - "required": false, - "label": "LDAP Bind DN", - "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", - "category": "LDAP", - "category_slug": "ldap", - "default": "" - }, - "AUTH_LDAP_3_BIND_PASSWORD": { - "type": "string", - "required": false, - "label": "LDAP Bind Password", - "help_text": "Password used to bind LDAP user account.", - "category": "LDAP", - "category_slug": "ldap", - "default": "" - }, - "AUTH_LDAP_3_START_TLS": { - "type": "boolean", - "required": false, - "label": "LDAP Start TLS", - "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", - "category": "LDAP", - "category_slug": "ldap", - "default": false - }, - "AUTH_LDAP_3_CONNECTION_OPTIONS": { - "type": "nested object", - "required": false, - "label": "LDAP Connection Options", - "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "OPT_REFERRALS": 0, - "OPT_NETWORK_TIMEOUT": 30 - }, - "default": { - "OPT_REFERRALS": 0, - "OPT_NETWORK_TIMEOUT": 30 - }, - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_3_USER_SEARCH": { - "type": "list", - "required": false, - "label": "LDAP User Search", - "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": [ - "OU=Users,DC=example,DC=com", - "SCOPE_SUBTREE", - "(sAMAccountName=%(user)s)" - ], - "default": [], - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_3_USER_DN_TEMPLATE": { - "type": "string", - "required": false, - "label": "LDAP User DN Template", - "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com", - "default": null - }, - "AUTH_LDAP_3_USER_ATTR_MAP": { - "type": "nested object", - "required": false, - "label": "LDAP User Attribute Map", - "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "first_name": "givenName", - "last_name": "sn", - "email": "mail" - }, - "default": {}, - "child": { - "type": "string", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_3_GROUP_SEARCH": { - "type": "list", - "required": false, - "label": "LDAP Group Search", - "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": [ - "DC=example,DC=com", - "SCOPE_SUBTREE", - "(objectClass=group)" - ], - "default": [], - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_3_GROUP_TYPE": { - "type": "choice", - "required": false, - "label": "LDAP Group Type", - "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", - "category": "LDAP", - "category_slug": "ldap", - "default": "MemberDNGroupType", - "choices": [ - [ - "PosixGroupType", - "PosixGroupType" - ], - [ - "GroupOfNamesType", - "GroupOfNamesType" - ], - [ - "GroupOfUniqueNamesType", - "GroupOfUniqueNamesType" - ], - [ - "ActiveDirectoryGroupType", - "ActiveDirectoryGroupType" - ], - [ - "OrganizationalRoleGroupType", - "OrganizationalRoleGroupType" - ], - [ - "MemberDNGroupType", - "MemberDNGroupType" - ], - [ - "NestedGroupOfNamesType", - "NestedGroupOfNamesType" - ], - [ - "NestedGroupOfUniqueNamesType", - "NestedGroupOfUniqueNamesType" - ], - [ - "NestedActiveDirectoryGroupType", - "NestedActiveDirectoryGroupType" - ], - [ - "NestedOrganizationalRoleGroupType", - "NestedOrganizationalRoleGroupType" - ], - [ - "NestedMemberDNGroupType", - "NestedMemberDNGroupType" - ], - [ - "PosixUIDGroupType", - "PosixUIDGroupType" - ] - ] - }, - "AUTH_LDAP_3_GROUP_TYPE_PARAMS": { - "type": "nested object", - "required": false, - "label": "LDAP Group Type Parameters", - "help_text": "Key value parameters to send the chosen group type init method.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "ldap_group_user_attr": "legacyuid", - "member_attr": "member", - "name_attr": "cn" - }, - "default": { - "member_attr": "member", - "name_attr": "cn" - }, - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_3_REQUIRE_GROUP": { - "type": "string", - "required": false, - "label": "LDAP Require Group", - "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com", - "default": null - }, - "AUTH_LDAP_3_DENY_GROUP": { - "type": "string", - "required": false, - "label": "LDAP Deny Group", - "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com", - "default": null - }, - "AUTH_LDAP_3_USER_FLAGS_BY_GROUP": { - "type": "nested object", - "required": false, - "label": "LDAP User Flags By Group", - "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com", - "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com" - }, - "default": {}, - "child": { - "type": "list", - "required": true, - "read_only": false, - "child": { - "type": "string", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_3_ORGANIZATION_MAP": { - "type": "nested object", - "required": false, - "label": "LDAP Organization Map", - "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "Test Org": { - "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com", - "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com", - "users": [ - "CN=Domain Users,CN=Users,DC=example,DC=com" - ], - "remove_users": true, - "remove_admins": true - }, - "Test Org 2": { - "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com", - "users": true, - "remove_users": true, - "remove_admins": true - } - }, - "default": {}, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_3_TEAM_MAP": { - "type": "nested object", - "required": false, - "label": "LDAP Team Map", - "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "My Team": { - "organization": "Test Org", - "users": [ - "CN=Domain Users,CN=Users,DC=example,DC=com" - ], - "remove": true - }, - "Other Team": { - "organization": "Test Org 2", - "users": "CN=Other Users,CN=Users,DC=example,DC=com", - "remove": false - } - }, - "default": {}, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_4_SERVER_URI": { - "type": "string", - "required": false, - "label": "LDAP Server URI", - "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "ldaps://ldap.example.com:636", - "default": "" - }, - "AUTH_LDAP_4_BIND_DN": { - "type": "string", - "required": false, - "label": "LDAP Bind DN", - "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", - "category": "LDAP", - "category_slug": "ldap", - "default": "" - }, - "AUTH_LDAP_4_BIND_PASSWORD": { - "type": "string", - "required": false, - "label": "LDAP Bind Password", - "help_text": "Password used to bind LDAP user account.", - "category": "LDAP", - "category_slug": "ldap", - "default": "" - }, - "AUTH_LDAP_4_START_TLS": { - "type": "boolean", - "required": false, - "label": "LDAP Start TLS", - "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", - "category": "LDAP", - "category_slug": "ldap", - "default": false - }, - "AUTH_LDAP_4_CONNECTION_OPTIONS": { - "type": "nested object", - "required": false, - "label": "LDAP Connection Options", - "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "OPT_REFERRALS": 0, - "OPT_NETWORK_TIMEOUT": 30 - }, - "default": { - "OPT_REFERRALS": 0, - "OPT_NETWORK_TIMEOUT": 30 - }, - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_4_USER_SEARCH": { - "type": "list", - "required": false, - "label": "LDAP User Search", - "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": [ - "OU=Users,DC=example,DC=com", - "SCOPE_SUBTREE", - "(sAMAccountName=%(user)s)" - ], - "default": [], - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_4_USER_DN_TEMPLATE": { - "type": "string", - "required": false, - "label": "LDAP User DN Template", - "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com", - "default": null - }, - "AUTH_LDAP_4_USER_ATTR_MAP": { - "type": "nested object", - "required": false, - "label": "LDAP User Attribute Map", - "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "first_name": "givenName", - "last_name": "sn", - "email": "mail" - }, - "default": {}, - "child": { - "type": "string", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_4_GROUP_SEARCH": { - "type": "list", - "required": false, - "label": "LDAP Group Search", - "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": [ - "DC=example,DC=com", - "SCOPE_SUBTREE", - "(objectClass=group)" - ], - "default": [], - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_4_GROUP_TYPE": { - "type": "choice", - "required": false, - "label": "LDAP Group Type", - "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", - "category": "LDAP", - "category_slug": "ldap", - "default": "MemberDNGroupType", - "choices": [ - [ - "PosixGroupType", - "PosixGroupType" - ], - [ - "GroupOfNamesType", - "GroupOfNamesType" - ], - [ - "GroupOfUniqueNamesType", - "GroupOfUniqueNamesType" - ], - [ - "ActiveDirectoryGroupType", - "ActiveDirectoryGroupType" - ], - [ - "OrganizationalRoleGroupType", - "OrganizationalRoleGroupType" - ], - [ - "MemberDNGroupType", - "MemberDNGroupType" - ], - [ - "NestedGroupOfNamesType", - "NestedGroupOfNamesType" - ], - [ - "NestedGroupOfUniqueNamesType", - "NestedGroupOfUniqueNamesType" - ], - [ - "NestedActiveDirectoryGroupType", - "NestedActiveDirectoryGroupType" - ], - [ - "NestedOrganizationalRoleGroupType", - "NestedOrganizationalRoleGroupType" - ], - [ - "NestedMemberDNGroupType", - "NestedMemberDNGroupType" - ], - [ - "PosixUIDGroupType", - "PosixUIDGroupType" - ] - ] - }, - "AUTH_LDAP_4_GROUP_TYPE_PARAMS": { - "type": "nested object", - "required": false, - "label": "LDAP Group Type Parameters", - "help_text": "Key value parameters to send the chosen group type init method.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "ldap_group_user_attr": "legacyuid", - "member_attr": "member", - "name_attr": "cn" - }, - "default": { - "member_attr": "member", - "name_attr": "cn" - }, - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_4_REQUIRE_GROUP": { - "type": "string", - "required": false, - "label": "LDAP Require Group", - "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com", - "default": null - }, - "AUTH_LDAP_4_DENY_GROUP": { - "type": "string", - "required": false, - "label": "LDAP Deny Group", - "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com", - "default": null - }, - "AUTH_LDAP_4_USER_FLAGS_BY_GROUP": { - "type": "nested object", - "required": false, - "label": "LDAP User Flags By Group", - "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com", - "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com" - }, - "default": {}, - "child": { - "type": "list", - "required": true, - "read_only": false, - "child": { - "type": "string", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_4_ORGANIZATION_MAP": { - "type": "nested object", - "required": false, - "label": "LDAP Organization Map", - "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "Test Org": { - "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com", - "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com", - "users": [ - "CN=Domain Users,CN=Users,DC=example,DC=com" - ], - "remove_users": true, - "remove_admins": true - }, - "Test Org 2": { - "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com", - "users": true, - "remove_users": true, - "remove_admins": true - } - }, - "default": {}, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_4_TEAM_MAP": { - "type": "nested object", - "required": false, - "label": "LDAP Team Map", - "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "My Team": { - "organization": "Test Org", - "users": [ - "CN=Domain Users,CN=Users,DC=example,DC=com" - ], - "remove": true - }, - "Other Team": { - "organization": "Test Org 2", - "users": "CN=Other Users,CN=Users,DC=example,DC=com", - "remove": false - } - }, - "default": {}, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_5_SERVER_URI": { - "type": "string", - "required": false, - "label": "LDAP Server URI", - "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "ldaps://ldap.example.com:636", - "default": "" - }, - "AUTH_LDAP_5_BIND_DN": { - "type": "string", - "required": false, - "label": "LDAP Bind DN", - "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", - "category": "LDAP", - "category_slug": "ldap", - "default": "" - }, - "AUTH_LDAP_5_BIND_PASSWORD": { - "type": "string", - "required": false, - "label": "LDAP Bind Password", - "help_text": "Password used to bind LDAP user account.", - "category": "LDAP", - "category_slug": "ldap", - "default": "" - }, - "AUTH_LDAP_5_START_TLS": { - "type": "boolean", - "required": false, - "label": "LDAP Start TLS", - "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", - "category": "LDAP", - "category_slug": "ldap", - "default": false - }, - "AUTH_LDAP_5_CONNECTION_OPTIONS": { - "type": "nested object", - "required": false, - "label": "LDAP Connection Options", - "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "OPT_REFERRALS": 0, - "OPT_NETWORK_TIMEOUT": 30 - }, - "default": { - "OPT_REFERRALS": 0, - "OPT_NETWORK_TIMEOUT": 30 - }, - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_5_USER_SEARCH": { - "type": "list", - "required": false, - "label": "LDAP User Search", - "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": [ - "OU=Users,DC=example,DC=com", - "SCOPE_SUBTREE", - "(sAMAccountName=%(user)s)" - ], - "default": [], - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_5_USER_DN_TEMPLATE": { - "type": "string", - "required": false, - "label": "LDAP User DN Template", - "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com", - "default": null - }, - "AUTH_LDAP_5_USER_ATTR_MAP": { - "type": "nested object", - "required": false, - "label": "LDAP User Attribute Map", - "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "first_name": "givenName", - "last_name": "sn", - "email": "mail" - }, - "default": {}, - "child": { - "type": "string", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_5_GROUP_SEARCH": { - "type": "list", - "required": false, - "label": "LDAP Group Search", - "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": [ - "DC=example,DC=com", - "SCOPE_SUBTREE", - "(objectClass=group)" - ], - "default": [], - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_5_GROUP_TYPE": { - "type": "choice", - "required": false, - "label": "LDAP Group Type", - "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", - "category": "LDAP", - "category_slug": "ldap", - "default": "MemberDNGroupType", - "choices": [ - [ - "PosixGroupType", - "PosixGroupType" - ], - [ - "GroupOfNamesType", - "GroupOfNamesType" - ], - [ - "GroupOfUniqueNamesType", - "GroupOfUniqueNamesType" - ], - [ - "ActiveDirectoryGroupType", - "ActiveDirectoryGroupType" - ], - [ - "OrganizationalRoleGroupType", - "OrganizationalRoleGroupType" - ], - [ - "MemberDNGroupType", - "MemberDNGroupType" - ], - [ - "NestedGroupOfNamesType", - "NestedGroupOfNamesType" - ], - [ - "NestedGroupOfUniqueNamesType", - "NestedGroupOfUniqueNamesType" - ], - [ - "NestedActiveDirectoryGroupType", - "NestedActiveDirectoryGroupType" - ], - [ - "NestedOrganizationalRoleGroupType", - "NestedOrganizationalRoleGroupType" - ], - [ - "NestedMemberDNGroupType", - "NestedMemberDNGroupType" - ], - [ - "PosixUIDGroupType", - "PosixUIDGroupType" - ] - ] - }, - "AUTH_LDAP_5_GROUP_TYPE_PARAMS": { - "type": "nested object", - "required": false, - "label": "LDAP Group Type Parameters", - "help_text": "Key value parameters to send the chosen group type init method.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "ldap_group_user_attr": "legacyuid", - "member_attr": "member", - "name_attr": "cn" - }, - "default": { - "member_attr": "member", - "name_attr": "cn" - }, - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "AUTH_LDAP_5_REQUIRE_GROUP": { - "type": "string", - "required": false, - "label": "LDAP Require Group", - "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com", - "default": null - }, - "AUTH_LDAP_5_DENY_GROUP": { - "type": "string", - "required": false, - "label": "LDAP Deny Group", - "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com", - "default": null - }, - "AUTH_LDAP_5_USER_FLAGS_BY_GROUP": { - "type": "nested object", - "required": false, - "label": "LDAP User Flags By Group", - "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com", - "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com" - }, - "default": {}, - "child": { - "type": "list", - "required": true, - "read_only": false, - "child": { - "type": "string", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_5_ORGANIZATION_MAP": { - "type": "nested object", - "required": false, - "label": "LDAP Organization Map", - "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "Test Org": { - "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com", - "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com", - "users": [ - "CN=Domain Users,CN=Users,DC=example,DC=com" - ], - "remove_users": true, - "remove_admins": true - }, - "Test Org 2": { - "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com", - "users": true, - "remove_users": true, - "remove_admins": true - } - }, - "default": {}, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "AUTH_LDAP_5_TEAM_MAP": { - "type": "nested object", - "required": false, - "label": "LDAP Team Map", - "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", - "category": "LDAP", - "category_slug": "ldap", - "placeholder": { - "My Team": { - "organization": "Test Org", - "users": [ - "CN=Domain Users,CN=Users,DC=example,DC=com" - ], - "remove": true - }, - "Other Team": { - "organization": "Test Org 2", - "users": "CN=Other Users,CN=Users,DC=example,DC=com", - "remove": false - } - }, - "default": {}, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "RADIUS_SERVER": { - "type": "string", - "required": false, - "label": "RADIUS Server", - "help_text": "Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty.", - "category": "RADIUS", - "category_slug": "radius", - "placeholder": "radius.example.com", - "default": "" - }, - "RADIUS_PORT": { - "type": "integer", - "required": false, - "label": "RADIUS Port", - "help_text": "Port of RADIUS server.", - "min_value": 1, - "max_value": 65535, - "category": "RADIUS", - "category_slug": "radius", - "default": 1812 - }, - "RADIUS_SECRET": { - "type": "string", - "required": false, - "label": "RADIUS Secret", - "help_text": "Shared secret for authenticating to RADIUS server.", - "category": "RADIUS", - "category_slug": "radius", - "default": "" - }, - "TACACSPLUS_HOST": { - "type": "string", - "required": false, - "label": "TACACS+ Server", - "help_text": "Hostname of TACACS+ server.", - "category": "TACACS+", - "category_slug": "tacacsplus", - "default": "" - }, - "TACACSPLUS_PORT": { - "type": "integer", - "required": false, - "label": "TACACS+ Port", - "help_text": "Port number of TACACS+ server.", - "min_value": 1, - "max_value": 65535, - "category": "TACACS+", - "category_slug": "tacacsplus", - "default": 49 - }, - "TACACSPLUS_SECRET": { - "type": "string", - "required": false, - "label": "TACACS+ Secret", - "help_text": "Shared secret for authenticating to TACACS+ server.", - "category": "TACACS+", - "category_slug": "tacacsplus", - "default": "" - }, - "TACACSPLUS_SESSION_TIMEOUT": { - "type": "integer", - "required": false, - "label": "TACACS+ Auth Session Timeout", - "help_text": "TACACS+ session timeout value in seconds, 0 disables timeout.", - "min_value": 0, - "category": "TACACS+", - "category_slug": "tacacsplus", - "unit": "seconds", - "default": 5 - }, - "TACACSPLUS_AUTH_PROTOCOL": { - "type": "choice", - "required": false, - "label": "TACACS+ Authentication Protocol", - "help_text": "Choose the authentication protocol used by TACACS+ client.", - "category": "TACACS+", - "category_slug": "tacacsplus", - "default": "ascii", - "choices": [ - [ - "ascii", - "ascii" - ], - [ - "pap", - "pap" - ] - ] - }, - "SOCIAL_AUTH_GOOGLE_OAUTH2_KEY": { - "type": "string", - "required": false, - "label": "Google OAuth2 Key", - "help_text": "The OAuth2 key from your web application.", - "category": "Google OAuth2", - "category_slug": "google-oauth2", - "placeholder": "528620852399-gm2dt4hrl2tsj67fqamk09k1e0ad6gd8.apps.googleusercontent.com", - "default": "" - }, - "SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET": { - "type": "string", - "required": false, - "label": "Google OAuth2 Secret", - "help_text": "The OAuth2 secret from your web application.", - "category": "Google OAuth2", - "category_slug": "google-oauth2", - "placeholder": "q2fMVCmEregbg-drvebPp8OW", - "default": "" - }, - "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS": { - "type": "list", - "required": false, - "label": "Google OAuth2 Allowed Domains", - "help_text": "Update this setting to restrict the domains who are allowed to login using Google OAuth2.", - "category": "Google OAuth2", - "category_slug": "google-oauth2", - "placeholder": [ - "example.com" - ], - "default": [], - "child": { - "type": "string", - "required": true, - "read_only": false - } - }, - "SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS": { - "type": "nested object", - "required": false, - "label": "Google OAuth2 Extra Arguments", - "help_text": "Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.", - "category": "Google OAuth2", - "category_slug": "google-oauth2", - "placeholder": { - "hd": "example.com" - }, - "default": {}, - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP": { - "type": "nested object", - "required": false, - "label": "Google OAuth2 Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "Google OAuth2", - "category_slug": "google-oauth2", - "placeholder": { - "Default": { - "users": true - }, - "Test Org": { - "admins": [ - "admin@example.com" - ], - "auditors": [ - "auditor@example.com" - ], - "users": true - }, - "Test Org 2": { - "admins": [ - "admin@example.com", - "/^tower-[^@]+*?@.*$/" - ], - "remove_admins": true, - "users": "/^[^@].*?@example\\.com$/i", - "remove_users": true - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP": { - "type": "nested object", - "required": false, - "label": "Google OAuth2 Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", - "category": "Google OAuth2", - "category_slug": "google-oauth2", - "placeholder": { - "My Team": { - "organization": "Test Org", - "users": [ - "/^[^@]+?@test\\.example\\.com$/" - ], - "remove": true - }, - "Other Team": { - "organization": "Test Org 2", - "users": "/^[^@]+?@test2\\.example\\.com$/i", - "remove": false - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_KEY": { - "type": "string", - "required": false, - "label": "GitHub OAuth2 Key", - "help_text": "The OAuth2 key (Client ID) from your GitHub developer application.", - "category": "GitHub OAuth2", - "category_slug": "github", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_SECRET": { - "type": "string", - "required": false, - "label": "GitHub OAuth2 Secret", - "help_text": "The OAuth2 secret (Client Secret) from your GitHub developer application.", - "category": "GitHub OAuth2", - "category_slug": "github", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP": { - "type": "nested object", - "required": false, - "label": "GitHub OAuth2 Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "GitHub OAuth2", - "category_slug": "github", - "placeholder": { - "Default": { - "users": true - }, - "Test Org": { - "admins": [ - "admin@example.com" - ], - "auditors": [ - "auditor@example.com" - ], - "users": true - }, - "Test Org 2": { - "admins": [ - "admin@example.com", - "/^tower-[^@]+*?@.*$/" - ], - "remove_admins": true, - "users": "/^[^@].*?@example\\.com$/i", - "remove_users": true - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_TEAM_MAP": { - "type": "nested object", - "required": false, - "label": "GitHub OAuth2 Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", - "category": "GitHub OAuth2", - "category_slug": "github", - "placeholder": { - "My Team": { - "organization": "Test Org", - "users": [ - "/^[^@]+?@test\\.example\\.com$/" - ], - "remove": true - }, - "Other Team": { - "organization": "Test Org 2", - "users": "/^[^@]+?@test2\\.example\\.com$/i", - "remove": false - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_ORG_KEY": { - "type": "string", - "required": false, - "label": "GitHub Organization OAuth2 Key", - "help_text": "The OAuth2 key (Client ID) from your GitHub organization application.", - "category": "GitHub Organization OAuth2", - "category_slug": "github-org", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_ORG_SECRET": { - "type": "string", - "required": false, - "label": "GitHub Organization OAuth2 Secret", - "help_text": "The OAuth2 secret (Client Secret) from your GitHub organization application.", - "category": "GitHub Organization OAuth2", - "category_slug": "github-org", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_ORG_NAME": { - "type": "string", - "required": false, - "label": "GitHub Organization Name", - "help_text": "The name of your GitHub organization, as used in your organization's URL: https://github.com//.", - "category": "GitHub Organization OAuth2", - "category_slug": "github-org", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP": { - "type": "nested object", - "required": false, - "label": "GitHub Organization OAuth2 Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "GitHub Organization OAuth2", - "category_slug": "github-org", - "placeholder": { - "Default": { - "users": true - }, - "Test Org": { - "admins": [ - "admin@example.com" - ], - "auditors": [ - "auditor@example.com" - ], - "users": true - }, - "Test Org 2": { - "admins": [ - "admin@example.com", - "/^tower-[^@]+*?@.*$/" - ], - "remove_admins": true, - "users": "/^[^@].*?@example\\.com$/i", - "remove_users": true - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP": { - "type": "nested object", - "required": false, - "label": "GitHub Organization OAuth2 Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", - "category": "GitHub Organization OAuth2", - "category_slug": "github-org", - "placeholder": { - "My Team": { - "organization": "Test Org", - "users": [ - "/^[^@]+?@test\\.example\\.com$/" - ], - "remove": true - }, - "Other Team": { - "organization": "Test Org 2", - "users": "/^[^@]+?@test2\\.example\\.com$/i", - "remove": false - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_TEAM_KEY": { - "type": "string", - "required": false, - "label": "GitHub Team OAuth2 Key", - "help_text": "The OAuth2 key (Client ID) from your GitHub organization application.", - "category": "GitHub Team OAuth2", - "category_slug": "github-team", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_TEAM_SECRET": { - "type": "string", - "required": false, - "label": "GitHub Team OAuth2 Secret", - "help_text": "The OAuth2 secret (Client Secret) from your GitHub organization application.", - "category": "GitHub Team OAuth2", - "category_slug": "github-team", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_TEAM_ID": { - "type": "string", - "required": false, - "label": "GitHub Team ID", - "help_text": "Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.", - "category": "GitHub Team OAuth2", - "category_slug": "github-team", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP": { - "type": "nested object", - "required": false, - "label": "GitHub Team OAuth2 Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "GitHub Team OAuth2", - "category_slug": "github-team", - "placeholder": { - "Default": { - "users": true - }, - "Test Org": { - "admins": [ - "admin@example.com" - ], - "auditors": [ - "auditor@example.com" - ], - "users": true - }, - "Test Org 2": { - "admins": [ - "admin@example.com", - "/^tower-[^@]+*?@.*$/" - ], - "remove_admins": true, - "users": "/^[^@].*?@example\\.com$/i", - "remove_users": true - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP": { - "type": "nested object", - "required": false, - "label": "GitHub Team OAuth2 Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", - "category": "GitHub Team OAuth2", - "category_slug": "github-team", - "placeholder": { - "My Team": { - "organization": "Test Org", - "users": [ - "/^[^@]+?@test\\.example\\.com$/" - ], - "remove": true - }, - "Other Team": { - "organization": "Test Org 2", - "users": "/^[^@]+?@test2\\.example\\.com$/i", - "remove": false - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_URL": { - "type": "string", - "required": false, - "label": "GitHub Enterprise URL", - "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.", - "category": "GitHub Enterprise OAuth2", - "category_slug": "github-enterprise", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL": { - "type": "string", - "required": false, - "label": "GitHub Enterprise API URL", - "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.", - "category": "GitHub Enterprise OAuth2", - "category_slug": "github-enterprise", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY": { - "type": "string", - "required": false, - "label": "GitHub Enterprise OAuth2 Key", - "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise developer application.", - "category": "GitHub Enterprise OAuth2", - "category_slug": "github-enterprise", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET": { - "type": "string", - "required": false, - "label": "GitHub Enterprise OAuth2 Secret", - "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application.", - "category": "GitHub OAuth2", - "category_slug": "github-enterprise", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP": { - "type": "nested object", - "required": false, - "label": "GitHub Enterprise OAuth2 Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "GitHub Enterprise OAuth2", - "category_slug": "github-enterprise", - "placeholder": { - "Default": { - "users": true - }, - "Test Org": { - "admins": [ - "admin@example.com" - ], - "auditors": [ - "auditor@example.com" - ], - "users": true - }, - "Test Org 2": { - "admins": [ - "admin@example.com", - "/^tower-[^@]+*?@.*$/" - ], - "remove_admins": true, - "users": "/^[^@].*?@example\\.com$/i", - "remove_users": true - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP": { - "type": "nested object", - "required": false, - "label": "GitHub Enterprise OAuth2 Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", - "category": "GitHub Enterprise OAuth2", - "category_slug": "github-enterprise", - "placeholder": { - "My Team": { - "organization": "Test Org", - "users": [ - "/^[^@]+?@test\\.example\\.com$/" - ], - "remove": true - }, - "Other Team": { - "organization": "Test Org 2", - "users": "/^[^@]+?@test2\\.example\\.com$/i", - "remove": false - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL": { - "type": "string", - "required": false, - "label": "GitHub Enterprise Organization URL", - "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.", - "category": "GitHub Enterprise OAuth2", - "category_slug": "github-enterprise-org", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL": { - "type": "string", - "required": false, - "label": "GitHub Enterprise Organization API URL", - "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.", - "category": "GitHub Enterprise OAuth2", - "category_slug": "github-enterprise-org", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY": { - "type": "string", - "required": false, - "label": "GitHub Enterprise Organization OAuth2 Key", - "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise organization application.", - "category": "GitHub Enterprise Organization OAuth2", - "category_slug": "github-enterprise-org", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET": { - "type": "string", - "required": false, - "label": "GitHub Enterprise Organization OAuth2 Secret", - "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.", - "category": "GitHub Enterprise Organization OAuth2", - "category_slug": "github-enterprise-org", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME": { - "type": "string", - "required": false, - "label": "GitHub Enterprise Organization Name", - "help_text": "The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com//.", - "category": "GitHub Enterprise Organization OAuth2", - "category_slug": "github-enterprise-org", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP": { - "type": "nested object", - "required": false, - "label": "GitHub Enterprise Organization OAuth2 Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "GitHub Enterprise Organization OAuth2", - "category_slug": "github-enterprise-org", - "placeholder": { - "Default": { - "users": true - }, - "Test Org": { - "admins": [ - "admin@example.com" - ], - "auditors": [ - "auditor@example.com" - ], - "users": true - }, - "Test Org 2": { - "admins": [ - "admin@example.com", - "/^tower-[^@]+*?@.*$/" - ], - "remove_admins": true, - "users": "/^[^@].*?@example\\.com$/i", - "remove_users": true - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP": { - "type": "nested object", - "required": false, - "label": "GitHub Enterprise Organization OAuth2 Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", - "category": "GitHub Enterprise Organization OAuth2", - "category_slug": "github-enterprise-org", - "placeholder": { - "My Team": { - "organization": "Test Org", - "users": [ - "/^[^@]+?@test\\.example\\.com$/" - ], - "remove": true - }, - "Other Team": { - "organization": "Test Org 2", - "users": "/^[^@]+?@test2\\.example\\.com$/i", - "remove": false - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL": { - "type": "string", - "required": false, - "label": "GitHub Enterprise Team URL", - "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.", - "category": "GitHub Enterprise OAuth2", - "category_slug": "github-enterprise-team", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL": { - "type": "string", - "required": false, - "label": "GitHub Enterprise Team API URL", - "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.", - "category": "GitHub Enterprise OAuth2", - "category_slug": "github-enterprise-team", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY": { - "type": "string", - "required": false, - "label": "GitHub Enterprise Team OAuth2 Key", - "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise organization application.", - "category": "GitHub Enterprise Team OAuth2", - "category_slug": "github-enterprise-team", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET": { - "type": "string", - "required": false, - "label": "GitHub Enterprise Team OAuth2 Secret", - "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.", - "category": "GitHub Enterprise Team OAuth2", - "category_slug": "github-enterprise-team", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID": { - "type": "string", - "required": false, - "label": "GitHub Enterprise Team ID", - "help_text": "Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.", - "category": "GitHub Enterprise Team OAuth2", - "category_slug": "github-enterprise-team", - "default": "" - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP": { - "type": "nested object", - "required": false, - "label": "GitHub Enterprise Team OAuth2 Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "GitHub Enterprise Team OAuth2", - "category_slug": "github-enterprise-team", - "placeholder": { - "Default": { - "users": true - }, - "Test Org": { - "admins": [ - "admin@example.com" - ], - "auditors": [ - "auditor@example.com" - ], - "users": true - }, - "Test Org 2": { - "admins": [ - "admin@example.com", - "/^tower-[^@]+*?@.*$/" - ], - "remove_admins": true, - "users": "/^[^@].*?@example\\.com$/i", - "remove_users": true - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP": { - "type": "nested object", - "required": false, - "label": "GitHub Enterprise Team OAuth2 Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", - "category": "GitHub Enterprise Team OAuth2", - "category_slug": "github-enterprise-team", - "placeholder": { - "My Team": { - "organization": "Test Org", - "users": [ - "/^[^@]+?@test\\.example\\.com$/" - ], - "remove": true - }, - "Other Team": { - "organization": "Test Org 2", - "users": "/^[^@]+?@test2\\.example\\.com$/i", - "remove": false - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_AZUREAD_OAUTH2_KEY": { - "type": "string", - "required": false, - "label": "Azure AD OAuth2 Key", - "help_text": "The OAuth2 key (Client ID) from your Azure AD application.", - "category": "Azure AD OAuth2", - "category_slug": "azuread-oauth2", - "default": "" - }, - "SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET": { - "type": "string", - "required": false, - "label": "Azure AD OAuth2 Secret", - "help_text": "The OAuth2 secret (Client Secret) from your Azure AD application.", - "category": "Azure AD OAuth2", - "category_slug": "azuread-oauth2", - "default": "" - }, - "SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP": { - "type": "nested object", - "required": false, - "label": "Azure AD OAuth2 Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "Azure AD OAuth2", - "category_slug": "azuread-oauth2", - "placeholder": { - "Default": { - "users": true - }, - "Test Org": { - "admins": [ - "admin@example.com" - ], - "auditors": [ - "auditor@example.com" - ], - "users": true - }, - "Test Org 2": { - "admins": [ - "admin@example.com", - "/^tower-[^@]+*?@.*$/" - ], - "remove_admins": true, - "users": "/^[^@].*?@example\\.com$/i", - "remove_users": true - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP": { - "type": "nested object", - "required": false, - "label": "Azure AD OAuth2 Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", - "category": "Azure AD OAuth2", - "category_slug": "azuread-oauth2", - "placeholder": { - "My Team": { - "organization": "Test Org", - "users": [ - "/^[^@]+?@test\\.example\\.com$/" - ], - "remove": true - }, - "Other Team": { - "organization": "Test Org 2", - "users": "/^[^@]+?@test2\\.example\\.com$/i", - "remove": false - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SAML_AUTO_CREATE_OBJECTS": { - "type": "boolean", - "required": false, - "label": "Automatically Create Organizations and Teams on SAML Login", - "help_text": "When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login.", - "category": "SAML", - "category_slug": "saml", - "default": true - }, - "SOCIAL_AUTH_SAML_SP_ENTITY_ID": { - "type": "string", - "required": false, - "label": "SAML Service Provider Entity ID", - "help_text": "The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for Tower.", - "category": "SAML", - "category_slug": "saml", - "default": "" - }, - "SOCIAL_AUTH_SAML_SP_PUBLIC_CERT": { - "type": "string", - "required": true, - "label": "SAML Service Provider Public Certificate", - "help_text": "Create a keypair to use as a service provider (SP) and include the certificate content here.", - "category": "SAML", - "category_slug": "saml", - "default": "" - }, - "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY": { - "type": "string", - "required": true, - "label": "SAML Service Provider Private Key", - "help_text": "Create a keypair to use as a service provider (SP) and include the private key content here.", - "category": "SAML", - "category_slug": "saml", - "default": "" - }, - "SOCIAL_AUTH_SAML_ORG_INFO": { - "type": "nested object", - "required": true, - "label": "SAML Service Provider Organization Info", - "help_text": "Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.", - "category": "SAML", - "category_slug": "saml", - "placeholder": { - "en-US": { - "name": "example", - "displayname": "Example", - "url": "http://www.example.com" - } - }, - "default": {}, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_SAML_TECHNICAL_CONTACT": { - "type": "nested object", - "required": true, - "label": "SAML Service Provider Technical Contact", - "help_text": "Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.", - "category": "SAML", - "category_slug": "saml", - "placeholder": { - "givenName": "Technical Contact", - "emailAddress": "techsup@example.com" - }, - "default": {}, - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "SOCIAL_AUTH_SAML_SUPPORT_CONTACT": { - "type": "nested object", - "required": true, - "label": "SAML Service Provider Support Contact", - "help_text": "Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.", - "category": "SAML", - "category_slug": "saml", - "placeholder": { - "givenName": "Support Contact", - "emailAddress": "support@example.com" - }, - "default": {}, - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "SOCIAL_AUTH_SAML_ENABLED_IDPS": { - "type": "nested object", - "required": false, - "label": "SAML Enabled Identity Providers", - "help_text": "Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.", - "category": "SAML", - "category_slug": "saml", - "placeholder": { - "Okta": { - "entity_id": "http://www.okta.com/HHniyLkaxk9e76wD0Thh", - "url": "https://dev-123456.oktapreview.com/app/ansibletower/HHniyLkaxk9e76wD0Thh/sso/saml", - "x509cert": "MIIDpDCCAoygAwIBAgIGAVVZ4rPzMA0GCSqGSIb3...", - "attr_user_permanent_id": "username", - "attr_first_name": "first_name", - "attr_last_name": "last_name", - "attr_username": "username", - "attr_email": "email" - }, - "OneLogin": { - "entity_id": "https://app.onelogin.com/saml/metadata/123456", - "url": "https://example.onelogin.com/trust/saml2/http-post/sso/123456", - "x509cert": "MIIEJjCCAw6gAwIBAgIUfuSD54OPSBhndDHh3gZo...", - "attr_user_permanent_id": "name_id", - "attr_first_name": "User.FirstName", - "attr_last_name": "User.LastName", - "attr_username": "User.email", - "attr_email": "User.email" - } - }, - "default": {}, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_SAML_SECURITY_CONFIG": { - "type": "nested object", - "required": false, - "label": "SAML Security Config", - "help_text": "A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings", - "category": "SAML", - "category_slug": "saml", - "placeholder": { - "nameIdEncrypted": false, - "authnRequestsSigned": false, - "logoutRequestSigned": false, - "logoutResponseSigned": false, - "signMetadata": false, - "wantMessagesSigned": false, - "wantAssertionsSigned": false, - "wantAssertionsEncrypted": false, - "wantNameId": true, - "wantNameIdEncrypted": false, - "wantAttributeStatement": true, - "requestedAuthnContext": true, - "requestedAuthnContextComparison": "exact", - "metadataValidUntil": "2015-06-26T20:00:00Z", - "metadataCacheDuration": "PT518400S", - "signatureAlgorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1", - "digestAlgorithm": "http://www.w3.org/2000/09/xmldsig#sha1" - }, - "default": { - "requestedAuthnContext": false - }, - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "SOCIAL_AUTH_SAML_SP_EXTRA": { - "type": "nested object", - "required": false, - "label": "SAML Service Provider extra configuration data", - "help_text": "A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.", - "category": "SAML", - "category_slug": "saml", - "placeholder": {}, - "default": null, - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "SOCIAL_AUTH_SAML_EXTRA_DATA": { - "type": "list", - "required": false, - "label": "SAML IDP to extra_data attribute mapping", - "help_text": "A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.", - "category": "SAML", - "category_slug": "saml", - "placeholder": [ - [ - "attribute_name", - "extra_data_name_for_attribute" - ], - [ - "department", - "department" - ], - [ - "manager_full_name", - "manager_full_name" - ] - ], - "default": null, - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "SOCIAL_AUTH_SAML_ORGANIZATION_MAP": { - "type": "nested object", - "required": false, - "label": "SAML Organization Map", - "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", - "category": "SAML", - "category_slug": "saml", - "placeholder": { - "Default": { - "users": true - }, - "Test Org": { - "admins": [ - "admin@example.com" - ], - "auditors": [ - "auditor@example.com" - ], - "users": true - }, - "Test Org 2": { - "admins": [ - "admin@example.com", - "/^tower-[^@]+*?@.*$/" - ], - "remove_admins": true, - "users": "/^[^@].*?@example\\.com$/i", - "remove_users": true - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_SAML_TEAM_MAP": { - "type": "nested object", - "required": false, - "label": "SAML Team Map", - "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", - "category": "SAML", - "category_slug": "saml", - "placeholder": { - "My Team": { - "organization": "Test Org", - "users": [ - "/^[^@]+?@test\\.example\\.com$/" - ], - "remove": true - }, - "Other Team": { - "organization": "Test Org 2", - "users": "/^[^@]+?@test2\\.example\\.com$/i", - "remove": false - } - }, - "default": null, - "child": { - "type": "nested object", - "required": true, - "read_only": false, - "child": { - "type": "field", - "required": true, - "read_only": false - } - } - }, - "SOCIAL_AUTH_SAML_ORGANIZATION_ATTR": { - "type": "nested object", - "required": false, - "label": "SAML Organization Attribute Mapping", - "help_text": "Used to translate user organization membership into Tower.", - "category": "SAML", - "category_slug": "saml", - "placeholder": { - "saml_attr": "organization", - "saml_admin_attr": "organization_admin", - "saml_auditor_attr": "organization_auditor", - "remove": true, - "remove_admins": true, - "remove_auditors": true - }, - "default": {}, - "child": { - "type": "field", - "required": true, - "read_only": false - } - }, - "DEFAULT_EXECUTION_ENVIRONMENT": { - "type": "field", - "required": false, - "label": "Global default execution environment", - "help_text": "The Execution Environment to be used when one has not been configured for a job template.", - "category": "System", - "category_slug": "system", - "default": null + "PROXY_IP_ALLOWED_LIST": { + "type": "list", + "required": true, + "label": "Proxy IP Allowed List", + "help_text": "If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')", + "category": "System", + "category_slug": "system", + "default": [], + "child": { + "type": "string", + "required": true, + "read_only": false + } + }, + "REDHAT_USERNAME": { + "type": "string", + "required": false, + "label": "Red Hat customer username", + "help_text": "This username is used to send data to Insights for Ansible Automation Platform", + "category": "System", + "category_slug": "system", + "default": "" + }, + "REDHAT_PASSWORD": { + "type": "string", + "required": false, + "label": "Red Hat customer password", + "help_text": "This password is used to send data to Insights for Ansible Automation Platform", + "category": "System", + "category_slug": "system", + "default": "" + }, + "SUBSCRIPTIONS_USERNAME": { + "type": "string", + "required": false, + "label": "Red Hat or Satellite username", + "help_text": "This username is used to retrieve subscription and content information", + "category": "System", + "category_slug": "system", + "default": "" + }, + "SUBSCRIPTIONS_PASSWORD": { + "type": "string", + "required": false, + "label": "Red Hat or Satellite password", + "help_text": "This password is used to retrieve subscription and content information", + "category": "System", + "category_slug": "system", + "default": "" + }, + "AUTOMATION_ANALYTICS_URL": { + "type": "string", + "required": false, + "label": "Insights for Ansible Automation Platform upload URL", + "help_text": "This setting is used to to configure the upload URL for data collection for Red Hat Insights.", + "category": "System", + "category_slug": "system", + "default": "https://example.com" + }, + "DEFAULT_EXECUTION_ENVIRONMENT": { + "type": "field", + "required": false, + "label": "Global default execution environment", + "help_text": "The Execution Environment to be used when one has not been configured for a job template.", + "category": "System", + "category_slug": "system", + "default": null + }, + "CUSTOM_VENV_PATHS": { + "type": "list", + "required": false, + "label": "Custom virtual environment paths", + "help_text": "Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.", + "category": "System", + "category_slug": "system", + "default": [], + "child": { + "type": "string", + "required": true, + "read_only": false + } + }, + "AD_HOC_COMMANDS": { + "type": "list", + "required": false, + "label": "Ansible Modules Allowed for Ad Hoc Jobs", + "help_text": "List of modules allowed to be used by ad-hoc jobs.", + "category": "Jobs", + "category_slug": "jobs", + "default": [ + "command", + "shell", + "yum", + "apt", + "apt_key", + "apt_repository", + "apt_rpm", + "service", + "group", + "user", + "mount", + "ping", + "selinux", + "setup", + "win_ping", + "win_service", + "win_updates", + "win_group", + "win_user" + ], + "child": { + "type": "string", + "required": true, + "read_only": false + } + }, + "ALLOW_JINJA_IN_EXTRA_VARS": { + "type": "choice", + "required": true, + "label": "When can extra variables contain Jinja templates?", + "help_text": "Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python. It is recommended that this value be set to \"template\" or \"never\".", + "category": "Jobs", + "category_slug": "jobs", + "default": "template", + "choices": [ + ["always", "Always"], + ["never", "Never"], + ["template", "Only On Job Template Definitions"] + ] + }, + "AWX_ISOLATION_BASE_PATH": { + "type": "string", + "required": true, + "label": "Job execution path", + "help_text": "The directory in which the service will create new temporary directories for job execution and isolation (such as credential files).", + "category": "Jobs", + "category_slug": "jobs", + "default": "/tmp" + }, + "AWX_ISOLATION_SHOW_PATHS": { + "type": "list", + "required": false, + "label": "Paths to expose to isolated jobs", + "help_text": "List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line.", + "category": "Jobs", + "category_slug": "jobs", + "default": [], + "child": { + "type": "string", + "required": true, + "read_only": false + } + }, + "AWX_TASK_ENV": { + "type": "nested object", + "required": false, + "label": "Extra Environment Variables", + "help_text": "Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.", + "category": "Jobs", + "category_slug": "jobs", + "placeholder": { + "HTTP_PROXY": "myproxy.local:8080" }, - "SOCIAL_AUTH_SAML_TEAM_ATTR": { - "type": "nested object", - "required": false, - "label": "SAML Team Attribute Mapping", - "help_text": "Used to translate user team membership into Tower.", - "category": "SAML", - "category_slug": "saml", - "placeholder": { - "saml_attr": "team", - "remove": true, - "team_org_map": [ - { - "team": "Marketing", - "organization": "Red Hat" - }, - { - "team": "Human Resources", - "organization": "Red Hat" - }, - { - "team": "Engineering", - "organization": "Red Hat" - }, - { - "team": "Engineering", - "organization": "Ansible" - }, - { - "team": "Quality Engineering", - "organization": "Ansible" - }, - { - "team": "Sales", - "organization": "Ansible" - } - ] - }, - "default": {}, - "child": { - "type": "field", - "required": true, - "read_only": false - } + "default": {}, + "child": { + "type": "string", + "required": true, + "read_only": false + } + }, + "INSIGHTS_TRACKING_STATE": { + "type": "boolean", + "required": false, + "label": "Gather data for Insights for Ansible Automation Platform", + "help_text": "Enables the service to gather data on automation and send it to Red Hat Insights.", + "category": "System", + "category_slug": "system", + "default": false + }, + "PROJECT_UPDATE_VVV": { + "type": "boolean", + "required": true, + "label": "Run Project Updates With Higher Verbosity", + "help_text": "Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates.", + "category": "Jobs", + "category_slug": "jobs", + "default": false + }, + "AWX_ROLES_ENABLED": { + "type": "boolean", + "required": false, + "label": "Enable Role Download", + "help_text": "Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects.", + "category": "Jobs", + "category_slug": "jobs", + "default": true + }, + "AWX_COLLECTIONS_ENABLED": { + "type": "boolean", + "required": false, + "label": "Enable Collection(s) Download", + "help_text": "Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects.", + "category": "Jobs", + "category_slug": "jobs", + "default": true + }, + "AWX_SHOW_PLAYBOOK_LINKS": { + "type": "boolean", + "required": false, + "label": "Follow symlinks", + "help_text": "Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself.", + "category": "Jobs", + "category_slug": "jobs", + "default": false + }, + "GALAXY_IGNORE_CERTS": { + "type": "boolean", + "required": false, + "label": "Ignore Ansible Galaxy SSL Certificate Verification", + "help_text": "If set to true, certificate validation will not be done when installing content from any Galaxy server.", + "category": "Jobs", + "category_slug": "jobs", + "default": false + }, + "STDOUT_MAX_BYTES_DISPLAY": { + "type": "integer", + "required": true, + "label": "Standard Output Maximum Display Size", + "help_text": "Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.", + "min_value": 0, + "category": "Jobs", + "category_slug": "jobs", + "default": 1048576 + }, + "EVENT_STDOUT_MAX_BYTES_DISPLAY": { + "type": "integer", + "required": true, + "label": "Job Event Standard Output Maximum Display Size", + "help_text": "Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. `stdout` will end with `…` when truncated.", + "min_value": 0, + "category": "Jobs", + "category_slug": "jobs", + "default": 1024 + }, + "SCHEDULE_MAX_JOBS": { + "type": "integer", + "required": true, + "label": "Maximum Scheduled Jobs", + "help_text": "Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.", + "min_value": 1, + "category": "Jobs", + "category_slug": "jobs", + "default": 10 + }, + "AWX_ANSIBLE_CALLBACK_PLUGINS": { + "type": "list", + "required": false, + "label": "Ansible Callback Plugins", + "help_text": "List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.", + "category": "Jobs", + "category_slug": "jobs", + "default": [], + "child": { + "type": "string", + "required": true, + "read_only": false + } + }, + "DEFAULT_JOB_TIMEOUT": { + "type": "integer", + "required": false, + "label": "Default Job Timeout", + "help_text": "Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this.", + "min_value": 0, + "category": "Jobs", + "category_slug": "jobs", + "unit": "seconds", + "default": 0 + }, + "DEFAULT_INVENTORY_UPDATE_TIMEOUT": { + "type": "integer", + "required": false, + "label": "Default Inventory Update Timeout", + "help_text": "Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this.", + "min_value": 0, + "category": "Jobs", + "category_slug": "jobs", + "unit": "seconds", + "default": 0 + }, + "DEFAULT_PROJECT_UPDATE_TIMEOUT": { + "type": "integer", + "required": false, + "label": "Default Project Update Timeout", + "help_text": "Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this.", + "min_value": 0, + "category": "Jobs", + "category_slug": "jobs", + "unit": "seconds", + "default": 0 + }, + "ANSIBLE_FACT_CACHE_TIMEOUT": { + "type": "integer", + "required": false, + "label": "Per-Host Ansible Fact Cache Timeout", + "help_text": "Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed.", + "min_value": 0, + "category": "Jobs", + "category_slug": "jobs", + "unit": "seconds", + "default": 0 + }, + "MAX_FORKS": { + "type": "integer", + "required": false, + "label": "Maximum number of forks per job", + "help_text": "Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.", + "category": "Jobs", + "category_slug": "jobs", + "default": 200 + }, + "LOG_AGGREGATOR_HOST": { + "type": "string", + "required": false, + "label": "Logging Aggregator", + "help_text": "Hostname/IP where external logs will be sent to.", + "category": "Logging", + "category_slug": "logging", + "default": null + }, + "LOG_AGGREGATOR_PORT": { + "type": "integer", + "required": false, + "label": "Logging Aggregator Port", + "help_text": "Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).", + "category": "Logging", + "category_slug": "logging", + "default": null + }, + "LOG_AGGREGATOR_TYPE": { + "type": "choice", + "required": false, + "label": "Logging Aggregator Type", + "help_text": "Format messages for the chosen log aggregator.", + "category": "Logging", + "category_slug": "logging", + "default": null, + "choices": [ + [null, "---------"], + ["logstash", "logstash"], + ["splunk", "splunk"], + ["loggly", "loggly"], + ["sumologic", "sumologic"], + ["other", "other"] + ] + }, + "LOG_AGGREGATOR_USERNAME": { + "type": "string", + "required": false, + "label": "Logging Aggregator Username", + "help_text": "Username for external log aggregator (if required; HTTP/s only).", + "category": "Logging", + "category_slug": "logging", + "default": "" + }, + "LOG_AGGREGATOR_PASSWORD": { + "type": "string", + "required": false, + "label": "Logging Aggregator Password/Token", + "help_text": "Password or authentication token for external log aggregator (if required; HTTP/s only).", + "category": "Logging", + "category_slug": "logging", + "default": "" + }, + "LOG_AGGREGATOR_LOGGERS": { + "type": "list", + "required": false, + "label": "Loggers Sending Data to Log Aggregator Form", + "help_text": "List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs.", + "category": "Logging", + "category_slug": "logging", + "default": ["awx", "activity_stream", "job_events", "system_tracking"], + "child": { + "type": "string", + "required": true, + "read_only": false + } + }, + "LOG_AGGREGATOR_INDIVIDUAL_FACTS": { + "type": "boolean", + "required": false, + "label": "Log System Tracking Facts Individually", + "help_text": "If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing.", + "category": "Logging", + "category_slug": "logging", + "default": false + }, + "LOG_AGGREGATOR_ENABLED": { + "type": "boolean", + "required": false, + "label": "Enable External Logging", + "help_text": "Enable sending logs to external log aggregator.", + "category": "Logging", + "category_slug": "logging", + "default": false + }, + "LOG_AGGREGATOR_TOWER_UUID": { + "type": "string", + "required": false, + "label": "Cluster-wide unique identifier.", + "help_text": "Useful to uniquely identify instances.", + "category": "Logging", + "category_slug": "logging", + "default": "" + }, + "LOG_AGGREGATOR_PROTOCOL": { + "type": "choice", + "required": false, + "label": "Logging Aggregator Protocol", + "help_text": "Protocol used to communicate with log aggregator. HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname.", + "category": "Logging", + "category_slug": "logging", + "default": "https", + "choices": [ + ["https", "HTTPS/HTTP"], + ["tcp", "TCP"], + ["udp", "UDP"] + ] + }, + "LOG_AGGREGATOR_TCP_TIMEOUT": { + "type": "integer", + "required": false, + "label": "TCP Connection Timeout", + "help_text": "Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.", + "category": "Logging", + "category_slug": "logging", + "unit": "seconds", + "default": 5 + }, + "LOG_AGGREGATOR_VERIFY_CERT": { + "type": "boolean", + "required": false, + "label": "Enable/disable HTTPS certificate verification", + "help_text": "Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is \"https\". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection.", + "category": "Logging", + "category_slug": "logging", + "default": true + }, + "LOG_AGGREGATOR_LEVEL": { + "type": "choice", + "required": false, + "label": "Logging Aggregator Level Threshold", + "help_text": "Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting)", + "category": "Logging", + "category_slug": "logging", + "default": "INFO", + "choices": [ + ["DEBUG", "DEBUG"], + ["INFO", "INFO"], + ["WARNING", "WARNING"], + ["ERROR", "ERROR"], + ["CRITICAL", "CRITICAL"] + ] + }, + "LOG_AGGREGATOR_MAX_DISK_USAGE_GB": { + "type": "integer", + "required": false, + "label": "Maximum disk persistance for external log aggregation (in GB)", + "help_text": "Amount of data to store (in gigabytes) during an outage of the external log aggregator (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting.", + "min_value": 1, + "category": "Logging", + "category_slug": "logging", + "default": 1 + }, + "LOG_AGGREGATOR_MAX_DISK_USAGE_PATH": { + "type": "string", + "required": false, + "label": "File system location for rsyslogd disk persistence", + "help_text": "Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting.", + "category": "Logging", + "category_slug": "logging", + "default": "/var/lib/awx" + }, + "LOG_AGGREGATOR_RSYSLOGD_DEBUG": { + "type": "boolean", + "required": false, + "label": "Enable rsyslogd debugging", + "help_text": "Enabled high verbosity debugging for rsyslogd. Useful for debugging connection issues for external log aggregation.", + "category": "Logging", + "category_slug": "logging", + "default": false + }, + "AUTOMATION_ANALYTICS_LAST_GATHER": { + "type": "datetime", + "required": true, + "label": "Last gather date for Insights for Ansible Automation Platform.", + "category": "System", + "category_slug": "system", + "default": null + }, + "AUTOMATION_ANALYTICS_LAST_ENTRIES": { + "type": "string", + "required": false, + "label": "Last gathered entries for expensive collectors for Insights for Ansible Automation Platform.", + "category": "System", + "category_slug": "system", + "default": "" + }, + "AUTOMATION_ANALYTICS_GATHER_INTERVAL": { + "type": "integer", + "required": false, + "label": "Insights for Ansible Automation Platform Gather Interval", + "help_text": "Interval (in seconds) between data gathering.", + "min_value": 1800, + "category": "System", + "category_slug": "system", + "unit": "seconds", + "default": 14400 + }, + "SESSION_COOKIE_AGE": { + "type": "integer", + "required": true, + "label": "Idle Time Force Log Out", + "help_text": "Number of seconds that a user is inactive before they will need to login again.", + "min_value": 60, + "max_value": 30000000000, + "category": "Authentication", + "category_slug": "authentication", + "unit": "seconds", + "default": 1800 + }, + "SESSIONS_PER_USER": { + "type": "integer", + "required": true, + "label": "Maximum number of simultaneous logged in sessions", + "help_text": "Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.", + "min_value": -1, + "category": "Authentication", + "category_slug": "authentication", + "default": -1 + }, + "DISABLE_LOCAL_AUTH": { + "type": "boolean", + "required": true, + "label": "Disable the built-in authentication system", + "help_text": "Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration.", + "category": "Authentication", + "category_slug": "authentication", + "default": false + }, + "AUTH_BASIC_ENABLED": { + "type": "boolean", + "required": true, + "label": "Enable HTTP Basic Auth", + "help_text": "Enable HTTP Basic Auth for the API Browser.", + "category": "Authentication", + "category_slug": "authentication", + "default": true + }, + "OAUTH2_PROVIDER": { + "type": "nested object", + "required": false, + "label": "OAuth 2 Timeout Settings", + "help_text": "Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.", + "category": "Authentication", + "category_slug": "authentication", + "unit": "seconds", + "default": { + "ACCESS_TOKEN_EXPIRE_SECONDS": 31536000000, + "AUTHORIZATION_CODE_EXPIRE_SECONDS": 600, + "REFRESH_TOKEN_EXPIRE_SECONDS": 2628000 + }, + "child": { + "type": "integer", + "required": true, + "read_only": false, + "min_value": 1 + } + }, + "ALLOW_OAUTH2_FOR_EXTERNAL_USERS": { + "type": "boolean", + "required": false, + "label": "Allow External Users to Create OAuth2 Tokens", + "help_text": "For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off.", + "category": "Authentication", + "category_slug": "authentication", + "default": false + }, + "LOGIN_REDIRECT_OVERRIDE": { + "type": "string", + "required": false, + "label": "Login redirect override URL", + "help_text": "URL to which unauthorized users will be redirected to log in. If blank, users will be sent to the login page.", + "category": "Authentication", + "category_slug": "authentication", + "default": "" + }, + "PENDO_TRACKING_STATE": { + "type": "choice", + "required": true, + "label": "User Analytics Tracking State", + "help_text": "Enable or Disable User Analytics Tracking.", + "category": "UI", + "category_slug": "ui", + "default": "off", + "choices": [ + ["off", "Off"], + ["anonymous", "Anonymous"], + ["detailed", "Detailed"] + ] + }, + "CUSTOM_LOGIN_INFO": { + "type": "string", + "required": false, + "label": "Custom Login Info", + "help_text": "If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported.", + "category": "UI", + "category_slug": "ui", + "default": "" + }, + "CUSTOM_LOGO": { + "type": "string", + "required": false, + "label": "Custom Logo", + "help_text": "To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported.", + "category": "UI", + "category_slug": "ui", + "placeholder": "data:image/gif;base64,R0lGODlhAQABAIABAP///wAAACwAAAAAAQABAAACAkQBADs=", + "default": "" + }, + "MAX_UI_JOB_EVENTS": { + "type": "integer", + "required": true, + "label": "Max Job Events Retrieved by UI", + "help_text": "Maximum number of job events for the UI to retrieve within a single request.", + "min_value": 100, + "category": "UI", + "category_slug": "ui", + "default": 4000 + }, + "UI_LIVE_UPDATES_ENABLED": { + "type": "boolean", + "required": true, + "label": "Enable Live Updates in the UI", + "help_text": "If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details.", + "category": "UI", + "category_slug": "ui", + "default": true + }, + "SOCIAL_AUTH_ORGANIZATION_MAP": { + "type": "nested object", + "required": false, + "label": "Social Auth Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "Authentication", + "category_slug": "authentication", + "placeholder": { + "Default": { + "users": true + }, + "Test Org": { + "admins": ["admin@example.com"], + "auditors": ["auditor@example.com"], + "users": true + }, + "Test Org 2": { + "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"], + "remove_admins": true, + "users": "/^[^@].*?@example\\.com$/i", + "remove_users": true } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_TEAM_MAP": { + "type": "nested object", + "required": false, + "label": "Social Auth Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "Authentication", + "category_slug": "authentication", + "placeholder": { + "My Team": { + "organization": "Test Org", + "users": ["/^[^@]+?@test\\.example\\.com$/"], + "remove": true + }, + "Other Team": { + "organization": "Test Org 2", + "users": "/^[^@]+?@test2\\.example\\.com$/i", + "remove": false + } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_USER_FIELDS": { + "type": "list", + "required": false, + "label": "Social Auth User Fields", + "help_text": "When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.", + "category": "Authentication", + "category_slug": "authentication", + "placeholder": ["username", "email"], + "default": null, + "child": { + "type": "string", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_SERVER_URI": { + "type": "string", + "required": false, + "label": "LDAP Server URI", + "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "ldaps://ldap.example.com:636", + "default": "" + }, + "AUTH_LDAP_BIND_DN": { + "type": "string", + "required": false, + "label": "LDAP Bind DN", + "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", + "category": "LDAP", + "category_slug": "ldap", + "default": "" + }, + "AUTH_LDAP_BIND_PASSWORD": { + "type": "string", + "required": false, + "label": "LDAP Bind Password", + "help_text": "Password used to bind LDAP user account.", + "category": "LDAP", + "category_slug": "ldap", + "default": "" + }, + "AUTH_LDAP_START_TLS": { + "type": "boolean", + "required": false, + "label": "LDAP Start TLS", + "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", + "category": "LDAP", + "category_slug": "ldap", + "default": false + }, + "AUTH_LDAP_CONNECTION_OPTIONS": { + "type": "nested object", + "required": false, + "label": "LDAP Connection Options", + "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "OPT_REFERRALS": 0, + "OPT_NETWORK_TIMEOUT": 30 + }, + "default": { + "OPT_REFERRALS": 0, + "OPT_NETWORK_TIMEOUT": 30 + }, + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_USER_SEARCH": { + "type": "list", + "required": false, + "label": "LDAP User Search", + "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": [ + "OU=Users,DC=example,DC=com", + "SCOPE_SUBTREE", + "(sAMAccountName=%(user)s)" + ], + "default": [], + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_USER_DN_TEMPLATE": { + "type": "string", + "required": false, + "label": "LDAP User DN Template", + "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com", + "default": null + }, + "AUTH_LDAP_USER_ATTR_MAP": { + "type": "nested object", + "required": false, + "label": "LDAP User Attribute Map", + "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "first_name": "givenName", + "last_name": "sn", + "email": "mail" + }, + "default": {}, + "child": { + "type": "string", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_GROUP_SEARCH": { + "type": "list", + "required": false, + "label": "LDAP Group Search", + "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": [ + "DC=example,DC=com", + "SCOPE_SUBTREE", + "(objectClass=group)" + ], + "default": [], + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_GROUP_TYPE": { + "type": "choice", + "required": false, + "label": "LDAP Group Type", + "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", + "category": "LDAP", + "category_slug": "ldap", + "default": "MemberDNGroupType", + "choices": [ + ["PosixGroupType", "PosixGroupType"], + ["GroupOfNamesType", "GroupOfNamesType"], + ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"], + ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"], + ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"], + ["MemberDNGroupType", "MemberDNGroupType"], + ["NestedGroupOfNamesType", "NestedGroupOfNamesType"], + ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"], + ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"], + [ + "NestedOrganizationalRoleGroupType", + "NestedOrganizationalRoleGroupType" + ], + ["NestedMemberDNGroupType", "NestedMemberDNGroupType"], + ["PosixUIDGroupType", "PosixUIDGroupType"] + ] + }, + "AUTH_LDAP_GROUP_TYPE_PARAMS": { + "type": "nested object", + "required": false, + "label": "LDAP Group Type Parameters", + "help_text": "Key value parameters to send the chosen group type init method.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "ldap_group_user_attr": "legacyuid", + "member_attr": "member", + "name_attr": "cn" + }, + "default": { + "member_attr": "member", + "name_attr": "cn" + }, + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_REQUIRE_GROUP": { + "type": "string", + "required": false, + "label": "LDAP Require Group", + "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com", + "default": null + }, + "AUTH_LDAP_DENY_GROUP": { + "type": "string", + "required": false, + "label": "LDAP Deny Group", + "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com", + "default": null + }, + "AUTH_LDAP_USER_FLAGS_BY_GROUP": { + "type": "nested object", + "required": false, + "label": "LDAP User Flags By Group", + "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com", + "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com" + }, + "default": {}, + "child": { + "type": "list", + "required": true, + "read_only": false, + "child": { + "type": "string", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_ORGANIZATION_MAP": { + "type": "nested object", + "required": false, + "label": "LDAP Organization Map", + "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "Test Org": { + "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com", + "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com", + "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"], + "remove_users": true, + "remove_admins": true + }, + "Test Org 2": { + "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com", + "users": true, + "remove_users": true, + "remove_admins": true + } + }, + "default": {}, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_TEAM_MAP": { + "type": "nested object", + "required": false, + "label": "LDAP Team Map", + "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "My Team": { + "organization": "Test Org", + "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"], + "remove": true + }, + "Other Team": { + "organization": "Test Org 2", + "users": "CN=Other Users,CN=Users,DC=example,DC=com", + "remove": false + } + }, + "default": {}, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_1_SERVER_URI": { + "type": "string", + "required": false, + "label": "LDAP Server URI", + "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "ldaps://ldap.example.com:636", + "default": "" + }, + "AUTH_LDAP_1_BIND_DN": { + "type": "string", + "required": false, + "label": "LDAP Bind DN", + "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", + "category": "LDAP", + "category_slug": "ldap", + "default": "" + }, + "AUTH_LDAP_1_BIND_PASSWORD": { + "type": "string", + "required": false, + "label": "LDAP Bind Password", + "help_text": "Password used to bind LDAP user account.", + "category": "LDAP", + "category_slug": "ldap", + "default": "" + }, + "AUTH_LDAP_1_START_TLS": { + "type": "boolean", + "required": false, + "label": "LDAP Start TLS", + "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", + "category": "LDAP", + "category_slug": "ldap", + "default": false + }, + "AUTH_LDAP_1_CONNECTION_OPTIONS": { + "type": "nested object", + "required": false, + "label": "LDAP Connection Options", + "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "OPT_REFERRALS": 0, + "OPT_NETWORK_TIMEOUT": 30 + }, + "default": { + "OPT_REFERRALS": 0, + "OPT_NETWORK_TIMEOUT": 30 + }, + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_1_USER_SEARCH": { + "type": "list", + "required": false, + "label": "LDAP User Search", + "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": [ + "OU=Users,DC=example,DC=com", + "SCOPE_SUBTREE", + "(sAMAccountName=%(user)s)" + ], + "default": [], + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_1_USER_DN_TEMPLATE": { + "type": "string", + "required": false, + "label": "LDAP User DN Template", + "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com", + "default": null + }, + "AUTH_LDAP_1_USER_ATTR_MAP": { + "type": "nested object", + "required": false, + "label": "LDAP User Attribute Map", + "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "first_name": "givenName", + "last_name": "sn", + "email": "mail" + }, + "default": {}, + "child": { + "type": "string", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_1_GROUP_SEARCH": { + "type": "list", + "required": false, + "label": "LDAP Group Search", + "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": [ + "DC=example,DC=com", + "SCOPE_SUBTREE", + "(objectClass=group)" + ], + "default": [], + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_1_GROUP_TYPE": { + "type": "choice", + "required": false, + "label": "LDAP Group Type", + "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", + "category": "LDAP", + "category_slug": "ldap", + "default": "MemberDNGroupType", + "choices": [ + ["PosixGroupType", "PosixGroupType"], + ["GroupOfNamesType", "GroupOfNamesType"], + ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"], + ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"], + ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"], + ["MemberDNGroupType", "MemberDNGroupType"], + ["NestedGroupOfNamesType", "NestedGroupOfNamesType"], + ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"], + ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"], + [ + "NestedOrganizationalRoleGroupType", + "NestedOrganizationalRoleGroupType" + ], + ["NestedMemberDNGroupType", "NestedMemberDNGroupType"], + ["PosixUIDGroupType", "PosixUIDGroupType"] + ] + }, + "AUTH_LDAP_1_GROUP_TYPE_PARAMS": { + "type": "nested object", + "required": false, + "label": "LDAP Group Type Parameters", + "help_text": "Key value parameters to send the chosen group type init method.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "ldap_group_user_attr": "legacyuid", + "member_attr": "member", + "name_attr": "cn" + }, + "default": { + "member_attr": "member", + "name_attr": "cn" + }, + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_1_REQUIRE_GROUP": { + "type": "string", + "required": false, + "label": "LDAP Require Group", + "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com", + "default": null + }, + "AUTH_LDAP_1_DENY_GROUP": { + "type": "string", + "required": false, + "label": "LDAP Deny Group", + "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com", + "default": null + }, + "AUTH_LDAP_1_USER_FLAGS_BY_GROUP": { + "type": "nested object", + "required": false, + "label": "LDAP User Flags By Group", + "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com", + "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com" + }, + "default": {}, + "child": { + "type": "list", + "required": true, + "read_only": false, + "child": { + "type": "string", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_1_ORGANIZATION_MAP": { + "type": "nested object", + "required": false, + "label": "LDAP Organization Map", + "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "Test Org": { + "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com", + "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com", + "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"], + "remove_users": true, + "remove_admins": true + }, + "Test Org 2": { + "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com", + "users": true, + "remove_users": true, + "remove_admins": true + } + }, + "default": {}, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_1_TEAM_MAP": { + "type": "nested object", + "required": false, + "label": "LDAP Team Map", + "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "My Team": { + "organization": "Test Org", + "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"], + "remove": true + }, + "Other Team": { + "organization": "Test Org 2", + "users": "CN=Other Users,CN=Users,DC=example,DC=com", + "remove": false + } + }, + "default": {}, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_2_SERVER_URI": { + "type": "string", + "required": false, + "label": "LDAP Server URI", + "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "ldaps://ldap.example.com:636", + "default": "" + }, + "AUTH_LDAP_2_BIND_DN": { + "type": "string", + "required": false, + "label": "LDAP Bind DN", + "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", + "category": "LDAP", + "category_slug": "ldap", + "default": "" + }, + "AUTH_LDAP_2_BIND_PASSWORD": { + "type": "string", + "required": false, + "label": "LDAP Bind Password", + "help_text": "Password used to bind LDAP user account.", + "category": "LDAP", + "category_slug": "ldap", + "default": "" + }, + "AUTH_LDAP_2_START_TLS": { + "type": "boolean", + "required": false, + "label": "LDAP Start TLS", + "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", + "category": "LDAP", + "category_slug": "ldap", + "default": false + }, + "AUTH_LDAP_2_CONNECTION_OPTIONS": { + "type": "nested object", + "required": false, + "label": "LDAP Connection Options", + "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "OPT_REFERRALS": 0, + "OPT_NETWORK_TIMEOUT": 30 + }, + "default": { + "OPT_REFERRALS": 0, + "OPT_NETWORK_TIMEOUT": 30 + }, + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_2_USER_SEARCH": { + "type": "list", + "required": false, + "label": "LDAP User Search", + "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": [ + "OU=Users,DC=example,DC=com", + "SCOPE_SUBTREE", + "(sAMAccountName=%(user)s)" + ], + "default": [], + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_2_USER_DN_TEMPLATE": { + "type": "string", + "required": false, + "label": "LDAP User DN Template", + "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com", + "default": null + }, + "AUTH_LDAP_2_USER_ATTR_MAP": { + "type": "nested object", + "required": false, + "label": "LDAP User Attribute Map", + "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "first_name": "givenName", + "last_name": "sn", + "email": "mail" + }, + "default": {}, + "child": { + "type": "string", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_2_GROUP_SEARCH": { + "type": "list", + "required": false, + "label": "LDAP Group Search", + "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": [ + "DC=example,DC=com", + "SCOPE_SUBTREE", + "(objectClass=group)" + ], + "default": [], + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_2_GROUP_TYPE": { + "type": "choice", + "required": false, + "label": "LDAP Group Type", + "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", + "category": "LDAP", + "category_slug": "ldap", + "default": "MemberDNGroupType", + "choices": [ + ["PosixGroupType", "PosixGroupType"], + ["GroupOfNamesType", "GroupOfNamesType"], + ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"], + ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"], + ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"], + ["MemberDNGroupType", "MemberDNGroupType"], + ["NestedGroupOfNamesType", "NestedGroupOfNamesType"], + ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"], + ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"], + [ + "NestedOrganizationalRoleGroupType", + "NestedOrganizationalRoleGroupType" + ], + ["NestedMemberDNGroupType", "NestedMemberDNGroupType"], + ["PosixUIDGroupType", "PosixUIDGroupType"] + ] + }, + "AUTH_LDAP_2_GROUP_TYPE_PARAMS": { + "type": "nested object", + "required": false, + "label": "LDAP Group Type Parameters", + "help_text": "Key value parameters to send the chosen group type init method.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "ldap_group_user_attr": "legacyuid", + "member_attr": "member", + "name_attr": "cn" + }, + "default": { + "member_attr": "member", + "name_attr": "cn" + }, + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_2_REQUIRE_GROUP": { + "type": "string", + "required": false, + "label": "LDAP Require Group", + "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com", + "default": null + }, + "AUTH_LDAP_2_DENY_GROUP": { + "type": "string", + "required": false, + "label": "LDAP Deny Group", + "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com", + "default": null + }, + "AUTH_LDAP_2_USER_FLAGS_BY_GROUP": { + "type": "nested object", + "required": false, + "label": "LDAP User Flags By Group", + "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com", + "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com" + }, + "default": {}, + "child": { + "type": "list", + "required": true, + "read_only": false, + "child": { + "type": "string", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_2_ORGANIZATION_MAP": { + "type": "nested object", + "required": false, + "label": "LDAP Organization Map", + "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "Test Org": { + "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com", + "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com", + "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"], + "remove_users": true, + "remove_admins": true + }, + "Test Org 2": { + "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com", + "users": true, + "remove_users": true, + "remove_admins": true + } + }, + "default": {}, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_2_TEAM_MAP": { + "type": "nested object", + "required": false, + "label": "LDAP Team Map", + "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "My Team": { + "organization": "Test Org", + "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"], + "remove": true + }, + "Other Team": { + "organization": "Test Org 2", + "users": "CN=Other Users,CN=Users,DC=example,DC=com", + "remove": false + } + }, + "default": {}, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_3_SERVER_URI": { + "type": "string", + "required": false, + "label": "LDAP Server URI", + "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "ldaps://ldap.example.com:636", + "default": "" + }, + "AUTH_LDAP_3_BIND_DN": { + "type": "string", + "required": false, + "label": "LDAP Bind DN", + "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", + "category": "LDAP", + "category_slug": "ldap", + "default": "" + }, + "AUTH_LDAP_3_BIND_PASSWORD": { + "type": "string", + "required": false, + "label": "LDAP Bind Password", + "help_text": "Password used to bind LDAP user account.", + "category": "LDAP", + "category_slug": "ldap", + "default": "" + }, + "AUTH_LDAP_3_START_TLS": { + "type": "boolean", + "required": false, + "label": "LDAP Start TLS", + "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", + "category": "LDAP", + "category_slug": "ldap", + "default": false + }, + "AUTH_LDAP_3_CONNECTION_OPTIONS": { + "type": "nested object", + "required": false, + "label": "LDAP Connection Options", + "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "OPT_REFERRALS": 0, + "OPT_NETWORK_TIMEOUT": 30 + }, + "default": { + "OPT_REFERRALS": 0, + "OPT_NETWORK_TIMEOUT": 30 + }, + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_3_USER_SEARCH": { + "type": "list", + "required": false, + "label": "LDAP User Search", + "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": [ + "OU=Users,DC=example,DC=com", + "SCOPE_SUBTREE", + "(sAMAccountName=%(user)s)" + ], + "default": [], + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_3_USER_DN_TEMPLATE": { + "type": "string", + "required": false, + "label": "LDAP User DN Template", + "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com", + "default": null + }, + "AUTH_LDAP_3_USER_ATTR_MAP": { + "type": "nested object", + "required": false, + "label": "LDAP User Attribute Map", + "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "first_name": "givenName", + "last_name": "sn", + "email": "mail" + }, + "default": {}, + "child": { + "type": "string", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_3_GROUP_SEARCH": { + "type": "list", + "required": false, + "label": "LDAP Group Search", + "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": [ + "DC=example,DC=com", + "SCOPE_SUBTREE", + "(objectClass=group)" + ], + "default": [], + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_3_GROUP_TYPE": { + "type": "choice", + "required": false, + "label": "LDAP Group Type", + "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", + "category": "LDAP", + "category_slug": "ldap", + "default": "MemberDNGroupType", + "choices": [ + ["PosixGroupType", "PosixGroupType"], + ["GroupOfNamesType", "GroupOfNamesType"], + ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"], + ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"], + ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"], + ["MemberDNGroupType", "MemberDNGroupType"], + ["NestedGroupOfNamesType", "NestedGroupOfNamesType"], + ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"], + ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"], + [ + "NestedOrganizationalRoleGroupType", + "NestedOrganizationalRoleGroupType" + ], + ["NestedMemberDNGroupType", "NestedMemberDNGroupType"], + ["PosixUIDGroupType", "PosixUIDGroupType"] + ] + }, + "AUTH_LDAP_3_GROUP_TYPE_PARAMS": { + "type": "nested object", + "required": false, + "label": "LDAP Group Type Parameters", + "help_text": "Key value parameters to send the chosen group type init method.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "ldap_group_user_attr": "legacyuid", + "member_attr": "member", + "name_attr": "cn" + }, + "default": { + "member_attr": "member", + "name_attr": "cn" + }, + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_3_REQUIRE_GROUP": { + "type": "string", + "required": false, + "label": "LDAP Require Group", + "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com", + "default": null + }, + "AUTH_LDAP_3_DENY_GROUP": { + "type": "string", + "required": false, + "label": "LDAP Deny Group", + "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com", + "default": null + }, + "AUTH_LDAP_3_USER_FLAGS_BY_GROUP": { + "type": "nested object", + "required": false, + "label": "LDAP User Flags By Group", + "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com", + "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com" + }, + "default": {}, + "child": { + "type": "list", + "required": true, + "read_only": false, + "child": { + "type": "string", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_3_ORGANIZATION_MAP": { + "type": "nested object", + "required": false, + "label": "LDAP Organization Map", + "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "Test Org": { + "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com", + "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com", + "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"], + "remove_users": true, + "remove_admins": true + }, + "Test Org 2": { + "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com", + "users": true, + "remove_users": true, + "remove_admins": true + } + }, + "default": {}, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_3_TEAM_MAP": { + "type": "nested object", + "required": false, + "label": "LDAP Team Map", + "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "My Team": { + "organization": "Test Org", + "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"], + "remove": true + }, + "Other Team": { + "organization": "Test Org 2", + "users": "CN=Other Users,CN=Users,DC=example,DC=com", + "remove": false + } + }, + "default": {}, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_4_SERVER_URI": { + "type": "string", + "required": false, + "label": "LDAP Server URI", + "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "ldaps://ldap.example.com:636", + "default": "" + }, + "AUTH_LDAP_4_BIND_DN": { + "type": "string", + "required": false, + "label": "LDAP Bind DN", + "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", + "category": "LDAP", + "category_slug": "ldap", + "default": "" + }, + "AUTH_LDAP_4_BIND_PASSWORD": { + "type": "string", + "required": false, + "label": "LDAP Bind Password", + "help_text": "Password used to bind LDAP user account.", + "category": "LDAP", + "category_slug": "ldap", + "default": "" + }, + "AUTH_LDAP_4_START_TLS": { + "type": "boolean", + "required": false, + "label": "LDAP Start TLS", + "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", + "category": "LDAP", + "category_slug": "ldap", + "default": false + }, + "AUTH_LDAP_4_CONNECTION_OPTIONS": { + "type": "nested object", + "required": false, + "label": "LDAP Connection Options", + "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "OPT_REFERRALS": 0, + "OPT_NETWORK_TIMEOUT": 30 + }, + "default": { + "OPT_REFERRALS": 0, + "OPT_NETWORK_TIMEOUT": 30 + }, + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_4_USER_SEARCH": { + "type": "list", + "required": false, + "label": "LDAP User Search", + "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": [ + "OU=Users,DC=example,DC=com", + "SCOPE_SUBTREE", + "(sAMAccountName=%(user)s)" + ], + "default": [], + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_4_USER_DN_TEMPLATE": { + "type": "string", + "required": false, + "label": "LDAP User DN Template", + "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com", + "default": null + }, + "AUTH_LDAP_4_USER_ATTR_MAP": { + "type": "nested object", + "required": false, + "label": "LDAP User Attribute Map", + "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "first_name": "givenName", + "last_name": "sn", + "email": "mail" + }, + "default": {}, + "child": { + "type": "string", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_4_GROUP_SEARCH": { + "type": "list", + "required": false, + "label": "LDAP Group Search", + "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": [ + "DC=example,DC=com", + "SCOPE_SUBTREE", + "(objectClass=group)" + ], + "default": [], + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_4_GROUP_TYPE": { + "type": "choice", + "required": false, + "label": "LDAP Group Type", + "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", + "category": "LDAP", + "category_slug": "ldap", + "default": "MemberDNGroupType", + "choices": [ + ["PosixGroupType", "PosixGroupType"], + ["GroupOfNamesType", "GroupOfNamesType"], + ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"], + ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"], + ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"], + ["MemberDNGroupType", "MemberDNGroupType"], + ["NestedGroupOfNamesType", "NestedGroupOfNamesType"], + ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"], + ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"], + [ + "NestedOrganizationalRoleGroupType", + "NestedOrganizationalRoleGroupType" + ], + ["NestedMemberDNGroupType", "NestedMemberDNGroupType"], + ["PosixUIDGroupType", "PosixUIDGroupType"] + ] + }, + "AUTH_LDAP_4_GROUP_TYPE_PARAMS": { + "type": "nested object", + "required": false, + "label": "LDAP Group Type Parameters", + "help_text": "Key value parameters to send the chosen group type init method.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "ldap_group_user_attr": "legacyuid", + "member_attr": "member", + "name_attr": "cn" + }, + "default": { + "member_attr": "member", + "name_attr": "cn" + }, + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_4_REQUIRE_GROUP": { + "type": "string", + "required": false, + "label": "LDAP Require Group", + "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com", + "default": null + }, + "AUTH_LDAP_4_DENY_GROUP": { + "type": "string", + "required": false, + "label": "LDAP Deny Group", + "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com", + "default": null + }, + "AUTH_LDAP_4_USER_FLAGS_BY_GROUP": { + "type": "nested object", + "required": false, + "label": "LDAP User Flags By Group", + "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com", + "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com" + }, + "default": {}, + "child": { + "type": "list", + "required": true, + "read_only": false, + "child": { + "type": "string", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_4_ORGANIZATION_MAP": { + "type": "nested object", + "required": false, + "label": "LDAP Organization Map", + "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "Test Org": { + "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com", + "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com", + "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"], + "remove_users": true, + "remove_admins": true + }, + "Test Org 2": { + "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com", + "users": true, + "remove_users": true, + "remove_admins": true + } + }, + "default": {}, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_4_TEAM_MAP": { + "type": "nested object", + "required": false, + "label": "LDAP Team Map", + "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "My Team": { + "organization": "Test Org", + "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"], + "remove": true + }, + "Other Team": { + "organization": "Test Org 2", + "users": "CN=Other Users,CN=Users,DC=example,DC=com", + "remove": false + } + }, + "default": {}, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_5_SERVER_URI": { + "type": "string", + "required": false, + "label": "LDAP Server URI", + "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "ldaps://ldap.example.com:636", + "default": "" + }, + "AUTH_LDAP_5_BIND_DN": { + "type": "string", + "required": false, + "label": "LDAP Bind DN", + "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", + "category": "LDAP", + "category_slug": "ldap", + "default": "" + }, + "AUTH_LDAP_5_BIND_PASSWORD": { + "type": "string", + "required": false, + "label": "LDAP Bind Password", + "help_text": "Password used to bind LDAP user account.", + "category": "LDAP", + "category_slug": "ldap", + "default": "" + }, + "AUTH_LDAP_5_START_TLS": { + "type": "boolean", + "required": false, + "label": "LDAP Start TLS", + "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", + "category": "LDAP", + "category_slug": "ldap", + "default": false + }, + "AUTH_LDAP_5_CONNECTION_OPTIONS": { + "type": "nested object", + "required": false, + "label": "LDAP Connection Options", + "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "OPT_REFERRALS": 0, + "OPT_NETWORK_TIMEOUT": 30 + }, + "default": { + "OPT_REFERRALS": 0, + "OPT_NETWORK_TIMEOUT": 30 + }, + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_5_USER_SEARCH": { + "type": "list", + "required": false, + "label": "LDAP User Search", + "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": [ + "OU=Users,DC=example,DC=com", + "SCOPE_SUBTREE", + "(sAMAccountName=%(user)s)" + ], + "default": [], + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_5_USER_DN_TEMPLATE": { + "type": "string", + "required": false, + "label": "LDAP User DN Template", + "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com", + "default": null + }, + "AUTH_LDAP_5_USER_ATTR_MAP": { + "type": "nested object", + "required": false, + "label": "LDAP User Attribute Map", + "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "first_name": "givenName", + "last_name": "sn", + "email": "mail" + }, + "default": {}, + "child": { + "type": "string", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_5_GROUP_SEARCH": { + "type": "list", + "required": false, + "label": "LDAP Group Search", + "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": [ + "DC=example,DC=com", + "SCOPE_SUBTREE", + "(objectClass=group)" + ], + "default": [], + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_5_GROUP_TYPE": { + "type": "choice", + "required": false, + "label": "LDAP Group Type", + "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", + "category": "LDAP", + "category_slug": "ldap", + "default": "MemberDNGroupType", + "choices": [ + ["PosixGroupType", "PosixGroupType"], + ["GroupOfNamesType", "GroupOfNamesType"], + ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"], + ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"], + ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"], + ["MemberDNGroupType", "MemberDNGroupType"], + ["NestedGroupOfNamesType", "NestedGroupOfNamesType"], + ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"], + ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"], + [ + "NestedOrganizationalRoleGroupType", + "NestedOrganizationalRoleGroupType" + ], + ["NestedMemberDNGroupType", "NestedMemberDNGroupType"], + ["PosixUIDGroupType", "PosixUIDGroupType"] + ] + }, + "AUTH_LDAP_5_GROUP_TYPE_PARAMS": { + "type": "nested object", + "required": false, + "label": "LDAP Group Type Parameters", + "help_text": "Key value parameters to send the chosen group type init method.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "ldap_group_user_attr": "legacyuid", + "member_attr": "member", + "name_attr": "cn" + }, + "default": { + "member_attr": "member", + "name_attr": "cn" + }, + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "AUTH_LDAP_5_REQUIRE_GROUP": { + "type": "string", + "required": false, + "label": "LDAP Require Group", + "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com", + "default": null + }, + "AUTH_LDAP_5_DENY_GROUP": { + "type": "string", + "required": false, + "label": "LDAP Deny Group", + "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com", + "default": null + }, + "AUTH_LDAP_5_USER_FLAGS_BY_GROUP": { + "type": "nested object", + "required": false, + "label": "LDAP User Flags By Group", + "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com", + "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com" + }, + "default": {}, + "child": { + "type": "list", + "required": true, + "read_only": false, + "child": { + "type": "string", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_5_ORGANIZATION_MAP": { + "type": "nested object", + "required": false, + "label": "LDAP Organization Map", + "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "Test Org": { + "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com", + "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com", + "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"], + "remove_users": true, + "remove_admins": true + }, + "Test Org 2": { + "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com", + "users": true, + "remove_users": true, + "remove_admins": true + } + }, + "default": {}, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_5_TEAM_MAP": { + "type": "nested object", + "required": false, + "label": "LDAP Team Map", + "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "placeholder": { + "My Team": { + "organization": "Test Org", + "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"], + "remove": true + }, + "Other Team": { + "organization": "Test Org 2", + "users": "CN=Other Users,CN=Users,DC=example,DC=com", + "remove": false + } + }, + "default": {}, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "RADIUS_SERVER": { + "type": "string", + "required": false, + "label": "RADIUS Server", + "help_text": "Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty.", + "category": "RADIUS", + "category_slug": "radius", + "placeholder": "radius.example.com", + "default": "" + }, + "RADIUS_PORT": { + "type": "integer", + "required": false, + "label": "RADIUS Port", + "help_text": "Port of RADIUS server.", + "min_value": 1, + "max_value": 65535, + "category": "RADIUS", + "category_slug": "radius", + "default": 1812 + }, + "RADIUS_SECRET": { + "type": "string", + "required": false, + "label": "RADIUS Secret", + "help_text": "Shared secret for authenticating to RADIUS server.", + "category": "RADIUS", + "category_slug": "radius", + "default": "" + }, + "TACACSPLUS_HOST": { + "type": "string", + "required": false, + "label": "TACACS+ Server", + "help_text": "Hostname of TACACS+ server.", + "category": "TACACS+", + "category_slug": "tacacsplus", + "default": "" + }, + "TACACSPLUS_PORT": { + "type": "integer", + "required": false, + "label": "TACACS+ Port", + "help_text": "Port number of TACACS+ server.", + "min_value": 1, + "max_value": 65535, + "category": "TACACS+", + "category_slug": "tacacsplus", + "default": 49 + }, + "TACACSPLUS_SECRET": { + "type": "string", + "required": false, + "label": "TACACS+ Secret", + "help_text": "Shared secret for authenticating to TACACS+ server.", + "category": "TACACS+", + "category_slug": "tacacsplus", + "default": "" + }, + "TACACSPLUS_SESSION_TIMEOUT": { + "type": "integer", + "required": false, + "label": "TACACS+ Auth Session Timeout", + "help_text": "TACACS+ session timeout value in seconds, 0 disables timeout.", + "min_value": 0, + "category": "TACACS+", + "category_slug": "tacacsplus", + "unit": "seconds", + "default": 5 + }, + "TACACSPLUS_AUTH_PROTOCOL": { + "type": "choice", + "required": false, + "label": "TACACS+ Authentication Protocol", + "help_text": "Choose the authentication protocol used by TACACS+ client.", + "category": "TACACS+", + "category_slug": "tacacsplus", + "default": "ascii", + "choices": [ + ["ascii", "ascii"], + ["pap", "pap"] + ] + }, + "SOCIAL_AUTH_GOOGLE_OAUTH2_KEY": { + "type": "string", + "required": false, + "label": "Google OAuth2 Key", + "help_text": "The OAuth2 key from your web application.", + "category": "Google OAuth2", + "category_slug": "google-oauth2", + "placeholder": "528620852399-gm2dt4hrl2tsj67fqamk09k1e0ad6gd8.apps.googleusercontent.com", + "default": "" + }, + "SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET": { + "type": "string", + "required": false, + "label": "Google OAuth2 Secret", + "help_text": "The OAuth2 secret from your web application.", + "category": "Google OAuth2", + "category_slug": "google-oauth2", + "placeholder": "q2fMVCmEregbg-drvebPp8OW", + "default": "" + }, + "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS": { + "type": "list", + "required": false, + "label": "Google OAuth2 Allowed Domains", + "help_text": "Update this setting to restrict the domains who are allowed to login using Google OAuth2.", + "category": "Google OAuth2", + "category_slug": "google-oauth2", + "placeholder": ["example.com"], + "default": [], + "child": { + "type": "string", + "required": true, + "read_only": false + } + }, + "SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS": { + "type": "nested object", + "required": false, + "label": "Google OAuth2 Extra Arguments", + "help_text": "Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.", + "category": "Google OAuth2", + "category_slug": "google-oauth2", + "placeholder": { + "hd": "example.com" + }, + "default": {}, + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP": { + "type": "nested object", + "required": false, + "label": "Google OAuth2 Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "Google OAuth2", + "category_slug": "google-oauth2", + "placeholder": { + "Default": { + "users": true + }, + "Test Org": { + "admins": ["admin@example.com"], + "auditors": ["auditor@example.com"], + "users": true + }, + "Test Org 2": { + "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"], + "remove_admins": true, + "users": "/^[^@].*?@example\\.com$/i", + "remove_users": true + } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP": { + "type": "nested object", + "required": false, + "label": "Google OAuth2 Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "Google OAuth2", + "category_slug": "google-oauth2", + "placeholder": { + "My Team": { + "organization": "Test Org", + "users": ["/^[^@]+?@test\\.example\\.com$/"], + "remove": true + }, + "Other Team": { + "organization": "Test Org 2", + "users": "/^[^@]+?@test2\\.example\\.com$/i", + "remove": false + } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_KEY": { + "type": "string", + "required": false, + "label": "GitHub OAuth2 Key", + "help_text": "The OAuth2 key (Client ID) from your GitHub developer application.", + "category": "GitHub OAuth2", + "category_slug": "github", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_SECRET": { + "type": "string", + "required": false, + "label": "GitHub OAuth2 Secret", + "help_text": "The OAuth2 secret (Client Secret) from your GitHub developer application.", + "category": "GitHub OAuth2", + "category_slug": "github", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP": { + "type": "nested object", + "required": false, + "label": "GitHub OAuth2 Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "GitHub OAuth2", + "category_slug": "github", + "placeholder": { + "Default": { + "users": true + }, + "Test Org": { + "admins": ["admin@example.com"], + "auditors": ["auditor@example.com"], + "users": true + }, + "Test Org 2": { + "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"], + "remove_admins": true, + "users": "/^[^@].*?@example\\.com$/i", + "remove_users": true + } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_TEAM_MAP": { + "type": "nested object", + "required": false, + "label": "GitHub OAuth2 Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "GitHub OAuth2", + "category_slug": "github", + "placeholder": { + "My Team": { + "organization": "Test Org", + "users": ["/^[^@]+?@test\\.example\\.com$/"], + "remove": true + }, + "Other Team": { + "organization": "Test Org 2", + "users": "/^[^@]+?@test2\\.example\\.com$/i", + "remove": false + } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_ORG_KEY": { + "type": "string", + "required": false, + "label": "GitHub Organization OAuth2 Key", + "help_text": "The OAuth2 key (Client ID) from your GitHub organization application.", + "category": "GitHub Organization OAuth2", + "category_slug": "github-org", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_ORG_SECRET": { + "type": "string", + "required": false, + "label": "GitHub Organization OAuth2 Secret", + "help_text": "The OAuth2 secret (Client Secret) from your GitHub organization application.", + "category": "GitHub Organization OAuth2", + "category_slug": "github-org", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_ORG_NAME": { + "type": "string", + "required": false, + "label": "GitHub Organization Name", + "help_text": "The name of your GitHub organization, as used in your organization's URL: https://github.com//.", + "category": "GitHub Organization OAuth2", + "category_slug": "github-org", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP": { + "type": "nested object", + "required": false, + "label": "GitHub Organization OAuth2 Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "GitHub Organization OAuth2", + "category_slug": "github-org", + "placeholder": { + "Default": { + "users": true + }, + "Test Org": { + "admins": ["admin@example.com"], + "auditors": ["auditor@example.com"], + "users": true + }, + "Test Org 2": { + "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"], + "remove_admins": true, + "users": "/^[^@].*?@example\\.com$/i", + "remove_users": true + } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP": { + "type": "nested object", + "required": false, + "label": "GitHub Organization OAuth2 Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "GitHub Organization OAuth2", + "category_slug": "github-org", + "placeholder": { + "My Team": { + "organization": "Test Org", + "users": ["/^[^@]+?@test\\.example\\.com$/"], + "remove": true + }, + "Other Team": { + "organization": "Test Org 2", + "users": "/^[^@]+?@test2\\.example\\.com$/i", + "remove": false + } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_TEAM_KEY": { + "type": "string", + "required": false, + "label": "GitHub Team OAuth2 Key", + "help_text": "The OAuth2 key (Client ID) from your GitHub organization application.", + "category": "GitHub Team OAuth2", + "category_slug": "github-team", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_TEAM_SECRET": { + "type": "string", + "required": false, + "label": "GitHub Team OAuth2 Secret", + "help_text": "The OAuth2 secret (Client Secret) from your GitHub organization application.", + "category": "GitHub Team OAuth2", + "category_slug": "github-team", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_TEAM_ID": { + "type": "string", + "required": false, + "label": "GitHub Team ID", + "help_text": "Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.", + "category": "GitHub Team OAuth2", + "category_slug": "github-team", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP": { + "type": "nested object", + "required": false, + "label": "GitHub Team OAuth2 Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "GitHub Team OAuth2", + "category_slug": "github-team", + "placeholder": { + "Default": { + "users": true + }, + "Test Org": { + "admins": ["admin@example.com"], + "auditors": ["auditor@example.com"], + "users": true + }, + "Test Org 2": { + "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"], + "remove_admins": true, + "users": "/^[^@].*?@example\\.com$/i", + "remove_users": true + } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP": { + "type": "nested object", + "required": false, + "label": "GitHub Team OAuth2 Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "GitHub Team OAuth2", + "category_slug": "github-team", + "placeholder": { + "My Team": { + "organization": "Test Org", + "users": ["/^[^@]+?@test\\.example\\.com$/"], + "remove": true + }, + "Other Team": { + "organization": "Test Org 2", + "users": "/^[^@]+?@test2\\.example\\.com$/i", + "remove": false + } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_URL": { + "type": "string", + "required": false, + "label": "GitHub Enterprise URL", + "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.", + "category": "GitHub Enterprise OAuth2", + "category_slug": "github-enterprise", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL": { + "type": "string", + "required": false, + "label": "GitHub Enterprise API URL", + "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.", + "category": "GitHub Enterprise OAuth2", + "category_slug": "github-enterprise", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY": { + "type": "string", + "required": false, + "label": "GitHub Enterprise OAuth2 Key", + "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise developer application.", + "category": "GitHub Enterprise OAuth2", + "category_slug": "github-enterprise", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET": { + "type": "string", + "required": false, + "label": "GitHub Enterprise OAuth2 Secret", + "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application.", + "category": "GitHub OAuth2", + "category_slug": "github-enterprise", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP": { + "type": "nested object", + "required": false, + "label": "GitHub Enterprise OAuth2 Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "GitHub Enterprise OAuth2", + "category_slug": "github-enterprise", + "placeholder": { + "Default": { + "users": true + }, + "Test Org": { + "admins": ["admin@example.com"], + "auditors": ["auditor@example.com"], + "users": true + }, + "Test Org 2": { + "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"], + "remove_admins": true, + "users": "/^[^@].*?@example\\.com$/i", + "remove_users": true + } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP": { + "type": "nested object", + "required": false, + "label": "GitHub Enterprise OAuth2 Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "GitHub Enterprise OAuth2", + "category_slug": "github-enterprise", + "placeholder": { + "My Team": { + "organization": "Test Org", + "users": ["/^[^@]+?@test\\.example\\.com$/"], + "remove": true + }, + "Other Team": { + "organization": "Test Org 2", + "users": "/^[^@]+?@test2\\.example\\.com$/i", + "remove": false + } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL": { + "type": "string", + "required": false, + "label": "GitHub Enterprise Organization URL", + "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.", + "category": "GitHub Enterprise OAuth2", + "category_slug": "github-enterprise-org", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL": { + "type": "string", + "required": false, + "label": "GitHub Enterprise Organization API URL", + "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.", + "category": "GitHub Enterprise OAuth2", + "category_slug": "github-enterprise-org", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY": { + "type": "string", + "required": false, + "label": "GitHub Enterprise Organization OAuth2 Key", + "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise organization application.", + "category": "GitHub Enterprise Organization OAuth2", + "category_slug": "github-enterprise-org", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET": { + "type": "string", + "required": false, + "label": "GitHub Enterprise Organization OAuth2 Secret", + "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.", + "category": "GitHub Enterprise Organization OAuth2", + "category_slug": "github-enterprise-org", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME": { + "type": "string", + "required": false, + "label": "GitHub Enterprise Organization Name", + "help_text": "The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com//.", + "category": "GitHub Enterprise Organization OAuth2", + "category_slug": "github-enterprise-org", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP": { + "type": "nested object", + "required": false, + "label": "GitHub Enterprise Organization OAuth2 Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "GitHub Enterprise Organization OAuth2", + "category_slug": "github-enterprise-org", + "placeholder": { + "Default": { + "users": true + }, + "Test Org": { + "admins": ["admin@example.com"], + "auditors": ["auditor@example.com"], + "users": true + }, + "Test Org 2": { + "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"], + "remove_admins": true, + "users": "/^[^@].*?@example\\.com$/i", + "remove_users": true + } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP": { + "type": "nested object", + "required": false, + "label": "GitHub Enterprise Organization OAuth2 Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "GitHub Enterprise Organization OAuth2", + "category_slug": "github-enterprise-org", + "placeholder": { + "My Team": { + "organization": "Test Org", + "users": ["/^[^@]+?@test\\.example\\.com$/"], + "remove": true + }, + "Other Team": { + "organization": "Test Org 2", + "users": "/^[^@]+?@test2\\.example\\.com$/i", + "remove": false + } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL": { + "type": "string", + "required": false, + "label": "GitHub Enterprise Team URL", + "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.", + "category": "GitHub Enterprise OAuth2", + "category_slug": "github-enterprise-team", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL": { + "type": "string", + "required": false, + "label": "GitHub Enterprise Team API URL", + "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.", + "category": "GitHub Enterprise OAuth2", + "category_slug": "github-enterprise-team", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY": { + "type": "string", + "required": false, + "label": "GitHub Enterprise Team OAuth2 Key", + "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise organization application.", + "category": "GitHub Enterprise Team OAuth2", + "category_slug": "github-enterprise-team", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET": { + "type": "string", + "required": false, + "label": "GitHub Enterprise Team OAuth2 Secret", + "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.", + "category": "GitHub Enterprise Team OAuth2", + "category_slug": "github-enterprise-team", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID": { + "type": "string", + "required": false, + "label": "GitHub Enterprise Team ID", + "help_text": "Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.", + "category": "GitHub Enterprise Team OAuth2", + "category_slug": "github-enterprise-team", + "default": "" + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP": { + "type": "nested object", + "required": false, + "label": "GitHub Enterprise Team OAuth2 Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "GitHub Enterprise Team OAuth2", + "category_slug": "github-enterprise-team", + "placeholder": { + "Default": { + "users": true + }, + "Test Org": { + "admins": ["admin@example.com"], + "auditors": ["auditor@example.com"], + "users": true + }, + "Test Org 2": { + "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"], + "remove_admins": true, + "users": "/^[^@].*?@example\\.com$/i", + "remove_users": true + } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP": { + "type": "nested object", + "required": false, + "label": "GitHub Enterprise Team OAuth2 Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "GitHub Enterprise Team OAuth2", + "category_slug": "github-enterprise-team", + "placeholder": { + "My Team": { + "organization": "Test Org", + "users": ["/^[^@]+?@test\\.example\\.com$/"], + "remove": true + }, + "Other Team": { + "organization": "Test Org 2", + "users": "/^[^@]+?@test2\\.example\\.com$/i", + "remove": false + } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_AZUREAD_OAUTH2_KEY": { + "type": "string", + "required": false, + "label": "Azure AD OAuth2 Key", + "help_text": "The OAuth2 key (Client ID) from your Azure AD application.", + "category": "Azure AD OAuth2", + "category_slug": "azuread-oauth2", + "default": "" + }, + "SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET": { + "type": "string", + "required": false, + "label": "Azure AD OAuth2 Secret", + "help_text": "The OAuth2 secret (Client Secret) from your Azure AD application.", + "category": "Azure AD OAuth2", + "category_slug": "azuread-oauth2", + "default": "" + }, + "SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP": { + "type": "nested object", + "required": false, + "label": "Azure AD OAuth2 Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "Azure AD OAuth2", + "category_slug": "azuread-oauth2", + "placeholder": { + "Default": { + "users": true + }, + "Test Org": { + "admins": ["admin@example.com"], + "auditors": ["auditor@example.com"], + "users": true + }, + "Test Org 2": { + "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"], + "remove_admins": true, + "users": "/^[^@].*?@example\\.com$/i", + "remove_users": true + } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP": { + "type": "nested object", + "required": false, + "label": "Azure AD OAuth2 Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "Azure AD OAuth2", + "category_slug": "azuread-oauth2", + "placeholder": { + "My Team": { + "organization": "Test Org", + "users": ["/^[^@]+?@test\\.example\\.com$/"], + "remove": true + }, + "Other Team": { + "organization": "Test Org 2", + "users": "/^[^@]+?@test2\\.example\\.com$/i", + "remove": false + } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SAML_AUTO_CREATE_OBJECTS": { + "type": "boolean", + "required": false, + "label": "Automatically Create Organizations and Teams on SAML Login", + "help_text": "When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login.", + "category": "SAML", + "category_slug": "saml", + "default": true + }, + "SOCIAL_AUTH_SAML_SP_ENTITY_ID": { + "type": "string", + "required": false, + "label": "SAML Service Provider Entity ID", + "help_text": "The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for the service.", + "category": "SAML", + "category_slug": "saml", + "default": "" + }, + "SOCIAL_AUTH_SAML_SP_PUBLIC_CERT": { + "type": "string", + "required": true, + "label": "SAML Service Provider Public Certificate", + "help_text": "Create a keypair to use as a service provider (SP) and include the certificate content here.", + "category": "SAML", + "category_slug": "saml", + "default": "" + }, + "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY": { + "type": "string", + "required": true, + "label": "SAML Service Provider Private Key", + "help_text": "Create a keypair to use as a service provider (SP) and include the private key content here.", + "category": "SAML", + "category_slug": "saml", + "default": "" + }, + "SOCIAL_AUTH_SAML_ORG_INFO": { + "type": "nested object", + "required": true, + "label": "SAML Service Provider Organization Info", + "help_text": "Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.", + "category": "SAML", + "category_slug": "saml", + "placeholder": { + "en-US": { + "name": "example", + "displayname": "Example", + "url": "http://www.example.com" + } + }, + "default": {}, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_SAML_TECHNICAL_CONTACT": { + "type": "nested object", + "required": true, + "label": "SAML Service Provider Technical Contact", + "help_text": "Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.", + "category": "SAML", + "category_slug": "saml", + "placeholder": { + "givenName": "Technical Contact", + "emailAddress": "techsup@example.com" + }, + "default": {}, + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "SOCIAL_AUTH_SAML_SUPPORT_CONTACT": { + "type": "nested object", + "required": true, + "label": "SAML Service Provider Support Contact", + "help_text": "Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.", + "category": "SAML", + "category_slug": "saml", + "placeholder": { + "givenName": "Support Contact", + "emailAddress": "support@example.com" + }, + "default": {}, + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "SOCIAL_AUTH_SAML_ENABLED_IDPS": { + "type": "nested object", + "required": false, + "label": "SAML Enabled Identity Providers", + "help_text": "Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.", + "category": "SAML", + "category_slug": "saml", + "placeholder": { + "Okta": { + "entity_id": "http://www.okta.com/HHniyLkaxk9e76wD0Thh", + "url": "https://dev-123456.oktapreview.com/app/ansibletower/HHniyLkaxk9e76wD0Thh/sso/saml", + "x509cert": "MIIDpDCCAoygAwIBAgIGAVVZ4rPzMA0GCSqGSIb3...", + "attr_user_permanent_id": "username", + "attr_first_name": "first_name", + "attr_last_name": "last_name", + "attr_username": "username", + "attr_email": "email" + }, + "OneLogin": { + "entity_id": "https://app.onelogin.com/saml/metadata/123456", + "url": "https://example.onelogin.com/trust/saml2/http-post/sso/123456", + "x509cert": "MIIEJjCCAw6gAwIBAgIUfuSD54OPSBhndDHh3gZo...", + "attr_user_permanent_id": "name_id", + "attr_first_name": "User.FirstName", + "attr_last_name": "User.LastName", + "attr_username": "User.email", + "attr_email": "User.email" + } + }, + "default": {}, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_SAML_SECURITY_CONFIG": { + "type": "nested object", + "required": false, + "label": "SAML Security Config", + "help_text": "A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings", + "category": "SAML", + "category_slug": "saml", + "placeholder": { + "nameIdEncrypted": false, + "authnRequestsSigned": false, + "logoutRequestSigned": false, + "logoutResponseSigned": false, + "signMetadata": false, + "wantMessagesSigned": false, + "wantAssertionsSigned": false, + "wantAssertionsEncrypted": false, + "wantNameId": true, + "wantNameIdEncrypted": false, + "wantAttributeStatement": true, + "requestedAuthnContext": true, + "requestedAuthnContextComparison": "exact", + "metadataValidUntil": "2015-06-26T20:00:00Z", + "metadataCacheDuration": "PT518400S", + "signatureAlgorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1", + "digestAlgorithm": "http://www.w3.org/2000/09/xmldsig#sha1" + }, + "default": { + "requestedAuthnContext": false + }, + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "SOCIAL_AUTH_SAML_SP_EXTRA": { + "type": "nested object", + "required": false, + "label": "SAML Service Provider extra configuration data", + "help_text": "A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.", + "category": "SAML", + "category_slug": "saml", + "placeholder": {}, + "default": null, + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "SOCIAL_AUTH_SAML_EXTRA_DATA": { + "type": "list", + "required": false, + "label": "SAML IDP to extra_data attribute mapping", + "help_text": "A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.", + "category": "SAML", + "category_slug": "saml", + "placeholder": [ + ["attribute_name", "extra_data_name_for_attribute"], + ["department", "department"], + ["manager_full_name", "manager_full_name"] + ], + "default": null, + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "SOCIAL_AUTH_SAML_ORGANIZATION_MAP": { + "type": "nested object", + "required": false, + "label": "SAML Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "SAML", + "category_slug": "saml", + "placeholder": { + "Default": { + "users": true + }, + "Test Org": { + "admins": ["admin@example.com"], + "auditors": ["auditor@example.com"], + "users": true + }, + "Test Org 2": { + "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"], + "remove_admins": true, + "users": "/^[^@].*?@example\\.com$/i", + "remove_users": true + } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_SAML_TEAM_MAP": { + "type": "nested object", + "required": false, + "label": "SAML Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "SAML", + "category_slug": "saml", + "placeholder": { + "My Team": { + "organization": "Test Org", + "users": ["/^[^@]+?@test\\.example\\.com$/"], + "remove": true + }, + "Other Team": { + "organization": "Test Org 2", + "users": "/^[^@]+?@test2\\.example\\.com$/i", + "remove": false + } + }, + "default": null, + "child": { + "type": "nested object", + "required": true, + "read_only": false, + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_SAML_ORGANIZATION_ATTR": { + "type": "nested object", + "required": false, + "label": "SAML Organization Attribute Mapping", + "help_text": "Used to translate user organization membership.", + "category": "SAML", + "category_slug": "saml", + "placeholder": { + "saml_attr": "organization", + "saml_admin_attr": "organization_admin", + "saml_auditor_attr": "organization_auditor", + "remove": true, + "remove_admins": true, + "remove_auditors": true + }, + "default": {}, + "child": { + "type": "field", + "required": true, + "read_only": false + } + }, + "SOCIAL_AUTH_SAML_TEAM_ATTR": { + "type": "nested object", + "required": false, + "label": "SAML Team Attribute Mapping", + "help_text": "Used to translate user team membership.", + "category": "SAML", + "category_slug": "saml", + "placeholder": { + "saml_attr": "team", + "remove": true, + "team_org_map": [ + { + "team": "Marketing", + "organization": "Red Hat" + }, + { + "team": "Human Resources", + "organization": "Red Hat" + }, + { + "team": "Engineering", + "organization": "Red Hat" + }, + { + "team": "Engineering", + "organization": "Ansible" + }, + { + "team": "Quality Engineering", + "organization": "Ansible" + }, + { + "team": "Sales", + "organization": "Ansible" + } + ] + }, + "default": {}, + "child": { + "type": "field", + "required": true, + "read_only": false + } } + }, + "GET": { + "ACTIVITY_STREAM_ENABLED": { + "type": "boolean", + "label": "Enable Activity Stream", + "help_text": "Enable capturing activity for the activity stream.", + "category": "System", + "category_slug": "system", + "defined_in_file": false + }, + "ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC": { + "type": "boolean", + "label": "Enable Activity Stream for Inventory Sync", + "help_text": "Enable capturing activity for the activity stream when running inventory sync.", + "category": "System", + "category_slug": "system", + "defined_in_file": false + }, + "ORG_ADMINS_CAN_SEE_ALL_USERS": { + "type": "boolean", + "label": "All Users Visible to Organization Admins", + "help_text": "Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.", + "category": "System", + "category_slug": "system", + "defined_in_file": false + }, + "MANAGE_ORGANIZATION_AUTH": { + "type": "boolean", + "label": "Organization Admins Can Manage Users and Teams", + "help_text": "Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration.", + "category": "System", + "category_slug": "system", + "defined_in_file": false + }, + "TOWER_URL_BASE": { + "type": "string", + "label": "Base URL of the service", + "help_text": "This setting is used by services like notifications to render a valid url to the service.", + "category": "System", + "category_slug": "system", + "defined_in_file": false + }, + "REMOTE_HOST_HEADERS": { + "type": "list", + "label": "Remote Host Headers", + "help_text": "HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as \"HTTP_X_FORWARDED_FOR\", if behind a reverse proxy. See the \"Proxy Support\" section of the Adminstrator guide for more details.", + "category": "System", + "category_slug": "system", + "defined_in_file": false, + "child": { + "type": "string" + } + }, + "PROXY_IP_ALLOWED_LIST": { + "type": "list", + "label": "Proxy IP Allowed List", + "help_text": "If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')", + "category": "System", + "category_slug": "system", + "defined_in_file": false, + "child": { + "type": "string" + } + }, + "LICENSE": { + "type": "nested object", + "label": "License", + "help_text": "The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.", + "category": "System", + "category_slug": "system", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "REDHAT_USERNAME": { + "type": "string", + "label": "Red Hat customer username", + "help_text": "This username is used to send data to Insights for Ansible Automation Platform", + "category": "System", + "category_slug": "system", + "defined_in_file": false + }, + "REDHAT_PASSWORD": { + "type": "string", + "label": "Red Hat customer password", + "help_text": "This password is used to send data to Insights for Ansible Automation Platform", + "category": "System", + "category_slug": "system", + "defined_in_file": false + }, + "SUBSCRIPTIONS_USERNAME": { + "type": "string", + "label": "Red Hat or Satellite username", + "help_text": "This username is used to retrieve subscription and content information", + "category": "System", + "category_slug": "system", + "defined_in_file": false + }, + "SUBSCRIPTIONS_PASSWORD": { + "type": "string", + "label": "Red Hat or Satellite password", + "help_text": "This password is used to retrieve subscription and content information", + "category": "System", + "category_slug": "system", + "defined_in_file": false + }, + "AUTOMATION_ANALYTICS_URL": { + "type": "string", + "label": "Insights for Ansible Automation Platform upload URL", + "help_text": "This setting is used to to configure the upload URL for data collection for Red Hat Insights.", + "category": "System", + "category_slug": "system", + "defined_in_file": false + }, + "INSTALL_UUID": { + "type": "string", + "label": "Unique identifier for an installation", + "category": "System", + "category_slug": "system", + "defined_in_file": false + }, + "DEFAULT_EXECUTION_ENVIRONMENT": { + "type": "field", + "label": "Global default execution environment", + "help_text": "The Execution Environment to be used when one has not been configured for a job template.", + "category": "System", + "category_slug": "system", + "defined_in_file": false + }, + "CUSTOM_VENV_PATHS": { + "type": "list", + "label": "Custom virtual environment paths", + "help_text": "Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.", + "category": "System", + "category_slug": "system", + "defined_in_file": false, + "child": { + "type": "string" + } + }, + "AD_HOC_COMMANDS": { + "type": "list", + "label": "Ansible Modules Allowed for Ad Hoc Jobs", + "help_text": "List of modules allowed to be used by ad-hoc jobs.", + "category": "Jobs", + "category_slug": "jobs", + "defined_in_file": false, + "child": { + "type": "string" + } + }, + "ALLOW_JINJA_IN_EXTRA_VARS": { + "type": "choice", + "label": "When can extra variables contain Jinja templates?", + "help_text": "Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python. It is recommended that this value be set to \"template\" or \"never\".", + "category": "Jobs", + "category_slug": "jobs", + "defined_in_file": false, + "choices": [ + ["always", "Always"], + ["never", "Never"], + ["template", "Only On Job Template Definitions"] + ] + }, + "AWX_ISOLATION_BASE_PATH": { + "type": "string", + "label": "Job execution path", + "help_text": "The directory in which the service will create new temporary directories for job execution and isolation (such as credential files).", + "category": "Jobs", + "category_slug": "jobs", + "defined_in_file": false + }, + "AWX_ISOLATION_SHOW_PATHS": { + "type": "list", + "label": "Paths to expose to isolated jobs", + "help_text": "List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line.", + "category": "Jobs", + "category_slug": "jobs", + "defined_in_file": false, + "child": { + "type": "string" + } + }, + "AWX_TASK_ENV": { + "type": "nested object", + "label": "Extra Environment Variables", + "help_text": "Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.", + "category": "Jobs", + "category_slug": "jobs", + "defined_in_file": false, + "child": { + "type": "string" + } + }, + "INSIGHTS_TRACKING_STATE": { + "type": "boolean", + "label": "Gather data for Insights for Ansible Automation Platform", + "help_text": "Enables the service to gather data on automation and send it to Red Hat Insights.", + "category": "System", + "category_slug": "system", + "defined_in_file": false + }, + "PROJECT_UPDATE_VVV": { + "type": "boolean", + "label": "Run Project Updates With Higher Verbosity", + "help_text": "Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates.", + "category": "Jobs", + "category_slug": "jobs", + "defined_in_file": false + }, + "AWX_ROLES_ENABLED": { + "type": "boolean", + "label": "Enable Role Download", + "help_text": "Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects.", + "category": "Jobs", + "category_slug": "jobs", + "defined_in_file": false + }, + "AWX_COLLECTIONS_ENABLED": { + "type": "boolean", + "label": "Enable Collection(s) Download", + "help_text": "Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects.", + "category": "Jobs", + "category_slug": "jobs", + "defined_in_file": false + }, + "AWX_SHOW_PLAYBOOK_LINKS": { + "type": "boolean", + "label": "Follow symlinks", + "help_text": "Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself.", + "category": "Jobs", + "category_slug": "jobs", + "defined_in_file": false + }, + "GALAXY_IGNORE_CERTS": { + "type": "boolean", + "label": "Ignore Ansible Galaxy SSL Certificate Verification", + "help_text": "If set to true, certificate validation will not be done when installing content from any Galaxy server.", + "category": "Jobs", + "category_slug": "jobs", + "defined_in_file": false + }, + "STDOUT_MAX_BYTES_DISPLAY": { + "type": "integer", + "label": "Standard Output Maximum Display Size", + "help_text": "Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.", + "min_value": 0, + "category": "Jobs", + "category_slug": "jobs", + "defined_in_file": false + }, + "EVENT_STDOUT_MAX_BYTES_DISPLAY": { + "type": "integer", + "label": "Job Event Standard Output Maximum Display Size", + "help_text": "Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. `stdout` will end with `…` when truncated.", + "min_value": 0, + "category": "Jobs", + "category_slug": "jobs", + "defined_in_file": false + }, + "SCHEDULE_MAX_JOBS": { + "type": "integer", + "label": "Maximum Scheduled Jobs", + "help_text": "Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.", + "min_value": 1, + "category": "Jobs", + "category_slug": "jobs", + "defined_in_file": false + }, + "AWX_ANSIBLE_CALLBACK_PLUGINS": { + "type": "list", + "label": "Ansible Callback Plugins", + "help_text": "List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.", + "category": "Jobs", + "category_slug": "jobs", + "defined_in_file": false, + "child": { + "type": "string" + } + }, + "DEFAULT_JOB_TIMEOUT": { + "type": "integer", + "label": "Default Job Timeout", + "help_text": "Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this.", + "min_value": 0, + "category": "Jobs", + "category_slug": "jobs", + "defined_in_file": false, + "unit": "seconds" + }, + "DEFAULT_INVENTORY_UPDATE_TIMEOUT": { + "type": "integer", + "label": "Default Inventory Update Timeout", + "help_text": "Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this.", + "min_value": 0, + "category": "Jobs", + "category_slug": "jobs", + "defined_in_file": false, + "unit": "seconds" + }, + "DEFAULT_PROJECT_UPDATE_TIMEOUT": { + "type": "integer", + "label": "Default Project Update Timeout", + "help_text": "Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this.", + "min_value": 0, + "category": "Jobs", + "category_slug": "jobs", + "defined_in_file": false, + "unit": "seconds" + }, + "ANSIBLE_FACT_CACHE_TIMEOUT": { + "type": "integer", + "label": "Per-Host Ansible Fact Cache Timeout", + "help_text": "Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed.", + "min_value": 0, + "category": "Jobs", + "category_slug": "jobs", + "defined_in_file": false, + "unit": "seconds" + }, + "MAX_FORKS": { + "type": "integer", + "label": "Maximum number of forks per job", + "help_text": "Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.", + "category": "Jobs", + "category_slug": "jobs", + "defined_in_file": false + }, + "LOG_AGGREGATOR_HOST": { + "type": "string", + "label": "Logging Aggregator", + "help_text": "Hostname/IP where external logs will be sent to.", + "category": "Logging", + "category_slug": "logging", + "defined_in_file": false + }, + "LOG_AGGREGATOR_PORT": { + "type": "integer", + "label": "Logging Aggregator Port", + "help_text": "Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).", + "category": "Logging", + "category_slug": "logging", + "defined_in_file": false + }, + "LOG_AGGREGATOR_TYPE": { + "type": "choice", + "label": "Logging Aggregator Type", + "help_text": "Format messages for the chosen log aggregator.", + "category": "Logging", + "category_slug": "logging", + "defined_in_file": false, + "choices": [ + [null, "---------"], + ["logstash", "logstash"], + ["splunk", "splunk"], + ["loggly", "loggly"], + ["sumologic", "sumologic"], + ["other", "other"] + ] + }, + "LOG_AGGREGATOR_USERNAME": { + "type": "string", + "label": "Logging Aggregator Username", + "help_text": "Username for external log aggregator (if required; HTTP/s only).", + "category": "Logging", + "category_slug": "logging", + "defined_in_file": false + }, + "LOG_AGGREGATOR_PASSWORD": { + "type": "string", + "label": "Logging Aggregator Password/Token", + "help_text": "Password or authentication token for external log aggregator (if required; HTTP/s only).", + "category": "Logging", + "category_slug": "logging", + "defined_in_file": false + }, + "LOG_AGGREGATOR_LOGGERS": { + "type": "list", + "label": "Loggers Sending Data to Log Aggregator Form", + "help_text": "List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs.", + "category": "Logging", + "category_slug": "logging", + "defined_in_file": false, + "child": { + "type": "string" + } + }, + "LOG_AGGREGATOR_INDIVIDUAL_FACTS": { + "type": "boolean", + "label": "Log System Tracking Facts Individually", + "help_text": "If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing.", + "category": "Logging", + "category_slug": "logging", + "defined_in_file": false + }, + "LOG_AGGREGATOR_ENABLED": { + "type": "boolean", + "label": "Enable External Logging", + "help_text": "Enable sending logs to external log aggregator.", + "category": "Logging", + "category_slug": "logging", + "defined_in_file": false + }, + "LOG_AGGREGATOR_TOWER_UUID": { + "type": "string", + "label": "Cluster-wide unique identifier.", + "help_text": "Useful to uniquely identify instances.", + "category": "Logging", + "category_slug": "logging", + "defined_in_file": false + }, + "LOG_AGGREGATOR_PROTOCOL": { + "type": "choice", + "label": "Logging Aggregator Protocol", + "help_text": "Protocol used to communicate with log aggregator. HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname.", + "category": "Logging", + "category_slug": "logging", + "defined_in_file": false, + "choices": [ + ["https", "HTTPS/HTTP"], + ["tcp", "TCP"], + ["udp", "UDP"] + ] + }, + "LOG_AGGREGATOR_TCP_TIMEOUT": { + "type": "integer", + "label": "TCP Connection Timeout", + "help_text": "Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.", + "category": "Logging", + "category_slug": "logging", + "defined_in_file": false, + "unit": "seconds" + }, + "LOG_AGGREGATOR_VERIFY_CERT": { + "type": "boolean", + "label": "Enable/disable HTTPS certificate verification", + "help_text": "Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is \"https\". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection.", + "category": "Logging", + "category_slug": "logging", + "defined_in_file": false + }, + "LOG_AGGREGATOR_LEVEL": { + "type": "choice", + "label": "Logging Aggregator Level Threshold", + "help_text": "Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting)", + "category": "Logging", + "category_slug": "logging", + "defined_in_file": false, + "choices": [ + ["DEBUG", "DEBUG"], + ["INFO", "INFO"], + ["WARNING", "WARNING"], + ["ERROR", "ERROR"], + ["CRITICAL", "CRITICAL"] + ] + }, + "LOG_AGGREGATOR_MAX_DISK_USAGE_GB": { + "type": "integer", + "label": "Maximum disk persistance for external log aggregation (in GB)", + "help_text": "Amount of data to store (in gigabytes) during an outage of the external log aggregator (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting.", + "min_value": 1, + "category": "Logging", + "category_slug": "logging", + "defined_in_file": false + }, + "LOG_AGGREGATOR_MAX_DISK_USAGE_PATH": { + "type": "string", + "label": "File system location for rsyslogd disk persistence", + "help_text": "Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting.", + "category": "Logging", + "category_slug": "logging", + "defined_in_file": false + }, + "LOG_AGGREGATOR_RSYSLOGD_DEBUG": { + "type": "boolean", + "label": "Enable rsyslogd debugging", + "help_text": "Enabled high verbosity debugging for rsyslogd. Useful for debugging connection issues for external log aggregation.", + "category": "Logging", + "category_slug": "logging", + "defined_in_file": false + }, + "AUTOMATION_ANALYTICS_LAST_GATHER": { + "type": "datetime", + "label": "Last gather date for Insights for Ansible Automation Platform.", + "category": "System", + "category_slug": "system", + "defined_in_file": false + }, + "AUTOMATION_ANALYTICS_LAST_ENTRIES": { + "type": "string", + "label": "Last gathered entries for expensive collectors for Insights for Ansible Automation Platform.", + "category": "System", + "category_slug": "system", + "defined_in_file": false + }, + "AUTOMATION_ANALYTICS_GATHER_INTERVAL": { + "type": "integer", + "label": "Insights for Ansible Automation Platform Gather Interval", + "help_text": "Interval (in seconds) between data gathering.", + "min_value": 1800, + "category": "System", + "category_slug": "system", + "defined_in_file": false, + "unit": "seconds" + }, + "SESSION_COOKIE_AGE": { + "type": "integer", + "label": "Idle Time Force Log Out", + "help_text": "Number of seconds that a user is inactive before they will need to login again.", + "min_value": 60, + "max_value": 30000000000, + "category": "Authentication", + "category_slug": "authentication", + "defined_in_file": false, + "unit": "seconds" + }, + "SESSIONS_PER_USER": { + "type": "integer", + "label": "Maximum number of simultaneous logged in sessions", + "help_text": "Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.", + "min_value": -1, + "category": "Authentication", + "category_slug": "authentication", + "defined_in_file": false + }, + "DISABLE_LOCAL_AUTH": { + "type": "boolean", + "label": "Disable the built-in authentication system", + "help_text": "Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration.", + "category": "Authentication", + "category_slug": "authentication", + "defined_in_file": false + }, + "AUTH_BASIC_ENABLED": { + "type": "boolean", + "label": "Enable HTTP Basic Auth", + "help_text": "Enable HTTP Basic Auth for the API Browser.", + "category": "Authentication", + "category_slug": "authentication", + "defined_in_file": false + }, + "OAUTH2_PROVIDER": { + "type": "nested object", + "label": "OAuth 2 Timeout Settings", + "help_text": "Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.", + "category": "Authentication", + "category_slug": "authentication", + "defined_in_file": false, + "unit": "seconds", + "child": { + "type": "integer", + "min_value": 1 + } + }, + "ALLOW_OAUTH2_FOR_EXTERNAL_USERS": { + "type": "boolean", + "label": "Allow External Users to Create OAuth2 Tokens", + "help_text": "For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off.", + "category": "Authentication", + "category_slug": "authentication", + "defined_in_file": false + }, + "LOGIN_REDIRECT_OVERRIDE": { + "type": "string", + "label": "Login redirect override URL", + "help_text": "URL to which unauthorized users will be redirected to log in. If blank, users will be sent to the login page.", + "category": "Authentication", + "category_slug": "authentication", + "defined_in_file": false + }, + "PENDO_TRACKING_STATE": { + "type": "choice", + "label": "User Analytics Tracking State", + "help_text": "Enable or Disable User Analytics Tracking.", + "category": "UI", + "category_slug": "ui", + "defined_in_file": false, + "choices": [ + ["off", "Off"], + ["anonymous", "Anonymous"], + ["detailed", "Detailed"] + ] + }, + "CUSTOM_LOGIN_INFO": { + "type": "string", + "label": "Custom Login Info", + "help_text": "If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported.", + "category": "UI", + "category_slug": "ui", + "defined_in_file": false + }, + "CUSTOM_LOGO": { + "type": "string", + "label": "Custom Logo", + "help_text": "To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported.", + "category": "UI", + "category_slug": "ui", + "defined_in_file": false + }, + "MAX_UI_JOB_EVENTS": { + "type": "integer", + "label": "Max Job Events Retrieved by UI", + "help_text": "Maximum number of job events for the UI to retrieve within a single request.", + "min_value": 100, + "category": "UI", + "category_slug": "ui", + "defined_in_file": false + }, + "UI_LIVE_UPDATES_ENABLED": { + "type": "boolean", + "label": "Enable Live Updates in the UI", + "help_text": "If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details.", + "category": "UI", + "category_slug": "ui", + "defined_in_file": false + }, + "AUTHENTICATION_BACKENDS": { + "type": "list", + "label": "Authentication Backends", + "help_text": "List of authentication backends that are enabled based on license features and other authentication settings.", + "category": "Authentication", + "category_slug": "authentication", + "defined_in_file": false, + "child": { + "type": "string" + } + }, + "SOCIAL_AUTH_ORGANIZATION_MAP": { + "type": "nested object", + "label": "Social Auth Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "Authentication", + "category_slug": "authentication", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_TEAM_MAP": { + "type": "nested object", + "label": "Social Auth Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "Authentication", + "category_slug": "authentication", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_USER_FIELDS": { + "type": "list", + "label": "Social Auth User Fields", + "help_text": "When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.", + "category": "Authentication", + "category_slug": "authentication", + "defined_in_file": false, + "child": { + "type": "string" + } + }, + "AUTH_LDAP_SERVER_URI": { + "type": "string", + "label": "LDAP Server URI", + "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_BIND_DN": { + "type": "string", + "label": "LDAP Bind DN", + "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_BIND_PASSWORD": { + "type": "string", + "label": "LDAP Bind Password", + "help_text": "Password used to bind LDAP user account.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_START_TLS": { + "type": "boolean", + "label": "LDAP Start TLS", + "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_CONNECTION_OPTIONS": { + "type": "nested object", + "label": "LDAP Connection Options", + "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_USER_SEARCH": { + "type": "list", + "label": "LDAP User Search", + "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_USER_DN_TEMPLATE": { + "type": "string", + "label": "LDAP User DN Template", + "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_USER_ATTR_MAP": { + "type": "nested object", + "label": "LDAP User Attribute Map", + "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "string" + } + }, + "AUTH_LDAP_GROUP_SEARCH": { + "type": "list", + "label": "LDAP Group Search", + "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_GROUP_TYPE": { + "type": "choice", + "label": "LDAP Group Type", + "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "choices": [ + ["PosixGroupType", "PosixGroupType"], + ["GroupOfNamesType", "GroupOfNamesType"], + ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"], + ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"], + ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"], + ["MemberDNGroupType", "MemberDNGroupType"], + ["NestedGroupOfNamesType", "NestedGroupOfNamesType"], + ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"], + ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"], + [ + "NestedOrganizationalRoleGroupType", + "NestedOrganizationalRoleGroupType" + ], + ["NestedMemberDNGroupType", "NestedMemberDNGroupType"], + ["PosixUIDGroupType", "PosixUIDGroupType"] + ] + }, + "AUTH_LDAP_GROUP_TYPE_PARAMS": { + "type": "nested object", + "label": "LDAP Group Type Parameters", + "help_text": "Key value parameters to send the chosen group type init method.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_REQUIRE_GROUP": { + "type": "string", + "label": "LDAP Require Group", + "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_DENY_GROUP": { + "type": "string", + "label": "LDAP Deny Group", + "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_USER_FLAGS_BY_GROUP": { + "type": "nested object", + "label": "LDAP User Flags By Group", + "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "list", + "child": { + "type": "string", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_ORGANIZATION_MAP": { + "type": "nested object", + "label": "LDAP Organization Map", + "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_TEAM_MAP": { + "type": "nested object", + "label": "LDAP Team Map", + "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_1_SERVER_URI": { + "type": "string", + "label": "LDAP Server URI", + "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_1_BIND_DN": { + "type": "string", + "label": "LDAP Bind DN", + "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_1_BIND_PASSWORD": { + "type": "string", + "label": "LDAP Bind Password", + "help_text": "Password used to bind LDAP user account.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_1_START_TLS": { + "type": "boolean", + "label": "LDAP Start TLS", + "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_1_CONNECTION_OPTIONS": { + "type": "nested object", + "label": "LDAP Connection Options", + "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_1_USER_SEARCH": { + "type": "list", + "label": "LDAP User Search", + "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_1_USER_DN_TEMPLATE": { + "type": "string", + "label": "LDAP User DN Template", + "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_1_USER_ATTR_MAP": { + "type": "nested object", + "label": "LDAP User Attribute Map", + "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "string" + } + }, + "AUTH_LDAP_1_GROUP_SEARCH": { + "type": "list", + "label": "LDAP Group Search", + "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_1_GROUP_TYPE": { + "type": "choice", + "label": "LDAP Group Type", + "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "choices": [ + ["PosixGroupType", "PosixGroupType"], + ["GroupOfNamesType", "GroupOfNamesType"], + ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"], + ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"], + ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"], + ["MemberDNGroupType", "MemberDNGroupType"], + ["NestedGroupOfNamesType", "NestedGroupOfNamesType"], + ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"], + ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"], + [ + "NestedOrganizationalRoleGroupType", + "NestedOrganizationalRoleGroupType" + ], + ["NestedMemberDNGroupType", "NestedMemberDNGroupType"], + ["PosixUIDGroupType", "PosixUIDGroupType"] + ] + }, + "AUTH_LDAP_1_GROUP_TYPE_PARAMS": { + "type": "nested object", + "label": "LDAP Group Type Parameters", + "help_text": "Key value parameters to send the chosen group type init method.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_1_REQUIRE_GROUP": { + "type": "string", + "label": "LDAP Require Group", + "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_1_DENY_GROUP": { + "type": "string", + "label": "LDAP Deny Group", + "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_1_USER_FLAGS_BY_GROUP": { + "type": "nested object", + "label": "LDAP User Flags By Group", + "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "list", + "child": { + "type": "string", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_1_ORGANIZATION_MAP": { + "type": "nested object", + "label": "LDAP Organization Map", + "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_1_TEAM_MAP": { + "type": "nested object", + "label": "LDAP Team Map", + "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_2_SERVER_URI": { + "type": "string", + "label": "LDAP Server URI", + "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_2_BIND_DN": { + "type": "string", + "label": "LDAP Bind DN", + "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_2_BIND_PASSWORD": { + "type": "string", + "label": "LDAP Bind Password", + "help_text": "Password used to bind LDAP user account.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_2_START_TLS": { + "type": "boolean", + "label": "LDAP Start TLS", + "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_2_CONNECTION_OPTIONS": { + "type": "nested object", + "label": "LDAP Connection Options", + "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_2_USER_SEARCH": { + "type": "list", + "label": "LDAP User Search", + "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_2_USER_DN_TEMPLATE": { + "type": "string", + "label": "LDAP User DN Template", + "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_2_USER_ATTR_MAP": { + "type": "nested object", + "label": "LDAP User Attribute Map", + "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "string" + } + }, + "AUTH_LDAP_2_GROUP_SEARCH": { + "type": "list", + "label": "LDAP Group Search", + "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_2_GROUP_TYPE": { + "type": "choice", + "label": "LDAP Group Type", + "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "choices": [ + ["PosixGroupType", "PosixGroupType"], + ["GroupOfNamesType", "GroupOfNamesType"], + ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"], + ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"], + ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"], + ["MemberDNGroupType", "MemberDNGroupType"], + ["NestedGroupOfNamesType", "NestedGroupOfNamesType"], + ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"], + ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"], + [ + "NestedOrganizationalRoleGroupType", + "NestedOrganizationalRoleGroupType" + ], + ["NestedMemberDNGroupType", "NestedMemberDNGroupType"], + ["PosixUIDGroupType", "PosixUIDGroupType"] + ] + }, + "AUTH_LDAP_2_GROUP_TYPE_PARAMS": { + "type": "nested object", + "label": "LDAP Group Type Parameters", + "help_text": "Key value parameters to send the chosen group type init method.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_2_REQUIRE_GROUP": { + "type": "string", + "label": "LDAP Require Group", + "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_2_DENY_GROUP": { + "type": "string", + "label": "LDAP Deny Group", + "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_2_USER_FLAGS_BY_GROUP": { + "type": "nested object", + "label": "LDAP User Flags By Group", + "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "list", + "child": { + "type": "string", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_2_ORGANIZATION_MAP": { + "type": "nested object", + "label": "LDAP Organization Map", + "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_2_TEAM_MAP": { + "type": "nested object", + "label": "LDAP Team Map", + "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_3_SERVER_URI": { + "type": "string", + "label": "LDAP Server URI", + "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_3_BIND_DN": { + "type": "string", + "label": "LDAP Bind DN", + "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_3_BIND_PASSWORD": { + "type": "string", + "label": "LDAP Bind Password", + "help_text": "Password used to bind LDAP user account.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_3_START_TLS": { + "type": "boolean", + "label": "LDAP Start TLS", + "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_3_CONNECTION_OPTIONS": { + "type": "nested object", + "label": "LDAP Connection Options", + "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_3_USER_SEARCH": { + "type": "list", + "label": "LDAP User Search", + "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_3_USER_DN_TEMPLATE": { + "type": "string", + "label": "LDAP User DN Template", + "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_3_USER_ATTR_MAP": { + "type": "nested object", + "label": "LDAP User Attribute Map", + "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "string" + } + }, + "AUTH_LDAP_3_GROUP_SEARCH": { + "type": "list", + "label": "LDAP Group Search", + "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_3_GROUP_TYPE": { + "type": "choice", + "label": "LDAP Group Type", + "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "choices": [ + ["PosixGroupType", "PosixGroupType"], + ["GroupOfNamesType", "GroupOfNamesType"], + ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"], + ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"], + ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"], + ["MemberDNGroupType", "MemberDNGroupType"], + ["NestedGroupOfNamesType", "NestedGroupOfNamesType"], + ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"], + ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"], + [ + "NestedOrganizationalRoleGroupType", + "NestedOrganizationalRoleGroupType" + ], + ["NestedMemberDNGroupType", "NestedMemberDNGroupType"], + ["PosixUIDGroupType", "PosixUIDGroupType"] + ] + }, + "AUTH_LDAP_3_GROUP_TYPE_PARAMS": { + "type": "nested object", + "label": "LDAP Group Type Parameters", + "help_text": "Key value parameters to send the chosen group type init method.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_3_REQUIRE_GROUP": { + "type": "string", + "label": "LDAP Require Group", + "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_3_DENY_GROUP": { + "type": "string", + "label": "LDAP Deny Group", + "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_3_USER_FLAGS_BY_GROUP": { + "type": "nested object", + "label": "LDAP User Flags By Group", + "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "list", + "child": { + "type": "string", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_3_ORGANIZATION_MAP": { + "type": "nested object", + "label": "LDAP Organization Map", + "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_3_TEAM_MAP": { + "type": "nested object", + "label": "LDAP Team Map", + "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_4_SERVER_URI": { + "type": "string", + "label": "LDAP Server URI", + "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_4_BIND_DN": { + "type": "string", + "label": "LDAP Bind DN", + "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_4_BIND_PASSWORD": { + "type": "string", + "label": "LDAP Bind Password", + "help_text": "Password used to bind LDAP user account.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_4_START_TLS": { + "type": "boolean", + "label": "LDAP Start TLS", + "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_4_CONNECTION_OPTIONS": { + "type": "nested object", + "label": "LDAP Connection Options", + "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_4_USER_SEARCH": { + "type": "list", + "label": "LDAP User Search", + "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_4_USER_DN_TEMPLATE": { + "type": "string", + "label": "LDAP User DN Template", + "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_4_USER_ATTR_MAP": { + "type": "nested object", + "label": "LDAP User Attribute Map", + "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "string" + } + }, + "AUTH_LDAP_4_GROUP_SEARCH": { + "type": "list", + "label": "LDAP Group Search", + "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_4_GROUP_TYPE": { + "type": "choice", + "label": "LDAP Group Type", + "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "choices": [ + ["PosixGroupType", "PosixGroupType"], + ["GroupOfNamesType", "GroupOfNamesType"], + ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"], + ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"], + ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"], + ["MemberDNGroupType", "MemberDNGroupType"], + ["NestedGroupOfNamesType", "NestedGroupOfNamesType"], + ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"], + ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"], + [ + "NestedOrganizationalRoleGroupType", + "NestedOrganizationalRoleGroupType" + ], + ["NestedMemberDNGroupType", "NestedMemberDNGroupType"], + ["PosixUIDGroupType", "PosixUIDGroupType"] + ] + }, + "AUTH_LDAP_4_GROUP_TYPE_PARAMS": { + "type": "nested object", + "label": "LDAP Group Type Parameters", + "help_text": "Key value parameters to send the chosen group type init method.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_4_REQUIRE_GROUP": { + "type": "string", + "label": "LDAP Require Group", + "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_4_DENY_GROUP": { + "type": "string", + "label": "LDAP Deny Group", + "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_4_USER_FLAGS_BY_GROUP": { + "type": "nested object", + "label": "LDAP User Flags By Group", + "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "list", + "child": { + "type": "string", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_4_ORGANIZATION_MAP": { + "type": "nested object", + "label": "LDAP Organization Map", + "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_4_TEAM_MAP": { + "type": "nested object", + "label": "LDAP Team Map", + "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_5_SERVER_URI": { + "type": "string", + "label": "LDAP Server URI", + "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_5_BIND_DN": { + "type": "string", + "label": "LDAP Bind DN", + "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_5_BIND_PASSWORD": { + "type": "string", + "label": "LDAP Bind Password", + "help_text": "Password used to bind LDAP user account.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_5_START_TLS": { + "type": "boolean", + "label": "LDAP Start TLS", + "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_5_CONNECTION_OPTIONS": { + "type": "nested object", + "label": "LDAP Connection Options", + "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_5_USER_SEARCH": { + "type": "list", + "label": "LDAP User Search", + "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_5_USER_DN_TEMPLATE": { + "type": "string", + "label": "LDAP User DN Template", + "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_5_USER_ATTR_MAP": { + "type": "nested object", + "label": "LDAP User Attribute Map", + "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "string" + } + }, + "AUTH_LDAP_5_GROUP_SEARCH": { + "type": "list", + "label": "LDAP Group Search", + "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_5_GROUP_TYPE": { + "type": "choice", + "label": "LDAP Group Type", + "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "choices": [ + ["PosixGroupType", "PosixGroupType"], + ["GroupOfNamesType", "GroupOfNamesType"], + ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"], + ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"], + ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"], + ["MemberDNGroupType", "MemberDNGroupType"], + ["NestedGroupOfNamesType", "NestedGroupOfNamesType"], + ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"], + ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"], + [ + "NestedOrganizationalRoleGroupType", + "NestedOrganizationalRoleGroupType" + ], + ["NestedMemberDNGroupType", "NestedMemberDNGroupType"], + ["PosixUIDGroupType", "PosixUIDGroupType"] + ] + }, + "AUTH_LDAP_5_GROUP_TYPE_PARAMS": { + "type": "nested object", + "label": "LDAP Group Type Parameters", + "help_text": "Key value parameters to send the chosen group type init method.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "AUTH_LDAP_5_REQUIRE_GROUP": { + "type": "string", + "label": "LDAP Require Group", + "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_5_DENY_GROUP": { + "type": "string", + "label": "LDAP Deny Group", + "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false + }, + "AUTH_LDAP_5_USER_FLAGS_BY_GROUP": { + "type": "nested object", + "label": "LDAP User Flags By Group", + "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "list", + "child": { + "type": "string", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_5_ORGANIZATION_MAP": { + "type": "nested object", + "label": "LDAP Organization Map", + "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "AUTH_LDAP_5_TEAM_MAP": { + "type": "nested object", + "label": "LDAP Team Map", + "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.", + "category": "LDAP", + "category_slug": "ldap", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "RADIUS_SERVER": { + "type": "string", + "label": "RADIUS Server", + "help_text": "Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty.", + "category": "RADIUS", + "category_slug": "radius", + "defined_in_file": false + }, + "RADIUS_PORT": { + "type": "integer", + "label": "RADIUS Port", + "help_text": "Port of RADIUS server.", + "min_value": 1, + "max_value": 65535, + "category": "RADIUS", + "category_slug": "radius", + "defined_in_file": false + }, + "RADIUS_SECRET": { + "type": "string", + "label": "RADIUS Secret", + "help_text": "Shared secret for authenticating to RADIUS server.", + "category": "RADIUS", + "category_slug": "radius", + "defined_in_file": false + }, + "TACACSPLUS_HOST": { + "type": "string", + "label": "TACACS+ Server", + "help_text": "Hostname of TACACS+ server.", + "category": "TACACS+", + "category_slug": "tacacsplus", + "defined_in_file": false + }, + "TACACSPLUS_PORT": { + "type": "integer", + "label": "TACACS+ Port", + "help_text": "Port number of TACACS+ server.", + "min_value": 1, + "max_value": 65535, + "category": "TACACS+", + "category_slug": "tacacsplus", + "defined_in_file": false + }, + "TACACSPLUS_SECRET": { + "type": "string", + "label": "TACACS+ Secret", + "help_text": "Shared secret for authenticating to TACACS+ server.", + "category": "TACACS+", + "category_slug": "tacacsplus", + "defined_in_file": false + }, + "TACACSPLUS_SESSION_TIMEOUT": { + "type": "integer", + "label": "TACACS+ Auth Session Timeout", + "help_text": "TACACS+ session timeout value in seconds, 0 disables timeout.", + "min_value": 0, + "category": "TACACS+", + "category_slug": "tacacsplus", + "defined_in_file": false, + "unit": "seconds" + }, + "TACACSPLUS_AUTH_PROTOCOL": { + "type": "choice", + "label": "TACACS+ Authentication Protocol", + "help_text": "Choose the authentication protocol used by TACACS+ client.", + "category": "TACACS+", + "category_slug": "tacacsplus", + "defined_in_file": false, + "choices": [ + ["ascii", "ascii"], + ["pap", "pap"] + ] + }, + "SOCIAL_AUTH_GOOGLE_OAUTH2_CALLBACK_URL": { + "type": "string", + "label": "Google OAuth2 Callback URL", + "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.", + "category": "Google OAuth2", + "category_slug": "google-oauth2", + "defined_in_file": false + }, + "SOCIAL_AUTH_GOOGLE_OAUTH2_KEY": { + "type": "string", + "label": "Google OAuth2 Key", + "help_text": "The OAuth2 key from your web application.", + "category": "Google OAuth2", + "category_slug": "google-oauth2", + "defined_in_file": false + }, + "SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET": { + "type": "string", + "label": "Google OAuth2 Secret", + "help_text": "The OAuth2 secret from your web application.", + "category": "Google OAuth2", + "category_slug": "google-oauth2", + "defined_in_file": false + }, + "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS": { + "type": "list", + "label": "Google OAuth2 Allowed Domains", + "help_text": "Update this setting to restrict the domains who are allowed to login using Google OAuth2.", + "category": "Google OAuth2", + "category_slug": "google-oauth2", + "defined_in_file": false, + "child": { + "type": "string" + } + }, + "SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS": { + "type": "nested object", + "label": "Google OAuth2 Extra Arguments", + "help_text": "Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.", + "category": "Google OAuth2", + "category_slug": "google-oauth2", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP": { + "type": "nested object", + "label": "Google OAuth2 Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "Google OAuth2", + "category_slug": "google-oauth2", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP": { + "type": "nested object", + "label": "Google OAuth2 Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "Google OAuth2", + "category_slug": "google-oauth2", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_CALLBACK_URL": { + "type": "string", + "label": "GitHub OAuth2 Callback URL", + "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.", + "category": "GitHub OAuth2", + "category_slug": "github", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_KEY": { + "type": "string", + "label": "GitHub OAuth2 Key", + "help_text": "The OAuth2 key (Client ID) from your GitHub developer application.", + "category": "GitHub OAuth2", + "category_slug": "github", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_SECRET": { + "type": "string", + "label": "GitHub OAuth2 Secret", + "help_text": "The OAuth2 secret (Client Secret) from your GitHub developer application.", + "category": "GitHub OAuth2", + "category_slug": "github", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP": { + "type": "nested object", + "label": "GitHub OAuth2 Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "GitHub OAuth2", + "category_slug": "github", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_TEAM_MAP": { + "type": "nested object", + "label": "GitHub OAuth2 Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "GitHub OAuth2", + "category_slug": "github", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_ORG_CALLBACK_URL": { + "type": "string", + "label": "GitHub Organization OAuth2 Callback URL", + "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.", + "category": "GitHub Organization OAuth2", + "category_slug": "github-org", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ORG_KEY": { + "type": "string", + "label": "GitHub Organization OAuth2 Key", + "help_text": "The OAuth2 key (Client ID) from your GitHub organization application.", + "category": "GitHub Organization OAuth2", + "category_slug": "github-org", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ORG_SECRET": { + "type": "string", + "label": "GitHub Organization OAuth2 Secret", + "help_text": "The OAuth2 secret (Client Secret) from your GitHub organization application.", + "category": "GitHub Organization OAuth2", + "category_slug": "github-org", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ORG_NAME": { + "type": "string", + "label": "GitHub Organization Name", + "help_text": "The name of your GitHub organization, as used in your organization's URL: https://github.com//.", + "category": "GitHub Organization OAuth2", + "category_slug": "github-org", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP": { + "type": "nested object", + "label": "GitHub Organization OAuth2 Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "GitHub Organization OAuth2", + "category_slug": "github-org", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP": { + "type": "nested object", + "label": "GitHub Organization OAuth2 Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "GitHub Organization OAuth2", + "category_slug": "github-org", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_TEAM_CALLBACK_URL": { + "type": "string", + "label": "GitHub Team OAuth2 Callback URL", + "help_text": "Create an organization-owned application at https://github.com/organizations//settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.", + "category": "GitHub Team OAuth2", + "category_slug": "github-team", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_TEAM_KEY": { + "type": "string", + "label": "GitHub Team OAuth2 Key", + "help_text": "The OAuth2 key (Client ID) from your GitHub organization application.", + "category": "GitHub Team OAuth2", + "category_slug": "github-team", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_TEAM_SECRET": { + "type": "string", + "label": "GitHub Team OAuth2 Secret", + "help_text": "The OAuth2 secret (Client Secret) from your GitHub organization application.", + "category": "GitHub Team OAuth2", + "category_slug": "github-team", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_TEAM_ID": { + "type": "string", + "label": "GitHub Team ID", + "help_text": "Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.", + "category": "GitHub Team OAuth2", + "category_slug": "github-team", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP": { + "type": "nested object", + "label": "GitHub Team OAuth2 Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "GitHub Team OAuth2", + "category_slug": "github-team", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP": { + "type": "nested object", + "label": "GitHub Team OAuth2 Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "GitHub Team OAuth2", + "category_slug": "github-team", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_CALLBACK_URL": { + "type": "string", + "label": "GitHub Enterprise OAuth2 Callback URL", + "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.", + "category": "GitHub Enterprise OAuth2", + "category_slug": "github-enterprise", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_URL": { + "type": "string", + "label": "GitHub Enterprise URL", + "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.", + "category": "GitHub Enterprise OAuth2", + "category_slug": "github-enterprise", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL": { + "type": "string", + "label": "GitHub Enterprise API URL", + "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.", + "category": "GitHub Enterprise OAuth2", + "category_slug": "github-enterprise", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY": { + "type": "string", + "label": "GitHub Enterprise OAuth2 Key", + "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise developer application.", + "category": "GitHub Enterprise OAuth2", + "category_slug": "github-enterprise", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET": { + "type": "string", + "label": "GitHub Enterprise OAuth2 Secret", + "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application.", + "category": "GitHub OAuth2", + "category_slug": "github-enterprise", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP": { + "type": "nested object", + "label": "GitHub Enterprise OAuth2 Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "GitHub Enterprise OAuth2", + "category_slug": "github-enterprise", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP": { + "type": "nested object", + "label": "GitHub Enterprise OAuth2 Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "GitHub Enterprise OAuth2", + "category_slug": "github-enterprise", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_CALLBACK_URL": { + "type": "string", + "label": "GitHub Enterprise Organization OAuth2 Callback URL", + "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.", + "category": "GitHub Enterprise Organization OAuth2", + "category_slug": "github-enterprise-org", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL": { + "type": "string", + "label": "GitHub Enterprise Organization URL", + "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.", + "category": "GitHub Enterprise OAuth2", + "category_slug": "github-enterprise-org", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL": { + "type": "string", + "label": "GitHub Enterprise Organization API URL", + "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.", + "category": "GitHub Enterprise OAuth2", + "category_slug": "github-enterprise-org", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY": { + "type": "string", + "label": "GitHub Enterprise Organization OAuth2 Key", + "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise organization application.", + "category": "GitHub Enterprise Organization OAuth2", + "category_slug": "github-enterprise-org", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET": { + "type": "string", + "label": "GitHub Enterprise Organization OAuth2 Secret", + "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.", + "category": "GitHub Enterprise Organization OAuth2", + "category_slug": "github-enterprise-org", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME": { + "type": "string", + "label": "GitHub Enterprise Organization Name", + "help_text": "The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com//.", + "category": "GitHub Enterprise Organization OAuth2", + "category_slug": "github-enterprise-org", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP": { + "type": "nested object", + "label": "GitHub Enterprise Organization OAuth2 Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "GitHub Enterprise Organization OAuth2", + "category_slug": "github-enterprise-org", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP": { + "type": "nested object", + "label": "GitHub Enterprise Organization OAuth2 Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "GitHub Enterprise Organization OAuth2", + "category_slug": "github-enterprise-org", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_CALLBACK_URL": { + "type": "string", + "label": "GitHub Enterprise Team OAuth2 Callback URL", + "help_text": "Create an organization-owned application at https://github.com/organizations//settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.", + "category": "GitHub Enterprise Team OAuth2", + "category_slug": "github-enterprise-team", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL": { + "type": "string", + "label": "GitHub Enterprise Team URL", + "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.", + "category": "GitHub Enterprise OAuth2", + "category_slug": "github-enterprise-team", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL": { + "type": "string", + "label": "GitHub Enterprise Team API URL", + "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.", + "category": "GitHub Enterprise OAuth2", + "category_slug": "github-enterprise-team", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY": { + "type": "string", + "label": "GitHub Enterprise Team OAuth2 Key", + "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise organization application.", + "category": "GitHub Enterprise Team OAuth2", + "category_slug": "github-enterprise-team", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET": { + "type": "string", + "label": "GitHub Enterprise Team OAuth2 Secret", + "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.", + "category": "GitHub Enterprise Team OAuth2", + "category_slug": "github-enterprise-team", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID": { + "type": "string", + "label": "GitHub Enterprise Team ID", + "help_text": "Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.", + "category": "GitHub Enterprise Team OAuth2", + "category_slug": "github-enterprise-team", + "defined_in_file": false + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP": { + "type": "nested object", + "label": "GitHub Enterprise Team OAuth2 Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "GitHub Enterprise Team OAuth2", + "category_slug": "github-enterprise-team", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP": { + "type": "nested object", + "label": "GitHub Enterprise Team OAuth2 Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "GitHub Enterprise Team OAuth2", + "category_slug": "github-enterprise-team", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_AZUREAD_OAUTH2_CALLBACK_URL": { + "type": "string", + "label": "Azure AD OAuth2 Callback URL", + "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail. ", + "category": "Azure AD OAuth2", + "category_slug": "azuread-oauth2", + "defined_in_file": false + }, + "SOCIAL_AUTH_AZUREAD_OAUTH2_KEY": { + "type": "string", + "label": "Azure AD OAuth2 Key", + "help_text": "The OAuth2 key (Client ID) from your Azure AD application.", + "category": "Azure AD OAuth2", + "category_slug": "azuread-oauth2", + "defined_in_file": false + }, + "SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET": { + "type": "string", + "label": "Azure AD OAuth2 Secret", + "help_text": "The OAuth2 secret (Client Secret) from your Azure AD application.", + "category": "Azure AD OAuth2", + "category_slug": "azuread-oauth2", + "defined_in_file": false + }, + "SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP": { + "type": "nested object", + "label": "Azure AD OAuth2 Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "Azure AD OAuth2", + "category_slug": "azuread-oauth2", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP": { + "type": "nested object", + "label": "Azure AD OAuth2 Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "Azure AD OAuth2", + "category_slug": "azuread-oauth2", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SAML_AUTO_CREATE_OBJECTS": { + "type": "boolean", + "label": "Automatically Create Organizations and Teams on SAML Login", + "help_text": "When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login.", + "category": "SAML", + "category_slug": "saml", + "defined_in_file": false + }, + "SOCIAL_AUTH_SAML_CALLBACK_URL": { + "type": "string", + "label": "SAML Assertion Consumer Service (ACS) URL", + "help_text": "Register the service as a service provider (SP) with each identity provider (IdP) you have configured. Provide your SP Entity ID and this ACS URL for your application.", + "category": "SAML", + "category_slug": "saml", + "defined_in_file": false + }, + "SOCIAL_AUTH_SAML_METADATA_URL": { + "type": "string", + "label": "SAML Service Provider Metadata URL", + "help_text": "If your identity provider (IdP) allows uploading an XML metadata file, you can download one from this URL.", + "category": "SAML", + "category_slug": "saml", + "defined_in_file": false + }, + "SOCIAL_AUTH_SAML_SP_ENTITY_ID": { + "type": "string", + "label": "SAML Service Provider Entity ID", + "help_text": "The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for the service.", + "category": "SAML", + "category_slug": "saml", + "defined_in_file": false + }, + "SOCIAL_AUTH_SAML_SP_PUBLIC_CERT": { + "type": "string", + "label": "SAML Service Provider Public Certificate", + "help_text": "Create a keypair to use as a service provider (SP) and include the certificate content here.", + "category": "SAML", + "category_slug": "saml", + "defined_in_file": false + }, + "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY": { + "type": "string", + "label": "SAML Service Provider Private Key", + "help_text": "Create a keypair to use as a service provider (SP) and include the private key content here.", + "category": "SAML", + "category_slug": "saml", + "defined_in_file": false + }, + "SOCIAL_AUTH_SAML_ORG_INFO": { + "type": "nested object", + "label": "SAML Service Provider Organization Info", + "help_text": "Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.", + "category": "SAML", + "category_slug": "saml", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_SAML_TECHNICAL_CONTACT": { + "type": "nested object", + "label": "SAML Service Provider Technical Contact", + "help_text": "Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.", + "category": "SAML", + "category_slug": "saml", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "SOCIAL_AUTH_SAML_SUPPORT_CONTACT": { + "type": "nested object", + "label": "SAML Service Provider Support Contact", + "help_text": "Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.", + "category": "SAML", + "category_slug": "saml", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "SOCIAL_AUTH_SAML_ENABLED_IDPS": { + "type": "nested object", + "label": "SAML Enabled Identity Providers", + "help_text": "Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.", + "category": "SAML", + "category_slug": "saml", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_SAML_SECURITY_CONFIG": { + "type": "nested object", + "label": "SAML Security Config", + "help_text": "A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings", + "category": "SAML", + "category_slug": "saml", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "SOCIAL_AUTH_SAML_SP_EXTRA": { + "type": "nested object", + "label": "SAML Service Provider extra configuration data", + "help_text": "A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.", + "category": "SAML", + "category_slug": "saml", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "SOCIAL_AUTH_SAML_EXTRA_DATA": { + "type": "list", + "label": "SAML IDP to extra_data attribute mapping", + "help_text": "A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.", + "category": "SAML", + "category_slug": "saml", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "SOCIAL_AUTH_SAML_ORGANIZATION_MAP": { + "type": "nested object", + "label": "SAML Organization Map", + "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.", + "category": "SAML", + "category_slug": "saml", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_SAML_TEAM_MAP": { + "type": "nested object", + "label": "SAML Team Map", + "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.", + "category": "SAML", + "category_slug": "saml", + "defined_in_file": false, + "child": { + "type": "nested object", + "child": { + "type": "field", + "required": true, + "read_only": false + } + } + }, + "SOCIAL_AUTH_SAML_ORGANIZATION_ATTR": { + "type": "nested object", + "label": "SAML Organization Attribute Mapping", + "help_text": "Used to translate user organization membership.", + "category": "SAML", + "category_slug": "saml", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "SOCIAL_AUTH_SAML_TEAM_ATTR": { + "type": "nested object", + "label": "SAML Team Attribute Mapping", + "help_text": "Used to translate user team membership.", + "category": "SAML", + "category_slug": "saml", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "NAMED_URL_FORMATS": { + "type": "nested object", + "label": "Formats of all available named urls", + "help_text": "Read-only list of key-value pairs that shows the standard format of all available named URLs.", + "category": "Named URL", + "category_slug": "named-url", + "defined_in_file": false, + "child": { + "type": "field" + } + }, + "NAMED_URL_GRAPH_NODES": { + "type": "nested object", + "label": "List of all named url graph nodes.", + "help_text": "Read-only list of key-value pairs that exposes named URL graph topology. Use this list to programmatically generate named URLs for resources", + "category": "Named URL", + "category_slug": "named-url", + "defined_in_file": false, + "child": { + "type": "field" + } + } + } } }