diff --git a/awx/main/conf.py b/awx/main/conf.py
index 03c92d8762..b21be34add 100644
--- a/awx/main/conf.py
+++ b/awx/main/conf.py
@@ -848,6 +848,46 @@ register(
category_slug='system',
)
+register(
+ 'AWX_CLEANUP_PATHS',
+ field_class=fields.BooleanField,
+ label=_('Enable or Disable tmp dir cleanup'),
+ default=True,
+ help_text=_('Enable or Disable TMP Dir cleanup'),
+ category=('Debug'),
+ category_slug='debug',
+)
+
+register(
+ 'AWX_REQUEST_PROFILE',
+ field_class=fields.BooleanField,
+ label=_('Debug Web Requests'),
+ default=False,
+ help_text=_('Debug web request python timing'),
+ category=('Debug'),
+ category_slug='debug',
+)
+
+register(
+ 'DEFAULT_CONTAINER_RUN_OPTIONS',
+ field_class=fields.StringListField,
+ label=_('Container Run Options'),
+ default=['--network', 'slirp4netns:enable_ipv6=true'],
+ help_text=_("List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug']"),
+ category=('Jobs'),
+ category_slug='jobs',
+)
+
+register(
+ 'RECEPTOR_RELEASE_WORK',
+ field_class=fields.BooleanField,
+ label=_('Release Receptor Work'),
+ default=True,
+ help_text=_('Release receptor work'),
+ category=('Debug'),
+ category_slug='debug',
+)
+
def logging_validate(serializer, attrs):
if not serializer.instance or not hasattr(serializer.instance, 'LOG_AGGREGATOR_HOST') or not hasattr(serializer.instance, 'LOG_AGGREGATOR_TYPE'):
diff --git a/awx/ui/src/screens/Setting/Jobs/JobsEdit/JobsEdit.js b/awx/ui/src/screens/Setting/Jobs/JobsEdit/JobsEdit.js
index d258fdec46..f18375f88d 100644
--- a/awx/ui/src/screens/Setting/Jobs/JobsEdit/JobsEdit.js
+++ b/awx/ui/src/screens/Setting/Jobs/JobsEdit/JobsEdit.js
@@ -86,6 +86,9 @@ function JobsEdit() {
),
AWX_TASK_ENV: formatJson(form.AWX_TASK_ENV),
GALAXY_TASK_ENV: formatJson(form.GALAXY_TASK_ENV),
+ DEFAULT_CONTAINER_RUN_OPTIONS: formatJson(
+ form.DEFAULT_CONTAINER_RUN_OPTIONS
+ ),
});
};
@@ -214,6 +217,10 @@ function JobsEdit() {
name="AD_HOC_COMMANDS"
config={jobs.AD_HOC_COMMANDS}
/>
+
+
+
+
diff --git a/awx/ui/src/screens/Setting/Troubleshooting/Troubleshooting.js b/awx/ui/src/screens/Setting/Troubleshooting/Troubleshooting.js
new file mode 100644
index 0000000000..2fef336ed3
--- /dev/null
+++ b/awx/ui/src/screens/Setting/Troubleshooting/Troubleshooting.js
@@ -0,0 +1,36 @@
+import React from 'react';
+import { Link, Redirect, Route, Switch } from 'react-router-dom';
+
+import { t } from '@lingui/macro';
+import { PageSection, Card } from '@patternfly/react-core';
+import ContentError from 'components/ContentError';
+import TroubleshootingDetail from './TroubleshootingDetail';
+import TroubleshootingEdit from './TroubleshootingEdit';
+
+function Troubleshooting() {
+ const baseURL = '/settings/troubleshooting';
+ return (
+
+
+
+
+
+
+
+
+
+
+
+
+ {t`View Troubleshooting settings`}
+
+
+
+
+
+ );
+}
+
+export default Troubleshooting;
diff --git a/awx/ui/src/screens/Setting/Troubleshooting/Troubleshooting.test.js b/awx/ui/src/screens/Setting/Troubleshooting/Troubleshooting.test.js
new file mode 100644
index 0000000000..ebee508d05
--- /dev/null
+++ b/awx/ui/src/screens/Setting/Troubleshooting/Troubleshooting.test.js
@@ -0,0 +1,60 @@
+import React from 'react';
+import { act } from 'react-dom/test-utils';
+import { createMemoryHistory } from 'history';
+import { SettingsAPI } from 'api';
+import { mountWithContexts } from '../../../../testUtils/enzymeHelpers';
+import mockJobSettings from '../shared/data.jobSettings.json';
+import Jobs from './Troubleshooting';
+import Troubleshooting from './Troubleshooting';
+
+jest.mock('../../../api');
+
+describe('', () => {
+ let wrapper;
+
+ beforeEach(() => {
+ SettingsAPI.readCategory.mockResolvedValue({
+ data: mockJobSettings,
+ });
+ });
+
+ afterEach(() => {
+ jest.clearAllMocks();
+ });
+
+ test('should render troubleshooting details', async () => {
+ const history = createMemoryHistory({
+ initialEntries: ['/settings/troubleshooting/details'],
+ });
+ await act(async () => {
+ wrapper = mountWithContexts(, {
+ context: { router: { history } },
+ });
+ });
+ expect(wrapper.find('TroubleshootingDetail').length).toBe(1);
+ });
+
+ test('should render troubleshooting edit', async () => {
+ const history = createMemoryHistory({
+ initialEntries: ['/settings/troubleshooting/edit'],
+ });
+ await act(async () => {
+ wrapper = mountWithContexts(, {
+ context: { router: { history } },
+ });
+ });
+ expect(wrapper.find('TroubleshootingEdit').length).toBe(1);
+ });
+
+ test('should show content error when user navigates to erroneous route', async () => {
+ const history = createMemoryHistory({
+ initialEntries: ['/settings/troubleshooting/foo'],
+ });
+ await act(async () => {
+ wrapper = mountWithContexts(, {
+ context: { router: { history } },
+ });
+ });
+ expect(wrapper.find('ContentError').length).toBe(1);
+ });
+});
diff --git a/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingDetail/TroubleshootingDetail.js b/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingDetail/TroubleshootingDetail.js
new file mode 100644
index 0000000000..e5dbed59bd
--- /dev/null
+++ b/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingDetail/TroubleshootingDetail.js
@@ -0,0 +1,105 @@
+import React, { useEffect, useCallback } from 'react';
+import { Link } from 'react-router-dom';
+
+import { t } from '@lingui/macro';
+import { Button } from '@patternfly/react-core';
+import { CaretLeftIcon } from '@patternfly/react-icons';
+import { CardBody, CardActionsRow } from 'components/Card';
+import ContentError from 'components/ContentError';
+import ContentLoading from 'components/ContentLoading';
+import { DetailList } from 'components/DetailList';
+import RoutedTabs from 'components/RoutedTabs';
+import useRequest from 'hooks/useRequest';
+import { useConfig } from 'contexts/Config';
+import { useSettings } from 'contexts/Settings';
+import { SettingsAPI } from 'api';
+import { sortNestedDetails } from '../../shared/settingUtils';
+import { SettingDetail } from '../../shared';
+
+function TroubleshootingDetail() {
+ const { me } = useConfig();
+ const { GET: options } = useSettings();
+
+ const {
+ isLoading,
+ error,
+ request,
+ result: debug,
+ } = useRequest(
+ useCallback(async () => {
+ const { data } = await SettingsAPI.readCategory('debug');
+
+ const { ...debugData } = data;
+
+ const mergedData = {};
+ Object.keys(debugData).forEach((key) => {
+ mergedData[key] = options[key];
+ mergedData[key].value = debugData[key];
+ });
+
+ return sortNestedDetails(mergedData);
+ }, [options]),
+ null
+ );
+
+ useEffect(() => {
+ request();
+ }, [request]);
+
+ const tabsArray = [
+ {
+ name: (
+ <>
+
+ {t`Back to Settings`}
+
+ ),
+ link: `/settings`,
+ id: 99,
+ },
+ {
+ name: t`Details`,
+ link: `/settings/troubleshooting/details`,
+ id: 0,
+ },
+ ];
+
+ return (
+ <>
+
+
+ {isLoading && }
+ {!isLoading && error && }
+ {!isLoading && debug && (
+
+ {debug.map(([key, detail]) => (
+
+ ))}
+
+ )}
+ {me?.is_superuser && (
+
+
+
+ )}
+
+
+ );
+}
+
+export default TroubleshootingDetail;
diff --git a/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingDetail/TroubleshootingDetail.test.js b/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingDetail/TroubleshootingDetail.test.js
new file mode 100644
index 0000000000..d1068c9e2f
--- /dev/null
+++ b/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingDetail/TroubleshootingDetail.test.js
@@ -0,0 +1,115 @@
+import React from 'react';
+import { act } from 'react-dom/test-utils';
+import { SettingsProvider } from 'contexts/Settings';
+import { SettingsAPI } from 'api';
+import {
+ mountWithContexts,
+ waitForElement,
+} from '../../../../../testUtils/enzymeHelpers';
+import {
+ assertDetail,
+ assertVariableDetail,
+} from '../../shared/settingTestUtils';
+import mockAllOptions from '../../shared/data.allSettingOptions.json';
+import mockJobSettings from '../../shared/data.jobSettings.json';
+import TroubleshootingDetail from './TroubleshootingDetail';
+
+jest.mock('../../../../api');
+
+describe('', () => {
+ let wrapper;
+
+ beforeEach(() => {
+ SettingsAPI.readCategory.mockResolvedValue({
+ data: mockJobSettings,
+ });
+ });
+
+ beforeEach(async () => {
+ await act(async () => {
+ wrapper = mountWithContexts(
+
+
+
+ );
+ });
+ await waitForElement(wrapper, 'ContentLoading', (el) => el.length === 0);
+ });
+
+ afterAll(() => {
+ jest.clearAllMocks();
+ });
+
+ test('initially renders without crashing', () => {
+ expect(wrapper.find('TroubleshootingDetail').length).toBe(1);
+ });
+
+ test('should render expected tabs', () => {
+ const expectedTabs = ['Back to Settings', 'Details'];
+ wrapper.find('RoutedTabs li').forEach((tab, index) => {
+ expect(tab.text()).toEqual(expectedTabs[index]);
+ });
+ });
+
+ test('should render expected details', () => {
+ assertDetail(wrapper, 'Job execution path', '/tmp');
+ assertDetail(wrapper, 'Run Project Updates With Higher Verbosity', 'Off');
+ assertDetail(wrapper, 'Enable Role Download', 'On');
+ assertDetail(wrapper, 'Enable Collection(s) Download', 'On');
+ assertDetail(wrapper, 'Follow symlinks', 'Off');
+ assertDetail(
+ wrapper,
+ 'Ignore Ansible Galaxy SSL Certificate Verification',
+ 'Off'
+ );
+ assertDetail(wrapper, 'Maximum Scheduled Jobs', '10');
+ assertDetail(wrapper, 'Default Job Timeout', '0 seconds');
+ assertDetail(wrapper, 'Default Job Idle Timeout', '0 seconds');
+ assertDetail(wrapper, 'Default Inventory Update Timeout', '0 seconds');
+ assertDetail(wrapper, 'Default Project Update Timeout', '0 seconds');
+ assertDetail(wrapper, 'Per-Host Ansible Fact Cache Timeout', '0 seconds');
+ assertDetail(wrapper, 'Maximum number of forks per job', '200');
+ assertDetail(wrapper, 'Expose host paths for Container Groups', 'Off');
+ assertVariableDetail(
+ wrapper,
+ 'Ansible Modules Allowed for Ad Hoc Jobs',
+ '[\n "command"\n]'
+ );
+ assertVariableDetail(wrapper, 'Paths to expose to isolated jobs', '[]');
+ assertVariableDetail(wrapper, 'Extra Environment Variables', '{}');
+ assertVariableDetail(wrapper, 'Ansible Callback Plugins', '[]');
+ });
+
+ test('should hide edit button from non-superusers', async () => {
+ const config = {
+ me: {
+ is_superuser: false,
+ },
+ };
+ await act(async () => {
+ wrapper = mountWithContexts(
+
+
+ ,
+ {
+ context: { config },
+ }
+ );
+ });
+ await waitForElement(wrapper, 'ContentLoading', (el) => el.length === 0);
+ expect(wrapper.find('Button[aria-label="Edit"]').exists()).toBeFalsy();
+ });
+
+ test('should display content error when api throws error on initial render', async () => {
+ SettingsAPI.readCategory.mockRejectedValue(new Error());
+ await act(async () => {
+ wrapper = mountWithContexts(
+
+
+
+ );
+ });
+ await waitForElement(wrapper, 'ContentLoading', (el) => el.length === 0);
+ expect(wrapper.find('ContentError').length).toBe(1);
+ });
+});
diff --git a/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingDetail/index.js b/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingDetail/index.js
new file mode 100644
index 0000000000..574ad27a7f
--- /dev/null
+++ b/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingDetail/index.js
@@ -0,0 +1 @@
+export { default } from './TroubleshootingDetail';
diff --git a/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingEdit/TroubleshootingEdit.js b/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingEdit/TroubleshootingEdit.js
new file mode 100644
index 0000000000..1ff860d329
--- /dev/null
+++ b/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingEdit/TroubleshootingEdit.js
@@ -0,0 +1,142 @@
+import React, { useCallback, useEffect } from 'react';
+import { useHistory } from 'react-router-dom';
+import { Formik } from 'formik';
+import { Form } from '@patternfly/react-core';
+import { CardBody } from 'components/Card';
+import ContentError from 'components/ContentError';
+import ContentLoading from 'components/ContentLoading';
+import { FormSubmitError } from 'components/FormField';
+import { FormColumnLayout } from 'components/FormLayout';
+import { useSettings } from 'contexts/Settings';
+import useModal from 'hooks/useModal';
+import useRequest from 'hooks/useRequest';
+import { SettingsAPI } from 'api';
+import {
+ BooleanField,
+ RevertAllAlert,
+ RevertFormActionGroup,
+} from '../../shared';
+
+function TroubleshootingEdit() {
+ const history = useHistory();
+ const { isModalOpen, toggleModal, closeModal } = useModal();
+ const { PUT: options } = useSettings();
+
+ const {
+ isLoading,
+ error,
+ request: fetchJobs,
+ result: debug,
+ } = useRequest(
+ useCallback(async () => {
+ const { data } = await SettingsAPI.readCategory('debug');
+ const { ...debugData } = data;
+ const mergedData = {};
+ Object.keys(debugData).forEach((key) => {
+ if (!options[key]) {
+ return;
+ }
+ mergedData[key] = options[key];
+ mergedData[key].value = debugData[key];
+ });
+
+ return mergedData;
+ }, [options]),
+ null
+ );
+
+ useEffect(() => {
+ fetchJobs();
+ }, [fetchJobs]);
+
+ const { error: submitError, request: submitForm } = useRequest(
+ useCallback(
+ async (values) => {
+ await SettingsAPI.updateAll(values);
+ history.push('/settings/troubleshooting/details');
+ },
+ [history]
+ ),
+ null
+ );
+
+ const { error: revertError, request: revertAll } = useRequest(
+ useCallback(async () => {
+ await SettingsAPI.revertCategory('debug');
+ }, []),
+ null
+ );
+
+ const handleSubmit = async (form) => {
+ await submitForm({
+ ...form,
+ });
+ };
+
+ const handleRevertAll = async () => {
+ await revertAll();
+
+ closeModal();
+
+ history.push('/settings/troubleshooting/details');
+ };
+
+ const handleCancel = () => {
+ history.push('/settings/troubleshooting/details');
+ };
+
+ const initialValues = (fields) =>
+ Object.keys(fields).reduce((acc, key) => {
+ if (fields[key].type === 'list' || fields[key].type === 'nested object') {
+ acc[key] = fields[key].value
+ ? JSON.stringify(fields[key].value, null, 2)
+ : null;
+ } else {
+ acc[key] = fields[key].value ?? '';
+ }
+ return acc;
+ }, {});
+ return (
+
+ {isLoading && }
+ {!isLoading && error && }
+ {!isLoading && debug && (
+
+ {(formik) => (
+
+ )}
+
+ )}
+
+ );
+}
+
+export default TroubleshootingEdit;
diff --git a/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingEdit/TroubleshootingEdit.test.js b/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingEdit/TroubleshootingEdit.test.js
new file mode 100644
index 0000000000..d42f6fd30a
--- /dev/null
+++ b/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingEdit/TroubleshootingEdit.test.js
@@ -0,0 +1,123 @@
+import React from 'react';
+import { act } from 'react-dom/test-utils';
+import { createMemoryHistory } from 'history';
+import { SettingsProvider } from 'contexts/Settings';
+import { SettingsAPI } from 'api';
+import {
+ mountWithContexts,
+ waitForElement,
+} from '../../../../../testUtils/enzymeHelpers';
+import mockAllOptions from '../../shared/data.allSettingOptions.json';
+import mockTroubleshootingSettings from './data.defaultTroubleshootingSettings.json';
+import TroubleshootingEdit from './TroubleshootingEdit';
+
+jest.mock('../../../../api');
+
+describe('', () => {
+ let wrapper;
+ let history;
+
+ beforeEach(() => {
+ SettingsAPI.revertCategory.mockResolvedValue({});
+ SettingsAPI.updateAll.mockResolvedValue({});
+ SettingsAPI.readCategory.mockResolvedValue({
+ data: mockTroubleshootingSettings,
+ });
+ });
+
+ afterEach(() => {
+ jest.clearAllMocks();
+ });
+
+ beforeEach(async () => {
+ history = createMemoryHistory({
+ initialEntries: ['/settings/troubleshooting/edit'],
+ });
+ await act(async () => {
+ wrapper = mountWithContexts(
+
+
+ ,
+ {
+ context: { router: { history } },
+ }
+ );
+ });
+ await waitForElement(wrapper, 'ContentLoading', (el) => el.length === 0);
+ });
+
+ test('initially renders without crashing', () => {
+ expect(wrapper.find('TroubleshootingEdit').length).toBe(1);
+ });
+
+ test('should successfully send default values to api on form revert all', async () => {
+ expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(0);
+ expect(wrapper.find('RevertAllAlert')).toHaveLength(0);
+ await act(async () => {
+ wrapper
+ .find('button[aria-label="Revert all to default"]')
+ .invoke('onClick')();
+ });
+ wrapper.update();
+ expect(wrapper.find('RevertAllAlert')).toHaveLength(1);
+ await act(async () => {
+ wrapper
+ .find('RevertAllAlert button[aria-label="Confirm revert all"]')
+ .invoke('onClick')();
+ });
+ wrapper.update();
+ expect(SettingsAPI.revertCategory).toHaveBeenCalledTimes(1);
+ expect(SettingsAPI.revertCategory).toHaveBeenCalledWith('debug');
+ });
+
+ test('should successfully send request to api on form submission', async () => {
+ expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(0);
+ await act(async () => {
+ wrapper.find('Form').invoke('onSubmit')();
+ });
+ expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1);
+ const { ...troubleshootingRequest } = mockTroubleshootingSettings;
+ expect(SettingsAPI.updateAll).toHaveBeenCalledWith(troubleshootingRequest);
+ });
+
+ test('should display error message on unsuccessful submission', async () => {
+ const error = {
+ response: {
+ data: { detail: 'An error occurred' },
+ },
+ };
+ SettingsAPI.updateAll.mockImplementation(() => Promise.reject(error));
+ expect(wrapper.find('FormSubmitError').length).toBe(0);
+ expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(0);
+ await act(async () => {
+ wrapper.find('Form').invoke('onSubmit')();
+ });
+ wrapper.update();
+ expect(wrapper.find('FormSubmitError').length).toBe(1);
+ expect(SettingsAPI.updateAll).toHaveBeenCalledTimes(1);
+ });
+
+ test('should navigate to troubleshooting settings detail when cancel is clicked', async () => {
+ await act(async () => {
+ wrapper.find('button[aria-label="Cancel"]').invoke('onClick')();
+ });
+ expect(history.location.pathname).toEqual(
+ '/settings/troubleshooting/details'
+ );
+ });
+
+ test('should display ContentError on throw', async () => {
+ SettingsAPI.readCategory.mockImplementationOnce(() =>
+ Promise.reject(new Error())
+ );
+ await act(async () => {
+ wrapper = mountWithContexts(
+
+
+
+ );
+ });
+ await waitForElement(wrapper, 'ContentLoading', (el) => el.length === 0);
+ expect(wrapper.find('ContentError').length).toBe(1);
+ });
+});
diff --git a/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingEdit/data.defaultTroubleshootingSettings.json b/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingEdit/data.defaultTroubleshootingSettings.json
new file mode 100644
index 0000000000..2b5ac17003
--- /dev/null
+++ b/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingEdit/data.defaultTroubleshootingSettings.json
@@ -0,0 +1,5 @@
+{
+ "AWX_CLEANUP_PATHS": false,
+ "AWX_REQUEST_PROFILE": false,
+ "RECEPTOR_RELEASE_WORK": false
+}
\ No newline at end of file
diff --git a/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingEdit/index.js b/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingEdit/index.js
new file mode 100644
index 0000000000..47c1953b1d
--- /dev/null
+++ b/awx/ui/src/screens/Setting/Troubleshooting/TroubleshootingEdit/index.js
@@ -0,0 +1 @@
+export { default } from './TroubleshootingEdit';
diff --git a/awx/ui/src/screens/Setting/Troubleshooting/index.js b/awx/ui/src/screens/Setting/Troubleshooting/index.js
new file mode 100644
index 0000000000..21a71e02e4
--- /dev/null
+++ b/awx/ui/src/screens/Setting/Troubleshooting/index.js
@@ -0,0 +1 @@
+export { default } from './Troubleshooting';
diff --git a/awx/ui/src/screens/Setting/shared/data.allSettingOptions.json b/awx/ui/src/screens/Setting/shared/data.allSettingOptions.json
index cc6352befc..504158d042 100644
--- a/awx/ui/src/screens/Setting/shared/data.allSettingOptions.json
+++ b/awx/ui/src/screens/Setting/shared/data.allSettingOptions.json
@@ -1,6799 +1,7573 @@
{
"name": "Setting Detail",
"actions": {
- "PUT": {
- "ACTIVITY_STREAM_ENABLED": {
- "type": "boolean",
- "required": true,
- "label": "Enable Activity Stream",
- "help_text": "Enable capturing activity for the activity stream.",
- "category": "System",
- "category_slug": "system",
- "default": true
- },
- "ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC": {
- "type": "boolean",
- "required": true,
- "label": "Enable Activity Stream for Inventory Sync",
- "help_text": "Enable capturing activity for the activity stream when running inventory sync.",
- "category": "System",
- "category_slug": "system",
- "default": false
- },
- "ORG_ADMINS_CAN_SEE_ALL_USERS": {
- "type": "boolean",
- "required": true,
- "label": "All Users Visible to Organization Admins",
- "help_text": "Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.",
- "category": "System",
- "category_slug": "system",
- "default": true
- },
- "MANAGE_ORGANIZATION_AUTH": {
- "type": "boolean",
- "required": true,
- "label": "Organization Admins Can Manage Users and Teams",
- "help_text": "Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration.",
- "category": "System",
- "category_slug": "system",
- "default": true
- },
- "TOWER_URL_BASE": {
- "type": "string",
- "required": true,
- "label": "Base URL of the service",
- "help_text": "This setting is used by services like notifications to render a valid url to the service.",
- "category": "System",
- "category_slug": "system",
- "default": "https://localhost:8043"
- },
- "REMOTE_HOST_HEADERS": {
- "type": "list",
- "required": true,
- "label": "Remote Host Headers",
- "help_text": "HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as \"HTTP_X_FORWARDED_FOR\", if behind a reverse proxy. See the \"Proxy Support\" section of the AAP Installation guide for more details.",
- "category": "System",
- "category_slug": "system",
- "default": ["REMOTE_ADDR", "REMOTE_HOST"],
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- },
- "PROXY_IP_ALLOWED_LIST": {
- "type": "list",
- "required": true,
- "label": "Proxy IP Allowed List",
- "help_text": "If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')",
- "category": "System",
- "category_slug": "system",
- "default": [],
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- },
- "REDHAT_USERNAME": {
- "type": "string",
- "required": false,
- "label": "Red Hat customer username",
- "help_text": "This username is used to send data to Automation Analytics",
- "category": "System",
- "category_slug": "system",
- "default": ""
- },
- "REDHAT_PASSWORD": {
- "type": "string",
- "required": false,
- "label": "Red Hat customer password",
- "help_text": "This password is used to send data to Automation Analytics",
- "category": "System",
- "category_slug": "system",
- "default": ""
- },
- "SUBSCRIPTIONS_USERNAME": {
- "type": "string",
- "required": false,
- "label": "Red Hat or Satellite username",
- "help_text": "This username is used to retrieve subscription and content information",
- "category": "System",
- "category_slug": "system",
- "default": ""
- },
- "SUBSCRIPTIONS_PASSWORD": {
- "type": "string",
- "required": false,
- "label": "Red Hat or Satellite password",
- "help_text": "This password is used to retrieve subscription and content information",
- "category": "System",
- "category_slug": "system",
- "default": ""
- },
- "AUTOMATION_ANALYTICS_URL": {
- "type": "string",
- "required": false,
- "label": "Automation Analytics upload URL",
- "help_text": "This setting is used to to configure the upload URL for data collection for Automation Analytics.",
- "category": "System",
- "category_slug": "system",
- "default": "https://example.com"
- },
- "DEFAULT_EXECUTION_ENVIRONMENT": {
- "type": "field",
- "required": false,
- "label": "Global default execution environment",
- "help_text": "The Execution Environment to be used when one has not been configured for a job template.",
- "category": "System",
- "category_slug": "system",
- "default": null
- },
- "CUSTOM_VENV_PATHS": {
- "type": "list",
- "required": false,
- "label": "Custom virtual environment paths",
- "help_text": "Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.",
- "category": "System",
- "category_slug": "system",
- "default": [],
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- },
- "AD_HOC_COMMANDS": {
- "type": "list",
- "required": false,
- "label": "Ansible Modules Allowed for Ad Hoc Jobs",
- "help_text": "List of modules allowed to be used by ad-hoc jobs.",
- "category": "Jobs",
- "category_slug": "jobs",
- "default": [
- "command",
- "shell",
- "yum",
- "apt",
- "apt_key",
- "apt_repository",
- "apt_rpm",
- "service",
- "group",
- "user",
- "mount",
- "ping",
- "selinux",
- "setup",
- "win_ping",
- "win_service",
- "win_updates",
- "win_group",
- "win_user"
- ],
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- },
- "ALLOW_JINJA_IN_EXTRA_VARS": {
- "type": "choice",
- "required": true,
- "label": "When can extra variables contain Jinja templates?",
- "help_text": "Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python. It is recommended that this value be set to \"template\" or \"never\".",
- "category": "Jobs",
- "category_slug": "jobs",
- "default": "template",
- "choices": [
- ["always", "Always"],
- ["never", "Never"],
- ["template", "Only On Job Template Definitions"]
- ]
- },
- "AWX_ISOLATION_BASE_PATH": {
- "type": "string",
- "required": true,
- "label": "Job execution path",
- "help_text": "The directory in which the service will create new temporary directories for job execution and isolation (such as credential files).",
- "category": "Jobs",
- "category_slug": "jobs",
- "default": "/tmp"
- },
- "AWX_ISOLATION_SHOW_PATHS": {
- "type": "list",
- "required": false,
- "label": "Paths to expose to isolated jobs",
- "help_text": "List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]]. ",
- "category": "Jobs",
- "category_slug": "jobs",
- "default": [],
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- },
- "AWX_TASK_ENV": {
- "type": "nested object",
- "required": false,
- "label": "Extra Environment Variables",
- "help_text": "Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.",
- "category": "Jobs",
- "category_slug": "jobs",
- "placeholder": {
- "HTTP_PROXY": "myproxy.local:8080"
- },
- "default": {},
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- },
- "AWX_RUNNER_KEEPALIVE_SECONDS": {
- "type": "integer",
- "required": true,
- "label": "K8S Ansible Runner Keep-Alive Message Interval",
- "help_text": "Only applies to jobs running in a Container Group. If not 0, send a message every so-many seconds to keep connection open.",
- "category": "Jobs",
- "category_slug": "jobs",
- "placeholder": 240,
- "default": 0
- },
- "GALAXY_TASK_ENV": {
- "type": "nested object",
- "required": true,
- "label": "Environment Variables for Galaxy Commands",
- "help_text": "Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.",
- "category": "Jobs",
- "category_slug": "jobs",
- "placeholder": {
- "HTTP_PROXY": "myproxy.local:8080"
- },
- "default": {
- "ANSIBLE_FORCE_COLOR": "false",
- "GIT_SSH_COMMAND": "ssh -o StrictHostKeyChecking=no"
- },
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- },
- "INSIGHTS_TRACKING_STATE": {
- "type": "boolean",
- "required": false,
- "label": "Gather data for Automation Analytics",
- "help_text": "Enables the service to gather data on automation and send it to Automation Analytics.",
- "category": "System",
- "category_slug": "system",
- "default": false
- },
- "PROJECT_UPDATE_VVV": {
- "type": "boolean",
- "required": true,
- "label": "Run Project Updates With Higher Verbosity",
- "help_text": "Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates.",
- "category": "Jobs",
- "category_slug": "jobs",
- "default": false
- },
- "AWX_ROLES_ENABLED": {
- "type": "boolean",
- "required": false,
- "label": "Enable Role Download",
- "help_text": "Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects.",
- "category": "Jobs",
- "category_slug": "jobs",
- "default": true
- },
- "AWX_COLLECTIONS_ENABLED": {
- "type": "boolean",
- "required": false,
- "label": "Enable Collection(s) Download",
- "help_text": "Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects.",
- "category": "Jobs",
- "category_slug": "jobs",
- "default": true
- },
- "AWX_SHOW_PLAYBOOK_LINKS": {
- "type": "boolean",
- "required": false,
- "label": "Follow symlinks",
- "help_text": "Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself.",
- "category": "Jobs",
- "category_slug": "jobs",
- "default": false
- },
- "AWX_MOUNT_ISOLATED_PATHS_ON_K8S": {
- "type": "boolean",
- "required": false,
- "label": "Expose host paths for Container Groups",
- "help_text": "Expose paths via hostPath for the Pods created by a Container Group. HostPath volumes present many security risks, and it is a best practice to avoid the use of HostPaths when possible. ",
- "category": "Jobs",
- "category_slug": "jobs",
- "default": false
- },
- "GALAXY_IGNORE_CERTS": {
- "type": "boolean",
- "required": false,
- "label": "Ignore Ansible Galaxy SSL Certificate Verification",
- "help_text": "If set to true, certificate validation will not be done when installing content from any Galaxy server.",
- "category": "Jobs",
- "category_slug": "jobs",
- "default": false
- },
- "STDOUT_MAX_BYTES_DISPLAY": {
- "type": "integer",
- "required": true,
- "label": "Standard Output Maximum Display Size",
- "help_text": "Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.",
- "min_value": 0,
- "category": "Jobs",
- "category_slug": "jobs",
- "default": 1048576
- },
- "EVENT_STDOUT_MAX_BYTES_DISPLAY": {
- "type": "integer",
- "required": true,
- "label": "Job Event Standard Output Maximum Display Size",
- "help_text": "Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. `stdout` will end with `…` when truncated.",
- "min_value": 0,
- "category": "Jobs",
- "category_slug": "jobs",
- "default": 1024
- },
- "MAX_WEBSOCKET_EVENT_RATE": {
- "type": "integer",
- "required": false,
- "label": "Job Event Maximum Websocket Messages Per Second",
- "help_text": "Maximum number of messages to update the UI live job output with per second. Value of 0 means no limit.",
- "min_value": 0,
- "category": "Jobs",
- "category_slug": "jobs",
- "default": 30
- },
- "SCHEDULE_MAX_JOBS": {
- "type": "integer",
- "required": true,
- "label": "Maximum Scheduled Jobs",
- "help_text": "Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.",
- "min_value": 1,
- "category": "Jobs",
- "category_slug": "jobs",
- "default": 10
- },
- "AWX_ANSIBLE_CALLBACK_PLUGINS": {
- "type": "list",
- "required": false,
- "label": "Ansible Callback Plugins",
- "help_text": "List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.",
- "category": "Jobs",
- "category_slug": "jobs",
- "default": [],
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- },
- "DEFAULT_JOB_TIMEOUT": {
- "type": "integer",
- "required": false,
- "label": "Default Job Timeout",
- "help_text": "Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this.",
- "min_value": 0,
- "category": "Jobs",
- "category_slug": "jobs",
- "unit": "seconds",
- "default": 0
- },
- "DEFAULT_JOB_IDLE_TIMEOUT": {
- "type": "integer",
- "required": false,
- "label": "Default Job Idle Timeout",
- "help_text": "If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to indicate that no idle timeout should be imposed.",
- "min_value": 0,
- "category": "Jobs",
- "category_slug": "jobs",
- "unit": "seconds",
- "default": 0
- },
- "DEFAULT_INVENTORY_UPDATE_TIMEOUT": {
- "type": "integer",
- "required": false,
- "label": "Default Inventory Update Timeout",
- "help_text": "Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this.",
- "min_value": 0,
- "category": "Jobs",
- "category_slug": "jobs",
- "unit": "seconds",
- "default": 0
- },
- "DEFAULT_PROJECT_UPDATE_TIMEOUT": {
- "type": "integer",
- "required": false,
- "label": "Default Project Update Timeout",
- "help_text": "Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this.",
- "min_value": 0,
- "category": "Jobs",
- "category_slug": "jobs",
- "unit": "seconds",
- "default": 0
- },
- "ANSIBLE_FACT_CACHE_TIMEOUT": {
- "type": "integer",
- "required": false,
- "label": "Per-Host Ansible Fact Cache Timeout",
- "help_text": "Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed.",
- "min_value": 0,
- "category": "Jobs",
- "category_slug": "jobs",
- "unit": "seconds",
- "default": 0
- },
- "MAX_FORKS": {
- "type": "integer",
- "required": false,
- "label": "Maximum number of forks per job",
- "help_text": "Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.",
- "category": "Jobs",
- "category_slug": "jobs",
- "default": 200
- },
- "LOG_AGGREGATOR_HOST": {
- "type": "string",
- "required": false,
- "label": "Logging Aggregator",
- "help_text": "Hostname/IP where external logs will be sent to.",
- "category": "Logging",
- "category_slug": "logging",
- "default": null
- },
- "LOG_AGGREGATOR_PORT": {
- "type": "integer",
- "required": false,
- "label": "Logging Aggregator Port",
- "help_text": "Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).",
- "category": "Logging",
- "category_slug": "logging",
- "default": null
- },
- "LOG_AGGREGATOR_TYPE": {
- "type": "choice",
- "required": false,
- "label": "Logging Aggregator Type",
- "help_text": "Format messages for the chosen log aggregator.",
- "category": "Logging",
- "category_slug": "logging",
- "default": null,
- "choices": [
- [null, "---------"],
- ["logstash", "logstash"],
- ["splunk", "splunk"],
- ["loggly", "loggly"],
- ["sumologic", "sumologic"],
- ["other", "other"]
- ]
- },
- "LOG_AGGREGATOR_USERNAME": {
- "type": "string",
- "required": false,
- "label": "Logging Aggregator Username",
- "help_text": "Username for external log aggregator (if required; HTTP/s only).",
- "category": "Logging",
- "category_slug": "logging",
- "default": ""
- },
- "LOG_AGGREGATOR_PASSWORD": {
- "type": "string",
- "required": false,
- "label": "Logging Aggregator Password/Token",
- "help_text": "Password or authentication token for external log aggregator (if required; HTTP/s only).",
- "category": "Logging",
- "category_slug": "logging",
- "default": ""
- },
- "LOG_AGGREGATOR_LOGGERS": {
- "type": "list",
- "required": false,
- "label": "Loggers Sending Data to Log Aggregator Form",
- "help_text": "List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs\nbroadcast_websocket - errors pertaining to websockets broadcast metrics\n",
- "category": "Logging",
- "category_slug": "logging",
- "default": [
- "awx",
- "activity_stream",
- "job_events",
- "system_tracking",
- "broadcast_websocket"
- ],
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- },
- "LOG_AGGREGATOR_INDIVIDUAL_FACTS": {
- "type": "boolean",
- "required": false,
- "label": "Log System Tracking Facts Individually",
- "help_text": "If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing.",
- "category": "Logging",
- "category_slug": "logging",
- "default": false
- },
- "LOG_AGGREGATOR_ENABLED": {
- "type": "boolean",
- "required": false,
- "label": "Enable External Logging",
- "help_text": "Enable sending logs to external log aggregator.",
- "category": "Logging",
- "category_slug": "logging",
- "default": false
- },
- "LOG_AGGREGATOR_TOWER_UUID": {
- "type": "string",
- "required": false,
- "label": "Cluster-wide unique identifier.",
- "help_text": "Useful to uniquely identify instances.",
- "category": "Logging",
- "category_slug": "logging",
- "default": ""
- },
- "LOG_AGGREGATOR_PROTOCOL": {
- "type": "choice",
- "required": false,
- "label": "Logging Aggregator Protocol",
- "help_text": "Protocol used to communicate with log aggregator. HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname.",
- "category": "Logging",
- "category_slug": "logging",
- "default": "https",
- "choices": [
- ["https", "HTTPS/HTTP"],
- ["tcp", "TCP"],
- ["udp", "UDP"]
- ]
- },
- "LOG_AGGREGATOR_TCP_TIMEOUT": {
- "type": "integer",
- "required": false,
- "label": "TCP Connection Timeout",
- "help_text": "Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.",
- "category": "Logging",
- "category_slug": "logging",
- "unit": "seconds",
- "default": 5
- },
- "LOG_AGGREGATOR_VERIFY_CERT": {
- "type": "boolean",
- "required": false,
- "label": "Enable/disable HTTPS certificate verification",
- "help_text": "Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is \"https\". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection.",
- "category": "Logging",
- "category_slug": "logging",
- "default": true
- },
- "LOG_AGGREGATOR_LEVEL": {
- "type": "choice",
- "required": false,
- "label": "Logging Aggregator Level Threshold",
- "help_text": "Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting)",
- "category": "Logging",
- "category_slug": "logging",
- "default": "INFO",
- "choices": [
- ["DEBUG", "DEBUG"],
- ["INFO", "INFO"],
- ["WARNING", "WARNING"],
- ["ERROR", "ERROR"],
- ["CRITICAL", "CRITICAL"]
- ]
- },
- "LOG_AGGREGATOR_MAX_DISK_USAGE_GB": {
- "type": "integer",
- "required": false,
- "label": "Maximum disk persistence for external log aggregation (in GB)",
- "help_text": "Amount of data to store (in gigabytes) during an outage of the external log aggregator (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting for main_queue. Notably, this is used for the rsyslogd main queue (for input messages).",
- "min_value": 1,
- "category": "Logging",
- "category_slug": "logging",
- "default": 1
- },
- "LOG_AGGREGATOR_ACTION_MAX_DISK_USAGE_GB": {
- "type": "integer",
- "required": false,
- "label": "Maximum disk persistence for rsyslogd action queuing (in GB)",
- "help_text": "Amount of data to store (in gigabytes) if an rsyslog action takes time to process an incoming message (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting on the action (e.g. omhttp). Like LOG_AGGREGATOR_MAX_DISK_USAGE_GB, it stores files in the directory specified by LOG_AGGREGATOR_MAX_DISK_USAGE_PATH.",
- "min_value": 1,
- "category": "Logging",
- "category_slug": "logging",
- "default": 1
- },
- "LOG_AGGREGATOR_MAX_DISK_USAGE_PATH": {
- "type": "string",
- "required": false,
- "label": "File system location for rsyslogd disk persistence",
- "help_text": "Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting.",
- "category": "Logging",
- "category_slug": "logging",
- "default": "/var/lib/awx"
- },
- "LOG_AGGREGATOR_RSYSLOGD_DEBUG": {
- "type": "boolean",
- "required": false,
- "label": "Enable rsyslogd debugging",
- "help_text": "Enabled high verbosity debugging for rsyslogd. Useful for debugging connection issues for external log aggregation.",
- "category": "Logging",
- "category_slug": "logging",
- "default": false
- },
- "API_400_ERROR_LOG_FORMAT": {
- "type": "string",
- "required": false,
- "label": "Log Format For API 4XX Errors",
- "help_text": "The format of logged messages when an API 4XX error occurs, the following variables will be substituted: \nstatus_code - The HTTP status code of the error\nuser_name - The user name attempting to use the API\nurl_path - The URL path to the API endpoint called\nremote_addr - The remote address seen for the user\nerror - The error set by the api endpoint\nVariables need to be in the format {}.",
- "category": "Logging",
- "category_slug": "logging",
- "default": "status {status_code} received by user {user_name} attempting to access {url_path} from {remote_addr}"
- },
- "AUTOMATION_ANALYTICS_LAST_GATHER": {
- "type": "datetime",
- "required": true,
- "label": "Last gather date for Automation Analytics.",
- "category": "System",
- "category_slug": "system",
- "default": null
- },
- "AUTOMATION_ANALYTICS_LAST_ENTRIES": {
- "type": "string",
- "required": false,
- "label": "Last gathered entries from the data collection service of Automation Analytics",
- "category": "System",
- "category_slug": "system",
- "default": ""
- },
- "AUTOMATION_ANALYTICS_GATHER_INTERVAL": {
- "type": "integer",
- "required": false,
- "label": "Automation Analytics Gather Interval",
- "help_text": "Interval (in seconds) between data gathering.",
- "min_value": 1800,
- "category": "System",
- "category_slug": "system",
- "unit": "seconds",
- "default": 14400
- },
- "BULK_JOB_MAX_LAUNCH": {
- "type": "integer",
- "required": false,
- "label": "Max jobs to allow bulk jobs to launch",
- "help_text": "Max jobs to allow bulk jobs to launch",
- "category": "Bulk Actions",
- "category_slug": "bulk",
- "default": 100
- },
- "BULK_HOST_MAX_CREATE": {
- "type": "integer",
- "required": false,
- "label": "Max number of hosts to allow to be created in a single bulk action",
- "help_text": "Max number of hosts to allow to be created in a single bulk action",
- "category": "Bulk Actions",
- "category_slug": "bulk",
- "default": 100
- },
- "UI_NEXT": {
- "type": "boolean",
- "required": false,
- "label": "Enable Preview of New User Interface",
- "help_text": "Enable preview of new user interface.",
- "category": "System",
- "category_slug": "system",
- "default": true
- },
- "SUBSCRIPTION_USAGE_MODEL": {
- "type": "choice",
- "required": false,
- "label": "Defines subscription usage model and shows Host Metrics",
- "category": "System",
- "category_slug": "system",
- "default": "",
- "choices": [
- [
- "",
- "Default model for AWX - no subscription. Deletion of host_metrics will not be considered for purposes of managed host counting"
- ],
- [
- "unique_managed_hosts",
- "Usage based on unique managed nodes in a large historical time frame and delete functionality for no longer used managed nodes"
- ]
- ]
- },
- "SESSION_COOKIE_AGE": {
- "type": "integer",
- "required": true,
- "label": "Idle Time Force Log Out",
- "help_text": "Number of seconds that a user is inactive before they will need to login again.",
- "min_value": 60,
- "max_value": 30000000000,
- "category": "Authentication",
- "category_slug": "authentication",
- "unit": "seconds",
- "default": 1800
- },
- "SESSIONS_PER_USER": {
- "type": "integer",
- "required": true,
- "label": "Maximum number of simultaneous logged in sessions",
- "help_text": "Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.",
- "min_value": -1,
- "category": "Authentication",
- "category_slug": "authentication",
- "default": -1
- },
- "DISABLE_LOCAL_AUTH": {
- "type": "boolean",
- "required": true,
- "label": "Disable the built-in authentication system",
- "help_text": "Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration.",
- "category": "Authentication",
- "category_slug": "authentication",
- "default": false
- },
- "AUTH_BASIC_ENABLED": {
- "type": "boolean",
- "required": true,
- "label": "Enable HTTP Basic Auth",
- "help_text": "Enable HTTP Basic Auth for the API Browser.",
- "category": "Authentication",
- "category_slug": "authentication",
- "default": true
- },
- "OAUTH2_PROVIDER": {
- "type": "nested object",
- "required": false,
- "label": "OAuth 2 Timeout Settings",
- "help_text": "Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.",
- "category": "Authentication",
- "category_slug": "authentication",
- "unit": "seconds",
- "default": {
- "ACCESS_TOKEN_EXPIRE_SECONDS": 31536000000,
- "AUTHORIZATION_CODE_EXPIRE_SECONDS": 600,
- "REFRESH_TOKEN_EXPIRE_SECONDS": 2628000
- },
- "child": {
- "type": "integer",
- "required": true,
- "read_only": false,
- "min_value": 1
- }
- },
- "ALLOW_OAUTH2_FOR_EXTERNAL_USERS": {
- "type": "boolean",
- "required": false,
- "label": "Allow External Users to Create OAuth2 Tokens",
- "help_text": "For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off.",
- "category": "Authentication",
- "category_slug": "authentication",
- "default": false
- },
- "LOGIN_REDIRECT_OVERRIDE": {
- "type": "string",
- "required": false,
- "label": "Login redirect override URL",
- "help_text": "URL to which unauthorized users will be redirected to log in. If blank, users will be sent to the login page.",
- "category": "Authentication",
- "category_slug": "authentication",
- "default": ""
- },
- "PENDO_TRACKING_STATE": {
- "type": "choice",
- "required": true,
- "label": "User Analytics Tracking State",
- "help_text": "Enable or Disable User Analytics Tracking.",
- "category": "UI",
- "category_slug": "ui",
- "default": "off",
- "choices": [
- ["off", "Off"],
- ["anonymous", "Anonymous"],
- ["detailed", "Detailed"]
- ]
- },
- "ALLOW_METRICS_FOR_ANONYMOUS_USERS": {
- "type": "boolean",
- "required": false,
- "label": "Allow anonymous users to poll metrics",
- "help_text": "If true, anonymous users are allowed to poll metrics.",
- "category": "Authentication",
- "category_slug": "authentication",
- "default": false
- },
- "CUSTOM_LOGIN_INFO": {
- "type": "string",
- "required": false,
- "label": "Custom Login Info",
- "help_text": "If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported.",
- "category": "UI",
- "category_slug": "ui",
- "default": ""
- },
- "CUSTOM_LOGO": {
- "type": "string",
- "required": false,
- "label": "Custom Logo",
- "help_text": "To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported.",
- "category": "UI",
- "category_slug": "ui",
- "placeholder": "data:image/gif;base64,R0lGODlhAQABAIABAP///wAAACwAAAAAAQABAAACAkQBADs=",
- "default": ""
- },
- "MAX_UI_JOB_EVENTS": {
- "type": "integer",
- "required": true,
- "label": "Max Job Events Retrieved by UI",
- "help_text": "Maximum number of job events for the UI to retrieve within a single request.",
- "min_value": 100,
- "category": "UI",
- "category_slug": "ui",
- "default": 4000
- },
- "UI_LIVE_UPDATES_ENABLED": {
- "type": "boolean",
- "required": true,
- "label": "Enable Live Updates in the UI",
- "help_text": "If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details.",
- "category": "UI",
- "category_slug": "ui",
- "default": true
- },
- "SOCIAL_AUTH_ORGANIZATION_MAP": {
- "type": "nested object",
- "required": false,
- "label": "Social Auth Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "Authentication",
- "category_slug": "authentication",
- "placeholder": {
- "Default": {
- "users": true
+ "PUT": {
+ "ACTIVITY_STREAM_ENABLED": {
+ "type": "boolean",
+ "required": true,
+ "label": "Enable Activity Stream",
+ "help_text": "Enable capturing activity for the activity stream.",
+ "category": "System",
+ "category_slug": "system",
+ "default": true
},
- "Test Org": {
- "admins": ["admin@example.com"],
- "auditors": ["auditor@example.com"],
- "users": true
+ "ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC": {
+ "type": "boolean",
+ "required": true,
+ "label": "Enable Activity Stream for Inventory Sync",
+ "help_text": "Enable capturing activity for the activity stream when running inventory sync.",
+ "category": "System",
+ "category_slug": "system",
+ "default": false
},
- "Test Org 2": {
- "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"],
- "remove_admins": true,
- "users": "/^[^@].*?@example\\.com$/i",
- "remove_users": true
- }
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
+ "ORG_ADMINS_CAN_SEE_ALL_USERS": {
+ "type": "boolean",
+ "required": true,
+ "label": "All Users Visible to Organization Admins",
+ "help_text": "Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.",
+ "category": "System",
+ "category_slug": "system",
+ "default": true
+ },
+ "MANAGE_ORGANIZATION_AUTH": {
+ "type": "boolean",
+ "required": true,
+ "label": "Organization Admins Can Manage Users and Teams",
+ "help_text": "Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration.",
+ "category": "System",
+ "category_slug": "system",
+ "default": true
+ },
+ "TOWER_URL_BASE": {
+ "type": "string",
+ "required": true,
+ "label": "Base URL of the service",
+ "help_text": "This setting is used by services like notifications to render a valid url to the service.",
+ "category": "System",
+ "category_slug": "system",
+ "default": "https://localhost:8043"
+ },
+ "REMOTE_HOST_HEADERS": {
+ "type": "list",
+ "required": true,
+ "label": "Remote Host Headers",
+ "help_text": "HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as \"HTTP_X_FORWARDED_FOR\", if behind a reverse proxy. See the \"Proxy Support\" section of the AAP Installation guide for more details.",
+ "category": "System",
+ "category_slug": "system",
+ "default": [
+ "REMOTE_ADDR",
+ "REMOTE_HOST"
+ ],
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "PROXY_IP_ALLOWED_LIST": {
+ "type": "list",
+ "required": true,
+ "label": "Proxy IP Allowed List",
+ "help_text": "If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')",
+ "category": "System",
+ "category_slug": "system",
+ "default": [],
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "REDHAT_USERNAME": {
+ "type": "string",
+ "required": false,
+ "label": "Red Hat customer username",
+ "help_text": "This username is used to send data to Automation Analytics",
+ "category": "System",
+ "category_slug": "system",
+ "default": ""
+ },
+ "REDHAT_PASSWORD": {
+ "type": "string",
+ "required": false,
+ "label": "Red Hat customer password",
+ "help_text": "This password is used to send data to Automation Analytics",
+ "category": "System",
+ "category_slug": "system",
+ "default": ""
+ },
+ "SUBSCRIPTIONS_USERNAME": {
+ "type": "string",
+ "required": false,
+ "label": "Red Hat or Satellite username",
+ "help_text": "This username is used to retrieve subscription and content information",
+ "category": "System",
+ "category_slug": "system",
+ "default": ""
+ },
+ "SUBSCRIPTIONS_PASSWORD": {
+ "type": "string",
+ "required": false,
+ "label": "Red Hat or Satellite password",
+ "help_text": "This password is used to retrieve subscription and content information",
+ "category": "System",
+ "category_slug": "system",
+ "default": ""
+ },
+ "AUTOMATION_ANALYTICS_URL": {
+ "type": "string",
+ "required": false,
+ "label": "Automation Analytics upload URL",
+ "help_text": "This setting is used to to configure the upload URL for data collection for Automation Analytics.",
+ "category": "System",
+ "category_slug": "system",
+ "default": "https://example.com"
+ },
+ "DEFAULT_EXECUTION_ENVIRONMENT": {
+ "type": "field",
+ "required": false,
+ "label": "Global default execution environment",
+ "help_text": "The Execution Environment to be used when one has not been configured for a job template.",
+ "category": "System",
+ "category_slug": "system",
+ "default": null
+ },
+ "CUSTOM_VENV_PATHS": {
+ "type": "list",
+ "required": false,
+ "label": "Custom virtual environment paths",
+ "help_text": "Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.",
+ "category": "System",
+ "category_slug": "system",
+ "default": [],
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AD_HOC_COMMANDS": {
+ "type": "list",
+ "required": false,
+ "label": "Ansible Modules Allowed for Ad Hoc Jobs",
+ "help_text": "List of modules allowed to be used by ad-hoc jobs.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "default": [
+ "command",
+ "shell",
+ "yum",
+ "apt",
+ "apt_key",
+ "apt_repository",
+ "apt_rpm",
+ "service",
+ "group",
+ "user",
+ "mount",
+ "ping",
+ "selinux",
+ "setup",
+ "win_ping",
+ "win_service",
+ "win_updates",
+ "win_group",
+ "win_user"
+ ],
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "ALLOW_JINJA_IN_EXTRA_VARS": {
+ "type": "choice",
+ "required": true,
+ "label": "When can extra variables contain Jinja templates?",
+ "help_text": "Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python. It is recommended that this value be set to \"template\" or \"never\".",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "default": "template",
+ "choices": [
+ [
+ "always",
+ "Always"
+ ],
+ [
+ "never",
+ "Never"
+ ],
+ [
+ "template",
+ "Only On Job Template Definitions"
+ ]
+ ]
+ },
+ "AWX_ISOLATION_BASE_PATH": {
+ "type": "string",
+ "required": true,
+ "label": "Job execution path",
+ "help_text": "The directory in which the service will create new temporary directories for job execution and isolation (such as credential files).",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "default": "/tmp"
+ },
+ "AWX_ISOLATION_SHOW_PATHS": {
+ "type": "list",
+ "required": false,
+ "label": "Paths to expose to isolated jobs",
+ "help_text": "List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]]. ",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "default": [],
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AWX_TASK_ENV": {
+ "type": "nested object",
+ "required": false,
+ "label": "Extra Environment Variables",
+ "help_text": "Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "placeholder": {
+ "HTTP_PROXY": "myproxy.local:8080"
+ },
+ "default": {},
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AWX_RUNNER_KEEPALIVE_SECONDS": {
+ "type": "integer",
+ "required": true,
+ "label": "K8S Ansible Runner Keep-Alive Message Interval",
+ "help_text": "Only applies to jobs running in a Container Group. If not 0, send a message every so-many seconds to keep connection open.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "placeholder": 240,
+ "default": 0
+ },
+ "GALAXY_TASK_ENV": {
+ "type": "nested object",
+ "required": true,
+ "label": "Environment Variables for Galaxy Commands",
+ "help_text": "Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "placeholder": {
+ "HTTP_PROXY": "myproxy.local:8080"
+ },
+ "default": {
+ "ANSIBLE_FORCE_COLOR": "false",
+ "GIT_SSH_COMMAND": "ssh -o StrictHostKeyChecking=no"
+ },
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "INSIGHTS_TRACKING_STATE": {
+ "type": "boolean",
+ "required": false,
+ "label": "Gather data for Automation Analytics",
+ "help_text": "Enables the service to gather data on automation and send it to Automation Analytics.",
+ "category": "System",
+ "category_slug": "system",
+ "default": false
+ },
+ "PROJECT_UPDATE_VVV": {
+ "type": "boolean",
+ "required": true,
+ "label": "Run Project Updates With Higher Verbosity",
+ "help_text": "Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "default": false
+ },
+ "AWX_ROLES_ENABLED": {
+ "type": "boolean",
+ "required": false,
+ "label": "Enable Role Download",
+ "help_text": "Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "default": true
+ },
+ "AWX_COLLECTIONS_ENABLED": {
+ "type": "boolean",
+ "required": false,
+ "label": "Enable Collection(s) Download",
+ "help_text": "Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "default": true
+ },
+ "AWX_SHOW_PLAYBOOK_LINKS": {
+ "type": "boolean",
+ "required": false,
+ "label": "Follow symlinks",
+ "help_text": "Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "default": false
+ },
+ "AWX_MOUNT_ISOLATED_PATHS_ON_K8S": {
+ "type": "boolean",
+ "required": false,
+ "label": "Expose host paths for Container Groups",
+ "help_text": "Expose paths via hostPath for the Pods created by a Container Group. HostPath volumes present many security risks, and it is a best practice to avoid the use of HostPaths when possible. ",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "default": false
+ },
+ "GALAXY_IGNORE_CERTS": {
+ "type": "boolean",
+ "required": false,
+ "label": "Ignore Ansible Galaxy SSL Certificate Verification",
+ "help_text": "If set to true, certificate validation will not be done when installing content from any Galaxy server.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "default": false
+ },
+ "STDOUT_MAX_BYTES_DISPLAY": {
+ "type": "integer",
+ "required": true,
+ "label": "Standard Output Maximum Display Size",
+ "help_text": "Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.",
+ "min_value": 0,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "default": 1048576
+ },
+ "EVENT_STDOUT_MAX_BYTES_DISPLAY": {
+ "type": "integer",
+ "required": true,
+ "label": "Job Event Standard Output Maximum Display Size",
+ "help_text": "Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. `stdout` will end with `…` when truncated.",
+ "min_value": 0,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "default": 1024
+ },
+ "MAX_WEBSOCKET_EVENT_RATE": {
+ "type": "integer",
+ "required": false,
+ "label": "Job Event Maximum Websocket Messages Per Second",
+ "help_text": "Maximum number of messages to update the UI live job output with per second. Value of 0 means no limit.",
+ "min_value": 0,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "default": 30
+ },
+ "SCHEDULE_MAX_JOBS": {
+ "type": "integer",
+ "required": true,
+ "label": "Maximum Scheduled Jobs",
+ "help_text": "Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.",
+ "min_value": 1,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "default": 10
+ },
+ "AWX_ANSIBLE_CALLBACK_PLUGINS": {
+ "type": "list",
+ "required": false,
+ "label": "Ansible Callback Plugins",
+ "help_text": "List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "default": [],
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "DEFAULT_JOB_TIMEOUT": {
+ "type": "integer",
+ "required": false,
+ "label": "Default Job Timeout",
+ "help_text": "Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this.",
+ "min_value": 0,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "unit": "seconds",
+ "default": 0
+ },
+ "DEFAULT_JOB_IDLE_TIMEOUT": {
+ "type": "integer",
+ "required": false,
+ "label": "Default Job Idle Timeout",
+ "help_text": "If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to indicate that no idle timeout should be imposed.",
+ "min_value": 0,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "unit": "seconds",
+ "default": 0
+ },
+ "DEFAULT_INVENTORY_UPDATE_TIMEOUT": {
+ "type": "integer",
+ "required": false,
+ "label": "Default Inventory Update Timeout",
+ "help_text": "Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this.",
+ "min_value": 0,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "unit": "seconds",
+ "default": 0
+ },
+ "DEFAULT_PROJECT_UPDATE_TIMEOUT": {
+ "type": "integer",
+ "required": false,
+ "label": "Default Project Update Timeout",
+ "help_text": "Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this.",
+ "min_value": 0,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "unit": "seconds",
+ "default": 0
+ },
+ "ANSIBLE_FACT_CACHE_TIMEOUT": {
+ "type": "integer",
+ "required": false,
+ "label": "Per-Host Ansible Fact Cache Timeout",
+ "help_text": "Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed.",
+ "min_value": 0,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "unit": "seconds",
+ "default": 0
+ },
+ "MAX_FORKS": {
+ "type": "integer",
+ "required": false,
+ "label": "Maximum number of forks per job",
+ "help_text": "Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "default": 200
+ },
+ "LOG_AGGREGATOR_HOST": {
+ "type": "string",
+ "required": false,
+ "label": "Logging Aggregator",
+ "help_text": "Hostname/IP where external logs will be sent to.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "default": null
+ },
+ "LOG_AGGREGATOR_PORT": {
+ "type": "integer",
+ "required": false,
+ "label": "Logging Aggregator Port",
+ "help_text": "Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).",
+ "category": "Logging",
+ "category_slug": "logging",
+ "default": null
+ },
+ "LOG_AGGREGATOR_TYPE": {
+ "type": "choice",
+ "required": false,
+ "label": "Logging Aggregator Type",
+ "help_text": "Format messages for the chosen log aggregator.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "default": null,
+ "choices": [
+ [
+ null,
+ "---------"
+ ],
+ [
+ "logstash",
+ "logstash"
+ ],
+ [
+ "splunk",
+ "splunk"
+ ],
+ [
+ "loggly",
+ "loggly"
+ ],
+ [
+ "sumologic",
+ "sumologic"
+ ],
+ [
+ "other",
+ "other"
+ ]
+ ]
+ },
+ "LOG_AGGREGATOR_USERNAME": {
+ "type": "string",
+ "required": false,
+ "label": "Logging Aggregator Username",
+ "help_text": "Username for external log aggregator (if required; HTTP/s only).",
+ "category": "Logging",
+ "category_slug": "logging",
+ "default": ""
+ },
+ "LOG_AGGREGATOR_PASSWORD": {
+ "type": "string",
+ "required": false,
+ "label": "Logging Aggregator Password/Token",
+ "help_text": "Password or authentication token for external log aggregator (if required; HTTP/s only).",
+ "category": "Logging",
+ "category_slug": "logging",
+ "default": ""
+ },
+ "LOG_AGGREGATOR_LOGGERS": {
+ "type": "list",
+ "required": false,
+ "label": "Loggers Sending Data to Log Aggregator Form",
+ "help_text": "List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs\nbroadcast_websocket - errors pertaining to websockets broadcast metrics\n",
+ "category": "Logging",
+ "category_slug": "logging",
+ "default": [
+ "awx",
+ "activity_stream",
+ "job_events",
+ "system_tracking",
+ "broadcast_websocket"
+ ],
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "LOG_AGGREGATOR_INDIVIDUAL_FACTS": {
+ "type": "boolean",
+ "required": false,
+ "label": "Log System Tracking Facts Individually",
+ "help_text": "If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "default": false
+ },
+ "LOG_AGGREGATOR_ENABLED": {
+ "type": "boolean",
+ "required": false,
+ "label": "Enable External Logging",
+ "help_text": "Enable sending logs to external log aggregator.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "default": false
+ },
+ "LOG_AGGREGATOR_TOWER_UUID": {
+ "type": "string",
+ "required": false,
+ "label": "Cluster-wide unique identifier.",
+ "help_text": "Useful to uniquely identify instances.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "default": ""
+ },
+ "LOG_AGGREGATOR_PROTOCOL": {
+ "type": "choice",
+ "required": false,
+ "label": "Logging Aggregator Protocol",
+ "help_text": "Protocol used to communicate with log aggregator. HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "default": "https",
+ "choices": [
+ [
+ "https",
+ "HTTPS/HTTP"
+ ],
+ [
+ "tcp",
+ "TCP"
+ ],
+ [
+ "udp",
+ "UDP"
+ ]
+ ]
+ },
+ "LOG_AGGREGATOR_TCP_TIMEOUT": {
+ "type": "integer",
+ "required": false,
+ "label": "TCP Connection Timeout",
+ "help_text": "Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "unit": "seconds",
+ "default": 5
+ },
+ "LOG_AGGREGATOR_VERIFY_CERT": {
+ "type": "boolean",
+ "required": false,
+ "label": "Enable/disable HTTPS certificate verification",
+ "help_text": "Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is \"https\". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "default": true
+ },
+ "LOG_AGGREGATOR_LEVEL": {
+ "type": "choice",
+ "required": false,
+ "label": "Logging Aggregator Level Threshold",
+ "help_text": "Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting)",
+ "category": "Logging",
+ "category_slug": "logging",
+ "default": "INFO",
+ "choices": [
+ [
+ "DEBUG",
+ "DEBUG"
+ ],
+ [
+ "INFO",
+ "INFO"
+ ],
+ [
+ "WARNING",
+ "WARNING"
+ ],
+ [
+ "ERROR",
+ "ERROR"
+ ],
+ [
+ "CRITICAL",
+ "CRITICAL"
+ ]
+ ]
+ },
+ "LOG_AGGREGATOR_MAX_DISK_USAGE_GB": {
+ "type": "integer",
+ "required": false,
+ "label": "Maximum disk persistence for external log aggregation (in GB)",
+ "help_text": "Amount of data to store (in gigabytes) during an outage of the external log aggregator (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting for main_queue. Notably, this is used for the rsyslogd main queue (for input messages).",
+ "min_value": 1,
+ "category": "Logging",
+ "category_slug": "logging",
+ "default": 1
+ },
+ "LOG_AGGREGATOR_ACTION_MAX_DISK_USAGE_GB": {
+ "type": "integer",
+ "required": false,
+ "label": "Maximum disk persistence for rsyslogd action queuing (in GB)",
+ "help_text": "Amount of data to store (in gigabytes) if an rsyslog action takes time to process an incoming message (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting on the action (e.g. omhttp). Like LOG_AGGREGATOR_MAX_DISK_USAGE_GB, it stores files in the directory specified by LOG_AGGREGATOR_MAX_DISK_USAGE_PATH.",
+ "min_value": 1,
+ "category": "Logging",
+ "category_slug": "logging",
+ "default": 1
+ },
+ "LOG_AGGREGATOR_MAX_DISK_USAGE_PATH": {
+ "type": "string",
+ "required": false,
+ "label": "File system location for rsyslogd disk persistence",
+ "help_text": "Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "default": "/var/lib/awx"
+ },
+ "LOG_AGGREGATOR_RSYSLOGD_DEBUG": {
+ "type": "boolean",
+ "required": false,
+ "label": "Enable rsyslogd debugging",
+ "help_text": "Enabled high verbosity debugging for rsyslogd. Useful for debugging connection issues for external log aggregation.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "default": false
+ },
+ "API_400_ERROR_LOG_FORMAT": {
+ "type": "string",
+ "required": false,
+ "label": "Log Format For API 4XX Errors",
+ "help_text": "The format of logged messages when an API 4XX error occurs, the following variables will be substituted: \nstatus_code - The HTTP status code of the error\nuser_name - The user name attempting to use the API\nurl_path - The URL path to the API endpoint called\nremote_addr - The remote address seen for the user\nerror - The error set by the api endpoint\nVariables need to be in the format {}.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "default": "status {status_code} received by user {user_name} attempting to access {url_path} from {remote_addr}"
+ },
+ "AUTOMATION_ANALYTICS_LAST_GATHER": {
+ "type": "datetime",
+ "required": true,
+ "label": "Last gather date for Automation Analytics.",
+ "category": "System",
+ "category_slug": "system",
+ "default": null
+ },
+ "AUTOMATION_ANALYTICS_LAST_ENTRIES": {
+ "type": "string",
+ "required": false,
+ "label": "Last gathered entries from the data collection service of Automation Analytics",
+ "category": "System",
+ "category_slug": "system",
+ "default": ""
+ },
+ "AUTOMATION_ANALYTICS_GATHER_INTERVAL": {
+ "type": "integer",
+ "required": false,
+ "label": "Automation Analytics Gather Interval",
+ "help_text": "Interval (in seconds) between data gathering.",
+ "min_value": 1800,
+ "category": "System",
+ "category_slug": "system",
+ "unit": "seconds",
+ "default": 14400
+ },
+ "BULK_JOB_MAX_LAUNCH": {
+ "type": "integer",
+ "required": false,
+ "label": "Max jobs to allow bulk jobs to launch",
+ "help_text": "Max jobs to allow bulk jobs to launch",
+ "category": "Bulk Actions",
+ "category_slug": "bulk",
+ "default": 100
+ },
+ "BULK_HOST_MAX_CREATE": {
+ "type": "integer",
+ "required": false,
+ "label": "Max number of hosts to allow to be created in a single bulk action",
+ "help_text": "Max number of hosts to allow to be created in a single bulk action",
+ "category": "Bulk Actions",
+ "category_slug": "bulk",
+ "default": 100
+ },
+ "UI_NEXT": {
+ "type": "boolean",
+ "required": false,
+ "label": "Enable Preview of New User Interface",
+ "help_text": "Enable preview of new user interface.",
+ "category": "System",
+ "category_slug": "system",
+ "default": true
+ },
+ "SUBSCRIPTION_USAGE_MODEL": {
+ "type": "choice",
+ "required": false,
+ "label": "Defines subscription usage model and shows Host Metrics",
+ "category": "System",
+ "category_slug": "system",
+ "default": "",
+ "choices": [
+ [
+ "",
+ "Default model for AWX - no subscription. Deletion of host_metrics will not be considered for purposes of managed host counting"
+ ],
+ [
+ "unique_managed_hosts",
+ "Usage based on unique managed nodes in a large historical time frame and delete functionality for no longer used managed nodes"
+ ]
+ ]
+ },
+ "CLEANUP_HOST_METRICS_LAST_TS": {
+ "type": "datetime",
+ "required": true,
+ "label": "Last cleanup date for HostMetrics",
+ "category": "System",
+ "category_slug": "system",
+ "default": null
+ },
+ "AWX_CLEANUP_PATHS": {
+ "type": "boolean",
+ "required": false,
+ "label": "Enable or Disable tmp dir cleanup",
+ "help_text": "Enable or Disable TMP Dir cleanup",
+ "category": "Debug",
+ "category_slug": "debug",
+ "default": true
+ },
+ "AWX_REQUEST_PROFILE": {
+ "type": "boolean",
+ "required": false,
+ "label": "Debug Web Requests",
+ "help_text": "Debug web request python timing",
+ "category": "Debug",
+ "category_slug": "debug",
+ "default": false
+ },
+ "DEFAULT_CONTAINER_RUN_OPTIONS": {
+ "type": "list",
+ "required": false,
+ "label": "Container Run Options",
+ "help_text": "List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug']",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "default": [
+ "--network",
+ "slirp4netns:enable_ipv6=true"
+ ],
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "RECEPTOR_RELEASE_WORK": {
+ "type": "boolean",
+ "required": false,
+ "label": "Release Receptor Work",
+ "help_text": "Release receptor work",
+ "category": "Debug",
+ "category_slug": "debug",
+ "default": true
+ },
+ "SESSION_COOKIE_AGE": {
+ "type": "integer",
+ "required": true,
+ "label": "Idle Time Force Log Out",
+ "help_text": "Number of seconds that a user is inactive before they will need to login again.",
+ "min_value": 60,
+ "max_value": 30000000000,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "unit": "seconds",
+ "default": 1800
+ },
+ "SESSIONS_PER_USER": {
+ "type": "integer",
+ "required": true,
+ "label": "Maximum number of simultaneous logged in sessions",
+ "help_text": "Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.",
+ "min_value": -1,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "default": -1
+ },
+ "DISABLE_LOCAL_AUTH": {
+ "type": "boolean",
+ "required": true,
+ "label": "Disable the built-in authentication system",
+ "help_text": "Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "default": false
+ },
+ "AUTH_BASIC_ENABLED": {
+ "type": "boolean",
+ "required": true,
+ "label": "Enable HTTP Basic Auth",
+ "help_text": "Enable HTTP Basic Auth for the API Browser.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "default": true
+ },
+ "OAUTH2_PROVIDER": {
+ "type": "nested object",
+ "required": false,
+ "label": "OAuth 2 Timeout Settings",
+ "help_text": "Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "unit": "seconds",
+ "default": {
+ "ACCESS_TOKEN_EXPIRE_SECONDS": 31536000000,
+ "AUTHORIZATION_CODE_EXPIRE_SECONDS": 600,
+ "REFRESH_TOKEN_EXPIRE_SECONDS": 2628000
+ },
+ "child": {
+ "type": "integer",
+ "required": true,
+ "read_only": false,
+ "min_value": 1
+ }
+ },
+ "ALLOW_OAUTH2_FOR_EXTERNAL_USERS": {
+ "type": "boolean",
+ "required": false,
+ "label": "Allow External Users to Create OAuth2 Tokens",
+ "help_text": "For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "default": false
+ },
+ "LOGIN_REDIRECT_OVERRIDE": {
+ "type": "string",
+ "required": false,
+ "label": "Login redirect override URL",
+ "help_text": "URL to which unauthorized users will be redirected to log in. If blank, users will be sent to the login page.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "default": ""
+ },
+ "PENDO_TRACKING_STATE": {
+ "type": "choice",
"required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_TEAM_MAP": {
- "type": "nested object",
- "required": false,
- "label": "Social Auth Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "Authentication",
- "category_slug": "authentication",
- "placeholder": {
- "My Team": {
- "organization": "Test Org",
- "users": ["/^[^@]+?@test\\.example\\.com$/"],
- "remove": true
+ "label": "User Analytics Tracking State",
+ "help_text": "Enable or Disable User Analytics Tracking.",
+ "category": "UI",
+ "category_slug": "ui",
+ "default": "off",
+ "choices": [
+ ["off", "Off"],
+ ["anonymous", "Anonymous"],
+ ["detailed", "Detailed"]
+ ]
},
- "Other Team": {
- "organization": "Test Org 2",
- "users": "/^[^@]+?@test2\\.example\\.com$/i",
- "remove": false
- }
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_USER_FIELDS": {
- "type": "list",
- "required": false,
- "label": "Social Auth User Fields",
- "help_text": "When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.",
- "category": "Authentication",
- "category_slug": "authentication",
- "placeholder": ["username", "email"],
- "default": null,
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- },
- "SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL": {
- "type": "boolean",
- "required": false,
- "label": "Use Email address for usernames",
- "help_text": "Enabling this setting will tell social auth to use the full Email as username instead of the full name",
- "category": "Authentication",
- "category_slug": "authentication",
- "default": false
- },
- "AUTH_LDAP_SERVER_URI": {
- "type": "string",
- "required": false,
- "label": "LDAP Server URI",
- "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "ldaps://ldap.example.com:636",
- "default": ""
- },
- "AUTH_LDAP_BIND_DN": {
- "type": "string",
- "required": false,
- "label": "LDAP Bind DN",
- "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": ""
- },
- "AUTH_LDAP_BIND_PASSWORD": {
- "type": "string",
- "required": false,
- "label": "LDAP Bind Password",
- "help_text": "Password used to bind LDAP user account.",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": ""
- },
- "AUTH_LDAP_START_TLS": {
- "type": "boolean",
- "required": false,
- "label": "LDAP Start TLS",
- "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": false
- },
- "AUTH_LDAP_CONNECTION_OPTIONS": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Connection Options",
- "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "OPT_REFERRALS": 0,
- "OPT_NETWORK_TIMEOUT": 30
- },
- "default": {
- "OPT_REFERRALS": 0,
- "OPT_NETWORK_TIMEOUT": 30
- },
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_USER_SEARCH": {
- "type": "list",
- "required": false,
- "label": "LDAP User Search",
- "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": [
- "OU=Users,DC=example,DC=com",
- "SCOPE_SUBTREE",
- "(sAMAccountName=%(user)s)"
- ],
- "default": [],
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_USER_DN_TEMPLATE": {
- "type": "string",
- "required": false,
- "label": "LDAP User DN Template",
- "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com",
- "default": null
- },
- "AUTH_LDAP_USER_ATTR_MAP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP User Attribute Map",
- "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "first_name": "givenName",
- "last_name": "sn",
- "email": "mail"
- },
- "default": {},
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_GROUP_SEARCH": {
- "type": "list",
- "required": false,
- "label": "LDAP Group Search",
- "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": [
- "DC=example,DC=com",
- "SCOPE_SUBTREE",
- "(objectClass=group)"
- ],
- "default": [],
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_GROUP_TYPE": {
- "type": "choice",
- "required": false,
- "label": "LDAP Group Type",
- "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": "MemberDNGroupType",
- "choices": [
- ["PosixGroupType", "PosixGroupType"],
- ["GroupOfNamesType", "GroupOfNamesType"],
- ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"],
- ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"],
- ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"],
- ["MemberDNGroupType", "MemberDNGroupType"],
- ["NestedGroupOfNamesType", "NestedGroupOfNamesType"],
- ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"],
- ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"],
- [
- "NestedOrganizationalRoleGroupType",
- "NestedOrganizationalRoleGroupType"
- ],
- ["NestedMemberDNGroupType", "NestedMemberDNGroupType"],
- ["PosixUIDGroupType", "PosixUIDGroupType"]
- ]
- },
- "AUTH_LDAP_GROUP_TYPE_PARAMS": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Group Type Parameters",
- "help_text": "Key value parameters to send the chosen group type init method.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "ldap_group_user_attr": "legacyuid",
- "member_attr": "member",
- "name_attr": "cn"
- },
- "default": {
- "member_attr": "member",
- "name_attr": "cn"
- },
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_REQUIRE_GROUP": {
- "type": "string",
- "required": false,
- "label": "LDAP Require Group",
- "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com",
- "default": null
- },
- "AUTH_LDAP_DENY_GROUP": {
- "type": "string",
- "required": false,
- "label": "LDAP Deny Group",
- "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com",
- "default": null
- },
- "AUTH_LDAP_USER_FLAGS_BY_GROUP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP User Flags By Group",
- "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com",
- "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com"
- },
- "default": {},
- "child": {
- "type": "list",
- "required": true,
- "read_only": false,
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_ORGANIZATION_MAP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Organization Map",
- "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "Test Org": {
- "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com",
- "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com",
- "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"],
- "remove_users": true,
- "remove_admins": true
+ "ALLOW_METRICS_FOR_ANONYMOUS_USERS": {
+ "type": "boolean",
+ "required": false,
+ "label": "Allow anonymous users to poll metrics",
+ "help_text": "If true, anonymous users are allowed to poll metrics.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "default": false
},
- "Test Org 2": {
- "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com",
- "users": true,
- "remove_users": true,
- "remove_admins": true
- }
- },
- "default": {},
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_TEAM_MAP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Team Map",
- "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "My Team": {
- "organization": "Test Org",
- "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"],
- "remove": true
+ "CUSTOM_LOGIN_INFO": {
+ "type": "string",
+ "required": false,
+ "label": "Custom Login Info",
+ "help_text": "If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported.",
+ "category": "UI",
+ "category_slug": "ui",
+ "default": ""
},
- "Other Team": {
- "organization": "Test Org 2",
- "users": "CN=Other Users,CN=Users,DC=example,DC=com",
- "remove": false
- }
- },
- "default": {},
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_1_SERVER_URI": {
- "type": "string",
- "required": false,
- "label": "LDAP Server URI",
- "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "ldaps://ldap.example.com:636",
- "default": ""
- },
- "AUTH_LDAP_1_BIND_DN": {
- "type": "string",
- "required": false,
- "label": "LDAP Bind DN",
- "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": ""
- },
- "AUTH_LDAP_1_BIND_PASSWORD": {
- "type": "string",
- "required": false,
- "label": "LDAP Bind Password",
- "help_text": "Password used to bind LDAP user account.",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": ""
- },
- "AUTH_LDAP_1_START_TLS": {
- "type": "boolean",
- "required": false,
- "label": "LDAP Start TLS",
- "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": false
- },
- "AUTH_LDAP_1_CONNECTION_OPTIONS": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Connection Options",
- "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "OPT_REFERRALS": 0,
- "OPT_NETWORK_TIMEOUT": 30
- },
- "default": {
- "OPT_REFERRALS": 0,
- "OPT_NETWORK_TIMEOUT": 30
- },
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_1_USER_SEARCH": {
- "type": "list",
- "required": false,
- "label": "LDAP User Search",
- "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": [
- "OU=Users,DC=example,DC=com",
- "SCOPE_SUBTREE",
- "(sAMAccountName=%(user)s)"
- ],
- "default": [],
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_1_USER_DN_TEMPLATE": {
- "type": "string",
- "required": false,
- "label": "LDAP User DN Template",
- "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com",
- "default": null
- },
- "AUTH_LDAP_1_USER_ATTR_MAP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP User Attribute Map",
- "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "first_name": "givenName",
- "last_name": "sn",
- "email": "mail"
- },
- "default": {},
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_1_GROUP_SEARCH": {
- "type": "list",
- "required": false,
- "label": "LDAP Group Search",
- "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": [
- "DC=example,DC=com",
- "SCOPE_SUBTREE",
- "(objectClass=group)"
- ],
- "default": [],
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_1_GROUP_TYPE": {
- "type": "choice",
- "required": false,
- "label": "LDAP Group Type",
- "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": "MemberDNGroupType",
- "choices": [
- ["PosixGroupType", "PosixGroupType"],
- ["GroupOfNamesType", "GroupOfNamesType"],
- ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"],
- ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"],
- ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"],
- ["MemberDNGroupType", "MemberDNGroupType"],
- ["NestedGroupOfNamesType", "NestedGroupOfNamesType"],
- ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"],
- ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"],
- [
- "NestedOrganizationalRoleGroupType",
- "NestedOrganizationalRoleGroupType"
- ],
- ["NestedMemberDNGroupType", "NestedMemberDNGroupType"],
- ["PosixUIDGroupType", "PosixUIDGroupType"]
- ]
- },
- "AUTH_LDAP_1_GROUP_TYPE_PARAMS": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Group Type Parameters",
- "help_text": "Key value parameters to send the chosen group type init method.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "ldap_group_user_attr": "legacyuid",
- "member_attr": "member",
- "name_attr": "cn"
- },
- "default": {
- "member_attr": "member",
- "name_attr": "cn"
- },
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_1_REQUIRE_GROUP": {
- "type": "string",
- "required": false,
- "label": "LDAP Require Group",
- "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com",
- "default": null
- },
- "AUTH_LDAP_1_DENY_GROUP": {
- "type": "string",
- "required": false,
- "label": "LDAP Deny Group",
- "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com",
- "default": null
- },
- "AUTH_LDAP_1_USER_FLAGS_BY_GROUP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP User Flags By Group",
- "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com",
- "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com"
- },
- "default": {},
- "child": {
- "type": "list",
- "required": true,
- "read_only": false,
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_1_ORGANIZATION_MAP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Organization Map",
- "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "Test Org": {
- "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com",
- "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com",
- "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"],
- "remove_users": true,
- "remove_admins": true
+ "CUSTOM_LOGO": {
+ "type": "string",
+ "required": false,
+ "label": "Custom Logo",
+ "help_text": "To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported.",
+ "category": "UI",
+ "category_slug": "ui",
+ "placeholder": "data:image/gif;base64,R0lGODlhAQABAIABAP///wAAACwAAAAAAQABAAACAkQBADs=",
+ "default": ""
},
- "Test Org 2": {
- "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com",
- "users": true,
- "remove_users": true,
- "remove_admins": true
- }
- },
- "default": {},
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_1_TEAM_MAP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Team Map",
- "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "My Team": {
- "organization": "Test Org",
- "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"],
- "remove": true
+ "MAX_UI_JOB_EVENTS": {
+ "type": "integer",
+ "required": true,
+ "label": "Max Job Events Retrieved by UI",
+ "help_text": "Maximum number of job events for the UI to retrieve within a single request.",
+ "min_value": 100,
+ "category": "UI",
+ "category_slug": "ui",
+ "default": 4000
},
- "Other Team": {
- "organization": "Test Org 2",
- "users": "CN=Other Users,CN=Users,DC=example,DC=com",
- "remove": false
- }
- },
- "default": {},
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_2_SERVER_URI": {
- "type": "string",
- "required": false,
- "label": "LDAP Server URI",
- "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "ldaps://ldap.example.com:636",
- "default": ""
- },
- "AUTH_LDAP_2_BIND_DN": {
- "type": "string",
- "required": false,
- "label": "LDAP Bind DN",
- "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": ""
- },
- "AUTH_LDAP_2_BIND_PASSWORD": {
- "type": "string",
- "required": false,
- "label": "LDAP Bind Password",
- "help_text": "Password used to bind LDAP user account.",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": ""
- },
- "AUTH_LDAP_2_START_TLS": {
- "type": "boolean",
- "required": false,
- "label": "LDAP Start TLS",
- "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": false
- },
- "AUTH_LDAP_2_CONNECTION_OPTIONS": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Connection Options",
- "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "OPT_REFERRALS": 0,
- "OPT_NETWORK_TIMEOUT": 30
- },
- "default": {
- "OPT_REFERRALS": 0,
- "OPT_NETWORK_TIMEOUT": 30
- },
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_2_USER_SEARCH": {
- "type": "list",
- "required": false,
- "label": "LDAP User Search",
- "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": [
- "OU=Users,DC=example,DC=com",
- "SCOPE_SUBTREE",
- "(sAMAccountName=%(user)s)"
- ],
- "default": [],
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_2_USER_DN_TEMPLATE": {
- "type": "string",
- "required": false,
- "label": "LDAP User DN Template",
- "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com",
- "default": null
- },
- "AUTH_LDAP_2_USER_ATTR_MAP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP User Attribute Map",
- "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "first_name": "givenName",
- "last_name": "sn",
- "email": "mail"
- },
- "default": {},
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_2_GROUP_SEARCH": {
- "type": "list",
- "required": false,
- "label": "LDAP Group Search",
- "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": [
- "DC=example,DC=com",
- "SCOPE_SUBTREE",
- "(objectClass=group)"
- ],
- "default": [],
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_2_GROUP_TYPE": {
- "type": "choice",
- "required": false,
- "label": "LDAP Group Type",
- "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": "MemberDNGroupType",
- "choices": [
- ["PosixGroupType", "PosixGroupType"],
- ["GroupOfNamesType", "GroupOfNamesType"],
- ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"],
- ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"],
- ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"],
- ["MemberDNGroupType", "MemberDNGroupType"],
- ["NestedGroupOfNamesType", "NestedGroupOfNamesType"],
- ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"],
- ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"],
- [
- "NestedOrganizationalRoleGroupType",
- "NestedOrganizationalRoleGroupType"
- ],
- ["NestedMemberDNGroupType", "NestedMemberDNGroupType"],
- ["PosixUIDGroupType", "PosixUIDGroupType"]
- ]
- },
- "AUTH_LDAP_2_GROUP_TYPE_PARAMS": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Group Type Parameters",
- "help_text": "Key value parameters to send the chosen group type init method.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "ldap_group_user_attr": "legacyuid",
- "member_attr": "member",
- "name_attr": "cn"
- },
- "default": {
- "member_attr": "member",
- "name_attr": "cn"
- },
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_2_REQUIRE_GROUP": {
- "type": "string",
- "required": false,
- "label": "LDAP Require Group",
- "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com",
- "default": null
- },
- "AUTH_LDAP_2_DENY_GROUP": {
- "type": "string",
- "required": false,
- "label": "LDAP Deny Group",
- "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com",
- "default": null
- },
- "AUTH_LDAP_2_USER_FLAGS_BY_GROUP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP User Flags By Group",
- "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com",
- "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com"
- },
- "default": {},
- "child": {
- "type": "list",
- "required": true,
- "read_only": false,
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_2_ORGANIZATION_MAP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Organization Map",
- "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "Test Org": {
- "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com",
- "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com",
- "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"],
- "remove_users": true,
- "remove_admins": true
+ "UI_LIVE_UPDATES_ENABLED": {
+ "type": "boolean",
+ "required": true,
+ "label": "Enable Live Updates in the UI",
+ "help_text": "If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details.",
+ "category": "UI",
+ "category_slug": "ui",
+ "default": true
},
- "Test Org 2": {
- "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com",
- "users": true,
- "remove_users": true,
- "remove_admins": true
- }
- },
- "default": {},
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_2_TEAM_MAP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Team Map",
- "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "My Team": {
- "organization": "Test Org",
- "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"],
- "remove": true
+ "SOCIAL_AUTH_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "Social Auth Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "placeholder": {
+ "Default": {
+ "users": true
+ },
+ "Test Org": {
+ "admins": [
+ "admin@example.com"
+ ],
+ "auditors": [
+ "auditor@example.com"
+ ],
+ "users": true
+ },
+ "Test Org 2": {
+ "admins": [
+ "admin@example.com",
+ "/^tower-[^@]+*?@.*$/"
+ ],
+ "remove_admins": true,
+ "users": "/^[^@].*?@example\\.com$/i",
+ "remove_users": true
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
},
- "Other Team": {
- "organization": "Test Org 2",
- "users": "CN=Other Users,CN=Users,DC=example,DC=com",
- "remove": false
- }
- },
- "default": {},
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_3_SERVER_URI": {
- "type": "string",
- "required": false,
- "label": "LDAP Server URI",
- "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "ldaps://ldap.example.com:636",
- "default": ""
- },
- "AUTH_LDAP_3_BIND_DN": {
- "type": "string",
- "required": false,
- "label": "LDAP Bind DN",
- "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": ""
- },
- "AUTH_LDAP_3_BIND_PASSWORD": {
- "type": "string",
- "required": false,
- "label": "LDAP Bind Password",
- "help_text": "Password used to bind LDAP user account.",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": ""
- },
- "AUTH_LDAP_3_START_TLS": {
- "type": "boolean",
- "required": false,
- "label": "LDAP Start TLS",
- "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": false
- },
- "AUTH_LDAP_3_CONNECTION_OPTIONS": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Connection Options",
- "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "OPT_REFERRALS": 0,
- "OPT_NETWORK_TIMEOUT": 30
- },
- "default": {
- "OPT_REFERRALS": 0,
- "OPT_NETWORK_TIMEOUT": 30
- },
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_3_USER_SEARCH": {
- "type": "list",
- "required": false,
- "label": "LDAP User Search",
- "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": [
- "OU=Users,DC=example,DC=com",
- "SCOPE_SUBTREE",
- "(sAMAccountName=%(user)s)"
- ],
- "default": [],
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_3_USER_DN_TEMPLATE": {
- "type": "string",
- "required": false,
- "label": "LDAP User DN Template",
- "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com",
- "default": null
- },
- "AUTH_LDAP_3_USER_ATTR_MAP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP User Attribute Map",
- "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "first_name": "givenName",
- "last_name": "sn",
- "email": "mail"
- },
- "default": {},
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_3_GROUP_SEARCH": {
- "type": "list",
- "required": false,
- "label": "LDAP Group Search",
- "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": [
- "DC=example,DC=com",
- "SCOPE_SUBTREE",
- "(objectClass=group)"
- ],
- "default": [],
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_3_GROUP_TYPE": {
- "type": "choice",
- "required": false,
- "label": "LDAP Group Type",
- "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": "MemberDNGroupType",
- "choices": [
- ["PosixGroupType", "PosixGroupType"],
- ["GroupOfNamesType", "GroupOfNamesType"],
- ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"],
- ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"],
- ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"],
- ["MemberDNGroupType", "MemberDNGroupType"],
- ["NestedGroupOfNamesType", "NestedGroupOfNamesType"],
- ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"],
- ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"],
- [
- "NestedOrganizationalRoleGroupType",
- "NestedOrganizationalRoleGroupType"
- ],
- ["NestedMemberDNGroupType", "NestedMemberDNGroupType"],
- ["PosixUIDGroupType", "PosixUIDGroupType"]
- ]
- },
- "AUTH_LDAP_3_GROUP_TYPE_PARAMS": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Group Type Parameters",
- "help_text": "Key value parameters to send the chosen group type init method.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "ldap_group_user_attr": "legacyuid",
- "member_attr": "member",
- "name_attr": "cn"
- },
- "default": {
- "member_attr": "member",
- "name_attr": "cn"
- },
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_3_REQUIRE_GROUP": {
- "type": "string",
- "required": false,
- "label": "LDAP Require Group",
- "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com",
- "default": null
- },
- "AUTH_LDAP_3_DENY_GROUP": {
- "type": "string",
- "required": false,
- "label": "LDAP Deny Group",
- "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com",
- "default": null
- },
- "AUTH_LDAP_3_USER_FLAGS_BY_GROUP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP User Flags By Group",
- "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com",
- "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com"
- },
- "default": {},
- "child": {
- "type": "list",
- "required": true,
- "read_only": false,
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_3_ORGANIZATION_MAP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Organization Map",
- "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "Test Org": {
- "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com",
- "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com",
- "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"],
- "remove_users": true,
- "remove_admins": true
+ "SOCIAL_AUTH_TEAM_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "Social Auth Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "placeholder": {
+ "My Team": {
+ "organization": "Test Org",
+ "users": [
+ "/^[^@]+?@test\\.example\\.com$/"
+ ],
+ "remove": true
+ },
+ "Other Team": {
+ "organization": "Test Org 2",
+ "users": "/^[^@]+?@test2\\.example\\.com$/i",
+ "remove": false
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
},
- "Test Org 2": {
- "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com",
- "users": true,
- "remove_users": true,
- "remove_admins": true
- }
- },
- "default": {},
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_3_TEAM_MAP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Team Map",
- "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "My Team": {
- "organization": "Test Org",
- "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"],
- "remove": true
+ "SOCIAL_AUTH_USER_FIELDS": {
+ "type": "list",
+ "required": false,
+ "label": "Social Auth User Fields",
+ "help_text": "When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "placeholder": [
+ "username",
+ "email"
+ ],
+ "default": null,
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
},
- "Other Team": {
- "organization": "Test Org 2",
- "users": "CN=Other Users,CN=Users,DC=example,DC=com",
- "remove": false
- }
- },
- "default": {},
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_4_SERVER_URI": {
- "type": "string",
- "required": false,
- "label": "LDAP Server URI",
- "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "ldaps://ldap.example.com:636",
- "default": ""
- },
- "AUTH_LDAP_4_BIND_DN": {
- "type": "string",
- "required": false,
- "label": "LDAP Bind DN",
- "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": ""
- },
- "AUTH_LDAP_4_BIND_PASSWORD": {
- "type": "string",
- "required": false,
- "label": "LDAP Bind Password",
- "help_text": "Password used to bind LDAP user account.",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": ""
- },
- "AUTH_LDAP_4_START_TLS": {
- "type": "boolean",
- "required": false,
- "label": "LDAP Start TLS",
- "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": false
- },
- "AUTH_LDAP_4_CONNECTION_OPTIONS": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Connection Options",
- "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "OPT_REFERRALS": 0,
- "OPT_NETWORK_TIMEOUT": 30
- },
- "default": {
- "OPT_REFERRALS": 0,
- "OPT_NETWORK_TIMEOUT": 30
- },
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_4_USER_SEARCH": {
- "type": "list",
- "required": false,
- "label": "LDAP User Search",
- "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": [
- "OU=Users,DC=example,DC=com",
- "SCOPE_SUBTREE",
- "(sAMAccountName=%(user)s)"
- ],
- "default": [],
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_4_USER_DN_TEMPLATE": {
- "type": "string",
- "required": false,
- "label": "LDAP User DN Template",
- "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com",
- "default": null
- },
- "AUTH_LDAP_4_USER_ATTR_MAP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP User Attribute Map",
- "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "first_name": "givenName",
- "last_name": "sn",
- "email": "mail"
- },
- "default": {},
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_4_GROUP_SEARCH": {
- "type": "list",
- "required": false,
- "label": "LDAP Group Search",
- "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": [
- "DC=example,DC=com",
- "SCOPE_SUBTREE",
- "(objectClass=group)"
- ],
- "default": [],
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_4_GROUP_TYPE": {
- "type": "choice",
- "required": false,
- "label": "LDAP Group Type",
- "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": "MemberDNGroupType",
- "choices": [
- ["PosixGroupType", "PosixGroupType"],
- ["GroupOfNamesType", "GroupOfNamesType"],
- ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"],
- ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"],
- ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"],
- ["MemberDNGroupType", "MemberDNGroupType"],
- ["NestedGroupOfNamesType", "NestedGroupOfNamesType"],
- ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"],
- ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"],
- [
- "NestedOrganizationalRoleGroupType",
- "NestedOrganizationalRoleGroupType"
- ],
- ["NestedMemberDNGroupType", "NestedMemberDNGroupType"],
- ["PosixUIDGroupType", "PosixUIDGroupType"]
- ]
- },
- "AUTH_LDAP_4_GROUP_TYPE_PARAMS": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Group Type Parameters",
- "help_text": "Key value parameters to send the chosen group type init method.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "ldap_group_user_attr": "legacyuid",
- "member_attr": "member",
- "name_attr": "cn"
- },
- "default": {
- "member_attr": "member",
- "name_attr": "cn"
- },
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_4_REQUIRE_GROUP": {
- "type": "string",
- "required": false,
- "label": "LDAP Require Group",
- "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com",
- "default": null
- },
- "AUTH_LDAP_4_DENY_GROUP": {
- "type": "string",
- "required": false,
- "label": "LDAP Deny Group",
- "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com",
- "default": null
- },
- "AUTH_LDAP_4_USER_FLAGS_BY_GROUP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP User Flags By Group",
- "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com",
- "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com"
- },
- "default": {},
- "child": {
- "type": "list",
- "required": true,
- "read_only": false,
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_4_ORGANIZATION_MAP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Organization Map",
- "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "Test Org": {
- "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com",
- "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com",
- "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"],
- "remove_users": true,
- "remove_admins": true
+ "SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL": {
+ "type": "boolean",
+ "required": false,
+ "label": "Use Email address for usernames",
+ "help_text": "Enabling this setting will tell social auth to use the full Email as username instead of the full name",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "default": false
},
- "Test Org 2": {
- "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com",
- "users": true,
- "remove_users": true,
- "remove_admins": true
- }
- },
- "default": {},
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_4_TEAM_MAP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Team Map",
- "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "My Team": {
- "organization": "Test Org",
- "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"],
- "remove": true
+ "AUTH_LDAP_SERVER_URI": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Server URI",
+ "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "ldaps://ldap.example.com:636",
+ "default": ""
},
- "Other Team": {
- "organization": "Test Org 2",
- "users": "CN=Other Users,CN=Users,DC=example,DC=com",
- "remove": false
- }
- },
- "default": {},
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_5_SERVER_URI": {
- "type": "string",
- "required": false,
- "label": "LDAP Server URI",
- "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "ldaps://ldap.example.com:636",
- "default": ""
- },
- "AUTH_LDAP_5_BIND_DN": {
- "type": "string",
- "required": false,
- "label": "LDAP Bind DN",
- "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": ""
- },
- "AUTH_LDAP_5_BIND_PASSWORD": {
- "type": "string",
- "required": false,
- "label": "LDAP Bind Password",
- "help_text": "Password used to bind LDAP user account.",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": ""
- },
- "AUTH_LDAP_5_START_TLS": {
- "type": "boolean",
- "required": false,
- "label": "LDAP Start TLS",
- "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": false
- },
- "AUTH_LDAP_5_CONNECTION_OPTIONS": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Connection Options",
- "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "OPT_REFERRALS": 0,
- "OPT_NETWORK_TIMEOUT": 30
- },
- "default": {
- "OPT_REFERRALS": 0,
- "OPT_NETWORK_TIMEOUT": 30
- },
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_5_USER_SEARCH": {
- "type": "list",
- "required": false,
- "label": "LDAP User Search",
- "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": [
- "OU=Users,DC=example,DC=com",
- "SCOPE_SUBTREE",
- "(sAMAccountName=%(user)s)"
- ],
- "default": [],
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_5_USER_DN_TEMPLATE": {
- "type": "string",
- "required": false,
- "label": "LDAP User DN Template",
- "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com",
- "default": null
- },
- "AUTH_LDAP_5_USER_ATTR_MAP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP User Attribute Map",
- "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "first_name": "givenName",
- "last_name": "sn",
- "email": "mail"
- },
- "default": {},
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_5_GROUP_SEARCH": {
- "type": "list",
- "required": false,
- "label": "LDAP Group Search",
- "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": [
- "DC=example,DC=com",
- "SCOPE_SUBTREE",
- "(objectClass=group)"
- ],
- "default": [],
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_5_GROUP_TYPE": {
- "type": "choice",
- "required": false,
- "label": "LDAP Group Type",
- "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
- "category": "LDAP",
- "category_slug": "ldap",
- "default": "MemberDNGroupType",
- "choices": [
- ["PosixGroupType", "PosixGroupType"],
- ["GroupOfNamesType", "GroupOfNamesType"],
- ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"],
- ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"],
- ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"],
- ["MemberDNGroupType", "MemberDNGroupType"],
- ["NestedGroupOfNamesType", "NestedGroupOfNamesType"],
- ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"],
- ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"],
- [
- "NestedOrganizationalRoleGroupType",
- "NestedOrganizationalRoleGroupType"
- ],
- ["NestedMemberDNGroupType", "NestedMemberDNGroupType"],
- ["PosixUIDGroupType", "PosixUIDGroupType"]
- ]
- },
- "AUTH_LDAP_5_GROUP_TYPE_PARAMS": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Group Type Parameters",
- "help_text": "Key value parameters to send the chosen group type init method.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "ldap_group_user_attr": "legacyuid",
- "member_attr": "member",
- "name_attr": "cn"
- },
- "default": {
- "member_attr": "member",
- "name_attr": "cn"
- },
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "AUTH_LDAP_5_REQUIRE_GROUP": {
- "type": "string",
- "required": false,
- "label": "LDAP Require Group",
- "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com",
- "default": null
- },
- "AUTH_LDAP_5_DENY_GROUP": {
- "type": "string",
- "required": false,
- "label": "LDAP Deny Group",
- "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com",
- "default": null
- },
- "AUTH_LDAP_5_USER_FLAGS_BY_GROUP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP User Flags By Group",
- "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com",
- "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com"
- },
- "default": {},
- "child": {
- "type": "list",
- "required": true,
- "read_only": false,
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_5_ORGANIZATION_MAP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Organization Map",
- "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "Test Org": {
- "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com",
- "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com",
- "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"],
- "remove_users": true,
- "remove_admins": true
+ "AUTH_LDAP_BIND_DN": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Bind DN",
+ "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": ""
},
- "Test Org 2": {
- "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com",
- "users": true,
- "remove_users": true,
- "remove_admins": true
- }
- },
- "default": {},
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_5_TEAM_MAP": {
- "type": "nested object",
- "required": false,
- "label": "LDAP Team Map",
- "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "placeholder": {
- "My Team": {
- "organization": "Test Org",
- "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"],
- "remove": true
+ "AUTH_LDAP_BIND_PASSWORD": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Bind Password",
+ "help_text": "Password used to bind LDAP user account.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": ""
},
- "Other Team": {
- "organization": "Test Org 2",
- "users": "CN=Other Users,CN=Users,DC=example,DC=com",
- "remove": false
- }
- },
- "default": {},
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "RADIUS_SERVER": {
- "type": "string",
- "required": false,
- "label": "RADIUS Server",
- "help_text": "Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty.",
- "category": "RADIUS",
- "category_slug": "radius",
- "placeholder": "radius.example.com",
- "default": ""
- },
- "RADIUS_PORT": {
- "type": "integer",
- "required": false,
- "label": "RADIUS Port",
- "help_text": "Port of RADIUS server.",
- "min_value": 1,
- "max_value": 65535,
- "category": "RADIUS",
- "category_slug": "radius",
- "default": 1812
- },
- "RADIUS_SECRET": {
- "type": "string",
- "required": false,
- "label": "RADIUS Secret",
- "help_text": "Shared secret for authenticating to RADIUS server.",
- "category": "RADIUS",
- "category_slug": "radius",
- "default": ""
- },
- "TACACSPLUS_HOST": {
- "type": "string",
- "required": false,
- "label": "TACACS+ Server",
- "help_text": "Hostname of TACACS+ server.",
- "category": "TACACS+",
- "category_slug": "tacacsplus",
- "default": ""
- },
- "TACACSPLUS_PORT": {
- "type": "integer",
- "required": false,
- "label": "TACACS+ Port",
- "help_text": "Port number of TACACS+ server.",
- "min_value": 1,
- "max_value": 65535,
- "category": "TACACS+",
- "category_slug": "tacacsplus",
- "default": 49
- },
- "TACACSPLUS_SECRET": {
- "type": "string",
- "required": false,
- "label": "TACACS+ Secret",
- "help_text": "Shared secret for authenticating to TACACS+ server.",
- "category": "TACACS+",
- "category_slug": "tacacsplus",
- "default": ""
- },
- "TACACSPLUS_SESSION_TIMEOUT": {
- "type": "integer",
- "required": false,
- "label": "TACACS+ Auth Session Timeout",
- "help_text": "TACACS+ session timeout value in seconds, 0 disables timeout.",
- "min_value": 0,
- "category": "TACACS+",
- "category_slug": "tacacsplus",
- "unit": "seconds",
- "default": 5
- },
- "TACACSPLUS_AUTH_PROTOCOL": {
- "type": "choice",
- "required": false,
- "label": "TACACS+ Authentication Protocol",
- "help_text": "Choose the authentication protocol used by TACACS+ client.",
- "category": "TACACS+",
- "category_slug": "tacacsplus",
- "default": "ascii",
- "choices": [
- ["ascii", "ascii"],
- ["pap", "pap"]
- ]
- },
- "TACACSPLUS_REM_ADDR": {
- "type": "boolean",
- "required": false,
- "label": "TACACS+ client address sending enabled",
- "help_text": "Enable the client address sending by TACACS+ client.",
- "category": "TACACS+",
- "category_slug": "tacacsplus",
- "default": false
- },
- "SOCIAL_AUTH_GOOGLE_OAUTH2_KEY": {
- "type": "string",
- "required": false,
- "label": "Google OAuth2 Key",
- "help_text": "The OAuth2 key from your web application.",
- "category": "Google OAuth2",
- "category_slug": "google-oauth2",
- "placeholder": "528620852399-gm2dt4hrl2tsj67fqamk09k1e0ad6gd8.apps.googleusercontent.com",
- "default": ""
- },
- "SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET": {
- "type": "string",
- "required": false,
- "label": "Google OAuth2 Secret",
- "help_text": "The OAuth2 secret from your web application.",
- "category": "Google OAuth2",
- "category_slug": "google-oauth2",
- "placeholder": "q2fMVCmEregbg-drvebPp8OW",
- "default": ""
- },
- "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS": {
- "type": "list",
- "required": false,
- "label": "Google OAuth2 Allowed Domains",
- "help_text": "Update this setting to restrict the domains who are allowed to login using Google OAuth2.",
- "category": "Google OAuth2",
- "category_slug": "google-oauth2",
- "placeholder": ["example.com"],
- "default": [],
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- },
- "SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS": {
- "type": "nested object",
- "required": false,
- "label": "Google OAuth2 Extra Arguments",
- "help_text": "Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.",
- "category": "Google OAuth2",
- "category_slug": "google-oauth2",
- "placeholder": {
- "hd": "example.com"
- },
- "default": {},
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP": {
- "type": "nested object",
- "required": false,
- "label": "Google OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "Google OAuth2",
- "category_slug": "google-oauth2",
- "placeholder": {
- "Default": {
- "users": true
+ "AUTH_LDAP_START_TLS": {
+ "type": "boolean",
+ "required": false,
+ "label": "LDAP Start TLS",
+ "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": false
},
- "Test Org": {
- "admins": ["admin@example.com"],
- "auditors": ["auditor@example.com"],
- "users": true
+ "AUTH_LDAP_CONNECTION_OPTIONS": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Connection Options",
+ "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
+ },
+ "default": {
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
+ },
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
},
- "Test Org 2": {
- "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"],
- "remove_admins": true,
- "users": "/^[^@].*?@example\\.com$/i",
- "remove_users": true
- }
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP": {
- "type": "nested object",
- "required": false,
- "label": "Google OAuth2 Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "Google OAuth2",
- "category_slug": "google-oauth2",
- "placeholder": {
- "My Team": {
- "organization": "Test Org",
- "users": ["/^[^@]+?@test\\.example\\.com$/"],
- "remove": true
+ "AUTH_LDAP_USER_SEARCH": {
+ "type": "list",
+ "required": false,
+ "label": "LDAP User Search",
+ "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": [
+ "OU=Users,DC=example,DC=com",
+ "SCOPE_SUBTREE",
+ "(sAMAccountName=%(user)s)"
+ ],
+ "default": [],
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
},
- "Other Team": {
- "organization": "Test Org 2",
- "users": "/^[^@]+?@test2\\.example\\.com$/i",
- "remove": false
- }
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_KEY": {
- "type": "string",
- "required": false,
- "label": "GitHub OAuth2 Key",
- "help_text": "The OAuth2 key (Client ID) from your GitHub developer application.",
- "category": "GitHub OAuth2",
- "category_slug": "github",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_SECRET": {
- "type": "string",
- "required": false,
- "label": "GitHub OAuth2 Secret",
- "help_text": "The OAuth2 secret (Client Secret) from your GitHub developer application.",
- "category": "GitHub OAuth2",
- "category_slug": "github",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP": {
- "type": "nested object",
- "required": false,
- "label": "GitHub OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "GitHub OAuth2",
- "category_slug": "github",
- "placeholder": {
- "Default": {
- "users": true
+ "AUTH_LDAP_USER_DN_TEMPLATE": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP User DN Template",
+ "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com",
+ "default": null
},
- "Test Org": {
- "admins": ["admin@example.com"],
- "auditors": ["auditor@example.com"],
- "users": true
+ "AUTH_LDAP_USER_ATTR_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP User Attribute Map",
+ "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "first_name": "givenName",
+ "last_name": "sn",
+ "email": "mail"
+ },
+ "default": {},
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
},
- "Test Org 2": {
- "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"],
- "remove_admins": true,
- "users": "/^[^@].*?@example\\.com$/i",
- "remove_users": true
- }
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_TEAM_MAP": {
- "type": "nested object",
- "required": false,
- "label": "GitHub OAuth2 Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "GitHub OAuth2",
- "category_slug": "github",
- "placeholder": {
- "My Team": {
- "organization": "Test Org",
- "users": ["/^[^@]+?@test\\.example\\.com$/"],
- "remove": true
+ "AUTH_LDAP_GROUP_SEARCH": {
+ "type": "list",
+ "required": false,
+ "label": "LDAP Group Search",
+ "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": [
+ "DC=example,DC=com",
+ "SCOPE_SUBTREE",
+ "(objectClass=group)"
+ ],
+ "default": [],
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
},
- "Other Team": {
- "organization": "Test Org 2",
- "users": "/^[^@]+?@test2\\.example\\.com$/i",
- "remove": false
- }
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_ORG_KEY": {
- "type": "string",
- "required": false,
- "label": "GitHub Organization OAuth2 Key",
- "help_text": "The OAuth2 key (Client ID) from your GitHub organization application.",
- "category": "GitHub Organization OAuth2",
- "category_slug": "github-org",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_ORG_SECRET": {
- "type": "string",
- "required": false,
- "label": "GitHub Organization OAuth2 Secret",
- "help_text": "The OAuth2 secret (Client Secret) from your GitHub organization application.",
- "category": "GitHub Organization OAuth2",
- "category_slug": "github-org",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_ORG_NAME": {
- "type": "string",
- "required": false,
- "label": "GitHub Organization Name",
- "help_text": "The name of your GitHub organization, as used in your organization's URL: https://github.com//.",
- "category": "GitHub Organization OAuth2",
- "category_slug": "github-org",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP": {
- "type": "nested object",
- "required": false,
- "label": "GitHub Organization OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "GitHub Organization OAuth2",
- "category_slug": "github-org",
- "placeholder": {
- "Default": {
- "users": true
+ "AUTH_LDAP_GROUP_TYPE": {
+ "type": "choice",
+ "required": false,
+ "label": "LDAP Group Type",
+ "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": "MemberDNGroupType",
+ "choices": [
+ [
+ "PosixGroupType",
+ "PosixGroupType"
+ ],
+ [
+ "GroupOfNamesType",
+ "GroupOfNamesType"
+ ],
+ [
+ "GroupOfUniqueNamesType",
+ "GroupOfUniqueNamesType"
+ ],
+ [
+ "ActiveDirectoryGroupType",
+ "ActiveDirectoryGroupType"
+ ],
+ [
+ "OrganizationalRoleGroupType",
+ "OrganizationalRoleGroupType"
+ ],
+ [
+ "MemberDNGroupType",
+ "MemberDNGroupType"
+ ],
+ [
+ "NestedGroupOfNamesType",
+ "NestedGroupOfNamesType"
+ ],
+ [
+ "NestedGroupOfUniqueNamesType",
+ "NestedGroupOfUniqueNamesType"
+ ],
+ [
+ "NestedActiveDirectoryGroupType",
+ "NestedActiveDirectoryGroupType"
+ ],
+ [
+ "NestedOrganizationalRoleGroupType",
+ "NestedOrganizationalRoleGroupType"
+ ],
+ [
+ "NestedMemberDNGroupType",
+ "NestedMemberDNGroupType"
+ ],
+ [
+ "PosixUIDGroupType",
+ "PosixUIDGroupType"
+ ]
+ ]
},
- "Test Org": {
- "admins": ["admin@example.com"],
- "auditors": ["auditor@example.com"],
- "users": true
+ "AUTH_LDAP_GROUP_TYPE_PARAMS": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Group Type Parameters",
+ "help_text": "Key value parameters to send the chosen group type init method.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "ldap_group_user_attr": "legacyuid",
+ "member_attr": "member",
+ "name_attr": "cn"
+ },
+ "default": {
+ "member_attr": "member",
+ "name_attr": "cn"
+ },
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
},
- "Test Org 2": {
- "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"],
- "remove_admins": true,
- "users": "/^[^@].*?@example\\.com$/i",
- "remove_users": true
- }
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP": {
- "type": "nested object",
- "required": false,
- "label": "GitHub Organization OAuth2 Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "GitHub Organization OAuth2",
- "category_slug": "github-org",
- "placeholder": {
- "My Team": {
- "organization": "Test Org",
- "users": ["/^[^@]+?@test\\.example\\.com$/"],
- "remove": true
+ "AUTH_LDAP_REQUIRE_GROUP": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Require Group",
+ "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com",
+ "default": null
},
- "Other Team": {
- "organization": "Test Org 2",
- "users": "/^[^@]+?@test2\\.example\\.com$/i",
- "remove": false
- }
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_TEAM_KEY": {
- "type": "string",
- "required": false,
- "label": "GitHub Team OAuth2 Key",
- "help_text": "The OAuth2 key (Client ID) from your GitHub organization application.",
- "category": "GitHub Team OAuth2",
- "category_slug": "github-team",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_TEAM_SECRET": {
- "type": "string",
- "required": false,
- "label": "GitHub Team OAuth2 Secret",
- "help_text": "The OAuth2 secret (Client Secret) from your GitHub organization application.",
- "category": "GitHub Team OAuth2",
- "category_slug": "github-team",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_TEAM_ID": {
- "type": "string",
- "required": false,
- "label": "GitHub Team ID",
- "help_text": "Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.",
- "category": "GitHub Team OAuth2",
- "category_slug": "github-team",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP": {
- "type": "nested object",
- "required": false,
- "label": "GitHub Team OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "GitHub Team OAuth2",
- "category_slug": "github-team",
- "placeholder": {
- "Default": {
- "users": true
+ "AUTH_LDAP_DENY_GROUP": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Deny Group",
+ "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com",
+ "default": null
},
- "Test Org": {
- "admins": ["admin@example.com"],
- "auditors": ["auditor@example.com"],
- "users": true
+ "AUTH_LDAP_USER_FLAGS_BY_GROUP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP User Flags By Group",
+ "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com",
+ "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com"
+ },
+ "default": {},
+ "child": {
+ "type": "list",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ }
},
- "Test Org 2": {
- "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"],
- "remove_admins": true,
- "users": "/^[^@].*?@example\\.com$/i",
- "remove_users": true
- }
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP": {
- "type": "nested object",
- "required": false,
- "label": "GitHub Team OAuth2 Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "GitHub Team OAuth2",
- "category_slug": "github-team",
- "placeholder": {
- "My Team": {
- "organization": "Test Org",
- "users": ["/^[^@]+?@test\\.example\\.com$/"],
- "remove": true
+ "AUTH_LDAP_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Organization Map",
+ "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "Test Org": {
+ "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com",
+ "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com",
+ "users": [
+ "CN=Domain Users,CN=Users,DC=example,DC=com"
+ ],
+ "remove_users": true,
+ "remove_admins": true
+ },
+ "Test Org 2": {
+ "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com",
+ "users": true,
+ "remove_users": true,
+ "remove_admins": true
+ }
+ },
+ "default": {},
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
},
- "Other Team": {
- "organization": "Test Org 2",
- "users": "/^[^@]+?@test2\\.example\\.com$/i",
- "remove": false
- }
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_URL": {
- "type": "string",
- "required": false,
- "label": "GitHub Enterprise URL",
- "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
- "category": "GitHub Enterprise OAuth2",
- "category_slug": "github-enterprise",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL": {
- "type": "string",
- "required": false,
- "label": "GitHub Enterprise API URL",
- "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
- "category": "GitHub Enterprise OAuth2",
- "category_slug": "github-enterprise",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY": {
- "type": "string",
- "required": false,
- "label": "GitHub Enterprise OAuth2 Key",
- "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise developer application.",
- "category": "GitHub Enterprise OAuth2",
- "category_slug": "github-enterprise",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET": {
- "type": "string",
- "required": false,
- "label": "GitHub Enterprise OAuth2 Secret",
- "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application.",
- "category": "GitHub OAuth2",
- "category_slug": "github-enterprise",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP": {
- "type": "nested object",
- "required": false,
- "label": "GitHub Enterprise OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "GitHub Enterprise OAuth2",
- "category_slug": "github-enterprise",
- "placeholder": {
- "Default": {
- "users": true
+ "AUTH_LDAP_TEAM_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Team Map",
+ "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "My Team": {
+ "organization": "Test Org",
+ "users": [
+ "CN=Domain Users,CN=Users,DC=example,DC=com"
+ ],
+ "remove": true
+ },
+ "Other Team": {
+ "organization": "Test Org 2",
+ "users": "CN=Other Users,CN=Users,DC=example,DC=com",
+ "remove": false
+ }
+ },
+ "default": {},
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
},
- "Test Org": {
- "admins": ["admin@example.com"],
- "auditors": ["auditor@example.com"],
- "users": true
+ "AUTH_LDAP_1_SERVER_URI": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Server URI",
+ "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "ldaps://ldap.example.com:636",
+ "default": ""
},
- "Test Org 2": {
- "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"],
- "remove_admins": true,
- "users": "/^[^@].*?@example\\.com$/i",
- "remove_users": true
- }
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP": {
- "type": "nested object",
- "required": false,
- "label": "GitHub Enterprise OAuth2 Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "GitHub Enterprise OAuth2",
- "category_slug": "github-enterprise",
- "placeholder": {
- "My Team": {
- "organization": "Test Org",
- "users": ["/^[^@]+?@test\\.example\\.com$/"],
- "remove": true
+ "AUTH_LDAP_1_BIND_DN": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Bind DN",
+ "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": ""
},
- "Other Team": {
- "organization": "Test Org 2",
- "users": "/^[^@]+?@test2\\.example\\.com$/i",
- "remove": false
- }
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL": {
- "type": "string",
- "required": false,
- "label": "GitHub Enterprise Organization URL",
- "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
- "category": "GitHub Enterprise OAuth2",
- "category_slug": "github-enterprise-org",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL": {
- "type": "string",
- "required": false,
- "label": "GitHub Enterprise Organization API URL",
- "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
- "category": "GitHub Enterprise OAuth2",
- "category_slug": "github-enterprise-org",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY": {
- "type": "string",
- "required": false,
- "label": "GitHub Enterprise Organization OAuth2 Key",
- "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise organization application.",
- "category": "GitHub Enterprise Organization OAuth2",
- "category_slug": "github-enterprise-org",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET": {
- "type": "string",
- "required": false,
- "label": "GitHub Enterprise Organization OAuth2 Secret",
- "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.",
- "category": "GitHub Enterprise Organization OAuth2",
- "category_slug": "github-enterprise-org",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME": {
- "type": "string",
- "required": false,
- "label": "GitHub Enterprise Organization Name",
- "help_text": "The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com//.",
- "category": "GitHub Enterprise Organization OAuth2",
- "category_slug": "github-enterprise-org",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP": {
- "type": "nested object",
- "required": false,
- "label": "GitHub Enterprise Organization OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "GitHub Enterprise Organization OAuth2",
- "category_slug": "github-enterprise-org",
- "placeholder": {
- "Default": {
- "users": true
+ "AUTH_LDAP_1_BIND_PASSWORD": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Bind Password",
+ "help_text": "Password used to bind LDAP user account.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": ""
},
- "Test Org": {
- "admins": ["admin@example.com"],
- "auditors": ["auditor@example.com"],
- "users": true
+ "AUTH_LDAP_1_START_TLS": {
+ "type": "boolean",
+ "required": false,
+ "label": "LDAP Start TLS",
+ "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": false
},
- "Test Org 2": {
- "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"],
- "remove_admins": true,
- "users": "/^[^@].*?@example\\.com$/i",
- "remove_users": true
- }
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP": {
- "type": "nested object",
- "required": false,
- "label": "GitHub Enterprise Organization OAuth2 Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "GitHub Enterprise Organization OAuth2",
- "category_slug": "github-enterprise-org",
- "placeholder": {
- "My Team": {
- "organization": "Test Org",
- "users": ["/^[^@]+?@test\\.example\\.com$/"],
- "remove": true
+ "AUTH_LDAP_1_CONNECTION_OPTIONS": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Connection Options",
+ "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
+ },
+ "default": {
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
+ },
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
},
- "Other Team": {
- "organization": "Test Org 2",
- "users": "/^[^@]+?@test2\\.example\\.com$/i",
- "remove": false
- }
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL": {
- "type": "string",
- "required": false,
- "label": "GitHub Enterprise Team URL",
- "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
- "category": "GitHub Enterprise OAuth2",
- "category_slug": "github-enterprise-team",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL": {
- "type": "string",
- "required": false,
- "label": "GitHub Enterprise Team API URL",
- "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
- "category": "GitHub Enterprise OAuth2",
- "category_slug": "github-enterprise-team",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY": {
- "type": "string",
- "required": false,
- "label": "GitHub Enterprise Team OAuth2 Key",
- "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise organization application.",
- "category": "GitHub Enterprise Team OAuth2",
- "category_slug": "github-enterprise-team",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET": {
- "type": "string",
- "required": false,
- "label": "GitHub Enterprise Team OAuth2 Secret",
- "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.",
- "category": "GitHub Enterprise Team OAuth2",
- "category_slug": "github-enterprise-team",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID": {
- "type": "string",
- "required": false,
- "label": "GitHub Enterprise Team ID",
- "help_text": "Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.",
- "category": "GitHub Enterprise Team OAuth2",
- "category_slug": "github-enterprise-team",
- "default": ""
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP": {
- "type": "nested object",
- "required": false,
- "label": "GitHub Enterprise Team OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "GitHub Enterprise Team OAuth2",
- "category_slug": "github-enterprise-team",
- "placeholder": {
- "Default": {
- "users": true
+ "AUTH_LDAP_1_USER_SEARCH": {
+ "type": "list",
+ "required": false,
+ "label": "LDAP User Search",
+ "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": [
+ "OU=Users,DC=example,DC=com",
+ "SCOPE_SUBTREE",
+ "(sAMAccountName=%(user)s)"
+ ],
+ "default": [],
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
},
- "Test Org": {
- "admins": ["admin@example.com"],
- "auditors": ["auditor@example.com"],
- "users": true
+ "AUTH_LDAP_1_USER_DN_TEMPLATE": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP User DN Template",
+ "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com",
+ "default": null
},
- "Test Org 2": {
- "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"],
- "remove_admins": true,
- "users": "/^[^@].*?@example\\.com$/i",
- "remove_users": true
- }
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP": {
- "type": "nested object",
- "required": false,
- "label": "GitHub Enterprise Team OAuth2 Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "GitHub Enterprise Team OAuth2",
- "category_slug": "github-enterprise-team",
- "placeholder": {
- "My Team": {
- "organization": "Test Org",
- "users": ["/^[^@]+?@test\\.example\\.com$/"],
- "remove": true
+ "AUTH_LDAP_1_USER_ATTR_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP User Attribute Map",
+ "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "first_name": "givenName",
+ "last_name": "sn",
+ "email": "mail"
+ },
+ "default": {},
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
},
- "Other Team": {
- "organization": "Test Org 2",
- "users": "/^[^@]+?@test2\\.example\\.com$/i",
- "remove": false
- }
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_AZUREAD_OAUTH2_KEY": {
- "type": "string",
- "required": false,
- "label": "Azure AD OAuth2 Key",
- "help_text": "The OAuth2 key (Client ID) from your Azure AD application.",
- "category": "Azure AD OAuth2",
- "category_slug": "azuread-oauth2",
- "default": ""
- },
- "SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET": {
- "type": "string",
- "required": false,
- "label": "Azure AD OAuth2 Secret",
- "help_text": "The OAuth2 secret (Client Secret) from your Azure AD application.",
- "category": "Azure AD OAuth2",
- "category_slug": "azuread-oauth2",
- "default": ""
- },
- "SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP": {
- "type": "nested object",
- "required": false,
- "label": "Azure AD OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "Azure AD OAuth2",
- "category_slug": "azuread-oauth2",
- "placeholder": {
- "Default": {
- "users": true
+ "AUTH_LDAP_1_GROUP_SEARCH": {
+ "type": "list",
+ "required": false,
+ "label": "LDAP Group Search",
+ "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": [
+ "DC=example,DC=com",
+ "SCOPE_SUBTREE",
+ "(objectClass=group)"
+ ],
+ "default": [],
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
},
- "Test Org": {
- "admins": ["admin@example.com"],
- "auditors": ["auditor@example.com"],
- "users": true
+ "AUTH_LDAP_1_GROUP_TYPE": {
+ "type": "choice",
+ "required": false,
+ "label": "LDAP Group Type",
+ "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": "MemberDNGroupType",
+ "choices": [
+ [
+ "PosixGroupType",
+ "PosixGroupType"
+ ],
+ [
+ "GroupOfNamesType",
+ "GroupOfNamesType"
+ ],
+ [
+ "GroupOfUniqueNamesType",
+ "GroupOfUniqueNamesType"
+ ],
+ [
+ "ActiveDirectoryGroupType",
+ "ActiveDirectoryGroupType"
+ ],
+ [
+ "OrganizationalRoleGroupType",
+ "OrganizationalRoleGroupType"
+ ],
+ [
+ "MemberDNGroupType",
+ "MemberDNGroupType"
+ ],
+ [
+ "NestedGroupOfNamesType",
+ "NestedGroupOfNamesType"
+ ],
+ [
+ "NestedGroupOfUniqueNamesType",
+ "NestedGroupOfUniqueNamesType"
+ ],
+ [
+ "NestedActiveDirectoryGroupType",
+ "NestedActiveDirectoryGroupType"
+ ],
+ [
+ "NestedOrganizationalRoleGroupType",
+ "NestedOrganizationalRoleGroupType"
+ ],
+ [
+ "NestedMemberDNGroupType",
+ "NestedMemberDNGroupType"
+ ],
+ [
+ "PosixUIDGroupType",
+ "PosixUIDGroupType"
+ ]
+ ]
},
- "Test Org 2": {
- "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"],
- "remove_admins": true,
- "users": "/^[^@].*?@example\\.com$/i",
- "remove_users": true
- }
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP": {
- "type": "nested object",
- "required": false,
- "label": "Azure AD OAuth2 Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "Azure AD OAuth2",
- "category_slug": "azuread-oauth2",
- "placeholder": {
- "My Team": {
- "organization": "Test Org",
- "users": ["/^[^@]+?@test\\.example\\.com$/"],
- "remove": true
+ "AUTH_LDAP_1_GROUP_TYPE_PARAMS": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Group Type Parameters",
+ "help_text": "Key value parameters to send the chosen group type init method.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "ldap_group_user_attr": "legacyuid",
+ "member_attr": "member",
+ "name_attr": "cn"
+ },
+ "default": {
+ "member_attr": "member",
+ "name_attr": "cn"
+ },
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
},
- "Other Team": {
- "organization": "Test Org 2",
- "users": "/^[^@]+?@test2\\.example\\.com$/i",
- "remove": false
- }
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_OIDC_KEY": {
- "type": "string",
- "required": false,
- "label": "OIDC Key",
- "help_text": "The OIDC key (Client ID) from your IDP.",
- "category": "Generic OIDC",
- "category_slug": "oidc",
- "default": null
- },
- "SOCIAL_AUTH_OIDC_SECRET": {
- "type": "string",
- "required": false,
- "label": "OIDC Secret",
- "help_text": "The OIDC secret (Client Secret) from your IDP.",
- "category": "Generic OIDC",
- "category_slug": "oidc",
- "default": ""
- },
- "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT": {
- "type": "string",
- "required": false,
- "label": "OIDC Provider URL",
- "help_text": "The URL for your OIDC provider including the path up to /.well-known/openid-configuration",
- "category": "Generic OIDC",
- "category_slug": "oidc",
- "default": ""
- },
- "SOCIAL_AUTH_OIDC_VERIFY_SSL": {
- "type": "boolean",
- "required": false,
- "label": "Verify OIDC Provider Certificate",
- "help_text": "Verify the OIDC provider ssl certificate.",
- "category": "Generic OIDC",
- "category_slug": "oidc",
- "default": true
- },
- "SAML_AUTO_CREATE_OBJECTS": {
- "type": "boolean",
- "required": false,
- "label": "Automatically Create Organizations and Teams on SAML Login",
- "help_text": "When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login.",
- "category": "SAML",
- "category_slug": "saml",
- "default": true
- },
- "SOCIAL_AUTH_SAML_SP_ENTITY_ID": {
- "type": "string",
- "required": false,
- "label": "SAML Service Provider Entity ID",
- "help_text": "The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for the service.",
- "category": "SAML",
- "category_slug": "saml",
- "default": ""
- },
- "SOCIAL_AUTH_SAML_SP_PUBLIC_CERT": {
- "type": "string",
- "required": true,
- "label": "SAML Service Provider Public Certificate",
- "help_text": "Create a keypair to use as a service provider (SP) and include the certificate content here.",
- "category": "SAML",
- "category_slug": "saml",
- "default": ""
- },
- "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY": {
- "type": "string",
- "required": true,
- "label": "SAML Service Provider Private Key",
- "help_text": "Create a keypair to use as a service provider (SP) and include the private key content here.",
- "category": "SAML",
- "category_slug": "saml",
- "default": ""
- },
- "SOCIAL_AUTH_SAML_ORG_INFO": {
- "type": "nested object",
- "required": true,
- "label": "SAML Service Provider Organization Info",
- "help_text": "Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.",
- "category": "SAML",
- "category_slug": "saml",
- "placeholder": {
- "en-US": {
- "name": "example",
- "displayname": "Example",
- "url": "http://www.example.com"
- }
- },
- "default": {},
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_SAML_TECHNICAL_CONTACT": {
- "type": "nested object",
- "required": true,
- "label": "SAML Service Provider Technical Contact",
- "help_text": "Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.",
- "category": "SAML",
- "category_slug": "saml",
- "placeholder": {
- "givenName": "Technical Contact",
- "emailAddress": "techsup@example.com"
- },
- "default": {},
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "SOCIAL_AUTH_SAML_SUPPORT_CONTACT": {
- "type": "nested object",
- "required": true,
- "label": "SAML Service Provider Support Contact",
- "help_text": "Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.",
- "category": "SAML",
- "category_slug": "saml",
- "placeholder": {
- "givenName": "Support Contact",
- "emailAddress": "support@example.com"
- },
- "default": {},
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "SOCIAL_AUTH_SAML_ENABLED_IDPS": {
- "type": "nested object",
- "required": false,
- "label": "SAML Enabled Identity Providers",
- "help_text": "Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.",
- "category": "SAML",
- "category_slug": "saml",
- "placeholder": {
- "Okta": {
- "entity_id": "http://www.okta.com/HHniyLkaxk9e76wD0Thh",
- "url": "https://dev-123456.oktapreview.com/app/ansibletower/HHniyLkaxk9e76wD0Thh/sso/saml",
- "x509cert": "MIIDpDCCAoygAwIBAgIGAVVZ4rPzMA0GCSqGSIb3...",
- "attr_user_permanent_id": "username",
- "attr_first_name": "first_name",
- "attr_last_name": "last_name",
- "attr_username": "username",
- "attr_email": "email"
+ "AUTH_LDAP_1_REQUIRE_GROUP": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Require Group",
+ "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com",
+ "default": null
},
- "OneLogin": {
- "entity_id": "https://app.onelogin.com/saml/metadata/123456",
- "url": "https://example.onelogin.com/trust/saml2/http-post/sso/123456",
- "x509cert": "MIIEJjCCAw6gAwIBAgIUfuSD54OPSBhndDHh3gZo...",
- "attr_user_permanent_id": "name_id",
- "attr_first_name": "User.FirstName",
- "attr_last_name": "User.LastName",
- "attr_username": "User.email",
- "attr_email": "User.email"
- }
- },
- "default": {},
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_SAML_SECURITY_CONFIG": {
- "type": "nested object",
- "required": false,
- "label": "SAML Security Config",
- "help_text": "A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings",
- "category": "SAML",
- "category_slug": "saml",
- "placeholder": {
- "nameIdEncrypted": false,
- "authnRequestsSigned": false,
- "logoutRequestSigned": false,
- "logoutResponseSigned": false,
- "signMetadata": false,
- "wantMessagesSigned": false,
- "wantAssertionsSigned": false,
- "wantAssertionsEncrypted": false,
- "wantNameId": true,
- "wantNameIdEncrypted": false,
- "wantAttributeStatement": true,
- "requestedAuthnContext": true,
- "requestedAuthnContextComparison": "exact",
- "metadataValidUntil": "2015-06-26T20:00:00Z",
- "metadataCacheDuration": "PT518400S",
- "signatureAlgorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
- "digestAlgorithm": "http://www.w3.org/2000/09/xmldsig#sha1"
- },
- "default": {
- "requestedAuthnContext": false
- },
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "SOCIAL_AUTH_SAML_SP_EXTRA": {
- "type": "nested object",
- "required": false,
- "label": "SAML Service Provider extra configuration data",
- "help_text": "A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.",
- "category": "SAML",
- "category_slug": "saml",
- "placeholder": {},
- "default": null,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "SOCIAL_AUTH_SAML_EXTRA_DATA": {
- "type": "list",
- "required": false,
- "label": "SAML IDP to extra_data attribute mapping",
- "help_text": "A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.",
- "category": "SAML",
- "category_slug": "saml",
- "placeholder": [
- ["attribute_name", "extra_data_name_for_attribute"],
- ["department", "department"],
- ["manager_full_name", "manager_full_name"]
- ],
- "default": null,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "SOCIAL_AUTH_SAML_ORGANIZATION_MAP": {
- "type": "nested object",
- "required": false,
- "label": "SAML Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "SAML",
- "category_slug": "saml",
- "placeholder": {
- "Default": {
- "users": true
+ "AUTH_LDAP_1_DENY_GROUP": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Deny Group",
+ "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com",
+ "default": null
},
- "Test Org": {
- "admins": ["admin@example.com"],
- "auditors": ["auditor@example.com"],
- "users": true
+ "AUTH_LDAP_1_USER_FLAGS_BY_GROUP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP User Flags By Group",
+ "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com",
+ "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com"
+ },
+ "default": {},
+ "child": {
+ "type": "list",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ }
},
- "Test Org 2": {
- "admins": ["admin@example.com", "/^tower-[^@]+*?@.*$/"],
- "remove_admins": true,
- "users": "/^[^@].*?@example\\.com$/i",
- "remove_users": true
- }
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_SAML_TEAM_MAP": {
- "type": "nested object",
- "required": false,
- "label": "SAML Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "SAML",
- "category_slug": "saml",
- "placeholder": {
- "My Team": {
- "organization": "Test Org",
- "users": ["/^[^@]+?@test\\.example\\.com$/"],
- "remove": true
+ "AUTH_LDAP_1_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Organization Map",
+ "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "Test Org": {
+ "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com",
+ "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com",
+ "users": [
+ "CN=Domain Users,CN=Users,DC=example,DC=com"
+ ],
+ "remove_users": true,
+ "remove_admins": true
+ },
+ "Test Org 2": {
+ "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com",
+ "users": true,
+ "remove_users": true,
+ "remove_admins": true
+ }
+ },
+ "default": {},
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
},
- "Other Team": {
- "organization": "Test Org 2",
- "users": "/^[^@]+?@test2\\.example\\.com$/i",
- "remove": false
+ "AUTH_LDAP_1_TEAM_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Team Map",
+ "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "My Team": {
+ "organization": "Test Org",
+ "users": [
+ "CN=Domain Users,CN=Users,DC=example,DC=com"
+ ],
+ "remove": true
+ },
+ "Other Team": {
+ "organization": "Test Org 2",
+ "users": "CN=Other Users,CN=Users,DC=example,DC=com",
+ "remove": false
+ }
+ },
+ "default": {},
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_2_SERVER_URI": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Server URI",
+ "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "ldaps://ldap.example.com:636",
+ "default": ""
+ },
+ "AUTH_LDAP_2_BIND_DN": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Bind DN",
+ "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": ""
+ },
+ "AUTH_LDAP_2_BIND_PASSWORD": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Bind Password",
+ "help_text": "Password used to bind LDAP user account.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": ""
+ },
+ "AUTH_LDAP_2_START_TLS": {
+ "type": "boolean",
+ "required": false,
+ "label": "LDAP Start TLS",
+ "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": false
+ },
+ "AUTH_LDAP_2_CONNECTION_OPTIONS": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Connection Options",
+ "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
+ },
+ "default": {
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
+ },
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_2_USER_SEARCH": {
+ "type": "list",
+ "required": false,
+ "label": "LDAP User Search",
+ "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": [
+ "OU=Users,DC=example,DC=com",
+ "SCOPE_SUBTREE",
+ "(sAMAccountName=%(user)s)"
+ ],
+ "default": [],
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_2_USER_DN_TEMPLATE": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP User DN Template",
+ "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com",
+ "default": null
+ },
+ "AUTH_LDAP_2_USER_ATTR_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP User Attribute Map",
+ "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "first_name": "givenName",
+ "last_name": "sn",
+ "email": "mail"
+ },
+ "default": {},
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_2_GROUP_SEARCH": {
+ "type": "list",
+ "required": false,
+ "label": "LDAP Group Search",
+ "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": [
+ "DC=example,DC=com",
+ "SCOPE_SUBTREE",
+ "(objectClass=group)"
+ ],
+ "default": [],
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_2_GROUP_TYPE": {
+ "type": "choice",
+ "required": false,
+ "label": "LDAP Group Type",
+ "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": "MemberDNGroupType",
+ "choices": [
+ [
+ "PosixGroupType",
+ "PosixGroupType"
+ ],
+ [
+ "GroupOfNamesType",
+ "GroupOfNamesType"
+ ],
+ [
+ "GroupOfUniqueNamesType",
+ "GroupOfUniqueNamesType"
+ ],
+ [
+ "ActiveDirectoryGroupType",
+ "ActiveDirectoryGroupType"
+ ],
+ [
+ "OrganizationalRoleGroupType",
+ "OrganizationalRoleGroupType"
+ ],
+ [
+ "MemberDNGroupType",
+ "MemberDNGroupType"
+ ],
+ [
+ "NestedGroupOfNamesType",
+ "NestedGroupOfNamesType"
+ ],
+ [
+ "NestedGroupOfUniqueNamesType",
+ "NestedGroupOfUniqueNamesType"
+ ],
+ [
+ "NestedActiveDirectoryGroupType",
+ "NestedActiveDirectoryGroupType"
+ ],
+ [
+ "NestedOrganizationalRoleGroupType",
+ "NestedOrganizationalRoleGroupType"
+ ],
+ [
+ "NestedMemberDNGroupType",
+ "NestedMemberDNGroupType"
+ ],
+ [
+ "PosixUIDGroupType",
+ "PosixUIDGroupType"
+ ]
+ ]
+ },
+ "AUTH_LDAP_2_GROUP_TYPE_PARAMS": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Group Type Parameters",
+ "help_text": "Key value parameters to send the chosen group type init method.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "ldap_group_user_attr": "legacyuid",
+ "member_attr": "member",
+ "name_attr": "cn"
+ },
+ "default": {
+ "member_attr": "member",
+ "name_attr": "cn"
+ },
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_2_REQUIRE_GROUP": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Require Group",
+ "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com",
+ "default": null
+ },
+ "AUTH_LDAP_2_DENY_GROUP": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Deny Group",
+ "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com",
+ "default": null
+ },
+ "AUTH_LDAP_2_USER_FLAGS_BY_GROUP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP User Flags By Group",
+ "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com",
+ "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com"
+ },
+ "default": {},
+ "child": {
+ "type": "list",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_2_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Organization Map",
+ "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "Test Org": {
+ "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com",
+ "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com",
+ "users": [
+ "CN=Domain Users,CN=Users,DC=example,DC=com"
+ ],
+ "remove_users": true,
+ "remove_admins": true
+ },
+ "Test Org 2": {
+ "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com",
+ "users": true,
+ "remove_users": true,
+ "remove_admins": true
+ }
+ },
+ "default": {},
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_2_TEAM_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Team Map",
+ "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "My Team": {
+ "organization": "Test Org",
+ "users": [
+ "CN=Domain Users,CN=Users,DC=example,DC=com"
+ ],
+ "remove": true
+ },
+ "Other Team": {
+ "organization": "Test Org 2",
+ "users": "CN=Other Users,CN=Users,DC=example,DC=com",
+ "remove": false
+ }
+ },
+ "default": {},
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_3_SERVER_URI": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Server URI",
+ "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "ldaps://ldap.example.com:636",
+ "default": ""
+ },
+ "AUTH_LDAP_3_BIND_DN": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Bind DN",
+ "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": ""
+ },
+ "AUTH_LDAP_3_BIND_PASSWORD": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Bind Password",
+ "help_text": "Password used to bind LDAP user account.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": ""
+ },
+ "AUTH_LDAP_3_START_TLS": {
+ "type": "boolean",
+ "required": false,
+ "label": "LDAP Start TLS",
+ "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": false
+ },
+ "AUTH_LDAP_3_CONNECTION_OPTIONS": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Connection Options",
+ "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
+ },
+ "default": {
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
+ },
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_3_USER_SEARCH": {
+ "type": "list",
+ "required": false,
+ "label": "LDAP User Search",
+ "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": [
+ "OU=Users,DC=example,DC=com",
+ "SCOPE_SUBTREE",
+ "(sAMAccountName=%(user)s)"
+ ],
+ "default": [],
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_3_USER_DN_TEMPLATE": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP User DN Template",
+ "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com",
+ "default": null
+ },
+ "AUTH_LDAP_3_USER_ATTR_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP User Attribute Map",
+ "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "first_name": "givenName",
+ "last_name": "sn",
+ "email": "mail"
+ },
+ "default": {},
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_3_GROUP_SEARCH": {
+ "type": "list",
+ "required": false,
+ "label": "LDAP Group Search",
+ "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": [
+ "DC=example,DC=com",
+ "SCOPE_SUBTREE",
+ "(objectClass=group)"
+ ],
+ "default": [],
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_3_GROUP_TYPE": {
+ "type": "choice",
+ "required": false,
+ "label": "LDAP Group Type",
+ "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": "MemberDNGroupType",
+ "choices": [
+ [
+ "PosixGroupType",
+ "PosixGroupType"
+ ],
+ [
+ "GroupOfNamesType",
+ "GroupOfNamesType"
+ ],
+ [
+ "GroupOfUniqueNamesType",
+ "GroupOfUniqueNamesType"
+ ],
+ [
+ "ActiveDirectoryGroupType",
+ "ActiveDirectoryGroupType"
+ ],
+ [
+ "OrganizationalRoleGroupType",
+ "OrganizationalRoleGroupType"
+ ],
+ [
+ "MemberDNGroupType",
+ "MemberDNGroupType"
+ ],
+ [
+ "NestedGroupOfNamesType",
+ "NestedGroupOfNamesType"
+ ],
+ [
+ "NestedGroupOfUniqueNamesType",
+ "NestedGroupOfUniqueNamesType"
+ ],
+ [
+ "NestedActiveDirectoryGroupType",
+ "NestedActiveDirectoryGroupType"
+ ],
+ [
+ "NestedOrganizationalRoleGroupType",
+ "NestedOrganizationalRoleGroupType"
+ ],
+ [
+ "NestedMemberDNGroupType",
+ "NestedMemberDNGroupType"
+ ],
+ [
+ "PosixUIDGroupType",
+ "PosixUIDGroupType"
+ ]
+ ]
+ },
+ "AUTH_LDAP_3_GROUP_TYPE_PARAMS": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Group Type Parameters",
+ "help_text": "Key value parameters to send the chosen group type init method.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "ldap_group_user_attr": "legacyuid",
+ "member_attr": "member",
+ "name_attr": "cn"
+ },
+ "default": {
+ "member_attr": "member",
+ "name_attr": "cn"
+ },
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_3_REQUIRE_GROUP": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Require Group",
+ "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com",
+ "default": null
+ },
+ "AUTH_LDAP_3_DENY_GROUP": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Deny Group",
+ "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com",
+ "default": null
+ },
+ "AUTH_LDAP_3_USER_FLAGS_BY_GROUP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP User Flags By Group",
+ "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com",
+ "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com"
+ },
+ "default": {},
+ "child": {
+ "type": "list",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_3_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Organization Map",
+ "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "Test Org": {
+ "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com",
+ "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com",
+ "users": [
+ "CN=Domain Users,CN=Users,DC=example,DC=com"
+ ],
+ "remove_users": true,
+ "remove_admins": true
+ },
+ "Test Org 2": {
+ "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com",
+ "users": true,
+ "remove_users": true,
+ "remove_admins": true
+ }
+ },
+ "default": {},
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_3_TEAM_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Team Map",
+ "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "My Team": {
+ "organization": "Test Org",
+ "users": [
+ "CN=Domain Users,CN=Users,DC=example,DC=com"
+ ],
+ "remove": true
+ },
+ "Other Team": {
+ "organization": "Test Org 2",
+ "users": "CN=Other Users,CN=Users,DC=example,DC=com",
+ "remove": false
+ }
+ },
+ "default": {},
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_4_SERVER_URI": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Server URI",
+ "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "ldaps://ldap.example.com:636",
+ "default": ""
+ },
+ "AUTH_LDAP_4_BIND_DN": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Bind DN",
+ "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": ""
+ },
+ "AUTH_LDAP_4_BIND_PASSWORD": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Bind Password",
+ "help_text": "Password used to bind LDAP user account.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": ""
+ },
+ "AUTH_LDAP_4_START_TLS": {
+ "type": "boolean",
+ "required": false,
+ "label": "LDAP Start TLS",
+ "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": false
+ },
+ "AUTH_LDAP_4_CONNECTION_OPTIONS": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Connection Options",
+ "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
+ },
+ "default": {
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
+ },
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_4_USER_SEARCH": {
+ "type": "list",
+ "required": false,
+ "label": "LDAP User Search",
+ "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": [
+ "OU=Users,DC=example,DC=com",
+ "SCOPE_SUBTREE",
+ "(sAMAccountName=%(user)s)"
+ ],
+ "default": [],
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_4_USER_DN_TEMPLATE": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP User DN Template",
+ "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com",
+ "default": null
+ },
+ "AUTH_LDAP_4_USER_ATTR_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP User Attribute Map",
+ "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "first_name": "givenName",
+ "last_name": "sn",
+ "email": "mail"
+ },
+ "default": {},
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_4_GROUP_SEARCH": {
+ "type": "list",
+ "required": false,
+ "label": "LDAP Group Search",
+ "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": [
+ "DC=example,DC=com",
+ "SCOPE_SUBTREE",
+ "(objectClass=group)"
+ ],
+ "default": [],
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_4_GROUP_TYPE": {
+ "type": "choice",
+ "required": false,
+ "label": "LDAP Group Type",
+ "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": "MemberDNGroupType",
+ "choices": [
+ [
+ "PosixGroupType",
+ "PosixGroupType"
+ ],
+ [
+ "GroupOfNamesType",
+ "GroupOfNamesType"
+ ],
+ [
+ "GroupOfUniqueNamesType",
+ "GroupOfUniqueNamesType"
+ ],
+ [
+ "ActiveDirectoryGroupType",
+ "ActiveDirectoryGroupType"
+ ],
+ [
+ "OrganizationalRoleGroupType",
+ "OrganizationalRoleGroupType"
+ ],
+ [
+ "MemberDNGroupType",
+ "MemberDNGroupType"
+ ],
+ [
+ "NestedGroupOfNamesType",
+ "NestedGroupOfNamesType"
+ ],
+ [
+ "NestedGroupOfUniqueNamesType",
+ "NestedGroupOfUniqueNamesType"
+ ],
+ [
+ "NestedActiveDirectoryGroupType",
+ "NestedActiveDirectoryGroupType"
+ ],
+ [
+ "NestedOrganizationalRoleGroupType",
+ "NestedOrganizationalRoleGroupType"
+ ],
+ [
+ "NestedMemberDNGroupType",
+ "NestedMemberDNGroupType"
+ ],
+ [
+ "PosixUIDGroupType",
+ "PosixUIDGroupType"
+ ]
+ ]
+ },
+ "AUTH_LDAP_4_GROUP_TYPE_PARAMS": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Group Type Parameters",
+ "help_text": "Key value parameters to send the chosen group type init method.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "ldap_group_user_attr": "legacyuid",
+ "member_attr": "member",
+ "name_attr": "cn"
+ },
+ "default": {
+ "member_attr": "member",
+ "name_attr": "cn"
+ },
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_4_REQUIRE_GROUP": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Require Group",
+ "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com",
+ "default": null
+ },
+ "AUTH_LDAP_4_DENY_GROUP": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Deny Group",
+ "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com",
+ "default": null
+ },
+ "AUTH_LDAP_4_USER_FLAGS_BY_GROUP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP User Flags By Group",
+ "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com",
+ "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com"
+ },
+ "default": {},
+ "child": {
+ "type": "list",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_4_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Organization Map",
+ "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "Test Org": {
+ "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com",
+ "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com",
+ "users": [
+ "CN=Domain Users,CN=Users,DC=example,DC=com"
+ ],
+ "remove_users": true,
+ "remove_admins": true
+ },
+ "Test Org 2": {
+ "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com",
+ "users": true,
+ "remove_users": true,
+ "remove_admins": true
+ }
+ },
+ "default": {},
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_4_TEAM_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Team Map",
+ "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "My Team": {
+ "organization": "Test Org",
+ "users": [
+ "CN=Domain Users,CN=Users,DC=example,DC=com"
+ ],
+ "remove": true
+ },
+ "Other Team": {
+ "organization": "Test Org 2",
+ "users": "CN=Other Users,CN=Users,DC=example,DC=com",
+ "remove": false
+ }
+ },
+ "default": {},
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_5_SERVER_URI": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Server URI",
+ "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "ldaps://ldap.example.com:636",
+ "default": ""
+ },
+ "AUTH_LDAP_5_BIND_DN": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Bind DN",
+ "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": ""
+ },
+ "AUTH_LDAP_5_BIND_PASSWORD": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Bind Password",
+ "help_text": "Password used to bind LDAP user account.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": ""
+ },
+ "AUTH_LDAP_5_START_TLS": {
+ "type": "boolean",
+ "required": false,
+ "label": "LDAP Start TLS",
+ "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": false
+ },
+ "AUTH_LDAP_5_CONNECTION_OPTIONS": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Connection Options",
+ "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
+ },
+ "default": {
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
+ },
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_5_USER_SEARCH": {
+ "type": "list",
+ "required": false,
+ "label": "LDAP User Search",
+ "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": [
+ "OU=Users,DC=example,DC=com",
+ "SCOPE_SUBTREE",
+ "(sAMAccountName=%(user)s)"
+ ],
+ "default": [],
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_5_USER_DN_TEMPLATE": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP User DN Template",
+ "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "uid=%(user)s,OU=Users,DC=example,DC=com",
+ "default": null
+ },
+ "AUTH_LDAP_5_USER_ATTR_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP User Attribute Map",
+ "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "first_name": "givenName",
+ "last_name": "sn",
+ "email": "mail"
+ },
+ "default": {},
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_5_GROUP_SEARCH": {
+ "type": "list",
+ "required": false,
+ "label": "LDAP Group Search",
+ "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": [
+ "DC=example,DC=com",
+ "SCOPE_SUBTREE",
+ "(objectClass=group)"
+ ],
+ "default": [],
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_5_GROUP_TYPE": {
+ "type": "choice",
+ "required": false,
+ "label": "LDAP Group Type",
+ "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "default": "MemberDNGroupType",
+ "choices": [
+ [
+ "PosixGroupType",
+ "PosixGroupType"
+ ],
+ [
+ "GroupOfNamesType",
+ "GroupOfNamesType"
+ ],
+ [
+ "GroupOfUniqueNamesType",
+ "GroupOfUniqueNamesType"
+ ],
+ [
+ "ActiveDirectoryGroupType",
+ "ActiveDirectoryGroupType"
+ ],
+ [
+ "OrganizationalRoleGroupType",
+ "OrganizationalRoleGroupType"
+ ],
+ [
+ "MemberDNGroupType",
+ "MemberDNGroupType"
+ ],
+ [
+ "NestedGroupOfNamesType",
+ "NestedGroupOfNamesType"
+ ],
+ [
+ "NestedGroupOfUniqueNamesType",
+ "NestedGroupOfUniqueNamesType"
+ ],
+ [
+ "NestedActiveDirectoryGroupType",
+ "NestedActiveDirectoryGroupType"
+ ],
+ [
+ "NestedOrganizationalRoleGroupType",
+ "NestedOrganizationalRoleGroupType"
+ ],
+ [
+ "NestedMemberDNGroupType",
+ "NestedMemberDNGroupType"
+ ],
+ [
+ "PosixUIDGroupType",
+ "PosixUIDGroupType"
+ ]
+ ]
+ },
+ "AUTH_LDAP_5_GROUP_TYPE_PARAMS": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Group Type Parameters",
+ "help_text": "Key value parameters to send the chosen group type init method.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "ldap_group_user_attr": "legacyuid",
+ "member_attr": "member",
+ "name_attr": "cn"
+ },
+ "default": {
+ "member_attr": "member",
+ "name_attr": "cn"
+ },
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "AUTH_LDAP_5_REQUIRE_GROUP": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Require Group",
+ "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "CN=Service Users,OU=Users,DC=example,DC=com",
+ "default": null
+ },
+ "AUTH_LDAP_5_DENY_GROUP": {
+ "type": "string",
+ "required": false,
+ "label": "LDAP Deny Group",
+ "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": "CN=Disabled Users,OU=Users,DC=example,DC=com",
+ "default": null
+ },
+ "AUTH_LDAP_5_USER_FLAGS_BY_GROUP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP User Flags By Group",
+ "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "is_superuser": "CN=Domain Admins,CN=Users,DC=example,DC=com",
+ "is_system_auditor": "CN=Domain Auditors,CN=Users,DC=example,DC=com"
+ },
+ "default": {},
+ "child": {
+ "type": "list",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_5_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Organization Map",
+ "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "Test Org": {
+ "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com",
+ "auditors": "CN=Domain Auditors,CN=Users,DC=example,DC=com",
+ "users": [
+ "CN=Domain Users,CN=Users,DC=example,DC=com"
+ ],
+ "remove_users": true,
+ "remove_admins": true
+ },
+ "Test Org 2": {
+ "admins": "CN=Administrators,CN=Builtin,DC=example,DC=com",
+ "users": true,
+ "remove_users": true,
+ "remove_admins": true
+ }
+ },
+ "default": {},
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_5_TEAM_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "LDAP Team Map",
+ "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "placeholder": {
+ "My Team": {
+ "organization": "Test Org",
+ "users": [
+ "CN=Domain Users,CN=Users,DC=example,DC=com"
+ ],
+ "remove": true
+ },
+ "Other Team": {
+ "organization": "Test Org 2",
+ "users": "CN=Other Users,CN=Users,DC=example,DC=com",
+ "remove": false
+ }
+ },
+ "default": {},
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "RADIUS_SERVER": {
+ "type": "string",
+ "required": false,
+ "label": "RADIUS Server",
+ "help_text": "Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty.",
+ "category": "RADIUS",
+ "category_slug": "radius",
+ "placeholder": "radius.example.com",
+ "default": ""
+ },
+ "RADIUS_PORT": {
+ "type": "integer",
+ "required": false,
+ "label": "RADIUS Port",
+ "help_text": "Port of RADIUS server.",
+ "min_value": 1,
+ "max_value": 65535,
+ "category": "RADIUS",
+ "category_slug": "radius",
+ "default": 1812
+ },
+ "RADIUS_SECRET": {
+ "type": "string",
+ "required": false,
+ "label": "RADIUS Secret",
+ "help_text": "Shared secret for authenticating to RADIUS server.",
+ "category": "RADIUS",
+ "category_slug": "radius",
+ "default": ""
+ },
+ "TACACSPLUS_HOST": {
+ "type": "string",
+ "required": false,
+ "label": "TACACS+ Server",
+ "help_text": "Hostname of TACACS+ server.",
+ "category": "TACACS+",
+ "category_slug": "tacacsplus",
+ "default": ""
+ },
+ "TACACSPLUS_PORT": {
+ "type": "integer",
+ "required": false,
+ "label": "TACACS+ Port",
+ "help_text": "Port number of TACACS+ server.",
+ "min_value": 1,
+ "max_value": 65535,
+ "category": "TACACS+",
+ "category_slug": "tacacsplus",
+ "default": 49
+ },
+ "TACACSPLUS_SECRET": {
+ "type": "string",
+ "required": false,
+ "label": "TACACS+ Secret",
+ "help_text": "Shared secret for authenticating to TACACS+ server.",
+ "category": "TACACS+",
+ "category_slug": "tacacsplus",
+ "default": ""
+ },
+ "TACACSPLUS_SESSION_TIMEOUT": {
+ "type": "integer",
+ "required": false,
+ "label": "TACACS+ Auth Session Timeout",
+ "help_text": "TACACS+ session timeout value in seconds, 0 disables timeout.",
+ "min_value": 0,
+ "category": "TACACS+",
+ "category_slug": "tacacsplus",
+ "unit": "seconds",
+ "default": 5
+ },
+ "TACACSPLUS_AUTH_PROTOCOL": {
+ "type": "choice",
+ "required": false,
+ "label": "TACACS+ Authentication Protocol",
+ "help_text": "Choose the authentication protocol used by TACACS+ client.",
+ "category": "TACACS+",
+ "category_slug": "tacacsplus",
+ "default": "ascii",
+ "choices": [
+ [
+ "ascii",
+ "ascii"
+ ],
+ [
+ "pap",
+ "pap"
+ ]
+ ]
+ },
+ "TACACSPLUS_REM_ADDR": {
+ "type": "boolean",
+ "required": false,
+ "label": "TACACS+ client address sending enabled",
+ "help_text": "Enable the client address sending by TACACS+ client.",
+ "category": "TACACS+",
+ "category_slug": "tacacsplus",
+ "default": false
+ },
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_KEY": {
+ "type": "string",
+ "required": false,
+ "label": "Google OAuth2 Key",
+ "help_text": "The OAuth2 key from your web application.",
+ "category": "Google OAuth2",
+ "category_slug": "google-oauth2",
+ "placeholder": "528620852399-gm2dt4hrl2tsj67fqamk09k1e0ad6gd8.apps.googleusercontent.com",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET": {
+ "type": "string",
+ "required": false,
+ "label": "Google OAuth2 Secret",
+ "help_text": "The OAuth2 secret from your web application.",
+ "category": "Google OAuth2",
+ "category_slug": "google-oauth2",
+ "placeholder": "q2fMVCmEregbg-drvebPp8OW",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS": {
+ "type": "list",
+ "required": false,
+ "label": "Google OAuth2 Allowed Domains",
+ "help_text": "Update this setting to restrict the domains who are allowed to login using Google OAuth2.",
+ "category": "Google OAuth2",
+ "category_slug": "google-oauth2",
+ "placeholder": [
+ "example.com"
+ ],
+ "default": [],
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS": {
+ "type": "nested object",
+ "required": false,
+ "label": "Google OAuth2 Extra Arguments",
+ "help_text": "Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.",
+ "category": "Google OAuth2",
+ "category_slug": "google-oauth2",
+ "placeholder": {
+ "hd": "example.com"
+ },
+ "default": {},
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "Google OAuth2 Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "Google OAuth2",
+ "category_slug": "google-oauth2",
+ "placeholder": {
+ "Default": {
+ "users": true
+ },
+ "Test Org": {
+ "admins": [
+ "admin@example.com"
+ ],
+ "auditors": [
+ "auditor@example.com"
+ ],
+ "users": true
+ },
+ "Test Org 2": {
+ "admins": [
+ "admin@example.com",
+ "/^tower-[^@]+*?@.*$/"
+ ],
+ "remove_admins": true,
+ "users": "/^[^@].*?@example\\.com$/i",
+ "remove_users": true
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "Google OAuth2 Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "Google OAuth2",
+ "category_slug": "google-oauth2",
+ "placeholder": {
+ "My Team": {
+ "organization": "Test Org",
+ "users": [
+ "/^[^@]+?@test\\.example\\.com$/"
+ ],
+ "remove": true
+ },
+ "Other Team": {
+ "organization": "Test Org 2",
+ "users": "/^[^@]+?@test2\\.example\\.com$/i",
+ "remove": false
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_KEY": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub OAuth2 Key",
+ "help_text": "The OAuth2 key (Client ID) from your GitHub developer application.",
+ "category": "GitHub OAuth2",
+ "category_slug": "github",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_SECRET": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub OAuth2 Secret",
+ "help_text": "The OAuth2 secret (Client Secret) from your GitHub developer application.",
+ "category": "GitHub OAuth2",
+ "category_slug": "github",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "GitHub OAuth2 Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "GitHub OAuth2",
+ "category_slug": "github",
+ "placeholder": {
+ "Default": {
+ "users": true
+ },
+ "Test Org": {
+ "admins": [
+ "admin@example.com"
+ ],
+ "auditors": [
+ "auditor@example.com"
+ ],
+ "users": true
+ },
+ "Test Org 2": {
+ "admins": [
+ "admin@example.com",
+ "/^tower-[^@]+*?@.*$/"
+ ],
+ "remove_admins": true,
+ "users": "/^[^@].*?@example\\.com$/i",
+ "remove_users": true
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_TEAM_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "GitHub OAuth2 Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "GitHub OAuth2",
+ "category_slug": "github",
+ "placeholder": {
+ "My Team": {
+ "organization": "Test Org",
+ "users": [
+ "/^[^@]+?@test\\.example\\.com$/"
+ ],
+ "remove": true
+ },
+ "Other Team": {
+ "organization": "Test Org 2",
+ "users": "/^[^@]+?@test2\\.example\\.com$/i",
+ "remove": false
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_ORG_KEY": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Organization OAuth2 Key",
+ "help_text": "The OAuth2 key (Client ID) from your GitHub organization application.",
+ "category": "GitHub Organization OAuth2",
+ "category_slug": "github-org",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_ORG_SECRET": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Organization OAuth2 Secret",
+ "help_text": "The OAuth2 secret (Client Secret) from your GitHub organization application.",
+ "category": "GitHub Organization OAuth2",
+ "category_slug": "github-org",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_ORG_NAME": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Organization Name",
+ "help_text": "The name of your GitHub organization, as used in your organization's URL: https://github.com//.",
+ "category": "GitHub Organization OAuth2",
+ "category_slug": "github-org",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "GitHub Organization OAuth2 Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "GitHub Organization OAuth2",
+ "category_slug": "github-org",
+ "placeholder": {
+ "Default": {
+ "users": true
+ },
+ "Test Org": {
+ "admins": [
+ "admin@example.com"
+ ],
+ "auditors": [
+ "auditor@example.com"
+ ],
+ "users": true
+ },
+ "Test Org 2": {
+ "admins": [
+ "admin@example.com",
+ "/^tower-[^@]+*?@.*$/"
+ ],
+ "remove_admins": true,
+ "users": "/^[^@].*?@example\\.com$/i",
+ "remove_users": true
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "GitHub Organization OAuth2 Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "GitHub Organization OAuth2",
+ "category_slug": "github-org",
+ "placeholder": {
+ "My Team": {
+ "organization": "Test Org",
+ "users": [
+ "/^[^@]+?@test\\.example\\.com$/"
+ ],
+ "remove": true
+ },
+ "Other Team": {
+ "organization": "Test Org 2",
+ "users": "/^[^@]+?@test2\\.example\\.com$/i",
+ "remove": false
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_TEAM_KEY": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Team OAuth2 Key",
+ "help_text": "The OAuth2 key (Client ID) from your GitHub organization application.",
+ "category": "GitHub Team OAuth2",
+ "category_slug": "github-team",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_TEAM_SECRET": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Team OAuth2 Secret",
+ "help_text": "The OAuth2 secret (Client Secret) from your GitHub organization application.",
+ "category": "GitHub Team OAuth2",
+ "category_slug": "github-team",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_TEAM_ID": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Team ID",
+ "help_text": "Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.",
+ "category": "GitHub Team OAuth2",
+ "category_slug": "github-team",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "GitHub Team OAuth2 Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "GitHub Team OAuth2",
+ "category_slug": "github-team",
+ "placeholder": {
+ "Default": {
+ "users": true
+ },
+ "Test Org": {
+ "admins": [
+ "admin@example.com"
+ ],
+ "auditors": [
+ "auditor@example.com"
+ ],
+ "users": true
+ },
+ "Test Org 2": {
+ "admins": [
+ "admin@example.com",
+ "/^tower-[^@]+*?@.*$/"
+ ],
+ "remove_admins": true,
+ "users": "/^[^@].*?@example\\.com$/i",
+ "remove_users": true
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "GitHub Team OAuth2 Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "GitHub Team OAuth2",
+ "category_slug": "github-team",
+ "placeholder": {
+ "My Team": {
+ "organization": "Test Org",
+ "users": [
+ "/^[^@]+?@test\\.example\\.com$/"
+ ],
+ "remove": true
+ },
+ "Other Team": {
+ "organization": "Test Org 2",
+ "users": "/^[^@]+?@test2\\.example\\.com$/i",
+ "remove": false
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_URL": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Enterprise URL",
+ "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
+ "category": "GitHub Enterprise OAuth2",
+ "category_slug": "github-enterprise",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Enterprise API URL",
+ "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
+ "category": "GitHub Enterprise OAuth2",
+ "category_slug": "github-enterprise",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Enterprise OAuth2 Key",
+ "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise developer application.",
+ "category": "GitHub Enterprise OAuth2",
+ "category_slug": "github-enterprise",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Enterprise OAuth2 Secret",
+ "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application.",
+ "category": "GitHub OAuth2",
+ "category_slug": "github-enterprise",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "GitHub Enterprise OAuth2 Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "GitHub Enterprise OAuth2",
+ "category_slug": "github-enterprise",
+ "placeholder": {
+ "Default": {
+ "users": true
+ },
+ "Test Org": {
+ "admins": [
+ "admin@example.com"
+ ],
+ "auditors": [
+ "auditor@example.com"
+ ],
+ "users": true
+ },
+ "Test Org 2": {
+ "admins": [
+ "admin@example.com",
+ "/^tower-[^@]+*?@.*$/"
+ ],
+ "remove_admins": true,
+ "users": "/^[^@].*?@example\\.com$/i",
+ "remove_users": true
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "GitHub Enterprise OAuth2 Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "GitHub Enterprise OAuth2",
+ "category_slug": "github-enterprise",
+ "placeholder": {
+ "My Team": {
+ "organization": "Test Org",
+ "users": [
+ "/^[^@]+?@test\\.example\\.com$/"
+ ],
+ "remove": true
+ },
+ "Other Team": {
+ "organization": "Test Org 2",
+ "users": "/^[^@]+?@test2\\.example\\.com$/i",
+ "remove": false
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Enterprise Organization URL",
+ "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
+ "category": "GitHub Enterprise OAuth2",
+ "category_slug": "github-enterprise-org",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Enterprise Organization API URL",
+ "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
+ "category": "GitHub Enterprise OAuth2",
+ "category_slug": "github-enterprise-org",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Enterprise Organization OAuth2 Key",
+ "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise organization application.",
+ "category": "GitHub Enterprise Organization OAuth2",
+ "category_slug": "github-enterprise-org",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Enterprise Organization OAuth2 Secret",
+ "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.",
+ "category": "GitHub Enterprise Organization OAuth2",
+ "category_slug": "github-enterprise-org",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Enterprise Organization Name",
+ "help_text": "The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com//.",
+ "category": "GitHub Enterprise Organization OAuth2",
+ "category_slug": "github-enterprise-org",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "GitHub Enterprise Organization OAuth2 Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "GitHub Enterprise Organization OAuth2",
+ "category_slug": "github-enterprise-org",
+ "placeholder": {
+ "Default": {
+ "users": true
+ },
+ "Test Org": {
+ "admins": [
+ "admin@example.com"
+ ],
+ "auditors": [
+ "auditor@example.com"
+ ],
+ "users": true
+ },
+ "Test Org 2": {
+ "admins": [
+ "admin@example.com",
+ "/^tower-[^@]+*?@.*$/"
+ ],
+ "remove_admins": true,
+ "users": "/^[^@].*?@example\\.com$/i",
+ "remove_users": true
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "GitHub Enterprise Organization OAuth2 Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "GitHub Enterprise Organization OAuth2",
+ "category_slug": "github-enterprise-org",
+ "placeholder": {
+ "My Team": {
+ "organization": "Test Org",
+ "users": [
+ "/^[^@]+?@test\\.example\\.com$/"
+ ],
+ "remove": true
+ },
+ "Other Team": {
+ "organization": "Test Org 2",
+ "users": "/^[^@]+?@test2\\.example\\.com$/i",
+ "remove": false
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Enterprise Team URL",
+ "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
+ "category": "GitHub Enterprise OAuth2",
+ "category_slug": "github-enterprise-team",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Enterprise Team API URL",
+ "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
+ "category": "GitHub Enterprise OAuth2",
+ "category_slug": "github-enterprise-team",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Enterprise Team OAuth2 Key",
+ "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise organization application.",
+ "category": "GitHub Enterprise Team OAuth2",
+ "category_slug": "github-enterprise-team",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Enterprise Team OAuth2 Secret",
+ "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.",
+ "category": "GitHub Enterprise Team OAuth2",
+ "category_slug": "github-enterprise-team",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID": {
+ "type": "string",
+ "required": false,
+ "label": "GitHub Enterprise Team ID",
+ "help_text": "Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.",
+ "category": "GitHub Enterprise Team OAuth2",
+ "category_slug": "github-enterprise-team",
+ "default": ""
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "GitHub Enterprise Team OAuth2 Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "GitHub Enterprise Team OAuth2",
+ "category_slug": "github-enterprise-team",
+ "placeholder": {
+ "Default": {
+ "users": true
+ },
+ "Test Org": {
+ "admins": [
+ "admin@example.com"
+ ],
+ "auditors": [
+ "auditor@example.com"
+ ],
+ "users": true
+ },
+ "Test Org 2": {
+ "admins": [
+ "admin@example.com",
+ "/^tower-[^@]+*?@.*$/"
+ ],
+ "remove_admins": true,
+ "users": "/^[^@].*?@example\\.com$/i",
+ "remove_users": true
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "GitHub Enterprise Team OAuth2 Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "GitHub Enterprise Team OAuth2",
+ "category_slug": "github-enterprise-team",
+ "placeholder": {
+ "My Team": {
+ "organization": "Test Org",
+ "users": [
+ "/^[^@]+?@test\\.example\\.com$/"
+ ],
+ "remove": true
+ },
+ "Other Team": {
+ "organization": "Test Org 2",
+ "users": "/^[^@]+?@test2\\.example\\.com$/i",
+ "remove": false
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_AZUREAD_OAUTH2_KEY": {
+ "type": "string",
+ "required": false,
+ "label": "Azure AD OAuth2 Key",
+ "help_text": "The OAuth2 key (Client ID) from your Azure AD application.",
+ "category": "Azure AD OAuth2",
+ "category_slug": "azuread-oauth2",
+ "default": ""
+ },
+ "SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET": {
+ "type": "string",
+ "required": false,
+ "label": "Azure AD OAuth2 Secret",
+ "help_text": "The OAuth2 secret (Client Secret) from your Azure AD application.",
+ "category": "Azure AD OAuth2",
+ "category_slug": "azuread-oauth2",
+ "default": ""
+ },
+ "SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "Azure AD OAuth2 Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "Azure AD OAuth2",
+ "category_slug": "azuread-oauth2",
+ "placeholder": {
+ "Default": {
+ "users": true
+ },
+ "Test Org": {
+ "admins": [
+ "admin@example.com"
+ ],
+ "auditors": [
+ "auditor@example.com"
+ ],
+ "users": true
+ },
+ "Test Org 2": {
+ "admins": [
+ "admin@example.com",
+ "/^tower-[^@]+*?@.*$/"
+ ],
+ "remove_admins": true,
+ "users": "/^[^@].*?@example\\.com$/i",
+ "remove_users": true
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "Azure AD OAuth2 Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "Azure AD OAuth2",
+ "category_slug": "azuread-oauth2",
+ "placeholder": {
+ "My Team": {
+ "organization": "Test Org",
+ "users": [
+ "/^[^@]+?@test\\.example\\.com$/"
+ ],
+ "remove": true
+ },
+ "Other Team": {
+ "organization": "Test Org 2",
+ "users": "/^[^@]+?@test2\\.example\\.com$/i",
+ "remove": false
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_OIDC_KEY": {
+ "type": "string",
+ "required": false,
+ "label": "OIDC Key",
+ "help_text": "The OIDC key (Client ID) from your IDP.",
+ "category": "Generic OIDC",
+ "category_slug": "oidc",
+ "default": null
+ },
+ "SOCIAL_AUTH_OIDC_SECRET": {
+ "type": "string",
+ "required": false,
+ "label": "OIDC Secret",
+ "help_text": "The OIDC secret (Client Secret) from your IDP.",
+ "category": "Generic OIDC",
+ "category_slug": "oidc",
+ "default": ""
+ },
+ "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT": {
+ "type": "string",
+ "required": false,
+ "label": "OIDC Provider URL",
+ "help_text": "The URL for your OIDC provider including the path up to /.well-known/openid-configuration",
+ "category": "Generic OIDC",
+ "category_slug": "oidc",
+ "default": ""
+ },
+ "SOCIAL_AUTH_OIDC_VERIFY_SSL": {
+ "type": "boolean",
+ "required": false,
+ "label": "Verify OIDC Provider Certificate",
+ "help_text": "Verify the OIDC provider ssl certificate.",
+ "category": "Generic OIDC",
+ "category_slug": "oidc",
+ "default": true
+ },
+ "SAML_AUTO_CREATE_OBJECTS": {
+ "type": "boolean",
+ "required": false,
+ "label": "Automatically Create Organizations and Teams on SAML Login",
+ "help_text": "When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "default": true
+ },
+ "SOCIAL_AUTH_SAML_SP_ENTITY_ID": {
+ "type": "string",
+ "required": false,
+ "label": "SAML Service Provider Entity ID",
+ "help_text": "The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for the service.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "default": ""
+ },
+ "SOCIAL_AUTH_SAML_SP_PUBLIC_CERT": {
+ "type": "string",
+ "required": true,
+ "label": "SAML Service Provider Public Certificate",
+ "help_text": "Create a keypair to use as a service provider (SP) and include the certificate content here.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "default": ""
+ },
+ "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY": {
+ "type": "string",
+ "required": true,
+ "label": "SAML Service Provider Private Key",
+ "help_text": "Create a keypair to use as a service provider (SP) and include the private key content here.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "default": ""
+ },
+ "SOCIAL_AUTH_SAML_ORG_INFO": {
+ "type": "nested object",
+ "required": true,
+ "label": "SAML Service Provider Organization Info",
+ "help_text": "Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "placeholder": {
+ "en-US": {
+ "name": "example",
+ "displayname": "Example",
+ "url": "http://www.example.com"
+ }
+ },
+ "default": {},
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_SAML_TECHNICAL_CONTACT": {
+ "type": "nested object",
+ "required": true,
+ "label": "SAML Service Provider Technical Contact",
+ "help_text": "Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "placeholder": {
+ "givenName": "Technical Contact",
+ "emailAddress": "techsup@example.com"
+ },
+ "default": {},
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "SOCIAL_AUTH_SAML_SUPPORT_CONTACT": {
+ "type": "nested object",
+ "required": true,
+ "label": "SAML Service Provider Support Contact",
+ "help_text": "Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "placeholder": {
+ "givenName": "Support Contact",
+ "emailAddress": "support@example.com"
+ },
+ "default": {},
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "SOCIAL_AUTH_SAML_ENABLED_IDPS": {
+ "type": "nested object",
+ "required": false,
+ "label": "SAML Enabled Identity Providers",
+ "help_text": "Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "placeholder": {
+ "Okta": {
+ "entity_id": "http://www.okta.com/HHniyLkaxk9e76wD0Thh",
+ "url": "https://dev-123456.oktapreview.com/app/ansibletower/HHniyLkaxk9e76wD0Thh/sso/saml",
+ "x509cert": "MIIDpDCCAoygAwIBAgIGAVVZ4rPzMA0GCSqGSIb3...",
+ "attr_user_permanent_id": "username",
+ "attr_first_name": "first_name",
+ "attr_last_name": "last_name",
+ "attr_username": "username",
+ "attr_email": "email"
+ },
+ "OneLogin": {
+ "entity_id": "https://app.onelogin.com/saml/metadata/123456",
+ "url": "https://example.onelogin.com/trust/saml2/http-post/sso/123456",
+ "x509cert": "MIIEJjCCAw6gAwIBAgIUfuSD54OPSBhndDHh3gZo...",
+ "attr_user_permanent_id": "name_id",
+ "attr_first_name": "User.FirstName",
+ "attr_last_name": "User.LastName",
+ "attr_username": "User.email",
+ "attr_email": "User.email"
+ }
+ },
+ "default": {},
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_SAML_SECURITY_CONFIG": {
+ "type": "nested object",
+ "required": false,
+ "label": "SAML Security Config",
+ "help_text": "A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings",
+ "category": "SAML",
+ "category_slug": "saml",
+ "placeholder": {
+ "nameIdEncrypted": false,
+ "authnRequestsSigned": false,
+ "logoutRequestSigned": false,
+ "logoutResponseSigned": false,
+ "signMetadata": false,
+ "wantMessagesSigned": false,
+ "wantAssertionsSigned": false,
+ "wantAssertionsEncrypted": false,
+ "wantNameId": true,
+ "wantNameIdEncrypted": false,
+ "wantAttributeStatement": true,
+ "requestedAuthnContext": true,
+ "requestedAuthnContextComparison": "exact",
+ "metadataValidUntil": "2015-06-26T20:00:00Z",
+ "metadataCacheDuration": "PT518400S",
+ "signatureAlgorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
+ "digestAlgorithm": "http://www.w3.org/2000/09/xmldsig#sha1"
+ },
+ "default": {
+ "requestedAuthnContext": false
+ },
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "SOCIAL_AUTH_SAML_SP_EXTRA": {
+ "type": "nested object",
+ "required": false,
+ "label": "SAML Service Provider extra configuration data",
+ "help_text": "A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "placeholder": {},
+ "default": null,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "SOCIAL_AUTH_SAML_EXTRA_DATA": {
+ "type": "list",
+ "required": false,
+ "label": "SAML IDP to extra_data attribute mapping",
+ "help_text": "A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "placeholder": [
+ [
+ "attribute_name",
+ "extra_data_name_for_attribute"
+ ],
+ [
+ "department",
+ "department"
+ ],
+ [
+ "manager_full_name",
+ "manager_full_name"
+ ]
+ ],
+ "default": null,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "SOCIAL_AUTH_SAML_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "SAML Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "placeholder": {
+ "Default": {
+ "users": true
+ },
+ "Test Org": {
+ "admins": [
+ "admin@example.com"
+ ],
+ "auditors": [
+ "auditor@example.com"
+ ],
+ "users": true
+ },
+ "Test Org 2": {
+ "admins": [
+ "admin@example.com",
+ "/^tower-[^@]+*?@.*$/"
+ ],
+ "remove_admins": true,
+ "users": "/^[^@].*?@example\\.com$/i",
+ "remove_users": true
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_SAML_TEAM_MAP": {
+ "type": "nested object",
+ "required": false,
+ "label": "SAML Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "placeholder": {
+ "My Team": {
+ "organization": "Test Org",
+ "users": [
+ "/^[^@]+?@test\\.example\\.com$/"
+ ],
+ "remove": true
+ },
+ "Other Team": {
+ "organization": "Test Org 2",
+ "users": "/^[^@]+?@test2\\.example\\.com$/i",
+ "remove": false
+ }
+ },
+ "default": null,
+ "child": {
+ "type": "nested object",
+ "required": true,
+ "read_only": false,
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_SAML_ORGANIZATION_ATTR": {
+ "type": "nested object",
+ "required": false,
+ "label": "SAML Organization Attribute Mapping",
+ "help_text": "Used to translate user organization membership.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "placeholder": {
+ "saml_attr": "organization",
+ "saml_admin_attr": "organization_admin",
+ "saml_auditor_attr": "organization_auditor",
+ "remove": true,
+ "remove_admins": true,
+ "remove_auditors": true
+ },
+ "default": {},
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "SOCIAL_AUTH_SAML_TEAM_ATTR": {
+ "type": "nested object",
+ "required": false,
+ "label": "SAML Team Attribute Mapping",
+ "help_text": "Used to translate user team membership.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "placeholder": {
+ "saml_attr": "team",
+ "remove": true,
+ "team_org_map": [
+ {
+ "team": "Marketing",
+ "organization": "Red Hat"
+ },
+ {
+ "team": "Human Resources",
+ "organization": "Red Hat"
+ },
+ {
+ "team": "Engineering",
+ "organization": "Red Hat"
+ },
+ {
+ "team": "Engineering",
+ "organization": "Ansible"
+ },
+ {
+ "team": "Quality Engineering",
+ "organization": "Ansible"
+ },
+ {
+ "team": "Sales",
+ "organization": "Ansible"
+ }
+ ]
+ },
+ "default": {},
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR": {
+ "type": "nested object",
+ "required": false,
+ "label": "SAML User Flags Attribute Mapping",
+ "help_text": "Used to map super users and system auditors from SAML.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "placeholder": [
+ [
+ "is_superuser_attr",
+ "saml_attr"
+ ],
+ [
+ "is_superuser_value",
+ [
+ "value"
+ ]
+ ],
+ [
+ "is_superuser_role",
+ [
+ "saml_role"
+ ]
+ ],
+ [
+ "remove_superusers",
+ true
+ ],
+ [
+ "is_system_auditor_attr",
+ "saml_attr"
+ ],
+ [
+ "is_system_auditor_value",
+ [
+ "value"
+ ]
+ ],
+ [
+ "is_system_auditor_role",
+ [
+ "saml_role"
+ ]
+ ],
+ [
+ "remove_system_auditors",
+ true
+ ]
+ ],
+ "default": {},
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ },
+ "LOCAL_PASSWORD_MIN_LENGTH": {
+ "type": "integer",
+ "required": false,
+ "label": "Minimum number of characters in local password",
+ "help_text": "Minimum number of characters required in a local password. 0 means no minimum",
+ "min_value": 0,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "default": 0
+ },
+ "LOCAL_PASSWORD_MIN_DIGITS": {
+ "type": "integer",
+ "required": false,
+ "label": "Minimum number of digit characters in local password",
+ "help_text": "Minimum number of digit characters required in a local password. 0 means no minimum",
+ "min_value": 0,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "default": 0
+ },
+ "LOCAL_PASSWORD_MIN_UPPER": {
+ "type": "integer",
+ "required": false,
+ "label": "Minimum number of uppercase characters in local password",
+ "help_text": "Minimum number of uppercase characters required in a local password. 0 means no minimum",
+ "min_value": 0,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "default": 0
+ },
+ "LOCAL_PASSWORD_MIN_SPECIAL": {
+ "type": "integer",
+ "required": false,
+ "label": "Minimum number of special characters in local password",
+ "help_text": "Minimum number of special characters required in a local password. 0 means no minimum",
+ "min_value": 0,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "default": 0
}
- },
- "default": null,
- "child": {
- "type": "nested object",
- "required": true,
- "read_only": false,
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
+ },
+ "GET": {
+ "ACTIVITY_STREAM_ENABLED": {
+ "type": "boolean",
+ "label": "Enable Activity Stream",
+ "help_text": "Enable capturing activity for the activity stream.",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC": {
+ "type": "boolean",
+ "label": "Enable Activity Stream for Inventory Sync",
+ "help_text": "Enable capturing activity for the activity stream when running inventory sync.",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "ORG_ADMINS_CAN_SEE_ALL_USERS": {
+ "type": "boolean",
+ "label": "All Users Visible to Organization Admins",
+ "help_text": "Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "MANAGE_ORGANIZATION_AUTH": {
+ "type": "boolean",
+ "label": "Organization Admins Can Manage Users and Teams",
+ "help_text": "Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration.",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "TOWER_URL_BASE": {
+ "type": "string",
+ "label": "Base URL of the service",
+ "help_text": "This setting is used by services like notifications to render a valid url to the service.",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "REMOTE_HOST_HEADERS": {
+ "type": "list",
+ "label": "Remote Host Headers",
+ "help_text": "HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as \"HTTP_X_FORWARDED_FOR\", if behind a reverse proxy. See the \"Proxy Support\" section of the AAP Installation guide for more details.",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
+ }
+ },
+ "PROXY_IP_ALLOWED_LIST": {
+ "type": "list",
+ "label": "Proxy IP Allowed List",
+ "help_text": "If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
+ }
+ },
+ "LICENSE": {
+ "type": "nested object",
+ "label": "License",
+ "help_text": "The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "REDHAT_USERNAME": {
+ "type": "string",
+ "label": "Red Hat customer username",
+ "help_text": "This username is used to send data to Automation Analytics",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "REDHAT_PASSWORD": {
+ "type": "string",
+ "label": "Red Hat customer password",
+ "help_text": "This password is used to send data to Automation Analytics",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "SUBSCRIPTIONS_USERNAME": {
+ "type": "string",
+ "label": "Red Hat or Satellite username",
+ "help_text": "This username is used to retrieve subscription and content information",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "SUBSCRIPTIONS_PASSWORD": {
+ "type": "string",
+ "label": "Red Hat or Satellite password",
+ "help_text": "This password is used to retrieve subscription and content information",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "AUTOMATION_ANALYTICS_URL": {
+ "type": "string",
+ "label": "Automation Analytics upload URL",
+ "help_text": "This setting is used to to configure the upload URL for data collection for Automation Analytics.",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "INSTALL_UUID": {
+ "type": "string",
+ "label": "Unique identifier for an installation",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "DEFAULT_CONTROL_PLANE_QUEUE_NAME": {
+ "type": "string",
+ "label": "The instance group where control plane tasks run",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "DEFAULT_EXECUTION_QUEUE_NAME": {
+ "type": "string",
+ "label": "The instance group where user jobs run (currently only on non-VM installs)",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "DEFAULT_EXECUTION_ENVIRONMENT": {
+ "type": "field",
+ "label": "Global default execution environment",
+ "help_text": "The Execution Environment to be used when one has not been configured for a job template.",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "CUSTOM_VENV_PATHS": {
+ "type": "list",
+ "label": "Custom virtual environment paths",
+ "help_text": "Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
+ }
+ },
+ "AD_HOC_COMMANDS": {
+ "type": "list",
+ "label": "Ansible Modules Allowed for Ad Hoc Jobs",
+ "help_text": "List of modules allowed to be used by ad-hoc jobs.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
+ }
+ },
+ "ALLOW_JINJA_IN_EXTRA_VARS": {
+ "type": "choice",
+ "label": "When can extra variables contain Jinja templates?",
+ "help_text": "Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python. It is recommended that this value be set to \"template\" or \"never\".",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false,
+ "choices": [
+ [
+ "always",
+ "Always"
+ ],
+ [
+ "never",
+ "Never"
+ ],
+ [
+ "template",
+ "Only On Job Template Definitions"
+ ]
+ ]
+ },
+ "AWX_ISOLATION_BASE_PATH": {
+ "type": "string",
+ "label": "Job execution path",
+ "help_text": "The directory in which the service will create new temporary directories for job execution and isolation (such as credential files).",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false
+ },
+ "AWX_ISOLATION_SHOW_PATHS": {
+ "type": "list",
+ "label": "Paths to expose to isolated jobs",
+ "help_text": "List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]]. ",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
+ }
+ },
+ "AWX_TASK_ENV": {
+ "type": "nested object",
+ "label": "Extra Environment Variables",
+ "help_text": "Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
+ }
+ },
+ "AWX_RUNNER_KEEPALIVE_SECONDS": {
+ "type": "integer",
+ "label": "K8S Ansible Runner Keep-Alive Message Interval",
+ "help_text": "Only applies to jobs running in a Container Group. If not 0, send a message every so-many seconds to keep connection open.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false
+ },
+ "GALAXY_TASK_ENV": {
+ "type": "nested object",
+ "label": "Environment Variables for Galaxy Commands",
+ "help_text": "Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
+ }
+ },
+ "INSIGHTS_TRACKING_STATE": {
+ "type": "boolean",
+ "label": "Gather data for Automation Analytics",
+ "help_text": "Enables the service to gather data on automation and send it to Automation Analytics.",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "PROJECT_UPDATE_VVV": {
+ "type": "boolean",
+ "label": "Run Project Updates With Higher Verbosity",
+ "help_text": "Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false
+ },
+ "AWX_ROLES_ENABLED": {
+ "type": "boolean",
+ "label": "Enable Role Download",
+ "help_text": "Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false
+ },
+ "AWX_COLLECTIONS_ENABLED": {
+ "type": "boolean",
+ "label": "Enable Collection(s) Download",
+ "help_text": "Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false
+ },
+ "AWX_SHOW_PLAYBOOK_LINKS": {
+ "type": "boolean",
+ "label": "Follow symlinks",
+ "help_text": "Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false
+ },
+ "AWX_MOUNT_ISOLATED_PATHS_ON_K8S": {
+ "type": "boolean",
+ "label": "Expose host paths for Container Groups",
+ "help_text": "Expose paths via hostPath for the Pods created by a Container Group. HostPath volumes present many security risks, and it is a best practice to avoid the use of HostPaths when possible. ",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false
+ },
+ "GALAXY_IGNORE_CERTS": {
+ "type": "boolean",
+ "label": "Ignore Ansible Galaxy SSL Certificate Verification",
+ "help_text": "If set to true, certificate validation will not be done when installing content from any Galaxy server.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false
+ },
+ "STDOUT_MAX_BYTES_DISPLAY": {
+ "type": "integer",
+ "label": "Standard Output Maximum Display Size",
+ "help_text": "Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.",
+ "min_value": 0,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false
+ },
+ "EVENT_STDOUT_MAX_BYTES_DISPLAY": {
+ "type": "integer",
+ "label": "Job Event Standard Output Maximum Display Size",
+ "help_text": "Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. `stdout` will end with `…` when truncated.",
+ "min_value": 0,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false
+ },
+ "MAX_WEBSOCKET_EVENT_RATE": {
+ "type": "integer",
+ "label": "Job Event Maximum Websocket Messages Per Second",
+ "help_text": "Maximum number of messages to update the UI live job output with per second. Value of 0 means no limit.",
+ "min_value": 0,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false
+ },
+ "SCHEDULE_MAX_JOBS": {
+ "type": "integer",
+ "label": "Maximum Scheduled Jobs",
+ "help_text": "Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.",
+ "min_value": 1,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false
+ },
+ "AWX_ANSIBLE_CALLBACK_PLUGINS": {
+ "type": "list",
+ "label": "Ansible Callback Plugins",
+ "help_text": "List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
+ }
+ },
+ "DEFAULT_JOB_TIMEOUT": {
+ "type": "integer",
+ "label": "Default Job Timeout",
+ "help_text": "Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this.",
+ "min_value": 0,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false,
+ "unit": "seconds"
+ },
+ "DEFAULT_JOB_IDLE_TIMEOUT": {
+ "type": "integer",
+ "label": "Default Job Idle Timeout",
+ "help_text": "If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to indicate that no idle timeout should be imposed.",
+ "min_value": 0,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false,
+ "unit": "seconds"
+ },
+ "DEFAULT_INVENTORY_UPDATE_TIMEOUT": {
+ "type": "integer",
+ "label": "Default Inventory Update Timeout",
+ "help_text": "Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this.",
+ "min_value": 0,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false,
+ "unit": "seconds"
+ },
+ "DEFAULT_PROJECT_UPDATE_TIMEOUT": {
+ "type": "integer",
+ "label": "Default Project Update Timeout",
+ "help_text": "Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this.",
+ "min_value": 0,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false,
+ "unit": "seconds"
+ },
+ "ANSIBLE_FACT_CACHE_TIMEOUT": {
+ "type": "integer",
+ "label": "Per-Host Ansible Fact Cache Timeout",
+ "help_text": "Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed.",
+ "min_value": 0,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false,
+ "unit": "seconds"
+ },
+ "MAX_FORKS": {
+ "type": "integer",
+ "label": "Maximum number of forks per job",
+ "help_text": "Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false
+ },
+ "LOG_AGGREGATOR_HOST": {
+ "type": "string",
+ "label": "Logging Aggregator",
+ "help_text": "Hostname/IP where external logs will be sent to.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "defined_in_file": false
+ },
+ "LOG_AGGREGATOR_PORT": {
+ "type": "integer",
+ "label": "Logging Aggregator Port",
+ "help_text": "Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).",
+ "category": "Logging",
+ "category_slug": "logging",
+ "defined_in_file": false
+ },
+ "LOG_AGGREGATOR_TYPE": {
+ "type": "choice",
+ "label": "Logging Aggregator Type",
+ "help_text": "Format messages for the chosen log aggregator.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "defined_in_file": false,
+ "choices": [
+ [
+ null,
+ "---------"
+ ],
+ [
+ "logstash",
+ "logstash"
+ ],
+ [
+ "splunk",
+ "splunk"
+ ],
+ [
+ "loggly",
+ "loggly"
+ ],
+ [
+ "sumologic",
+ "sumologic"
+ ],
+ [
+ "other",
+ "other"
+ ]
+ ]
+ },
+ "LOG_AGGREGATOR_USERNAME": {
+ "type": "string",
+ "label": "Logging Aggregator Username",
+ "help_text": "Username for external log aggregator (if required; HTTP/s only).",
+ "category": "Logging",
+ "category_slug": "logging",
+ "defined_in_file": false
+ },
+ "LOG_AGGREGATOR_PASSWORD": {
+ "type": "string",
+ "label": "Logging Aggregator Password/Token",
+ "help_text": "Password or authentication token for external log aggregator (if required; HTTP/s only).",
+ "category": "Logging",
+ "category_slug": "logging",
+ "defined_in_file": false
+ },
+ "LOG_AGGREGATOR_LOGGERS": {
+ "type": "list",
+ "label": "Loggers Sending Data to Log Aggregator Form",
+ "help_text": "List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs\nbroadcast_websocket - errors pertaining to websockets broadcast metrics\n",
+ "category": "Logging",
+ "category_slug": "logging",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
+ }
+ },
+ "LOG_AGGREGATOR_INDIVIDUAL_FACTS": {
+ "type": "boolean",
+ "label": "Log System Tracking Facts Individually",
+ "help_text": "If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "defined_in_file": false
+ },
+ "LOG_AGGREGATOR_ENABLED": {
+ "type": "boolean",
+ "label": "Enable External Logging",
+ "help_text": "Enable sending logs to external log aggregator.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "defined_in_file": false
+ },
+ "LOG_AGGREGATOR_TOWER_UUID": {
+ "type": "string",
+ "label": "Cluster-wide unique identifier.",
+ "help_text": "Useful to uniquely identify instances.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "defined_in_file": false
+ },
+ "LOG_AGGREGATOR_PROTOCOL": {
+ "type": "choice",
+ "label": "Logging Aggregator Protocol",
+ "help_text": "Protocol used to communicate with log aggregator. HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "defined_in_file": false,
+ "choices": [
+ [
+ "https",
+ "HTTPS/HTTP"
+ ],
+ [
+ "tcp",
+ "TCP"
+ ],
+ [
+ "udp",
+ "UDP"
+ ]
+ ]
+ },
+ "LOG_AGGREGATOR_TCP_TIMEOUT": {
+ "type": "integer",
+ "label": "TCP Connection Timeout",
+ "help_text": "Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "defined_in_file": false,
+ "unit": "seconds"
+ },
+ "LOG_AGGREGATOR_VERIFY_CERT": {
+ "type": "boolean",
+ "label": "Enable/disable HTTPS certificate verification",
+ "help_text": "Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is \"https\". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "defined_in_file": false
+ },
+ "LOG_AGGREGATOR_LEVEL": {
+ "type": "choice",
+ "label": "Logging Aggregator Level Threshold",
+ "help_text": "Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting)",
+ "category": "Logging",
+ "category_slug": "logging",
+ "defined_in_file": false,
+ "choices": [
+ [
+ "DEBUG",
+ "DEBUG"
+ ],
+ [
+ "INFO",
+ "INFO"
+ ],
+ [
+ "WARNING",
+ "WARNING"
+ ],
+ [
+ "ERROR",
+ "ERROR"
+ ],
+ [
+ "CRITICAL",
+ "CRITICAL"
+ ]
+ ]
+ },
+ "LOG_AGGREGATOR_MAX_DISK_USAGE_GB": {
+ "type": "integer",
+ "label": "Maximum disk persistence for external log aggregation (in GB)",
+ "help_text": "Amount of data to store (in gigabytes) during an outage of the external log aggregator (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting for main_queue. Notably, this is used for the rsyslogd main queue (for input messages).",
+ "min_value": 1,
+ "category": "Logging",
+ "category_slug": "logging",
+ "defined_in_file": false
+ },
+ "LOG_AGGREGATOR_ACTION_MAX_DISK_USAGE_GB": {
+ "type": "integer",
+ "label": "Maximum disk persistence for rsyslogd action queuing (in GB)",
+ "help_text": "Amount of data to store (in gigabytes) if an rsyslog action takes time to process an incoming message (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting on the action (e.g. omhttp). Like LOG_AGGREGATOR_MAX_DISK_USAGE_GB, it stores files in the directory specified by LOG_AGGREGATOR_MAX_DISK_USAGE_PATH.",
+ "min_value": 1,
+ "category": "Logging",
+ "category_slug": "logging",
+ "defined_in_file": false
+ },
+ "LOG_AGGREGATOR_MAX_DISK_USAGE_PATH": {
+ "type": "string",
+ "label": "File system location for rsyslogd disk persistence",
+ "help_text": "Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "defined_in_file": false
+ },
+ "LOG_AGGREGATOR_RSYSLOGD_DEBUG": {
+ "type": "boolean",
+ "label": "Enable rsyslogd debugging",
+ "help_text": "Enabled high verbosity debugging for rsyslogd. Useful for debugging connection issues for external log aggregation.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "defined_in_file": false
+ },
+ "API_400_ERROR_LOG_FORMAT": {
+ "type": "string",
+ "label": "Log Format For API 4XX Errors",
+ "help_text": "The format of logged messages when an API 4XX error occurs, the following variables will be substituted: \nstatus_code - The HTTP status code of the error\nuser_name - The user name attempting to use the API\nurl_path - The URL path to the API endpoint called\nremote_addr - The remote address seen for the user\nerror - The error set by the api endpoint\nVariables need to be in the format {}.",
+ "category": "Logging",
+ "category_slug": "logging",
+ "defined_in_file": false
+ },
+ "AUTOMATION_ANALYTICS_LAST_GATHER": {
+ "type": "datetime",
+ "label": "Last gather date for Automation Analytics.",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "AUTOMATION_ANALYTICS_LAST_ENTRIES": {
+ "type": "string",
+ "label": "Last gathered entries from the data collection service of Automation Analytics",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "AUTOMATION_ANALYTICS_GATHER_INTERVAL": {
+ "type": "integer",
+ "label": "Automation Analytics Gather Interval",
+ "help_text": "Interval (in seconds) between data gathering.",
+ "min_value": 1800,
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false,
+ "unit": "seconds"
+ },
+ "IS_K8S": {
+ "type": "boolean",
+ "label": "Is k8s",
+ "help_text": "Indicates whether the instance is part of a kubernetes-based deployment.",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "BULK_JOB_MAX_LAUNCH": {
+ "type": "integer",
+ "label": "Max jobs to allow bulk jobs to launch",
+ "help_text": "Max jobs to allow bulk jobs to launch",
+ "category": "Bulk Actions",
+ "category_slug": "bulk",
+ "defined_in_file": false
+ },
+ "BULK_HOST_MAX_CREATE": {
+ "type": "integer",
+ "label": "Max number of hosts to allow to be created in a single bulk action",
+ "help_text": "Max number of hosts to allow to be created in a single bulk action",
+ "category": "Bulk Actions",
+ "category_slug": "bulk",
+ "defined_in_file": false
+ },
+ "UI_NEXT": {
+ "type": "boolean",
+ "label": "Enable Preview of New User Interface",
+ "help_text": "Enable preview of new user interface.",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "SUBSCRIPTION_USAGE_MODEL": {
+ "type": "choice",
+ "label": "Defines subscription usage model and shows Host Metrics",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false,
+ "choices": [
+ [
+ "",
+ "Default model for AWX - no subscription. Deletion of host_metrics will not be considered for purposes of managed host counting"
+ ],
+ [
+ "unique_managed_hosts",
+ "Usage based on unique managed nodes in a large historical time frame and delete functionality for no longer used managed nodes"
+ ]
+ ]
+ },
+ "CLEANUP_HOST_METRICS_LAST_TS": {
+ "type": "datetime",
+ "label": "Last cleanup date for HostMetrics",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "AWX_CLEANUP_PATHS": {
+ "type": "boolean",
+ "label": "Enable or Disable tmp dir cleanup",
+ "help_text": "Enable or Disable TMP Dir cleanup",
+ "category": "Debug",
+ "category_slug": "debug",
+ "defined_in_file": false
+ },
+ "AWX_REQUEST_PROFILE": {
+ "type": "boolean",
+ "label": "Debug Web Requests",
+ "help_text": "Debug web request python timing",
+ "category": "Debug",
+ "category_slug": "debug",
+ "defined_in_file": false
+ },
+ "DEFAULT_CONTAINER_RUN_OPTIONS": {
+ "type": "list",
+ "label": "Container Run Options",
+ "help_text": "List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug']",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
+ }
+ },
+ "RECEPTOR_RELEASE_WORK": {
+ "type": "boolean",
+ "label": "Release Receptor Work",
+ "help_text": "Release receptor work",
+ "category": "Debug",
+ "category_slug": "debug",
+ "defined_in_file": false
+ },
+ "SESSION_COOKIE_AGE": {
+ "type": "integer",
+ "label": "Idle Time Force Log Out",
+ "help_text": "Number of seconds that a user is inactive before they will need to login again.",
+ "min_value": 60,
+ "max_value": 30000000000,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false,
+ "unit": "seconds"
+ },
+ "SESSIONS_PER_USER": {
+ "type": "integer",
+ "label": "Maximum number of simultaneous logged in sessions",
+ "help_text": "Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.",
+ "min_value": -1,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false
+ },
+ "DISABLE_LOCAL_AUTH": {
+ "type": "boolean",
+ "label": "Disable the built-in authentication system",
+ "help_text": "Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false
+ },
+ "AUTH_BASIC_ENABLED": {
+ "type": "boolean",
+ "label": "Enable HTTP Basic Auth",
+ "help_text": "Enable HTTP Basic Auth for the API Browser.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false
+ },
+ "OAUTH2_PROVIDER": {
+ "type": "nested object",
+ "label": "OAuth 2 Timeout Settings",
+ "help_text": "Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false,
+ "unit": "seconds",
+ "child": {
+ "type": "integer",
+ "min_value": 1
+ }
+ },
+ "ALLOW_OAUTH2_FOR_EXTERNAL_USERS": {
+ "type": "boolean",
+ "label": "Allow External Users to Create OAuth2 Tokens",
+ "help_text": "For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false
+ },
+ "LOGIN_REDIRECT_OVERRIDE": {
+ "type": "string",
+ "label": "Login redirect override URL",
+ "help_text": "URL to which unauthorized users will be redirected to log in. If blank, users will be sent to the login page.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false
+ },
+ "ALLOW_METRICS_FOR_ANONYMOUS_USERS": {
+ "type": "boolean",
+ "label": "Allow anonymous users to poll metrics",
+ "help_text": "If true, anonymous users are allowed to poll metrics.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false
+ },
+ "PENDO_TRACKING_STATE": {
+ "type": "choice",
+ "label": "User Analytics Tracking State",
+ "help_text": "Enable or Disable User Analytics Tracking.",
+ "category": "UI",
+ "category_slug": "ui",
+ "defined_in_file": false,
+ "choices": [
+ [
+ "off",
+ "Off"
+ ],
+ [
+ "anonymous",
+ "Anonymous"
+ ],
+ [
+ "detailed",
+ "Detailed"
+ ]
+ ]
+ },
+ "CUSTOM_LOGIN_INFO": {
+ "type": "string",
+ "label": "Custom Login Info",
+ "help_text": "If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported.",
+ "category": "UI",
+ "category_slug": "ui",
+ "defined_in_file": false
+ },
+ "CUSTOM_LOGO": {
+ "type": "string",
+ "label": "Custom Logo",
+ "help_text": "To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported.",
+ "category": "UI",
+ "category_slug": "ui",
+ "defined_in_file": false
+ },
+ "MAX_UI_JOB_EVENTS": {
+ "type": "integer",
+ "label": "Max Job Events Retrieved by UI",
+ "help_text": "Maximum number of job events for the UI to retrieve within a single request.",
+ "min_value": 100,
+ "category": "UI",
+ "category_slug": "ui",
+ "defined_in_file": false
+ },
+ "UI_LIVE_UPDATES_ENABLED": {
+ "type": "boolean",
+ "label": "Enable Live Updates in the UI",
+ "help_text": "If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details.",
+ "category": "UI",
+ "category_slug": "ui",
+ "defined_in_file": false
+ },
+ "AUTHENTICATION_BACKENDS": {
+ "type": "list",
+ "label": "Authentication Backends",
+ "help_text": "List of authentication backends that are enabled based on license features and other authentication settings.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
+ }
+ },
+ "SOCIAL_AUTH_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "label": "Social Auth Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_TEAM_MAP": {
+ "type": "nested object",
+ "label": "Social Auth Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_USER_FIELDS": {
+ "type": "list",
+ "label": "Social Auth User Fields",
+ "help_text": "When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
+ }
+ },
+ "SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL": {
+ "type": "boolean",
+ "label": "Use Email address for usernames",
+ "help_text": "Enabling this setting will tell social auth to use the full Email as username instead of the full name",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_SERVER_URI": {
+ "type": "string",
+ "label": "LDAP Server URI",
+ "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_BIND_DN": {
+ "type": "string",
+ "label": "LDAP Bind DN",
+ "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_BIND_PASSWORD": {
+ "type": "string",
+ "label": "LDAP Bind Password",
+ "help_text": "Password used to bind LDAP user account.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_START_TLS": {
+ "type": "boolean",
+ "label": "LDAP Start TLS",
+ "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_CONNECTION_OPTIONS": {
+ "type": "nested object",
+ "label": "LDAP Connection Options",
+ "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_USER_SEARCH": {
+ "type": "list",
+ "label": "LDAP User Search",
+ "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_USER_DN_TEMPLATE": {
+ "type": "string",
+ "label": "LDAP User DN Template",
+ "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_USER_ATTR_MAP": {
+ "type": "nested object",
+ "label": "LDAP User Attribute Map",
+ "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
+ }
+ },
+ "AUTH_LDAP_GROUP_SEARCH": {
+ "type": "list",
+ "label": "LDAP Group Search",
+ "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_GROUP_TYPE": {
+ "type": "choice",
+ "label": "LDAP Group Type",
+ "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "choices": [
+ [
+ "PosixGroupType",
+ "PosixGroupType"
+ ],
+ [
+ "GroupOfNamesType",
+ "GroupOfNamesType"
+ ],
+ [
+ "GroupOfUniqueNamesType",
+ "GroupOfUniqueNamesType"
+ ],
+ [
+ "ActiveDirectoryGroupType",
+ "ActiveDirectoryGroupType"
+ ],
+ [
+ "OrganizationalRoleGroupType",
+ "OrganizationalRoleGroupType"
+ ],
+ [
+ "MemberDNGroupType",
+ "MemberDNGroupType"
+ ],
+ [
+ "NestedGroupOfNamesType",
+ "NestedGroupOfNamesType"
+ ],
+ [
+ "NestedGroupOfUniqueNamesType",
+ "NestedGroupOfUniqueNamesType"
+ ],
+ [
+ "NestedActiveDirectoryGroupType",
+ "NestedActiveDirectoryGroupType"
+ ],
+ [
+ "NestedOrganizationalRoleGroupType",
+ "NestedOrganizationalRoleGroupType"
+ ],
+ [
+ "NestedMemberDNGroupType",
+ "NestedMemberDNGroupType"
+ ],
+ [
+ "PosixUIDGroupType",
+ "PosixUIDGroupType"
+ ]
+ ]
+ },
+ "AUTH_LDAP_GROUP_TYPE_PARAMS": {
+ "type": "nested object",
+ "label": "LDAP Group Type Parameters",
+ "help_text": "Key value parameters to send the chosen group type init method.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_REQUIRE_GROUP": {
+ "type": "string",
+ "label": "LDAP Require Group",
+ "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_DENY_GROUP": {
+ "type": "string",
+ "label": "LDAP Deny Group",
+ "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_USER_FLAGS_BY_GROUP": {
+ "type": "nested object",
+ "label": "LDAP User Flags By Group",
+ "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "list",
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "label": "LDAP Organization Map",
+ "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_TEAM_MAP": {
+ "type": "nested object",
+ "label": "LDAP Team Map",
+ "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_1_SERVER_URI": {
+ "type": "string",
+ "label": "LDAP Server URI",
+ "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_1_BIND_DN": {
+ "type": "string",
+ "label": "LDAP Bind DN",
+ "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_1_BIND_PASSWORD": {
+ "type": "string",
+ "label": "LDAP Bind Password",
+ "help_text": "Password used to bind LDAP user account.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_1_START_TLS": {
+ "type": "boolean",
+ "label": "LDAP Start TLS",
+ "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_1_CONNECTION_OPTIONS": {
+ "type": "nested object",
+ "label": "LDAP Connection Options",
+ "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_1_USER_SEARCH": {
+ "type": "list",
+ "label": "LDAP User Search",
+ "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_1_USER_DN_TEMPLATE": {
+ "type": "string",
+ "label": "LDAP User DN Template",
+ "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_1_USER_ATTR_MAP": {
+ "type": "nested object",
+ "label": "LDAP User Attribute Map",
+ "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
+ }
+ },
+ "AUTH_LDAP_1_GROUP_SEARCH": {
+ "type": "list",
+ "label": "LDAP Group Search",
+ "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_1_GROUP_TYPE": {
+ "type": "choice",
+ "label": "LDAP Group Type",
+ "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "choices": [
+ [
+ "PosixGroupType",
+ "PosixGroupType"
+ ],
+ [
+ "GroupOfNamesType",
+ "GroupOfNamesType"
+ ],
+ [
+ "GroupOfUniqueNamesType",
+ "GroupOfUniqueNamesType"
+ ],
+ [
+ "ActiveDirectoryGroupType",
+ "ActiveDirectoryGroupType"
+ ],
+ [
+ "OrganizationalRoleGroupType",
+ "OrganizationalRoleGroupType"
+ ],
+ [
+ "MemberDNGroupType",
+ "MemberDNGroupType"
+ ],
+ [
+ "NestedGroupOfNamesType",
+ "NestedGroupOfNamesType"
+ ],
+ [
+ "NestedGroupOfUniqueNamesType",
+ "NestedGroupOfUniqueNamesType"
+ ],
+ [
+ "NestedActiveDirectoryGroupType",
+ "NestedActiveDirectoryGroupType"
+ ],
+ [
+ "NestedOrganizationalRoleGroupType",
+ "NestedOrganizationalRoleGroupType"
+ ],
+ [
+ "NestedMemberDNGroupType",
+ "NestedMemberDNGroupType"
+ ],
+ [
+ "PosixUIDGroupType",
+ "PosixUIDGroupType"
+ ]
+ ]
+ },
+ "AUTH_LDAP_1_GROUP_TYPE_PARAMS": {
+ "type": "nested object",
+ "label": "LDAP Group Type Parameters",
+ "help_text": "Key value parameters to send the chosen group type init method.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_1_REQUIRE_GROUP": {
+ "type": "string",
+ "label": "LDAP Require Group",
+ "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_1_DENY_GROUP": {
+ "type": "string",
+ "label": "LDAP Deny Group",
+ "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_1_USER_FLAGS_BY_GROUP": {
+ "type": "nested object",
+ "label": "LDAP User Flags By Group",
+ "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "list",
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_1_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "label": "LDAP Organization Map",
+ "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_1_TEAM_MAP": {
+ "type": "nested object",
+ "label": "LDAP Team Map",
+ "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_2_SERVER_URI": {
+ "type": "string",
+ "label": "LDAP Server URI",
+ "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_2_BIND_DN": {
+ "type": "string",
+ "label": "LDAP Bind DN",
+ "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_2_BIND_PASSWORD": {
+ "type": "string",
+ "label": "LDAP Bind Password",
+ "help_text": "Password used to bind LDAP user account.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_2_START_TLS": {
+ "type": "boolean",
+ "label": "LDAP Start TLS",
+ "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_2_CONNECTION_OPTIONS": {
+ "type": "nested object",
+ "label": "LDAP Connection Options",
+ "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_2_USER_SEARCH": {
+ "type": "list",
+ "label": "LDAP User Search",
+ "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_2_USER_DN_TEMPLATE": {
+ "type": "string",
+ "label": "LDAP User DN Template",
+ "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_2_USER_ATTR_MAP": {
+ "type": "nested object",
+ "label": "LDAP User Attribute Map",
+ "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
+ }
+ },
+ "AUTH_LDAP_2_GROUP_SEARCH": {
+ "type": "list",
+ "label": "LDAP Group Search",
+ "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_2_GROUP_TYPE": {
+ "type": "choice",
+ "label": "LDAP Group Type",
+ "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "choices": [
+ [
+ "PosixGroupType",
+ "PosixGroupType"
+ ],
+ [
+ "GroupOfNamesType",
+ "GroupOfNamesType"
+ ],
+ [
+ "GroupOfUniqueNamesType",
+ "GroupOfUniqueNamesType"
+ ],
+ [
+ "ActiveDirectoryGroupType",
+ "ActiveDirectoryGroupType"
+ ],
+ [
+ "OrganizationalRoleGroupType",
+ "OrganizationalRoleGroupType"
+ ],
+ [
+ "MemberDNGroupType",
+ "MemberDNGroupType"
+ ],
+ [
+ "NestedGroupOfNamesType",
+ "NestedGroupOfNamesType"
+ ],
+ [
+ "NestedGroupOfUniqueNamesType",
+ "NestedGroupOfUniqueNamesType"
+ ],
+ [
+ "NestedActiveDirectoryGroupType",
+ "NestedActiveDirectoryGroupType"
+ ],
+ [
+ "NestedOrganizationalRoleGroupType",
+ "NestedOrganizationalRoleGroupType"
+ ],
+ [
+ "NestedMemberDNGroupType",
+ "NestedMemberDNGroupType"
+ ],
+ [
+ "PosixUIDGroupType",
+ "PosixUIDGroupType"
+ ]
+ ]
+ },
+ "AUTH_LDAP_2_GROUP_TYPE_PARAMS": {
+ "type": "nested object",
+ "label": "LDAP Group Type Parameters",
+ "help_text": "Key value parameters to send the chosen group type init method.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_2_REQUIRE_GROUP": {
+ "type": "string",
+ "label": "LDAP Require Group",
+ "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_2_DENY_GROUP": {
+ "type": "string",
+ "label": "LDAP Deny Group",
+ "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_2_USER_FLAGS_BY_GROUP": {
+ "type": "nested object",
+ "label": "LDAP User Flags By Group",
+ "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "list",
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_2_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "label": "LDAP Organization Map",
+ "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_2_TEAM_MAP": {
+ "type": "nested object",
+ "label": "LDAP Team Map",
+ "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_3_SERVER_URI": {
+ "type": "string",
+ "label": "LDAP Server URI",
+ "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_3_BIND_DN": {
+ "type": "string",
+ "label": "LDAP Bind DN",
+ "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_3_BIND_PASSWORD": {
+ "type": "string",
+ "label": "LDAP Bind Password",
+ "help_text": "Password used to bind LDAP user account.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_3_START_TLS": {
+ "type": "boolean",
+ "label": "LDAP Start TLS",
+ "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_3_CONNECTION_OPTIONS": {
+ "type": "nested object",
+ "label": "LDAP Connection Options",
+ "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_3_USER_SEARCH": {
+ "type": "list",
+ "label": "LDAP User Search",
+ "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_3_USER_DN_TEMPLATE": {
+ "type": "string",
+ "label": "LDAP User DN Template",
+ "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_3_USER_ATTR_MAP": {
+ "type": "nested object",
+ "label": "LDAP User Attribute Map",
+ "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
+ }
+ },
+ "AUTH_LDAP_3_GROUP_SEARCH": {
+ "type": "list",
+ "label": "LDAP Group Search",
+ "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_3_GROUP_TYPE": {
+ "type": "choice",
+ "label": "LDAP Group Type",
+ "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "choices": [
+ [
+ "PosixGroupType",
+ "PosixGroupType"
+ ],
+ [
+ "GroupOfNamesType",
+ "GroupOfNamesType"
+ ],
+ [
+ "GroupOfUniqueNamesType",
+ "GroupOfUniqueNamesType"
+ ],
+ [
+ "ActiveDirectoryGroupType",
+ "ActiveDirectoryGroupType"
+ ],
+ [
+ "OrganizationalRoleGroupType",
+ "OrganizationalRoleGroupType"
+ ],
+ [
+ "MemberDNGroupType",
+ "MemberDNGroupType"
+ ],
+ [
+ "NestedGroupOfNamesType",
+ "NestedGroupOfNamesType"
+ ],
+ [
+ "NestedGroupOfUniqueNamesType",
+ "NestedGroupOfUniqueNamesType"
+ ],
+ [
+ "NestedActiveDirectoryGroupType",
+ "NestedActiveDirectoryGroupType"
+ ],
+ [
+ "NestedOrganizationalRoleGroupType",
+ "NestedOrganizationalRoleGroupType"
+ ],
+ [
+ "NestedMemberDNGroupType",
+ "NestedMemberDNGroupType"
+ ],
+ [
+ "PosixUIDGroupType",
+ "PosixUIDGroupType"
+ ]
+ ]
+ },
+ "AUTH_LDAP_3_GROUP_TYPE_PARAMS": {
+ "type": "nested object",
+ "label": "LDAP Group Type Parameters",
+ "help_text": "Key value parameters to send the chosen group type init method.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_3_REQUIRE_GROUP": {
+ "type": "string",
+ "label": "LDAP Require Group",
+ "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_3_DENY_GROUP": {
+ "type": "string",
+ "label": "LDAP Deny Group",
+ "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_3_USER_FLAGS_BY_GROUP": {
+ "type": "nested object",
+ "label": "LDAP User Flags By Group",
+ "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "list",
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_3_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "label": "LDAP Organization Map",
+ "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_3_TEAM_MAP": {
+ "type": "nested object",
+ "label": "LDAP Team Map",
+ "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_4_SERVER_URI": {
+ "type": "string",
+ "label": "LDAP Server URI",
+ "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_4_BIND_DN": {
+ "type": "string",
+ "label": "LDAP Bind DN",
+ "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_4_BIND_PASSWORD": {
+ "type": "string",
+ "label": "LDAP Bind Password",
+ "help_text": "Password used to bind LDAP user account.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_4_START_TLS": {
+ "type": "boolean",
+ "label": "LDAP Start TLS",
+ "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_4_CONNECTION_OPTIONS": {
+ "type": "nested object",
+ "label": "LDAP Connection Options",
+ "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_4_USER_SEARCH": {
+ "type": "list",
+ "label": "LDAP User Search",
+ "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_4_USER_DN_TEMPLATE": {
+ "type": "string",
+ "label": "LDAP User DN Template",
+ "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_4_USER_ATTR_MAP": {
+ "type": "nested object",
+ "label": "LDAP User Attribute Map",
+ "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
+ }
+ },
+ "AUTH_LDAP_4_GROUP_SEARCH": {
+ "type": "list",
+ "label": "LDAP Group Search",
+ "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_4_GROUP_TYPE": {
+ "type": "choice",
+ "label": "LDAP Group Type",
+ "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "choices": [
+ [
+ "PosixGroupType",
+ "PosixGroupType"
+ ],
+ [
+ "GroupOfNamesType",
+ "GroupOfNamesType"
+ ],
+ [
+ "GroupOfUniqueNamesType",
+ "GroupOfUniqueNamesType"
+ ],
+ [
+ "ActiveDirectoryGroupType",
+ "ActiveDirectoryGroupType"
+ ],
+ [
+ "OrganizationalRoleGroupType",
+ "OrganizationalRoleGroupType"
+ ],
+ [
+ "MemberDNGroupType",
+ "MemberDNGroupType"
+ ],
+ [
+ "NestedGroupOfNamesType",
+ "NestedGroupOfNamesType"
+ ],
+ [
+ "NestedGroupOfUniqueNamesType",
+ "NestedGroupOfUniqueNamesType"
+ ],
+ [
+ "NestedActiveDirectoryGroupType",
+ "NestedActiveDirectoryGroupType"
+ ],
+ [
+ "NestedOrganizationalRoleGroupType",
+ "NestedOrganizationalRoleGroupType"
+ ],
+ [
+ "NestedMemberDNGroupType",
+ "NestedMemberDNGroupType"
+ ],
+ [
+ "PosixUIDGroupType",
+ "PosixUIDGroupType"
+ ]
+ ]
+ },
+ "AUTH_LDAP_4_GROUP_TYPE_PARAMS": {
+ "type": "nested object",
+ "label": "LDAP Group Type Parameters",
+ "help_text": "Key value parameters to send the chosen group type init method.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_4_REQUIRE_GROUP": {
+ "type": "string",
+ "label": "LDAP Require Group",
+ "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_4_DENY_GROUP": {
+ "type": "string",
+ "label": "LDAP Deny Group",
+ "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_4_USER_FLAGS_BY_GROUP": {
+ "type": "nested object",
+ "label": "LDAP User Flags By Group",
+ "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "list",
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_4_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "label": "LDAP Organization Map",
+ "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_4_TEAM_MAP": {
+ "type": "nested object",
+ "label": "LDAP Team Map",
+ "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_5_SERVER_URI": {
+ "type": "string",
+ "label": "LDAP Server URI",
+ "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_5_BIND_DN": {
+ "type": "string",
+ "label": "LDAP Bind DN",
+ "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_5_BIND_PASSWORD": {
+ "type": "string",
+ "label": "LDAP Bind Password",
+ "help_text": "Password used to bind LDAP user account.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_5_START_TLS": {
+ "type": "boolean",
+ "label": "LDAP Start TLS",
+ "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_5_CONNECTION_OPTIONS": {
+ "type": "nested object",
+ "label": "LDAP Connection Options",
+ "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_5_USER_SEARCH": {
+ "type": "list",
+ "label": "LDAP User Search",
+ "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_5_USER_DN_TEMPLATE": {
+ "type": "string",
+ "label": "LDAP User DN Template",
+ "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_5_USER_ATTR_MAP": {
+ "type": "nested object",
+ "label": "LDAP User Attribute Map",
+ "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
+ }
+ },
+ "AUTH_LDAP_5_GROUP_SEARCH": {
+ "type": "list",
+ "label": "LDAP Group Search",
+ "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_5_GROUP_TYPE": {
+ "type": "choice",
+ "label": "LDAP Group Type",
+ "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "choices": [
+ [
+ "PosixGroupType",
+ "PosixGroupType"
+ ],
+ [
+ "GroupOfNamesType",
+ "GroupOfNamesType"
+ ],
+ [
+ "GroupOfUniqueNamesType",
+ "GroupOfUniqueNamesType"
+ ],
+ [
+ "ActiveDirectoryGroupType",
+ "ActiveDirectoryGroupType"
+ ],
+ [
+ "OrganizationalRoleGroupType",
+ "OrganizationalRoleGroupType"
+ ],
+ [
+ "MemberDNGroupType",
+ "MemberDNGroupType"
+ ],
+ [
+ "NestedGroupOfNamesType",
+ "NestedGroupOfNamesType"
+ ],
+ [
+ "NestedGroupOfUniqueNamesType",
+ "NestedGroupOfUniqueNamesType"
+ ],
+ [
+ "NestedActiveDirectoryGroupType",
+ "NestedActiveDirectoryGroupType"
+ ],
+ [
+ "NestedOrganizationalRoleGroupType",
+ "NestedOrganizationalRoleGroupType"
+ ],
+ [
+ "NestedMemberDNGroupType",
+ "NestedMemberDNGroupType"
+ ],
+ [
+ "PosixUIDGroupType",
+ "PosixUIDGroupType"
+ ]
+ ]
+ },
+ "AUTH_LDAP_5_GROUP_TYPE_PARAMS": {
+ "type": "nested object",
+ "label": "LDAP Group Type Parameters",
+ "help_text": "Key value parameters to send the chosen group type init method.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "AUTH_LDAP_5_REQUIRE_GROUP": {
+ "type": "string",
+ "label": "LDAP Require Group",
+ "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_5_DENY_GROUP": {
+ "type": "string",
+ "label": "LDAP Deny Group",
+ "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false
+ },
+ "AUTH_LDAP_5_USER_FLAGS_BY_GROUP": {
+ "type": "nested object",
+ "label": "LDAP User Flags By Group",
+ "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "list",
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_5_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "label": "LDAP Organization Map",
+ "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "AUTH_LDAP_5_TEAM_MAP": {
+ "type": "nested object",
+ "label": "LDAP Team Map",
+ "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
+ "category": "LDAP",
+ "category_slug": "ldap",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "RADIUS_SERVER": {
+ "type": "string",
+ "label": "RADIUS Server",
+ "help_text": "Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty.",
+ "category": "RADIUS",
+ "category_slug": "radius",
+ "defined_in_file": false
+ },
+ "RADIUS_PORT": {
+ "type": "integer",
+ "label": "RADIUS Port",
+ "help_text": "Port of RADIUS server.",
+ "min_value": 1,
+ "max_value": 65535,
+ "category": "RADIUS",
+ "category_slug": "radius",
+ "defined_in_file": false
+ },
+ "RADIUS_SECRET": {
+ "type": "string",
+ "label": "RADIUS Secret",
+ "help_text": "Shared secret for authenticating to RADIUS server.",
+ "category": "RADIUS",
+ "category_slug": "radius",
+ "defined_in_file": false
+ },
+ "TACACSPLUS_HOST": {
+ "type": "string",
+ "label": "TACACS+ Server",
+ "help_text": "Hostname of TACACS+ server.",
+ "category": "TACACS+",
+ "category_slug": "tacacsplus",
+ "defined_in_file": false
+ },
+ "TACACSPLUS_PORT": {
+ "type": "integer",
+ "label": "TACACS+ Port",
+ "help_text": "Port number of TACACS+ server.",
+ "min_value": 1,
+ "max_value": 65535,
+ "category": "TACACS+",
+ "category_slug": "tacacsplus",
+ "defined_in_file": false
+ },
+ "TACACSPLUS_SECRET": {
+ "type": "string",
+ "label": "TACACS+ Secret",
+ "help_text": "Shared secret for authenticating to TACACS+ server.",
+ "category": "TACACS+",
+ "category_slug": "tacacsplus",
+ "defined_in_file": false
+ },
+ "TACACSPLUS_SESSION_TIMEOUT": {
+ "type": "integer",
+ "label": "TACACS+ Auth Session Timeout",
+ "help_text": "TACACS+ session timeout value in seconds, 0 disables timeout.",
+ "min_value": 0,
+ "category": "TACACS+",
+ "category_slug": "tacacsplus",
+ "defined_in_file": false,
+ "unit": "seconds"
+ },
+ "TACACSPLUS_AUTH_PROTOCOL": {
+ "type": "choice",
+ "label": "TACACS+ Authentication Protocol",
+ "help_text": "Choose the authentication protocol used by TACACS+ client.",
+ "category": "TACACS+",
+ "category_slug": "tacacsplus",
+ "defined_in_file": false,
+ "choices": [
+ [
+ "ascii",
+ "ascii"
+ ],
+ [
+ "pap",
+ "pap"
+ ]
+ ]
+ },
+ "TACACSPLUS_REM_ADDR": {
+ "type": "boolean",
+ "label": "TACACS+ client address sending enabled",
+ "help_text": "Enable the client address sending by TACACS+ client.",
+ "category": "TACACS+",
+ "category_slug": "tacacsplus",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_CALLBACK_URL": {
+ "type": "string",
+ "label": "Google OAuth2 Callback URL",
+ "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
+ "category": "Google OAuth2",
+ "category_slug": "google-oauth2",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_KEY": {
+ "type": "string",
+ "label": "Google OAuth2 Key",
+ "help_text": "The OAuth2 key from your web application.",
+ "category": "Google OAuth2",
+ "category_slug": "google-oauth2",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET": {
+ "type": "string",
+ "label": "Google OAuth2 Secret",
+ "help_text": "The OAuth2 secret from your web application.",
+ "category": "Google OAuth2",
+ "category_slug": "google-oauth2",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS": {
+ "type": "list",
+ "label": "Google OAuth2 Allowed Domains",
+ "help_text": "Update this setting to restrict the domains who are allowed to login using Google OAuth2.",
+ "category": "Google OAuth2",
+ "category_slug": "google-oauth2",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
+ }
+ },
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS": {
+ "type": "nested object",
+ "label": "Google OAuth2 Extra Arguments",
+ "help_text": "Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.",
+ "category": "Google OAuth2",
+ "category_slug": "google-oauth2",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "label": "Google OAuth2 Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "Google OAuth2",
+ "category_slug": "google-oauth2",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP": {
+ "type": "nested object",
+ "label": "Google OAuth2 Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "Google OAuth2",
+ "category_slug": "google-oauth2",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_CALLBACK_URL": {
+ "type": "string",
+ "label": "GitHub OAuth2 Callback URL",
+ "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
+ "category": "GitHub OAuth2",
+ "category_slug": "github",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_KEY": {
+ "type": "string",
+ "label": "GitHub OAuth2 Key",
+ "help_text": "The OAuth2 key (Client ID) from your GitHub developer application.",
+ "category": "GitHub OAuth2",
+ "category_slug": "github",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_SECRET": {
+ "type": "string",
+ "label": "GitHub OAuth2 Secret",
+ "help_text": "The OAuth2 secret (Client Secret) from your GitHub developer application.",
+ "category": "GitHub OAuth2",
+ "category_slug": "github",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "label": "GitHub OAuth2 Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "GitHub OAuth2",
+ "category_slug": "github",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_TEAM_MAP": {
+ "type": "nested object",
+ "label": "GitHub OAuth2 Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "GitHub OAuth2",
+ "category_slug": "github",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_ORG_CALLBACK_URL": {
+ "type": "string",
+ "label": "GitHub Organization OAuth2 Callback URL",
+ "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
+ "category": "GitHub Organization OAuth2",
+ "category_slug": "github-org",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ORG_KEY": {
+ "type": "string",
+ "label": "GitHub Organization OAuth2 Key",
+ "help_text": "The OAuth2 key (Client ID) from your GitHub organization application.",
+ "category": "GitHub Organization OAuth2",
+ "category_slug": "github-org",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ORG_SECRET": {
+ "type": "string",
+ "label": "GitHub Organization OAuth2 Secret",
+ "help_text": "The OAuth2 secret (Client Secret) from your GitHub organization application.",
+ "category": "GitHub Organization OAuth2",
+ "category_slug": "github-org",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ORG_NAME": {
+ "type": "string",
+ "label": "GitHub Organization Name",
+ "help_text": "The name of your GitHub organization, as used in your organization's URL: https://github.com//.",
+ "category": "GitHub Organization OAuth2",
+ "category_slug": "github-org",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "label": "GitHub Organization OAuth2 Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "GitHub Organization OAuth2",
+ "category_slug": "github-org",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP": {
+ "type": "nested object",
+ "label": "GitHub Organization OAuth2 Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "GitHub Organization OAuth2",
+ "category_slug": "github-org",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_TEAM_CALLBACK_URL": {
+ "type": "string",
+ "label": "GitHub Team OAuth2 Callback URL",
+ "help_text": "Create an organization-owned application at https://github.com/organizations//settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.",
+ "category": "GitHub Team OAuth2",
+ "category_slug": "github-team",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_TEAM_KEY": {
+ "type": "string",
+ "label": "GitHub Team OAuth2 Key",
+ "help_text": "The OAuth2 key (Client ID) from your GitHub organization application.",
+ "category": "GitHub Team OAuth2",
+ "category_slug": "github-team",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_TEAM_SECRET": {
+ "type": "string",
+ "label": "GitHub Team OAuth2 Secret",
+ "help_text": "The OAuth2 secret (Client Secret) from your GitHub organization application.",
+ "category": "GitHub Team OAuth2",
+ "category_slug": "github-team",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_TEAM_ID": {
+ "type": "string",
+ "label": "GitHub Team ID",
+ "help_text": "Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.",
+ "category": "GitHub Team OAuth2",
+ "category_slug": "github-team",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "label": "GitHub Team OAuth2 Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "GitHub Team OAuth2",
+ "category_slug": "github-team",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP": {
+ "type": "nested object",
+ "label": "GitHub Team OAuth2 Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "GitHub Team OAuth2",
+ "category_slug": "github-team",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_CALLBACK_URL": {
+ "type": "string",
+ "label": "GitHub Enterprise OAuth2 Callback URL",
+ "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
+ "category": "GitHub Enterprise OAuth2",
+ "category_slug": "github-enterprise",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_URL": {
+ "type": "string",
+ "label": "GitHub Enterprise URL",
+ "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
+ "category": "GitHub Enterprise OAuth2",
+ "category_slug": "github-enterprise",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL": {
+ "type": "string",
+ "label": "GitHub Enterprise API URL",
+ "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
+ "category": "GitHub Enterprise OAuth2",
+ "category_slug": "github-enterprise",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY": {
+ "type": "string",
+ "label": "GitHub Enterprise OAuth2 Key",
+ "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise developer application.",
+ "category": "GitHub Enterprise OAuth2",
+ "category_slug": "github-enterprise",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET": {
+ "type": "string",
+ "label": "GitHub Enterprise OAuth2 Secret",
+ "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application.",
+ "category": "GitHub OAuth2",
+ "category_slug": "github-enterprise",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "label": "GitHub Enterprise OAuth2 Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "GitHub Enterprise OAuth2",
+ "category_slug": "github-enterprise",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP": {
+ "type": "nested object",
+ "label": "GitHub Enterprise OAuth2 Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "GitHub Enterprise OAuth2",
+ "category_slug": "github-enterprise",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_CALLBACK_URL": {
+ "type": "string",
+ "label": "GitHub Enterprise Organization OAuth2 Callback URL",
+ "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
+ "category": "GitHub Enterprise Organization OAuth2",
+ "category_slug": "github-enterprise-org",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL": {
+ "type": "string",
+ "label": "GitHub Enterprise Organization URL",
+ "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
+ "category": "GitHub Enterprise OAuth2",
+ "category_slug": "github-enterprise-org",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL": {
+ "type": "string",
+ "label": "GitHub Enterprise Organization API URL",
+ "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
+ "category": "GitHub Enterprise OAuth2",
+ "category_slug": "github-enterprise-org",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY": {
+ "type": "string",
+ "label": "GitHub Enterprise Organization OAuth2 Key",
+ "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise organization application.",
+ "category": "GitHub Enterprise Organization OAuth2",
+ "category_slug": "github-enterprise-org",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET": {
+ "type": "string",
+ "label": "GitHub Enterprise Organization OAuth2 Secret",
+ "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.",
+ "category": "GitHub Enterprise Organization OAuth2",
+ "category_slug": "github-enterprise-org",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME": {
+ "type": "string",
+ "label": "GitHub Enterprise Organization Name",
+ "help_text": "The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com//.",
+ "category": "GitHub Enterprise Organization OAuth2",
+ "category_slug": "github-enterprise-org",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "label": "GitHub Enterprise Organization OAuth2 Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "GitHub Enterprise Organization OAuth2",
+ "category_slug": "github-enterprise-org",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP": {
+ "type": "nested object",
+ "label": "GitHub Enterprise Organization OAuth2 Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "GitHub Enterprise Organization OAuth2",
+ "category_slug": "github-enterprise-org",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_CALLBACK_URL": {
+ "type": "string",
+ "label": "GitHub Enterprise Team OAuth2 Callback URL",
+ "help_text": "Create an organization-owned application at https://github.com/organizations//settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.",
+ "category": "GitHub Enterprise Team OAuth2",
+ "category_slug": "github-enterprise-team",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL": {
+ "type": "string",
+ "label": "GitHub Enterprise Team URL",
+ "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
+ "category": "GitHub Enterprise OAuth2",
+ "category_slug": "github-enterprise-team",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL": {
+ "type": "string",
+ "label": "GitHub Enterprise Team API URL",
+ "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
+ "category": "GitHub Enterprise OAuth2",
+ "category_slug": "github-enterprise-team",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY": {
+ "type": "string",
+ "label": "GitHub Enterprise Team OAuth2 Key",
+ "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise organization application.",
+ "category": "GitHub Enterprise Team OAuth2",
+ "category_slug": "github-enterprise-team",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET": {
+ "type": "string",
+ "label": "GitHub Enterprise Team OAuth2 Secret",
+ "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.",
+ "category": "GitHub Enterprise Team OAuth2",
+ "category_slug": "github-enterprise-team",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID": {
+ "type": "string",
+ "label": "GitHub Enterprise Team ID",
+ "help_text": "Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.",
+ "category": "GitHub Enterprise Team OAuth2",
+ "category_slug": "github-enterprise-team",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "label": "GitHub Enterprise Team OAuth2 Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "GitHub Enterprise Team OAuth2",
+ "category_slug": "github-enterprise-team",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP": {
+ "type": "nested object",
+ "label": "GitHub Enterprise Team OAuth2 Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "GitHub Enterprise Team OAuth2",
+ "category_slug": "github-enterprise-team",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_AZUREAD_OAUTH2_CALLBACK_URL": {
+ "type": "string",
+ "label": "Azure AD OAuth2 Callback URL",
+ "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail. ",
+ "category": "Azure AD OAuth2",
+ "category_slug": "azuread-oauth2",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_AZUREAD_OAUTH2_KEY": {
+ "type": "string",
+ "label": "Azure AD OAuth2 Key",
+ "help_text": "The OAuth2 key (Client ID) from your Azure AD application.",
+ "category": "Azure AD OAuth2",
+ "category_slug": "azuread-oauth2",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET": {
+ "type": "string",
+ "label": "Azure AD OAuth2 Secret",
+ "help_text": "The OAuth2 secret (Client Secret) from your Azure AD application.",
+ "category": "Azure AD OAuth2",
+ "category_slug": "azuread-oauth2",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "label": "Azure AD OAuth2 Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "Azure AD OAuth2",
+ "category_slug": "azuread-oauth2",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP": {
+ "type": "nested object",
+ "label": "Azure AD OAuth2 Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "Azure AD OAuth2",
+ "category_slug": "azuread-oauth2",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_OIDC_KEY": {
+ "type": "string",
+ "label": "OIDC Key",
+ "help_text": "The OIDC key (Client ID) from your IDP.",
+ "category": "Generic OIDC",
+ "category_slug": "oidc",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_OIDC_SECRET": {
+ "type": "string",
+ "label": "OIDC Secret",
+ "help_text": "The OIDC secret (Client Secret) from your IDP.",
+ "category": "Generic OIDC",
+ "category_slug": "oidc",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT": {
+ "type": "string",
+ "label": "OIDC Provider URL",
+ "help_text": "The URL for your OIDC provider including the path up to /.well-known/openid-configuration",
+ "category": "Generic OIDC",
+ "category_slug": "oidc",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_OIDC_VERIFY_SSL": {
+ "type": "boolean",
+ "label": "Verify OIDC Provider Certificate",
+ "help_text": "Verify the OIDC provider ssl certificate.",
+ "category": "Generic OIDC",
+ "category_slug": "oidc",
+ "defined_in_file": false
+ },
+ "SAML_AUTO_CREATE_OBJECTS": {
+ "type": "boolean",
+ "label": "Automatically Create Organizations and Teams on SAML Login",
+ "help_text": "When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_SAML_CALLBACK_URL": {
+ "type": "string",
+ "label": "SAML Assertion Consumer Service (ACS) URL",
+ "help_text": "Register the service as a service provider (SP) with each identity provider (IdP) you have configured. Provide your SP Entity ID and this ACS URL for your application.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_SAML_METADATA_URL": {
+ "type": "string",
+ "label": "SAML Service Provider Metadata URL",
+ "help_text": "If your identity provider (IdP) allows uploading an XML metadata file, you can download one from this URL.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_SAML_SP_ENTITY_ID": {
+ "type": "string",
+ "label": "SAML Service Provider Entity ID",
+ "help_text": "The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for the service.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_SAML_SP_PUBLIC_CERT": {
+ "type": "string",
+ "label": "SAML Service Provider Public Certificate",
+ "help_text": "Create a keypair to use as a service provider (SP) and include the certificate content here.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY": {
+ "type": "string",
+ "label": "SAML Service Provider Private Key",
+ "help_text": "Create a keypair to use as a service provider (SP) and include the private key content here.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_SAML_ORG_INFO": {
+ "type": "nested object",
+ "label": "SAML Service Provider Organization Info",
+ "help_text": "Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_SAML_TECHNICAL_CONTACT": {
+ "type": "nested object",
+ "label": "SAML Service Provider Technical Contact",
+ "help_text": "Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "SOCIAL_AUTH_SAML_SUPPORT_CONTACT": {
+ "type": "nested object",
+ "label": "SAML Service Provider Support Contact",
+ "help_text": "Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "SOCIAL_AUTH_SAML_ENABLED_IDPS": {
+ "type": "nested object",
+ "label": "SAML Enabled Identity Providers",
+ "help_text": "Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_SAML_SECURITY_CONFIG": {
+ "type": "nested object",
+ "label": "SAML Security Config",
+ "help_text": "A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings",
+ "category": "SAML",
+ "category_slug": "saml",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "SOCIAL_AUTH_SAML_SP_EXTRA": {
+ "type": "nested object",
+ "label": "SAML Service Provider extra configuration data",
+ "help_text": "A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "SOCIAL_AUTH_SAML_EXTRA_DATA": {
+ "type": "list",
+ "label": "SAML IDP to extra_data attribute mapping",
+ "help_text": "A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "SOCIAL_AUTH_SAML_ORGANIZATION_MAP": {
+ "type": "nested object",
+ "label": "SAML Organization Map",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_SAML_TEAM_MAP": {
+ "type": "nested object",
+ "label": "SAML Team Map",
+ "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "defined_in_file": false,
+ "child": {
+ "type": "nested object",
+ "child": {
+ "type": "field",
+ "required": true,
+ "read_only": false
+ }
+ }
+ },
+ "SOCIAL_AUTH_SAML_ORGANIZATION_ATTR": {
+ "type": "nested object",
+ "label": "SAML Organization Attribute Mapping",
+ "help_text": "Used to translate user organization membership.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "SOCIAL_AUTH_SAML_TEAM_ATTR": {
+ "type": "nested object",
+ "label": "SAML Team Attribute Mapping",
+ "help_text": "Used to translate user team membership.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR": {
+ "type": "nested object",
+ "label": "SAML User Flags Attribute Mapping",
+ "help_text": "Used to map super users and system auditors from SAML.",
+ "category": "SAML",
+ "category_slug": "saml",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "LOCAL_PASSWORD_MIN_LENGTH": {
+ "type": "integer",
+ "label": "Minimum number of characters in local password",
+ "help_text": "Minimum number of characters required in a local password. 0 means no minimum",
+ "min_value": 0,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false
+ },
+ "LOCAL_PASSWORD_MIN_DIGITS": {
+ "type": "integer",
+ "label": "Minimum number of digit characters in local password",
+ "help_text": "Minimum number of digit characters required in a local password. 0 means no minimum",
+ "min_value": 0,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false
+ },
+ "LOCAL_PASSWORD_MIN_UPPER": {
+ "type": "integer",
+ "label": "Minimum number of uppercase characters in local password",
+ "help_text": "Minimum number of uppercase characters required in a local password. 0 means no minimum",
+ "min_value": 0,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false
+ },
+ "LOCAL_PASSWORD_MIN_SPECIAL": {
+ "type": "integer",
+ "label": "Minimum number of special characters in local password",
+ "help_text": "Minimum number of special characters required in a local password. 0 means no minimum",
+ "min_value": 0,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false
+ },
+ "NAMED_URL_FORMATS": {
+ "type": "nested object",
+ "label": "Formats of all available named urls",
+ "help_text": "Read-only list of key-value pairs that shows the standard format of all available named URLs.",
+ "category": "Named URL",
+ "category_slug": "named-url",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
+ },
+ "NAMED_URL_GRAPH_NODES": {
+ "type": "nested object",
+ "label": "List of all named url graph nodes.",
+ "help_text": "Read-only list of key-value pairs that exposes named URL graph topology. Use this list to programmatically generate named URLs for resources",
+ "category": "Named URL",
+ "category_slug": "named-url",
+ "defined_in_file": false,
+ "child": {
+ "type": "field"
+ }
}
- }
- },
- "SOCIAL_AUTH_SAML_ORGANIZATION_ATTR": {
- "type": "nested object",
- "required": false,
- "label": "SAML Organization Attribute Mapping",
- "help_text": "Used to translate user organization membership.",
- "category": "SAML",
- "category_slug": "saml",
- "placeholder": {
- "saml_attr": "organization",
- "saml_admin_attr": "organization_admin",
- "saml_auditor_attr": "organization_auditor",
- "remove": true,
- "remove_admins": true,
- "remove_auditors": true
- },
- "default": {},
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "SOCIAL_AUTH_SAML_TEAM_ATTR": {
- "type": "nested object",
- "required": false,
- "label": "SAML Team Attribute Mapping",
- "help_text": "Used to translate user team membership.",
- "category": "SAML",
- "category_slug": "saml",
- "placeholder": {
- "saml_attr": "team",
- "remove": true,
- "team_org_map": [
- {
- "team": "Marketing",
- "organization": "Red Hat"
- },
- {
- "team": "Human Resources",
- "organization": "Red Hat"
- },
- {
- "team": "Engineering",
- "organization": "Red Hat"
- },
- {
- "team": "Engineering",
- "organization": "Ansible"
- },
- {
- "team": "Quality Engineering",
- "organization": "Ansible"
- },
- {
- "team": "Sales",
- "organization": "Ansible"
- }
- ]
- },
- "default": {},
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR": {
- "type": "nested object",
- "required": false,
- "label": "SAML User Flags Attribute Mapping",
- "help_text": "Used to map super users and system auditors from SAML.",
- "category": "SAML",
- "category_slug": "saml",
- "placeholder": [
- ["is_superuser_attr", "saml_attr"],
- ["is_superuser_value", ["value"]],
- ["is_superuser_role", ["saml_role"]],
- ["remove_superusers", true],
- ["is_system_auditor_attr", "saml_attr"],
- ["is_system_auditor_value", ["value"]],
- ["is_system_auditor_role", ["saml_role"]],
- ["remove_system_auditors", true]
- ],
- "default": {},
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- },
- "LOCAL_PASSWORD_MIN_LENGTH": {
- "type": "integer",
- "required": false,
- "label": "Minimum number of characters in local password",
- "help_text": "Minimum number of characters required in a local password. 0 means no minimum",
- "min_value": 0,
- "category": "Authentication",
- "category_slug": "authentication",
- "default": 0
- },
- "LOCAL_PASSWORD_MIN_DIGITS": {
- "type": "integer",
- "required": false,
- "label": "Minimum number of digit characters in local password",
- "help_text": "Minimum number of digit characters required in a local password. 0 means no minimum",
- "min_value": 0,
- "category": "Authentication",
- "category_slug": "authentication",
- "default": 0
- },
- "LOCAL_PASSWORD_MIN_UPPER": {
- "type": "integer",
- "required": false,
- "label": "Minimum number of uppercase characters in local password",
- "help_text": "Minimum number of uppercase characters required in a local password. 0 means no minimum",
- "min_value": 0,
- "category": "Authentication",
- "category_slug": "authentication",
- "default": 0
- },
- "LOCAL_PASSWORD_MIN_SPECIAL": {
- "type": "integer",
- "required": false,
- "label": "Minimum number of special characters in local password",
- "help_text": "Minimum number of special characters required in a local password. 0 means no minimum",
- "min_value": 0,
- "category": "Authentication",
- "category_slug": "authentication",
- "default": 0
}
- },
- "GET": {
- "ACTIVITY_STREAM_ENABLED": {
- "type": "boolean",
- "label": "Enable Activity Stream",
- "help_text": "Enable capturing activity for the activity stream.",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false
- },
- "ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC": {
- "type": "boolean",
- "label": "Enable Activity Stream for Inventory Sync",
- "help_text": "Enable capturing activity for the activity stream when running inventory sync.",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false
- },
- "ORG_ADMINS_CAN_SEE_ALL_USERS": {
- "type": "boolean",
- "label": "All Users Visible to Organization Admins",
- "help_text": "Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false
- },
- "MANAGE_ORGANIZATION_AUTH": {
- "type": "boolean",
- "label": "Organization Admins Can Manage Users and Teams",
- "help_text": "Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration.",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false
- },
- "TOWER_URL_BASE": {
- "type": "string",
- "label": "Base URL of the service",
- "help_text": "This setting is used by services like notifications to render a valid url to the service.",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false
- },
- "REMOTE_HOST_HEADERS": {
- "type": "list",
- "label": "Remote Host Headers",
- "help_text": "HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as \"HTTP_X_FORWARDED_FOR\", if behind a reverse proxy. See the \"Proxy Support\" section of the AAP Installation guide for more details.",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false,
- "child": {
- "type": "string"
- }
- },
- "PROXY_IP_ALLOWED_LIST": {
- "type": "list",
- "label": "Proxy IP Allowed List",
- "help_text": "If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false,
- "child": {
- "type": "string"
- }
- },
- "LICENSE": {
- "type": "nested object",
- "label": "License",
- "help_text": "The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "REDHAT_USERNAME": {
- "type": "string",
- "label": "Red Hat customer username",
- "help_text": "This username is used to send data to Automation Analytics",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false
- },
- "REDHAT_PASSWORD": {
- "type": "string",
- "label": "Red Hat customer password",
- "help_text": "This password is used to send data to Automation Analytics",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false
- },
- "SUBSCRIPTIONS_USERNAME": {
- "type": "string",
- "label": "Red Hat or Satellite username",
- "help_text": "This username is used to retrieve subscription and content information",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false
- },
- "SUBSCRIPTIONS_PASSWORD": {
- "type": "string",
- "label": "Red Hat or Satellite password",
- "help_text": "This password is used to retrieve subscription and content information",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false
- },
- "AUTOMATION_ANALYTICS_URL": {
- "type": "string",
- "label": "Automation Analytics upload URL",
- "help_text": "This setting is used to to configure the upload URL for data collection for Automation Analytics.",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false
- },
- "INSTALL_UUID": {
- "type": "string",
- "label": "Unique identifier for an installation",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false
- },
- "DEFAULT_CONTROL_PLANE_QUEUE_NAME": {
- "type": "string",
- "label": "The instance group where control plane tasks run",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false
- },
- "DEFAULT_EXECUTION_QUEUE_NAME": {
- "type": "string",
- "label": "The instance group where user jobs run (currently only on non-VM installs)",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false
- },
- "DEFAULT_EXECUTION_ENVIRONMENT": {
- "type": "field",
- "label": "Global default execution environment",
- "help_text": "The Execution Environment to be used when one has not been configured for a job template.",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false
- },
- "CUSTOM_VENV_PATHS": {
- "type": "list",
- "label": "Custom virtual environment paths",
- "help_text": "Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false,
- "child": {
- "type": "string"
- }
- },
- "AD_HOC_COMMANDS": {
- "type": "list",
- "label": "Ansible Modules Allowed for Ad Hoc Jobs",
- "help_text": "List of modules allowed to be used by ad-hoc jobs.",
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false,
- "child": {
- "type": "string"
- }
- },
- "ALLOW_JINJA_IN_EXTRA_VARS": {
- "type": "choice",
- "label": "When can extra variables contain Jinja templates?",
- "help_text": "Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python. It is recommended that this value be set to \"template\" or \"never\".",
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false,
- "choices": [
- ["always", "Always"],
- ["never", "Never"],
- ["template", "Only On Job Template Definitions"]
- ]
- },
- "AWX_ISOLATION_BASE_PATH": {
- "type": "string",
- "label": "Job execution path",
- "help_text": "The directory in which the service will create new temporary directories for job execution and isolation (such as credential files).",
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false
- },
- "AWX_ISOLATION_SHOW_PATHS": {
- "type": "list",
- "label": "Paths to expose to isolated jobs",
- "help_text": "List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]]. ",
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false,
- "child": {
- "type": "string"
- }
- },
- "AWX_TASK_ENV": {
- "type": "nested object",
- "label": "Extra Environment Variables",
- "help_text": "Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.",
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false,
- "child": {
- "type": "string"
- }
- },
- "AWX_RUNNER_KEEPALIVE_SECONDS": {
- "type": "integer",
- "label": "K8S Ansible Runner Keep-Alive Message Interval",
- "help_text": "Only applies to jobs running in a Container Group. If not 0, send a message every so-many seconds to keep connection open.",
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false
- },
- "GALAXY_TASK_ENV": {
- "type": "nested object",
- "label": "Environment Variables for Galaxy Commands",
- "help_text": "Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.",
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false,
- "child": {
- "type": "string"
- }
- },
- "INSIGHTS_TRACKING_STATE": {
- "type": "boolean",
- "label": "Gather data for Automation Analytics",
- "help_text": "Enables the service to gather data on automation and send it to Automation Analytics.",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false
- },
- "PROJECT_UPDATE_VVV": {
- "type": "boolean",
- "label": "Run Project Updates With Higher Verbosity",
- "help_text": "Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates.",
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false
- },
- "AWX_ROLES_ENABLED": {
- "type": "boolean",
- "label": "Enable Role Download",
- "help_text": "Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects.",
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false
- },
- "AWX_COLLECTIONS_ENABLED": {
- "type": "boolean",
- "label": "Enable Collection(s) Download",
- "help_text": "Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects.",
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false
- },
- "AWX_SHOW_PLAYBOOK_LINKS": {
- "type": "boolean",
- "label": "Follow symlinks",
- "help_text": "Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself.",
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false
- },
- "AWX_MOUNT_ISOLATED_PATHS_ON_K8S": {
- "type": "boolean",
- "label": "Expose host paths for Container Groups",
- "help_text": "Expose paths via hostPath for the Pods created by a Container Group. HostPath volumes present many security risks, and it is a best practice to avoid the use of HostPaths when possible. ",
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false
- },
- "GALAXY_IGNORE_CERTS": {
- "type": "boolean",
- "label": "Ignore Ansible Galaxy SSL Certificate Verification",
- "help_text": "If set to true, certificate validation will not be done when installing content from any Galaxy server.",
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false
- },
- "STDOUT_MAX_BYTES_DISPLAY": {
- "type": "integer",
- "label": "Standard Output Maximum Display Size",
- "help_text": "Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.",
- "min_value": 0,
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false
- },
- "EVENT_STDOUT_MAX_BYTES_DISPLAY": {
- "type": "integer",
- "label": "Job Event Standard Output Maximum Display Size",
- "help_text": "Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. `stdout` will end with `…` when truncated.",
- "min_value": 0,
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false
- },
- "MAX_WEBSOCKET_EVENT_RATE": {
- "type": "integer",
- "label": "Job Event Maximum Websocket Messages Per Second",
- "help_text": "Maximum number of messages to update the UI live job output with per second. Value of 0 means no limit.",
- "min_value": 0,
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false
- },
- "SCHEDULE_MAX_JOBS": {
- "type": "integer",
- "label": "Maximum Scheduled Jobs",
- "help_text": "Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.",
- "min_value": 1,
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false
- },
- "AWX_ANSIBLE_CALLBACK_PLUGINS": {
- "type": "list",
- "label": "Ansible Callback Plugins",
- "help_text": "List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.",
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false,
- "child": {
- "type": "string"
- }
- },
- "DEFAULT_JOB_TIMEOUT": {
- "type": "integer",
- "label": "Default Job Timeout",
- "help_text": "Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this.",
- "min_value": 0,
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false,
- "unit": "seconds"
- },
- "DEFAULT_JOB_IDLE_TIMEOUT": {
- "type": "integer",
- "label": "Default Job Idle Timeout",
- "help_text": "If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to indicate that no idle timeout should be imposed.",
- "min_value": 0,
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false,
- "unit": "seconds"
- },
- "DEFAULT_INVENTORY_UPDATE_TIMEOUT": {
- "type": "integer",
- "label": "Default Inventory Update Timeout",
- "help_text": "Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this.",
- "min_value": 0,
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false,
- "unit": "seconds"
- },
- "DEFAULT_PROJECT_UPDATE_TIMEOUT": {
- "type": "integer",
- "label": "Default Project Update Timeout",
- "help_text": "Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this.",
- "min_value": 0,
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false,
- "unit": "seconds"
- },
- "ANSIBLE_FACT_CACHE_TIMEOUT": {
- "type": "integer",
- "label": "Per-Host Ansible Fact Cache Timeout",
- "help_text": "Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed.",
- "min_value": 0,
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false,
- "unit": "seconds"
- },
- "MAX_FORKS": {
- "type": "integer",
- "label": "Maximum number of forks per job",
- "help_text": "Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.",
- "category": "Jobs",
- "category_slug": "jobs",
- "defined_in_file": false
- },
- "LOG_AGGREGATOR_HOST": {
- "type": "string",
- "label": "Logging Aggregator",
- "help_text": "Hostname/IP where external logs will be sent to.",
- "category": "Logging",
- "category_slug": "logging",
- "defined_in_file": false
- },
- "LOG_AGGREGATOR_PORT": {
- "type": "integer",
- "label": "Logging Aggregator Port",
- "help_text": "Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).",
- "category": "Logging",
- "category_slug": "logging",
- "defined_in_file": false
- },
- "LOG_AGGREGATOR_TYPE": {
- "type": "choice",
- "label": "Logging Aggregator Type",
- "help_text": "Format messages for the chosen log aggregator.",
- "category": "Logging",
- "category_slug": "logging",
- "defined_in_file": false,
- "choices": [
- [null, "---------"],
- ["logstash", "logstash"],
- ["splunk", "splunk"],
- ["loggly", "loggly"],
- ["sumologic", "sumologic"],
- ["other", "other"]
- ]
- },
- "LOG_AGGREGATOR_USERNAME": {
- "type": "string",
- "label": "Logging Aggregator Username",
- "help_text": "Username for external log aggregator (if required; HTTP/s only).",
- "category": "Logging",
- "category_slug": "logging",
- "defined_in_file": false
- },
- "LOG_AGGREGATOR_PASSWORD": {
- "type": "string",
- "label": "Logging Aggregator Password/Token",
- "help_text": "Password or authentication token for external log aggregator (if required; HTTP/s only).",
- "category": "Logging",
- "category_slug": "logging",
- "defined_in_file": false
- },
- "LOG_AGGREGATOR_LOGGERS": {
- "type": "list",
- "label": "Loggers Sending Data to Log Aggregator Form",
- "help_text": "List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs\nbroadcast_websocket - errors pertaining to websockets broadcast metrics\n",
- "category": "Logging",
- "category_slug": "logging",
- "defined_in_file": false,
- "child": {
- "type": "string"
- }
- },
- "LOG_AGGREGATOR_INDIVIDUAL_FACTS": {
- "type": "boolean",
- "label": "Log System Tracking Facts Individually",
- "help_text": "If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing.",
- "category": "Logging",
- "category_slug": "logging",
- "defined_in_file": false
- },
- "LOG_AGGREGATOR_ENABLED": {
- "type": "boolean",
- "label": "Enable External Logging",
- "help_text": "Enable sending logs to external log aggregator.",
- "category": "Logging",
- "category_slug": "logging",
- "defined_in_file": false
- },
- "LOG_AGGREGATOR_TOWER_UUID": {
- "type": "string",
- "label": "Cluster-wide unique identifier.",
- "help_text": "Useful to uniquely identify instances.",
- "category": "Logging",
- "category_slug": "logging",
- "defined_in_file": false
- },
- "LOG_AGGREGATOR_PROTOCOL": {
- "type": "choice",
- "label": "Logging Aggregator Protocol",
- "help_text": "Protocol used to communicate with log aggregator. HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname.",
- "category": "Logging",
- "category_slug": "logging",
- "defined_in_file": false,
- "choices": [
- ["https", "HTTPS/HTTP"],
- ["tcp", "TCP"],
- ["udp", "UDP"]
- ]
- },
- "LOG_AGGREGATOR_TCP_TIMEOUT": {
- "type": "integer",
- "label": "TCP Connection Timeout",
- "help_text": "Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.",
- "category": "Logging",
- "category_slug": "logging",
- "defined_in_file": false,
- "unit": "seconds"
- },
- "LOG_AGGREGATOR_VERIFY_CERT": {
- "type": "boolean",
- "label": "Enable/disable HTTPS certificate verification",
- "help_text": "Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is \"https\". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection.",
- "category": "Logging",
- "category_slug": "logging",
- "defined_in_file": false
- },
- "LOG_AGGREGATOR_LEVEL": {
- "type": "choice",
- "label": "Logging Aggregator Level Threshold",
- "help_text": "Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting)",
- "category": "Logging",
- "category_slug": "logging",
- "defined_in_file": false,
- "choices": [
- ["DEBUG", "DEBUG"],
- ["INFO", "INFO"],
- ["WARNING", "WARNING"],
- ["ERROR", "ERROR"],
- ["CRITICAL", "CRITICAL"]
- ]
- },
- "LOG_AGGREGATOR_MAX_DISK_USAGE_GB": {
- "type": "integer",
- "label": "Maximum disk persistence for external log aggregation (in GB)",
- "help_text": "Amount of data to store (in gigabytes) during an outage of the external log aggregator (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting for main_queue. Notably, this is used for the rsyslogd main queue (for input messages).",
- "min_value": 1,
- "category": "Logging",
- "category_slug": "logging",
- "defined_in_file": false
- },
- "LOG_AGGREGATOR_ACTION_MAX_DISK_USAGE_GB": {
- "type": "integer",
- "required": false,
- "label": "Maximum disk persistence for rsyslogd action queuing (in GB)",
- "help_text": "Amount of data to store (in gigabytes) if an rsyslog action takes time to process an incoming message (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting on the action (e.g. omhttp). Like LOG_AGGREGATOR_MAX_DISK_USAGE_GB, it stores files in the directory specified by LOG_AGGREGATOR_MAX_DISK_USAGE_PATH.",
- "min_value": 1,
- "category": "Logging",
- "category_slug": "logging",
- "default": 1
- },
- "LOG_AGGREGATOR_MAX_DISK_USAGE_PATH": {
- "type": "string",
- "label": "File system location for rsyslogd disk persistence",
- "help_text": "Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting.",
- "category": "Logging",
- "category_slug": "logging",
- "defined_in_file": false
- },
- "LOG_AGGREGATOR_RSYSLOGD_DEBUG": {
- "type": "boolean",
- "label": "Enable rsyslogd debugging",
- "help_text": "Enabled high verbosity debugging for rsyslogd. Useful for debugging connection issues for external log aggregation.",
- "category": "Logging",
- "category_slug": "logging",
- "defined_in_file": false
- },
- "API_400_ERROR_LOG_FORMAT": {
- "type": "string",
- "label": "Log Format For API 4XX Errors",
- "help_text": "The format of logged messages when an API 4XX error occurs, the following variables will be substituted: \nstatus_code - The HTTP status code of the error\nuser_name - The user name attempting to use the API\nurl_path - The URL path to the API endpoint called\nremote_addr - The remote address seen for the user\nerror - The error set by the api endpoint\nVariables need to be in the format {}.",
- "category": "Logging",
- "category_slug": "logging",
- "defined_in_file": false
- },
- "AUTOMATION_ANALYTICS_LAST_GATHER": {
- "type": "datetime",
- "label": "Last gather date for Automation Analytics.",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false
- },
- "AUTOMATION_ANALYTICS_LAST_ENTRIES": {
- "type": "string",
- "label": "Last gathered entries from the data collection service of Automation Analytics",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false
- },
- "AUTOMATION_ANALYTICS_GATHER_INTERVAL": {
- "type": "integer",
- "label": "Automation Analytics Gather Interval",
- "help_text": "Interval (in seconds) between data gathering.",
- "min_value": 1800,
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false,
- "unit": "seconds"
- },
- "IS_K8S": {
- "type": "boolean",
- "label": "Is k8s",
- "help_text": "Indicates whether the instance is part of a kubernetes-based deployment.",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false
- },
- "BULK_JOB_MAX_LAUNCH": {
- "type": "integer",
- "label": "Max jobs to allow bulk jobs to launch",
- "help_text": "Max jobs to allow bulk jobs to launch",
- "category": "Bulk Actions",
- "category_slug": "bulk",
- "defined_in_file": false
- },
- "BULK_HOST_MAX_CREATE": {
- "type": "integer",
- "label": "Max number of hosts to allow to be created in a single bulk action",
- "help_text": "Max number of hosts to allow to be created in a single bulk action",
- "category": "Bulk Actions",
- "category_slug": "bulk",
- "defined_in_file": false
- },
- "UI_NEXT": {
- "type": "boolean",
- "label": "Enable Preview of New User Interface",
- "help_text": "Enable preview of new user interface.",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false
- },
- "SUBSCRIPTION_USAGE_MODEL": {
- "type": "choice",
- "label": "Defines subscription usage model and shows Host Metrics",
- "category": "System",
- "category_slug": "system",
- "defined_in_file": false,
- "choices": [
- [
- "",
- "Default model for AWX - no subscription. Deletion of host_metrics will not be considered for purposes of managed host counting"
- ],
- [
- "unique_managed_hosts",
- "Usage based on unique managed nodes in a large historical time frame and delete functionality for no longer used managed nodes"
- ]
- ]
- },
- "SESSION_COOKIE_AGE": {
- "type": "integer",
- "label": "Idle Time Force Log Out",
- "help_text": "Number of seconds that a user is inactive before they will need to login again.",
- "min_value": 60,
- "max_value": 30000000000,
- "category": "Authentication",
- "category_slug": "authentication",
- "defined_in_file": false,
- "unit": "seconds"
- },
- "SESSIONS_PER_USER": {
- "type": "integer",
- "label": "Maximum number of simultaneous logged in sessions",
- "help_text": "Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.",
- "min_value": -1,
- "category": "Authentication",
- "category_slug": "authentication",
- "defined_in_file": false
- },
- "DISABLE_LOCAL_AUTH": {
- "type": "boolean",
- "label": "Disable the built-in authentication system",
- "help_text": "Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration.",
- "category": "Authentication",
- "category_slug": "authentication",
- "defined_in_file": false
- },
- "AUTH_BASIC_ENABLED": {
- "type": "boolean",
- "label": "Enable HTTP Basic Auth",
- "help_text": "Enable HTTP Basic Auth for the API Browser.",
- "category": "Authentication",
- "category_slug": "authentication",
- "defined_in_file": false
- },
- "OAUTH2_PROVIDER": {
- "type": "nested object",
- "label": "OAuth 2 Timeout Settings",
- "help_text": "Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.",
- "category": "Authentication",
- "category_slug": "authentication",
- "defined_in_file": false,
- "unit": "seconds",
- "child": {
- "type": "integer",
- "min_value": 1
- }
- },
- "ALLOW_OAUTH2_FOR_EXTERNAL_USERS": {
- "type": "boolean",
- "label": "Allow External Users to Create OAuth2 Tokens",
- "help_text": "For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off.",
- "category": "Authentication",
- "category_slug": "authentication",
- "defined_in_file": false
- },
- "LOGIN_REDIRECT_OVERRIDE": {
- "type": "string",
- "label": "Login redirect override URL",
- "help_text": "URL to which unauthorized users will be redirected to log in. If blank, users will be sent to the login page.",
- "category": "Authentication",
- "category_slug": "authentication",
- "defined_in_file": false
- },
- "ALLOW_METRICS_FOR_ANONYMOUS_USERS": {
- "type": "boolean",
- "label": "Allow anonymous users to poll metrics",
- "help_text": "If true, anonymous users are allowed to poll metrics.",
- "category": "Authentication",
- "category_slug": "authentication",
- "defined_in_file": false
- },
- "PENDO_TRACKING_STATE": {
- "type": "choice",
- "label": "User Analytics Tracking State",
- "help_text": "Enable or Disable User Analytics Tracking.",
- "category": "UI",
- "category_slug": "ui",
- "defined_in_file": false,
- "choices": [
- ["off", "Off"],
- ["anonymous", "Anonymous"],
- ["detailed", "Detailed"]
- ]
- },
- "CUSTOM_LOGIN_INFO": {
- "type": "string",
- "label": "Custom Login Info",
- "help_text": "If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported.",
- "category": "UI",
- "category_slug": "ui",
- "defined_in_file": false
- },
- "CUSTOM_LOGO": {
- "type": "string",
- "label": "Custom Logo",
- "help_text": "To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported.",
- "category": "UI",
- "category_slug": "ui",
- "defined_in_file": false
- },
- "MAX_UI_JOB_EVENTS": {
- "type": "integer",
- "label": "Max Job Events Retrieved by UI",
- "help_text": "Maximum number of job events for the UI to retrieve within a single request.",
- "min_value": 100,
- "category": "UI",
- "category_slug": "ui",
- "defined_in_file": false
- },
- "UI_LIVE_UPDATES_ENABLED": {
- "type": "boolean",
- "label": "Enable Live Updates in the UI",
- "help_text": "If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details.",
- "category": "UI",
- "category_slug": "ui",
- "defined_in_file": false
- },
- "AUTHENTICATION_BACKENDS": {
- "type": "list",
- "label": "Authentication Backends",
- "help_text": "List of authentication backends that are enabled based on license features and other authentication settings.",
- "category": "Authentication",
- "category_slug": "authentication",
- "defined_in_file": false,
- "child": {
- "type": "string"
- }
- },
- "SOCIAL_AUTH_ORGANIZATION_MAP": {
- "type": "nested object",
- "label": "Social Auth Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "Authentication",
- "category_slug": "authentication",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_TEAM_MAP": {
- "type": "nested object",
- "label": "Social Auth Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "Authentication",
- "category_slug": "authentication",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_USER_FIELDS": {
- "type": "list",
- "label": "Social Auth User Fields",
- "help_text": "When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.",
- "category": "Authentication",
- "category_slug": "authentication",
- "defined_in_file": false,
- "child": {
- "type": "string"
- }
- },
- "SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL": {
- "type": "boolean",
- "label": "Use Email address for usernames",
- "help_text": "Enabling this setting will tell social auth to use the full Email as username instead of the full name",
- "category": "Authentication",
- "category_slug": "authentication",
- "defined_in_file": false
- },
- "AUTH_LDAP_SERVER_URI": {
- "type": "string",
- "label": "LDAP Server URI",
- "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_BIND_DN": {
- "type": "string",
- "label": "LDAP Bind DN",
- "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_BIND_PASSWORD": {
- "type": "string",
- "label": "LDAP Bind Password",
- "help_text": "Password used to bind LDAP user account.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_START_TLS": {
- "type": "boolean",
- "label": "LDAP Start TLS",
- "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_CONNECTION_OPTIONS": {
- "type": "nested object",
- "label": "LDAP Connection Options",
- "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_USER_SEARCH": {
- "type": "list",
- "label": "LDAP User Search",
- "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_USER_DN_TEMPLATE": {
- "type": "string",
- "label": "LDAP User DN Template",
- "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_USER_ATTR_MAP": {
- "type": "nested object",
- "label": "LDAP User Attribute Map",
- "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "string"
- }
- },
- "AUTH_LDAP_GROUP_SEARCH": {
- "type": "list",
- "label": "LDAP Group Search",
- "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_GROUP_TYPE": {
- "type": "choice",
- "label": "LDAP Group Type",
- "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "choices": [
- ["PosixGroupType", "PosixGroupType"],
- ["GroupOfNamesType", "GroupOfNamesType"],
- ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"],
- ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"],
- ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"],
- ["MemberDNGroupType", "MemberDNGroupType"],
- ["NestedGroupOfNamesType", "NestedGroupOfNamesType"],
- ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"],
- ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"],
- [
- "NestedOrganizationalRoleGroupType",
- "NestedOrganizationalRoleGroupType"
- ],
- ["NestedMemberDNGroupType", "NestedMemberDNGroupType"],
- ["PosixUIDGroupType", "PosixUIDGroupType"]
- ]
- },
- "AUTH_LDAP_GROUP_TYPE_PARAMS": {
- "type": "nested object",
- "label": "LDAP Group Type Parameters",
- "help_text": "Key value parameters to send the chosen group type init method.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_REQUIRE_GROUP": {
- "type": "string",
- "label": "LDAP Require Group",
- "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_DENY_GROUP": {
- "type": "string",
- "label": "LDAP Deny Group",
- "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_USER_FLAGS_BY_GROUP": {
- "type": "nested object",
- "label": "LDAP User Flags By Group",
- "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "list",
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_ORGANIZATION_MAP": {
- "type": "nested object",
- "label": "LDAP Organization Map",
- "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_TEAM_MAP": {
- "type": "nested object",
- "label": "LDAP Team Map",
- "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_1_SERVER_URI": {
- "type": "string",
- "label": "LDAP Server URI",
- "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_1_BIND_DN": {
- "type": "string",
- "label": "LDAP Bind DN",
- "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_1_BIND_PASSWORD": {
- "type": "string",
- "label": "LDAP Bind Password",
- "help_text": "Password used to bind LDAP user account.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_1_START_TLS": {
- "type": "boolean",
- "label": "LDAP Start TLS",
- "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_1_CONNECTION_OPTIONS": {
- "type": "nested object",
- "label": "LDAP Connection Options",
- "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_1_USER_SEARCH": {
- "type": "list",
- "label": "LDAP User Search",
- "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_1_USER_DN_TEMPLATE": {
- "type": "string",
- "label": "LDAP User DN Template",
- "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_1_USER_ATTR_MAP": {
- "type": "nested object",
- "label": "LDAP User Attribute Map",
- "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "string"
- }
- },
- "AUTH_LDAP_1_GROUP_SEARCH": {
- "type": "list",
- "label": "LDAP Group Search",
- "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_1_GROUP_TYPE": {
- "type": "choice",
- "label": "LDAP Group Type",
- "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "choices": [
- ["PosixGroupType", "PosixGroupType"],
- ["GroupOfNamesType", "GroupOfNamesType"],
- ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"],
- ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"],
- ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"],
- ["MemberDNGroupType", "MemberDNGroupType"],
- ["NestedGroupOfNamesType", "NestedGroupOfNamesType"],
- ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"],
- ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"],
- [
- "NestedOrganizationalRoleGroupType",
- "NestedOrganizationalRoleGroupType"
- ],
- ["NestedMemberDNGroupType", "NestedMemberDNGroupType"],
- ["PosixUIDGroupType", "PosixUIDGroupType"]
- ]
- },
- "AUTH_LDAP_1_GROUP_TYPE_PARAMS": {
- "type": "nested object",
- "label": "LDAP Group Type Parameters",
- "help_text": "Key value parameters to send the chosen group type init method.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_1_REQUIRE_GROUP": {
- "type": "string",
- "label": "LDAP Require Group",
- "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_1_DENY_GROUP": {
- "type": "string",
- "label": "LDAP Deny Group",
- "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_1_USER_FLAGS_BY_GROUP": {
- "type": "nested object",
- "label": "LDAP User Flags By Group",
- "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "list",
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_1_ORGANIZATION_MAP": {
- "type": "nested object",
- "label": "LDAP Organization Map",
- "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_1_TEAM_MAP": {
- "type": "nested object",
- "label": "LDAP Team Map",
- "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_2_SERVER_URI": {
- "type": "string",
- "label": "LDAP Server URI",
- "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_2_BIND_DN": {
- "type": "string",
- "label": "LDAP Bind DN",
- "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_2_BIND_PASSWORD": {
- "type": "string",
- "label": "LDAP Bind Password",
- "help_text": "Password used to bind LDAP user account.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_2_START_TLS": {
- "type": "boolean",
- "label": "LDAP Start TLS",
- "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_2_CONNECTION_OPTIONS": {
- "type": "nested object",
- "label": "LDAP Connection Options",
- "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_2_USER_SEARCH": {
- "type": "list",
- "label": "LDAP User Search",
- "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_2_USER_DN_TEMPLATE": {
- "type": "string",
- "label": "LDAP User DN Template",
- "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_2_USER_ATTR_MAP": {
- "type": "nested object",
- "label": "LDAP User Attribute Map",
- "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "string"
- }
- },
- "AUTH_LDAP_2_GROUP_SEARCH": {
- "type": "list",
- "label": "LDAP Group Search",
- "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_2_GROUP_TYPE": {
- "type": "choice",
- "label": "LDAP Group Type",
- "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "choices": [
- ["PosixGroupType", "PosixGroupType"],
- ["GroupOfNamesType", "GroupOfNamesType"],
- ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"],
- ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"],
- ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"],
- ["MemberDNGroupType", "MemberDNGroupType"],
- ["NestedGroupOfNamesType", "NestedGroupOfNamesType"],
- ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"],
- ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"],
- [
- "NestedOrganizationalRoleGroupType",
- "NestedOrganizationalRoleGroupType"
- ],
- ["NestedMemberDNGroupType", "NestedMemberDNGroupType"],
- ["PosixUIDGroupType", "PosixUIDGroupType"]
- ]
- },
- "AUTH_LDAP_2_GROUP_TYPE_PARAMS": {
- "type": "nested object",
- "label": "LDAP Group Type Parameters",
- "help_text": "Key value parameters to send the chosen group type init method.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_2_REQUIRE_GROUP": {
- "type": "string",
- "label": "LDAP Require Group",
- "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_2_DENY_GROUP": {
- "type": "string",
- "label": "LDAP Deny Group",
- "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_2_USER_FLAGS_BY_GROUP": {
- "type": "nested object",
- "label": "LDAP User Flags By Group",
- "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "list",
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_2_ORGANIZATION_MAP": {
- "type": "nested object",
- "label": "LDAP Organization Map",
- "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_2_TEAM_MAP": {
- "type": "nested object",
- "label": "LDAP Team Map",
- "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_3_SERVER_URI": {
- "type": "string",
- "label": "LDAP Server URI",
- "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_3_BIND_DN": {
- "type": "string",
- "label": "LDAP Bind DN",
- "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_3_BIND_PASSWORD": {
- "type": "string",
- "label": "LDAP Bind Password",
- "help_text": "Password used to bind LDAP user account.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_3_START_TLS": {
- "type": "boolean",
- "label": "LDAP Start TLS",
- "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_3_CONNECTION_OPTIONS": {
- "type": "nested object",
- "label": "LDAP Connection Options",
- "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_3_USER_SEARCH": {
- "type": "list",
- "label": "LDAP User Search",
- "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_3_USER_DN_TEMPLATE": {
- "type": "string",
- "label": "LDAP User DN Template",
- "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_3_USER_ATTR_MAP": {
- "type": "nested object",
- "label": "LDAP User Attribute Map",
- "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "string"
- }
- },
- "AUTH_LDAP_3_GROUP_SEARCH": {
- "type": "list",
- "label": "LDAP Group Search",
- "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_3_GROUP_TYPE": {
- "type": "choice",
- "label": "LDAP Group Type",
- "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "choices": [
- ["PosixGroupType", "PosixGroupType"],
- ["GroupOfNamesType", "GroupOfNamesType"],
- ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"],
- ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"],
- ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"],
- ["MemberDNGroupType", "MemberDNGroupType"],
- ["NestedGroupOfNamesType", "NestedGroupOfNamesType"],
- ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"],
- ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"],
- [
- "NestedOrganizationalRoleGroupType",
- "NestedOrganizationalRoleGroupType"
- ],
- ["NestedMemberDNGroupType", "NestedMemberDNGroupType"],
- ["PosixUIDGroupType", "PosixUIDGroupType"]
- ]
- },
- "AUTH_LDAP_3_GROUP_TYPE_PARAMS": {
- "type": "nested object",
- "label": "LDAP Group Type Parameters",
- "help_text": "Key value parameters to send the chosen group type init method.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_3_REQUIRE_GROUP": {
- "type": "string",
- "label": "LDAP Require Group",
- "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_3_DENY_GROUP": {
- "type": "string",
- "label": "LDAP Deny Group",
- "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_3_USER_FLAGS_BY_GROUP": {
- "type": "nested object",
- "label": "LDAP User Flags By Group",
- "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "list",
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_3_ORGANIZATION_MAP": {
- "type": "nested object",
- "label": "LDAP Organization Map",
- "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_3_TEAM_MAP": {
- "type": "nested object",
- "label": "LDAP Team Map",
- "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_4_SERVER_URI": {
- "type": "string",
- "label": "LDAP Server URI",
- "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_4_BIND_DN": {
- "type": "string",
- "label": "LDAP Bind DN",
- "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_4_BIND_PASSWORD": {
- "type": "string",
- "label": "LDAP Bind Password",
- "help_text": "Password used to bind LDAP user account.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_4_START_TLS": {
- "type": "boolean",
- "label": "LDAP Start TLS",
- "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_4_CONNECTION_OPTIONS": {
- "type": "nested object",
- "label": "LDAP Connection Options",
- "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_4_USER_SEARCH": {
- "type": "list",
- "label": "LDAP User Search",
- "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_4_USER_DN_TEMPLATE": {
- "type": "string",
- "label": "LDAP User DN Template",
- "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_4_USER_ATTR_MAP": {
- "type": "nested object",
- "label": "LDAP User Attribute Map",
- "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "string"
- }
- },
- "AUTH_LDAP_4_GROUP_SEARCH": {
- "type": "list",
- "label": "LDAP Group Search",
- "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_4_GROUP_TYPE": {
- "type": "choice",
- "label": "LDAP Group Type",
- "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "choices": [
- ["PosixGroupType", "PosixGroupType"],
- ["GroupOfNamesType", "GroupOfNamesType"],
- ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"],
- ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"],
- ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"],
- ["MemberDNGroupType", "MemberDNGroupType"],
- ["NestedGroupOfNamesType", "NestedGroupOfNamesType"],
- ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"],
- ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"],
- [
- "NestedOrganizationalRoleGroupType",
- "NestedOrganizationalRoleGroupType"
- ],
- ["NestedMemberDNGroupType", "NestedMemberDNGroupType"],
- ["PosixUIDGroupType", "PosixUIDGroupType"]
- ]
- },
- "AUTH_LDAP_4_GROUP_TYPE_PARAMS": {
- "type": "nested object",
- "label": "LDAP Group Type Parameters",
- "help_text": "Key value parameters to send the chosen group type init method.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_4_REQUIRE_GROUP": {
- "type": "string",
- "label": "LDAP Require Group",
- "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_4_DENY_GROUP": {
- "type": "string",
- "label": "LDAP Deny Group",
- "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_4_USER_FLAGS_BY_GROUP": {
- "type": "nested object",
- "label": "LDAP User Flags By Group",
- "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "list",
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_4_ORGANIZATION_MAP": {
- "type": "nested object",
- "label": "LDAP Organization Map",
- "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_4_TEAM_MAP": {
- "type": "nested object",
- "label": "LDAP Team Map",
- "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_5_SERVER_URI": {
- "type": "string",
- "label": "LDAP Server URI",
- "help_text": "URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_5_BIND_DN": {
- "type": "string",
- "label": "LDAP Bind DN",
- "help_text": "DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_5_BIND_PASSWORD": {
- "type": "string",
- "label": "LDAP Bind Password",
- "help_text": "Password used to bind LDAP user account.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_5_START_TLS": {
- "type": "boolean",
- "label": "LDAP Start TLS",
- "help_text": "Whether to enable TLS when the LDAP connection is not using SSL.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_5_CONNECTION_OPTIONS": {
- "type": "nested object",
- "label": "LDAP Connection Options",
- "help_text": "Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_5_USER_SEARCH": {
- "type": "list",
- "label": "LDAP User Search",
- "help_text": "LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_5_USER_DN_TEMPLATE": {
- "type": "string",
- "label": "LDAP User DN Template",
- "help_text": "Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_5_USER_ATTR_MAP": {
- "type": "nested object",
- "label": "LDAP User Attribute Map",
- "help_text": "Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "string"
- }
- },
- "AUTH_LDAP_5_GROUP_SEARCH": {
- "type": "list",
- "label": "LDAP Group Search",
- "help_text": "Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_5_GROUP_TYPE": {
- "type": "choice",
- "label": "LDAP Group Type",
- "help_text": "The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "choices": [
- ["PosixGroupType", "PosixGroupType"],
- ["GroupOfNamesType", "GroupOfNamesType"],
- ["GroupOfUniqueNamesType", "GroupOfUniqueNamesType"],
- ["ActiveDirectoryGroupType", "ActiveDirectoryGroupType"],
- ["OrganizationalRoleGroupType", "OrganizationalRoleGroupType"],
- ["MemberDNGroupType", "MemberDNGroupType"],
- ["NestedGroupOfNamesType", "NestedGroupOfNamesType"],
- ["NestedGroupOfUniqueNamesType", "NestedGroupOfUniqueNamesType"],
- ["NestedActiveDirectoryGroupType", "NestedActiveDirectoryGroupType"],
- [
- "NestedOrganizationalRoleGroupType",
- "NestedOrganizationalRoleGroupType"
- ],
- ["NestedMemberDNGroupType", "NestedMemberDNGroupType"],
- ["PosixUIDGroupType", "PosixUIDGroupType"]
- ]
- },
- "AUTH_LDAP_5_GROUP_TYPE_PARAMS": {
- "type": "nested object",
- "label": "LDAP Group Type Parameters",
- "help_text": "Key value parameters to send the chosen group type init method.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "AUTH_LDAP_5_REQUIRE_GROUP": {
- "type": "string",
- "label": "LDAP Require Group",
- "help_text": "Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_5_DENY_GROUP": {
- "type": "string",
- "label": "LDAP Deny Group",
- "help_text": "Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false
- },
- "AUTH_LDAP_5_USER_FLAGS_BY_GROUP": {
- "type": "nested object",
- "label": "LDAP User Flags By Group",
- "help_text": "Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "list",
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_5_ORGANIZATION_MAP": {
- "type": "nested object",
- "label": "LDAP Organization Map",
- "help_text": "Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "AUTH_LDAP_5_TEAM_MAP": {
- "type": "nested object",
- "label": "LDAP Team Map",
- "help_text": "Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
- "category": "LDAP",
- "category_slug": "ldap",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "RADIUS_SERVER": {
- "type": "string",
- "label": "RADIUS Server",
- "help_text": "Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty.",
- "category": "RADIUS",
- "category_slug": "radius",
- "defined_in_file": false
- },
- "RADIUS_PORT": {
- "type": "integer",
- "label": "RADIUS Port",
- "help_text": "Port of RADIUS server.",
- "min_value": 1,
- "max_value": 65535,
- "category": "RADIUS",
- "category_slug": "radius",
- "defined_in_file": false
- },
- "RADIUS_SECRET": {
- "type": "string",
- "label": "RADIUS Secret",
- "help_text": "Shared secret for authenticating to RADIUS server.",
- "category": "RADIUS",
- "category_slug": "radius",
- "defined_in_file": false
- },
- "TACACSPLUS_HOST": {
- "type": "string",
- "label": "TACACS+ Server",
- "help_text": "Hostname of TACACS+ server.",
- "category": "TACACS+",
- "category_slug": "tacacsplus",
- "defined_in_file": false
- },
- "TACACSPLUS_PORT": {
- "type": "integer",
- "label": "TACACS+ Port",
- "help_text": "Port number of TACACS+ server.",
- "min_value": 1,
- "max_value": 65535,
- "category": "TACACS+",
- "category_slug": "tacacsplus",
- "defined_in_file": false
- },
- "TACACSPLUS_SECRET": {
- "type": "string",
- "label": "TACACS+ Secret",
- "help_text": "Shared secret for authenticating to TACACS+ server.",
- "category": "TACACS+",
- "category_slug": "tacacsplus",
- "defined_in_file": false
- },
- "TACACSPLUS_SESSION_TIMEOUT": {
- "type": "integer",
- "label": "TACACS+ Auth Session Timeout",
- "help_text": "TACACS+ session timeout value in seconds, 0 disables timeout.",
- "min_value": 0,
- "category": "TACACS+",
- "category_slug": "tacacsplus",
- "defined_in_file": false,
- "unit": "seconds"
- },
- "TACACSPLUS_AUTH_PROTOCOL": {
- "type": "choice",
- "label": "TACACS+ Authentication Protocol",
- "help_text": "Choose the authentication protocol used by TACACS+ client.",
- "category": "TACACS+",
- "category_slug": "tacacsplus",
- "defined_in_file": false,
- "choices": [
- ["ascii", "ascii"],
- ["pap", "pap"]
- ]
- },
- "TACACSPLUS_REM_ADDR": {
- "type": "boolean",
- "required": false,
- "label": "TACACS+ client address sending enabled",
- "help_text": "Enable the client address sending by TACACS+ client.",
- "category": "TACACS+",
- "category_slug": "tacacsplus",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GOOGLE_OAUTH2_CALLBACK_URL": {
- "type": "string",
- "label": "Google OAuth2 Callback URL",
- "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
- "category": "Google OAuth2",
- "category_slug": "google-oauth2",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GOOGLE_OAUTH2_KEY": {
- "type": "string",
- "label": "Google OAuth2 Key",
- "help_text": "The OAuth2 key from your web application.",
- "category": "Google OAuth2",
- "category_slug": "google-oauth2",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET": {
- "type": "string",
- "label": "Google OAuth2 Secret",
- "help_text": "The OAuth2 secret from your web application.",
- "category": "Google OAuth2",
- "category_slug": "google-oauth2",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS": {
- "type": "list",
- "label": "Google OAuth2 Allowed Domains",
- "help_text": "Update this setting to restrict the domains who are allowed to login using Google OAuth2.",
- "category": "Google OAuth2",
- "category_slug": "google-oauth2",
- "defined_in_file": false,
- "child": {
- "type": "string"
- }
- },
- "SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS": {
- "type": "nested object",
- "label": "Google OAuth2 Extra Arguments",
- "help_text": "Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.",
- "category": "Google OAuth2",
- "category_slug": "google-oauth2",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP": {
- "type": "nested object",
- "label": "Google OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "Google OAuth2",
- "category_slug": "google-oauth2",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP": {
- "type": "nested object",
- "label": "Google OAuth2 Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "Google OAuth2",
- "category_slug": "google-oauth2",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_CALLBACK_URL": {
- "type": "string",
- "label": "GitHub OAuth2 Callback URL",
- "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
- "category": "GitHub OAuth2",
- "category_slug": "github",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_KEY": {
- "type": "string",
- "label": "GitHub OAuth2 Key",
- "help_text": "The OAuth2 key (Client ID) from your GitHub developer application.",
- "category": "GitHub OAuth2",
- "category_slug": "github",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_SECRET": {
- "type": "string",
- "label": "GitHub OAuth2 Secret",
- "help_text": "The OAuth2 secret (Client Secret) from your GitHub developer application.",
- "category": "GitHub OAuth2",
- "category_slug": "github",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP": {
- "type": "nested object",
- "label": "GitHub OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "GitHub OAuth2",
- "category_slug": "github",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_TEAM_MAP": {
- "type": "nested object",
- "label": "GitHub OAuth2 Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "GitHub OAuth2",
- "category_slug": "github",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_ORG_CALLBACK_URL": {
- "type": "string",
- "label": "GitHub Organization OAuth2 Callback URL",
- "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
- "category": "GitHub Organization OAuth2",
- "category_slug": "github-org",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ORG_KEY": {
- "type": "string",
- "label": "GitHub Organization OAuth2 Key",
- "help_text": "The OAuth2 key (Client ID) from your GitHub organization application.",
- "category": "GitHub Organization OAuth2",
- "category_slug": "github-org",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ORG_SECRET": {
- "type": "string",
- "label": "GitHub Organization OAuth2 Secret",
- "help_text": "The OAuth2 secret (Client Secret) from your GitHub organization application.",
- "category": "GitHub Organization OAuth2",
- "category_slug": "github-org",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ORG_NAME": {
- "type": "string",
- "label": "GitHub Organization Name",
- "help_text": "The name of your GitHub organization, as used in your organization's URL: https://github.com//.",
- "category": "GitHub Organization OAuth2",
- "category_slug": "github-org",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP": {
- "type": "nested object",
- "label": "GitHub Organization OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "GitHub Organization OAuth2",
- "category_slug": "github-org",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP": {
- "type": "nested object",
- "label": "GitHub Organization OAuth2 Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "GitHub Organization OAuth2",
- "category_slug": "github-org",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_TEAM_CALLBACK_URL": {
- "type": "string",
- "label": "GitHub Team OAuth2 Callback URL",
- "help_text": "Create an organization-owned application at https://github.com/organizations//settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.",
- "category": "GitHub Team OAuth2",
- "category_slug": "github-team",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_TEAM_KEY": {
- "type": "string",
- "label": "GitHub Team OAuth2 Key",
- "help_text": "The OAuth2 key (Client ID) from your GitHub organization application.",
- "category": "GitHub Team OAuth2",
- "category_slug": "github-team",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_TEAM_SECRET": {
- "type": "string",
- "label": "GitHub Team OAuth2 Secret",
- "help_text": "The OAuth2 secret (Client Secret) from your GitHub organization application.",
- "category": "GitHub Team OAuth2",
- "category_slug": "github-team",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_TEAM_ID": {
- "type": "string",
- "label": "GitHub Team ID",
- "help_text": "Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.",
- "category": "GitHub Team OAuth2",
- "category_slug": "github-team",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP": {
- "type": "nested object",
- "label": "GitHub Team OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "GitHub Team OAuth2",
- "category_slug": "github-team",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP": {
- "type": "nested object",
- "label": "GitHub Team OAuth2 Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "GitHub Team OAuth2",
- "category_slug": "github-team",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_CALLBACK_URL": {
- "type": "string",
- "label": "GitHub Enterprise OAuth2 Callback URL",
- "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
- "category": "GitHub Enterprise OAuth2",
- "category_slug": "github-enterprise",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_URL": {
- "type": "string",
- "label": "GitHub Enterprise URL",
- "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
- "category": "GitHub Enterprise OAuth2",
- "category_slug": "github-enterprise",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL": {
- "type": "string",
- "label": "GitHub Enterprise API URL",
- "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
- "category": "GitHub Enterprise OAuth2",
- "category_slug": "github-enterprise",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY": {
- "type": "string",
- "label": "GitHub Enterprise OAuth2 Key",
- "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise developer application.",
- "category": "GitHub Enterprise OAuth2",
- "category_slug": "github-enterprise",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET": {
- "type": "string",
- "label": "GitHub Enterprise OAuth2 Secret",
- "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application.",
- "category": "GitHub OAuth2",
- "category_slug": "github-enterprise",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP": {
- "type": "nested object",
- "label": "GitHub Enterprise OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "GitHub Enterprise OAuth2",
- "category_slug": "github-enterprise",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP": {
- "type": "nested object",
- "label": "GitHub Enterprise OAuth2 Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "GitHub Enterprise OAuth2",
- "category_slug": "github-enterprise",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_CALLBACK_URL": {
- "type": "string",
- "label": "GitHub Enterprise Organization OAuth2 Callback URL",
- "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
- "category": "GitHub Enterprise Organization OAuth2",
- "category_slug": "github-enterprise-org",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL": {
- "type": "string",
- "label": "GitHub Enterprise Organization URL",
- "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
- "category": "GitHub Enterprise OAuth2",
- "category_slug": "github-enterprise-org",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL": {
- "type": "string",
- "label": "GitHub Enterprise Organization API URL",
- "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
- "category": "GitHub Enterprise OAuth2",
- "category_slug": "github-enterprise-org",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY": {
- "type": "string",
- "label": "GitHub Enterprise Organization OAuth2 Key",
- "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise organization application.",
- "category": "GitHub Enterprise Organization OAuth2",
- "category_slug": "github-enterprise-org",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET": {
- "type": "string",
- "label": "GitHub Enterprise Organization OAuth2 Secret",
- "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.",
- "category": "GitHub Enterprise Organization OAuth2",
- "category_slug": "github-enterprise-org",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME": {
- "type": "string",
- "label": "GitHub Enterprise Organization Name",
- "help_text": "The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com//.",
- "category": "GitHub Enterprise Organization OAuth2",
- "category_slug": "github-enterprise-org",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP": {
- "type": "nested object",
- "label": "GitHub Enterprise Organization OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "GitHub Enterprise Organization OAuth2",
- "category_slug": "github-enterprise-org",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP": {
- "type": "nested object",
- "label": "GitHub Enterprise Organization OAuth2 Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "GitHub Enterprise Organization OAuth2",
- "category_slug": "github-enterprise-org",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_CALLBACK_URL": {
- "type": "string",
- "label": "GitHub Enterprise Team OAuth2 Callback URL",
- "help_text": "Create an organization-owned application at https://github.com/organizations//settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.",
- "category": "GitHub Enterprise Team OAuth2",
- "category_slug": "github-enterprise-team",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL": {
- "type": "string",
- "label": "GitHub Enterprise Team URL",
- "help_text": "The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
- "category": "GitHub Enterprise OAuth2",
- "category_slug": "github-enterprise-team",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL": {
- "type": "string",
- "label": "GitHub Enterprise Team API URL",
- "help_text": "The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
- "category": "GitHub Enterprise OAuth2",
- "category_slug": "github-enterprise-team",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY": {
- "type": "string",
- "label": "GitHub Enterprise Team OAuth2 Key",
- "help_text": "The OAuth2 key (Client ID) from your GitHub Enterprise organization application.",
- "category": "GitHub Enterprise Team OAuth2",
- "category_slug": "github-enterprise-team",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET": {
- "type": "string",
- "label": "GitHub Enterprise Team OAuth2 Secret",
- "help_text": "The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.",
- "category": "GitHub Enterprise Team OAuth2",
- "category_slug": "github-enterprise-team",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID": {
- "type": "string",
- "label": "GitHub Enterprise Team ID",
- "help_text": "Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.",
- "category": "GitHub Enterprise Team OAuth2",
- "category_slug": "github-enterprise-team",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP": {
- "type": "nested object",
- "label": "GitHub Enterprise Team OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "GitHub Enterprise Team OAuth2",
- "category_slug": "github-enterprise-team",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP": {
- "type": "nested object",
- "label": "GitHub Enterprise Team OAuth2 Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "GitHub Enterprise Team OAuth2",
- "category_slug": "github-enterprise-team",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_AZUREAD_OAUTH2_CALLBACK_URL": {
- "type": "string",
- "label": "Azure AD OAuth2 Callback URL",
- "help_text": "Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail. ",
- "category": "Azure AD OAuth2",
- "category_slug": "azuread-oauth2",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_AZUREAD_OAUTH2_KEY": {
- "type": "string",
- "label": "Azure AD OAuth2 Key",
- "help_text": "The OAuth2 key (Client ID) from your Azure AD application.",
- "category": "Azure AD OAuth2",
- "category_slug": "azuread-oauth2",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET": {
- "type": "string",
- "label": "Azure AD OAuth2 Secret",
- "help_text": "The OAuth2 secret (Client Secret) from your Azure AD application.",
- "category": "Azure AD OAuth2",
- "category_slug": "azuread-oauth2",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP": {
- "type": "nested object",
- "label": "Azure AD OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "Azure AD OAuth2",
- "category_slug": "azuread-oauth2",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP": {
- "type": "nested object",
- "label": "Azure AD OAuth2 Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "Azure AD OAuth2",
- "category_slug": "azuread-oauth2",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_OIDC_KEY": {
- "type": "string",
- "label": "OIDC Key",
- "help_text": "The OIDC key (Client ID) from your IDP.",
- "category": "Generic OIDC",
- "category_slug": "oidc",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_OIDC_SECRET": {
- "type": "string",
- "label": "OIDC Secret",
- "help_text": "The OIDC secret (Client Secret) from your IDP.",
- "category": "Generic OIDC",
- "category_slug": "oidc",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT": {
- "type": "string",
- "label": "OIDC Provider URL",
- "help_text": "The URL for your OIDC provider including the path up to /.well-known/openid-configuration",
- "category": "Generic OIDC",
- "category_slug": "oidc",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_OIDC_VERIFY_SSL": {
- "type": "boolean",
- "label": "Verify OIDC Provider Certificate",
- "help_text": "Verify the OIDC provider ssl certificate.",
- "category": "Generic OIDC",
- "category_slug": "oidc",
- "defined_in_file": false
- },
- "SAML_AUTO_CREATE_OBJECTS": {
- "type": "boolean",
- "label": "Automatically Create Organizations and Teams on SAML Login",
- "help_text": "When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login.",
- "category": "SAML",
- "category_slug": "saml",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_SAML_CALLBACK_URL": {
- "type": "string",
- "label": "SAML Assertion Consumer Service (ACS) URL",
- "help_text": "Register the service as a service provider (SP) with each identity provider (IdP) you have configured. Provide your SP Entity ID and this ACS URL for your application.",
- "category": "SAML",
- "category_slug": "saml",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_SAML_METADATA_URL": {
- "type": "string",
- "label": "SAML Service Provider Metadata URL",
- "help_text": "If your identity provider (IdP) allows uploading an XML metadata file, you can download one from this URL.",
- "category": "SAML",
- "category_slug": "saml",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_SAML_SP_ENTITY_ID": {
- "type": "string",
- "label": "SAML Service Provider Entity ID",
- "help_text": "The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for the service.",
- "category": "SAML",
- "category_slug": "saml",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_SAML_SP_PUBLIC_CERT": {
- "type": "string",
- "label": "SAML Service Provider Public Certificate",
- "help_text": "Create a keypair to use as a service provider (SP) and include the certificate content here.",
- "category": "SAML",
- "category_slug": "saml",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY": {
- "type": "string",
- "label": "SAML Service Provider Private Key",
- "help_text": "Create a keypair to use as a service provider (SP) and include the private key content here.",
- "category": "SAML",
- "category_slug": "saml",
- "defined_in_file": false
- },
- "SOCIAL_AUTH_SAML_ORG_INFO": {
- "type": "nested object",
- "label": "SAML Service Provider Organization Info",
- "help_text": "Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.",
- "category": "SAML",
- "category_slug": "saml",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_SAML_TECHNICAL_CONTACT": {
- "type": "nested object",
- "label": "SAML Service Provider Technical Contact",
- "help_text": "Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.",
- "category": "SAML",
- "category_slug": "saml",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "SOCIAL_AUTH_SAML_SUPPORT_CONTACT": {
- "type": "nested object",
- "label": "SAML Service Provider Support Contact",
- "help_text": "Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.",
- "category": "SAML",
- "category_slug": "saml",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "SOCIAL_AUTH_SAML_ENABLED_IDPS": {
- "type": "nested object",
- "label": "SAML Enabled Identity Providers",
- "help_text": "Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.",
- "category": "SAML",
- "category_slug": "saml",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_SAML_SECURITY_CONFIG": {
- "type": "nested object",
- "label": "SAML Security Config",
- "help_text": "A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings",
- "category": "SAML",
- "category_slug": "saml",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "SOCIAL_AUTH_SAML_SP_EXTRA": {
- "type": "nested object",
- "label": "SAML Service Provider extra configuration data",
- "help_text": "A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.",
- "category": "SAML",
- "category_slug": "saml",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "SOCIAL_AUTH_SAML_EXTRA_DATA": {
- "type": "list",
- "label": "SAML IDP to extra_data attribute mapping",
- "help_text": "A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.",
- "category": "SAML",
- "category_slug": "saml",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "SOCIAL_AUTH_SAML_ORGANIZATION_MAP": {
- "type": "nested object",
- "label": "SAML Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
- "category": "SAML",
- "category_slug": "saml",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_SAML_TEAM_MAP": {
- "type": "nested object",
- "label": "SAML Team Map",
- "help_text": "Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
- "category": "SAML",
- "category_slug": "saml",
- "defined_in_file": false,
- "child": {
- "type": "nested object",
- "child": {
- "type": "field",
- "required": true,
- "read_only": false
- }
- }
- },
- "SOCIAL_AUTH_SAML_ORGANIZATION_ATTR": {
- "type": "nested object",
- "label": "SAML Organization Attribute Mapping",
- "help_text": "Used to translate user organization membership.",
- "category": "SAML",
- "category_slug": "saml",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "SOCIAL_AUTH_SAML_TEAM_ATTR": {
- "type": "nested object",
- "label": "SAML Team Attribute Mapping",
- "help_text": "Used to translate user team membership.",
- "category": "SAML",
- "category_slug": "saml",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR": {
- "type": "nested object",
- "label": "SAML User Flags Attribute Mapping",
- "help_text": "Used to map super users and system auditors from SAML.",
- "category": "SAML",
- "category_slug": "saml",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "LOCAL_PASSWORD_MIN_LENGTH": {
- "type": "integer",
- "label": "Minimum number of characters in local password",
- "help_text": "Minimum number of characters required in a local password. 0 means no minimum",
- "min_value": 0,
- "category": "Authentication",
- "category_slug": "authentication",
- "defined_in_file": false
- },
- "LOCAL_PASSWORD_MIN_DIGITS": {
- "type": "integer",
- "label": "Minimum number of digit characters in local password",
- "help_text": "Minimum number of digit characters required in a local password. 0 means no minimum",
- "min_value": 0,
- "category": "Authentication",
- "category_slug": "authentication",
- "defined_in_file": false
- },
- "LOCAL_PASSWORD_MIN_UPPER": {
- "type": "integer",
- "label": "Minimum number of uppercase characters in local password",
- "help_text": "Minimum number of uppercase characters required in a local password. 0 means no minimum",
- "min_value": 0,
- "category": "Authentication",
- "category_slug": "authentication",
- "defined_in_file": false
- },
- "LOCAL_PASSWORD_MIN_SPECIAL": {
- "type": "integer",
- "label": "Minimum number of special characters in local password",
- "help_text": "Minimum number of special characters required in a local password. 0 means no minimum",
- "min_value": 0,
- "category": "Authentication",
- "category_slug": "authentication",
- "defined_in_file": false
- },
- "NAMED_URL_FORMATS": {
- "type": "nested object",
- "label": "Formats of all available named urls",
- "help_text": "Read-only list of key-value pairs that shows the standard format of all available named URLs.",
- "category": "Named URL",
- "category_slug": "named-url",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- },
- "NAMED_URL_GRAPH_NODES": {
- "type": "nested object",
- "label": "List of all named url graph nodes.",
- "help_text": "Read-only list of key-value pairs that exposes named URL graph topology. Use this list to programmatically generate named URLs for resources",
- "category": "Named URL",
- "category_slug": "named-url",
- "defined_in_file": false,
- "child": {
- "type": "field"
- }
- }
- }
}
}
diff --git a/awx/ui/src/screens/Setting/shared/data.allSettings.json b/awx/ui/src/screens/Setting/shared/data.allSettings.json
index 1d9f2f6e2b..4fc9cabfdb 100644
--- a/awx/ui/src/screens/Setting/shared/data.allSettings.json
+++ b/awx/ui/src/screens/Setting/shared/data.allSettings.json
@@ -3,55 +3,46 @@
"ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC": false,
"ORG_ADMINS_CAN_SEE_ALL_USERS": true,
"MANAGE_ORGANIZATION_AUTH": true,
- "DISABLE_LOCAL_AUTH": false,
"TOWER_URL_BASE": "https://localhost:3000",
- "REMOTE_HOST_HEADERS": ["REMOTE_ADDR", "REMOTE_HOST"],
+ "REMOTE_HOST_HEADERS": [
+ "REMOTE_ADDR",
+ "REMOTE_HOST"
+ ],
"PROXY_IP_ALLOWED_LIST": [],
"LICENSE": {},
"REDHAT_USERNAME": "",
"REDHAT_PASSWORD": "",
+ "SUBSCRIPTIONS_USERNAME": "",
+ "SUBSCRIPTIONS_PASSWORD": "",
"AUTOMATION_ANALYTICS_URL": "https://example.com",
"INSTALL_UUID": "3f5a4d68-3a94-474c-a3c0-f23a33122ce6",
+ "DEFAULT_CONTROL_PLANE_QUEUE_NAME": "controlplane",
+ "DEFAULT_EXECUTION_QUEUE_NAME": "default",
+ "DEFAULT_EXECUTION_ENVIRONMENT": null,
"CUSTOM_VENV_PATHS": [],
"AD_HOC_COMMANDS": [
- "command",
- "shell",
- "yum",
- "apt",
- "apt_key",
- "apt_repository",
- "apt_rpm",
- "service",
- "group",
- "user",
- "mount",
- "ping",
- "selinux",
- "setup",
- "win_ping",
- "win_service",
- "win_updates",
- "win_group",
- "win_user"
+ "command"
],
"ALLOW_JINJA_IN_EXTRA_VARS": "template",
"AWX_ISOLATION_BASE_PATH": "/tmp",
"AWX_ISOLATION_SHOW_PATHS": [],
"AWX_TASK_ENV": {},
+ "AWX_RUNNER_KEEPALIVE_SECONDS": 0,
"GALAXY_TASK_ENV": {
- "ANSIBLE_FORCE_COLOR": "false",
- "GIT_SSH_COMMAND": "ssh -o StrictHostKeyChecking=no"
+ "ANSIBLE_FORCE_COLOR": "false",
+ "GIT_SSH_COMMAND": "ssh -o StrictHostKeyChecking=no"
},
"INSIGHTS_TRACKING_STATE": false,
"PROJECT_UPDATE_VVV": false,
"AWX_ROLES_ENABLED": true,
"AWX_COLLECTIONS_ENABLED": true,
"AWX_SHOW_PLAYBOOK_LINKS": false,
+ "AWX_MOUNT_ISOLATED_PATHS_ON_K8S": false,
"GALAXY_IGNORE_CERTS": false,
"STDOUT_MAX_BYTES_DISPLAY": 1048576,
"EVENT_STDOUT_MAX_BYTES_DISPLAY": 1024,
+ "MAX_WEBSOCKET_EVENT_RATE": 30,
"SCHEDULE_MAX_JOBS": 10,
- "AWX_RUNNER_KEEPALIVE_SECONDS": 0,
"AWX_ANSIBLE_CALLBACK_PLUGINS": [],
"DEFAULT_JOB_TIMEOUT": 0,
"DEFAULT_JOB_IDLE_TIMEOUT": 0,
@@ -65,10 +56,11 @@
"LOG_AGGREGATOR_USERNAME": "",
"LOG_AGGREGATOR_PASSWORD": "",
"LOG_AGGREGATOR_LOGGERS": [
- "awx",
- "activity_stream",
- "job_events",
- "system_tracking"
+ "awx",
+ "activity_stream",
+ "job_events",
+ "system_tracking",
+ "broadcast_websocket"
],
"LOG_AGGREGATOR_INDIVIDUAL_FACTS": false,
"LOG_AGGREGATOR_ENABLED": true,
@@ -83,28 +75,41 @@
"LOG_AGGREGATOR_RSYSLOGD_DEBUG": false,
"API_400_ERROR_LOG_FORMAT": "status {status_code} received by user {user_name} attempting to access {url_path} from {remote_addr}",
"AUTOMATION_ANALYTICS_LAST_GATHER": null,
+ "AUTOMATION_ANALYTICS_LAST_ENTRIES": "",
"AUTOMATION_ANALYTICS_GATHER_INTERVAL": 14400,
+ "IS_K8S": false,
+ "BULK_JOB_MAX_LAUNCH": 100,
+ "BULK_HOST_MAX_CREATE": 100,
+ "UI_NEXT": false,
+ "SUBSCRIPTION_USAGE_MODEL": "",
+ "CLEANUP_HOST_METRICS_LAST_TS": null,
+ "AWX_CLEANUP_PATHS": true,
+ "AWX_REQUEST_PROFILE": false,
+ "DEFAULT_CONTAINER_RUN_OPTIONS": [
+ "--network",
+ "slirp4netns:enable_ipv6=true"
+ ],
+ "RECEPTOR_RELEASE_WORK": true,
"SESSION_COOKIE_AGE": 1800,
"SESSIONS_PER_USER": -1,
+ "DISABLE_LOCAL_AUTH": false,
"AUTH_BASIC_ENABLED": true,
"OAUTH2_PROVIDER": {
- "ACCESS_TOKEN_EXPIRE_SECONDS": 31536000000,
- "REFRESH_TOKEN_EXPIRE_SECONDS": 2628000,
- "AUTHORIZATION_CODE_EXPIRE_SECONDS": 600
+ "ACCESS_TOKEN_EXPIRE_SECONDS": 31536000000,
+ "AUTHORIZATION_CODE_EXPIRE_SECONDS": 600,
+ "REFRESH_TOKEN_EXPIRE_SECONDS": 2628000
},
"ALLOW_OAUTH2_FOR_EXTERNAL_USERS": false,
"LOGIN_REDIRECT_OVERRIDE": "",
+ "ALLOW_METRICS_FOR_ANONYMOUS_USERS": false,
"PENDO_TRACKING_STATE": "off",
"CUSTOM_LOGIN_INFO": "",
"CUSTOM_LOGO": "",
"MAX_UI_JOB_EVENTS": 4000,
"UI_LIVE_UPDATES_ENABLED": true,
"AUTHENTICATION_BACKENDS": [
- "awx.sso.backends.LDAPBackend",
- "awx.sso.backends.RADIUSBackend",
- "awx.sso.backends.TACACSPlusBackend",
- "social_core.backends.github.GithubTeamOAuth2",
- "django.contrib.auth.backends.ModelBackend"
+ "awx.sso.backends.TACACSPlusBackend",
+ "awx.main.backends.AWXModelBackend"
],
"SOCIAL_AUTH_ORGANIZATION_MAP": null,
"SOCIAL_AUTH_TEAM_MAP": null,
@@ -115,8 +120,8 @@
"AUTH_LDAP_BIND_PASSWORD": "$encrypted$",
"AUTH_LDAP_START_TLS": false,
"AUTH_LDAP_CONNECTION_OPTIONS": {
- "OPT_REFERRALS": 0,
- "OPT_NETWORK_TIMEOUT": 30
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
},
"AUTH_LDAP_USER_SEARCH": [],
"AUTH_LDAP_USER_DN_TEMPLATE": "uid=%(user)s,OU=Users,DC=example,DC=com",
@@ -127,7 +132,10 @@
"(objectClass=group)"
],
"AUTH_LDAP_GROUP_TYPE": "MemberDNGroupType",
- "AUTH_LDAP_GROUP_TYPE_PARAMS": { "name_attr": "cn", "member_attr": "member" },
+ "AUTH_LDAP_GROUP_TYPE_PARAMS": {
+ "member_attr": "member",
+ "name_attr": "cn"
+ },
"AUTH_LDAP_REQUIRE_GROUP": "CN=Service Users,OU=Users,DC=example,DC=com",
"AUTH_LDAP_DENY_GROUP": null,
"AUTH_LDAP_USER_FLAGS_BY_GROUP": { "is_superuser": ["cn=superusers"] },
@@ -138,8 +146,8 @@
"AUTH_LDAP_1_BIND_PASSWORD": "",
"AUTH_LDAP_1_START_TLS": true,
"AUTH_LDAP_1_CONNECTION_OPTIONS": {
- "OPT_REFERRALS": 0,
- "OPT_NETWORK_TIMEOUT": 30
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
},
"AUTH_LDAP_1_USER_SEARCH": [],
"AUTH_LDAP_1_USER_DN_TEMPLATE": null,
@@ -147,11 +155,11 @@
"AUTH_LDAP_1_GROUP_SEARCH": [],
"AUTH_LDAP_1_GROUP_TYPE": "MemberDNGroupType",
"AUTH_LDAP_1_GROUP_TYPE_PARAMS": {
- "member_attr": "member",
- "name_attr": "cn"
+ "member_attr": "member",
+ "name_attr": "cn"
},
"AUTH_LDAP_1_REQUIRE_GROUP": null,
- "AUTH_LDAP_1_DENY_GROUP": "CN=Disabled1",
+ "AUTH_LDAP_1_DENY_GROUP": null,
"AUTH_LDAP_1_USER_FLAGS_BY_GROUP": {},
"AUTH_LDAP_1_ORGANIZATION_MAP": {},
"AUTH_LDAP_1_TEAM_MAP": {},
@@ -160,8 +168,8 @@
"AUTH_LDAP_2_BIND_PASSWORD": "",
"AUTH_LDAP_2_START_TLS": false,
"AUTH_LDAP_2_CONNECTION_OPTIONS": {
- "OPT_REFERRALS": 0,
- "OPT_NETWORK_TIMEOUT": 30
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
},
"AUTH_LDAP_2_USER_SEARCH": [],
"AUTH_LDAP_2_USER_DN_TEMPLATE": null,
@@ -169,8 +177,8 @@
"AUTH_LDAP_2_GROUP_SEARCH": [],
"AUTH_LDAP_2_GROUP_TYPE": "MemberDNGroupType",
"AUTH_LDAP_2_GROUP_TYPE_PARAMS": {
- "member_attr": "member",
- "name_attr": "cn"
+ "member_attr": "member",
+ "name_attr": "cn"
},
"AUTH_LDAP_2_REQUIRE_GROUP": null,
"AUTH_LDAP_2_DENY_GROUP": "CN=Disabled2",
@@ -182,8 +190,8 @@
"AUTH_LDAP_3_BIND_PASSWORD": "",
"AUTH_LDAP_3_START_TLS": false,
"AUTH_LDAP_3_CONNECTION_OPTIONS": {
- "OPT_REFERRALS": 0,
- "OPT_NETWORK_TIMEOUT": 30
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
},
"AUTH_LDAP_3_USER_SEARCH": [],
"AUTH_LDAP_3_USER_DN_TEMPLATE": null,
@@ -191,8 +199,8 @@
"AUTH_LDAP_3_GROUP_SEARCH": [],
"AUTH_LDAP_3_GROUP_TYPE": "MemberDNGroupType",
"AUTH_LDAP_3_GROUP_TYPE_PARAMS": {
- "member_attr": "member",
- "name_attr": "cn"
+ "member_attr": "member",
+ "name_attr": "cn"
},
"AUTH_LDAP_3_REQUIRE_GROUP": null,
"AUTH_LDAP_3_DENY_GROUP": null,
@@ -204,8 +212,8 @@
"AUTH_LDAP_4_BIND_PASSWORD": "",
"AUTH_LDAP_4_START_TLS": false,
"AUTH_LDAP_4_CONNECTION_OPTIONS": {
- "OPT_REFERRALS": 0,
- "OPT_NETWORK_TIMEOUT": 30
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
},
"AUTH_LDAP_4_USER_SEARCH": [],
"AUTH_LDAP_4_USER_DN_TEMPLATE": null,
@@ -213,8 +221,8 @@
"AUTH_LDAP_4_GROUP_SEARCH": [],
"AUTH_LDAP_4_GROUP_TYPE": "MemberDNGroupType",
"AUTH_LDAP_4_GROUP_TYPE_PARAMS": {
- "member_attr": "member",
- "name_attr": "cn"
+ "member_attr": "member",
+ "name_attr": "cn"
},
"AUTH_LDAP_4_REQUIRE_GROUP": null,
"AUTH_LDAP_4_DENY_GROUP": null,
@@ -226,8 +234,8 @@
"AUTH_LDAP_5_BIND_PASSWORD": "",
"AUTH_LDAP_5_START_TLS": false,
"AUTH_LDAP_5_CONNECTION_OPTIONS": {
- "OPT_REFERRALS": 0,
- "OPT_NETWORK_TIMEOUT": 30
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
},
"AUTH_LDAP_5_USER_SEARCH": [],
"AUTH_LDAP_5_USER_DN_TEMPLATE": null,
@@ -235,8 +243,8 @@
"AUTH_LDAP_5_GROUP_SEARCH": [],
"AUTH_LDAP_5_GROUP_TYPE": "MemberDNGroupType",
"AUTH_LDAP_5_GROUP_TYPE_PARAMS": {
- "member_attr": "member",
- "name_attr": "cn"
+ "member_attr": "member",
+ "name_attr": "cn"
},
"AUTH_LDAP_5_REQUIRE_GROUP": null,
"AUTH_LDAP_5_DENY_GROUP": null,
@@ -276,11 +284,38 @@
"SOCIAL_AUTH_GITHUB_TEAM_ID": "team_id",
"SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP": {},
"SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP": {},
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_CALLBACK_URL": "https://localhost:3000/sso/complete/github-enterprise/",
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_URL": "",
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL": "",
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY": "",
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET": "",
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP": null,
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP": null,
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_CALLBACK_URL": "https://localhost:3000/sso/complete/github-enterprise-org/",
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL": "",
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL": "",
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY": "",
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET": "",
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME": "",
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP": null,
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP": null,
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_CALLBACK_URL": "https://localhost:3000/sso/complete/github-enterprise-team/",
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL": "",
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL": "",
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY": "",
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET": "",
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID": "",
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP": null,
+ "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP": null,
"SOCIAL_AUTH_AZUREAD_OAUTH2_CALLBACK_URL": "https://localhost:3000/sso/complete/azuread-oauth2/",
"SOCIAL_AUTH_AZUREAD_OAUTH2_KEY": "",
"SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET": "",
"SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP": null,
"SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP": null,
+ "SOCIAL_AUTH_OIDC_KEY": null,
+ "SOCIAL_AUTH_OIDC_SECRET": "",
+ "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT": "",
+ "SOCIAL_AUTH_OIDC_VERIFY_SSL": true,
"SAML_AUTO_CREATE_OBJECTS": true,
"SOCIAL_AUTH_SAML_CALLBACK_URL": "https://localhost:3000/sso/complete/saml/",
"SOCIAL_AUTH_SAML_METADATA_URL": "https://localhost:3000/sso/metadata/saml/",
@@ -291,7 +326,9 @@
"SOCIAL_AUTH_SAML_TECHNICAL_CONTACT": {},
"SOCIAL_AUTH_SAML_SUPPORT_CONTACT": {},
"SOCIAL_AUTH_SAML_ENABLED_IDPS": {},
- "SOCIAL_AUTH_SAML_SECURITY_CONFIG": { "requestedAuthnContext": false },
+ "SOCIAL_AUTH_SAML_SECURITY_CONFIG": {
+ "requestedAuthnContext": false
+ },
"SOCIAL_AUTH_SAML_SP_EXTRA": null,
"SOCIAL_AUTH_SAML_EXTRA_DATA": null,
"SOCIAL_AUTH_SAML_ORGANIZATION_MAP": null,
@@ -299,99 +336,215 @@
"SOCIAL_AUTH_SAML_ORGANIZATION_ATTR": {},
"SOCIAL_AUTH_SAML_TEAM_ATTR": {},
"SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR": {},
- "SOCIAL_AUTH_OIDC_KEY": "",
- "SOCIAL_AUTH_OIDC_SECRET": "",
- "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT": "",
- "SOCIAL_AUTH_OIDC_VERIFY_SSL": true,
- "NAMED_URL_FORMATS": {
- "organizations": "",
- "teams": "++",
- "credential_types": "+",
- "credentials": "+++++",
- "notification_templates": "++",
- "job_templates": "++",
- "projects": "++",
- "inventories": "++",
- "hosts": "++++",
- "groups": "++++",
- "inventory_sources": "++++",
- "inventory_scripts": "++",
- "instance_groups": "",
- "labels": "++",
- "workflow_job_templates": "++",
- "workflow_job_template_nodes": "++++",
- "applications": "++",
- "users": "",
- "instances": ""
- },
"LOCAL_PASSWORD_MIN_LENGTH": 0,
"LOCAL_PASSWORD_MIN_DIGITS": 0,
"LOCAL_PASSWORD_MIN_UPPER": 0,
"LOCAL_PASSWORD_MIN_SPECIAL": 0,
- "NAMED_URL_GRAPH_NODES": {
- "organizations": { "fields": ["name"], "adj_list": [] },
- "teams": {
- "fields": ["name"],
- "adj_list": [["organization", "organizations"]]
- },
- "credential_types": { "fields": ["name", "kind"], "adj_list": [] },
- "credentials": {
- "fields": ["name"],
- "adj_list": [
- ["credential_type", "credential_types"],
- ["organization", "organizations"]
- ]
- },
- "notification_templates": {
- "fields": ["name"],
- "adj_list": [["organization", "organizations"]]
- },
- "job_templates": {
- "fields": ["name"],
- "adj_list": [["organization", "organizations"]]
- },
- "projects": {
- "fields": ["name"],
- "adj_list": [["organization", "organizations"]]
- },
- "inventories": {
- "fields": ["name"],
- "adj_list": [["organization", "organizations"]]
- },
- "hosts": { "fields": ["name"], "adj_list": [["inventory", "inventories"]] },
- "groups": {
- "fields": ["name"],
- "adj_list": [["inventory", "inventories"]]
- },
- "inventory_sources": {
- "fields": ["name"],
- "adj_list": [["inventory", "inventories"]]
- },
- "inventory_scripts": {
- "fields": ["name"],
- "adj_list": [["organization", "organizations"]]
- },
- "instance_groups": { "fields": ["name"], "adj_list": [] },
- "labels": {
- "fields": ["name"],
- "adj_list": [["organization", "organizations"]]
- },
- "workflow_job_templates": {
- "fields": ["name"],
- "adj_list": [["organization", "organizations"]]
- },
- "workflow_job_template_nodes": {
- "fields": ["identifier"],
- "adj_list": [["workflow_job_template", "workflow_job_templates"]]
- },
- "applications": {
- "fields": ["name"],
- "adj_list": [["organization", "organizations"]]
- },
- "users": { "fields": ["username"], "adj_list": [] },
- "instances": { "fields": ["hostname"], "adj_list": [] }
+ "NAMED_URL_FORMATS": {
+ "execution_environments": "",
+ "organizations": "",
+ "teams": "++",
+ "credential_types": "+",
+ "credentials": "+++++",
+ "notification_templates": "++",
+ "job_templates": "++",
+ "projects": "++",
+ "inventories": "++",
+ "hosts": "++++",
+ "groups": "++++",
+ "inventory_sources": "++++",
+ "instance_groups": "",
+ "workflow_job_templates": "++",
+ "workflow_job_template_nodes": "++++",
+ "labels": "++",
+ "applications": "++",
+ "users": "",
+ "instances": ""
},
- "DEFAULT_EXECUTION_ENVIRONMENT": 1,
- "AWX_MOUNT_ISOLATED_PATHS_ON_K8S": false,
- "UI_NEXT": false
-}
+ "NAMED_URL_GRAPH_NODES": {
+ "execution_environments": {
+ "fields": [
+ "name"
+ ],
+ "adj_list": []
+ },
+ "organizations": {
+ "fields": [
+ "name"
+ ],
+ "adj_list": []
+ },
+ "teams": {
+ "fields": [
+ "name"
+ ],
+ "adj_list": [
+ [
+ "organization",
+ "organizations"
+ ]
+ ]
+ },
+ "credential_types": {
+ "fields": [
+ "name",
+ "kind"
+ ],
+ "adj_list": []
+ },
+ "credentials": {
+ "fields": [
+ "name"
+ ],
+ "adj_list": [
+ [
+ "credential_type",
+ "credential_types"
+ ],
+ [
+ "organization",
+ "organizations"
+ ]
+ ]
+ },
+ "notification_templates": {
+ "fields": [
+ "name"
+ ],
+ "adj_list": [
+ [
+ "organization",
+ "organizations"
+ ]
+ ]
+ },
+ "job_templates": {
+ "fields": [
+ "name"
+ ],
+ "adj_list": [
+ [
+ "organization",
+ "organizations"
+ ]
+ ]
+ },
+ "projects": {
+ "fields": [
+ "name"
+ ],
+ "adj_list": [
+ [
+ "organization",
+ "organizations"
+ ]
+ ]
+ },
+ "inventories": {
+ "fields": [
+ "name"
+ ],
+ "adj_list": [
+ [
+ "organization",
+ "organizations"
+ ]
+ ]
+ },
+ "hosts": {
+ "fields": [
+ "name"
+ ],
+ "adj_list": [
+ [
+ "inventory",
+ "inventories"
+ ]
+ ]
+ },
+ "groups": {
+ "fields": [
+ "name"
+ ],
+ "adj_list": [
+ [
+ "inventory",
+ "inventories"
+ ]
+ ]
+ },
+ "inventory_sources": {
+ "fields": [
+ "name"
+ ],
+ "adj_list": [
+ [
+ "inventory",
+ "inventories"
+ ]
+ ]
+ },
+ "instance_groups": {
+ "fields": [
+ "name"
+ ],
+ "adj_list": []
+ },
+ "workflow_job_templates": {
+ "fields": [
+ "name"
+ ],
+ "adj_list": [
+ [
+ "organization",
+ "organizations"
+ ]
+ ]
+ },
+ "workflow_job_template_nodes": {
+ "fields": [
+ "identifier"
+ ],
+ "adj_list": [
+ [
+ "workflow_job_template",
+ "workflow_job_templates"
+ ]
+ ]
+ },
+ "labels": {
+ "fields": [
+ "name"
+ ],
+ "adj_list": [
+ [
+ "organization",
+ "organizations"
+ ]
+ ]
+ },
+ "applications": {
+ "fields": [
+ "name"
+ ],
+ "adj_list": [
+ [
+ "organization",
+ "organizations"
+ ]
+ ]
+ },
+ "users": {
+ "fields": [
+ "username"
+ ],
+ "adj_list": []
+ },
+ "instances": {
+ "fields": [
+ "hostname"
+ ],
+ "adj_list": []
+ }
+ }
+}
\ No newline at end of file
diff --git a/awx/ui/src/screens/Setting/shared/data.jobSettings.json b/awx/ui/src/screens/Setting/shared/data.jobSettings.json
index 6c001cca3f..713727717a 100644
--- a/awx/ui/src/screens/Setting/shared/data.jobSettings.json
+++ b/awx/ui/src/screens/Setting/shared/data.jobSettings.json
@@ -1,4 +1,3 @@
-
{
"AD_HOC_COMMANDS": [
"command"
@@ -7,6 +6,7 @@
"AWX_ISOLATION_BASE_PATH": "/tmp",
"AWX_ISOLATION_SHOW_PATHS": [],
"AWX_TASK_ENV": {},
+ "AWX_RUNNER_KEEPALIVE_SECONDS": 0,
"GALAXY_TASK_ENV": {
"ANSIBLE_FORCE_COLOR": "false",
"GIT_SSH_COMMAND": "ssh -o StrictHostKeyChecking=no"
@@ -15,11 +15,12 @@
"AWX_ROLES_ENABLED": true,
"AWX_COLLECTIONS_ENABLED": true,
"AWX_SHOW_PLAYBOOK_LINKS": false,
+ "AWX_MOUNT_ISOLATED_PATHS_ON_K8S": false,
"GALAXY_IGNORE_CERTS": false,
"STDOUT_MAX_BYTES_DISPLAY": 1048576,
"EVENT_STDOUT_MAX_BYTES_DISPLAY": 1024,
+ "MAX_WEBSOCKET_EVENT_RATE": 30,
"SCHEDULE_MAX_JOBS": 10,
- "AWX_RUNNER_KEEPALIVE_SECONDS": 0,
"AWX_ANSIBLE_CALLBACK_PLUGINS": [],
"DEFAULT_JOB_TIMEOUT": 0,
"DEFAULT_JOB_IDLE_TIMEOUT": 0,
@@ -27,5 +28,8 @@
"DEFAULT_PROJECT_UPDATE_TIMEOUT": 0,
"ANSIBLE_FACT_CACHE_TIMEOUT": 0,
"MAX_FORKS": 200,
- "AWX_MOUNT_ISOLATED_PATHS_ON_K8S": false
-}
+ "DEFAULT_CONTAINER_RUN_OPTIONS": [
+ "--network",
+ "slirp4netns:enable_ipv6=true"
+ ]
+}
\ No newline at end of file