repository.config module

Flask configuration.

Docstrings are from the Flask configuration documentation.

repository.config.APPLICATION_ROOT = '/'

Path where application is deployed.

repository.config.AUTH_UPDATED_SESSION_REF = False

Authn/z info is at request.session instead of request.auth.

See `https://arxiv-org.atlassian.net/browse/ARXIVNG-2186`_.

repository.config.AWS_ACCESS_KEY_ID = 'nope'

Access key for requests to AWS services.

If VAULT_ENABLED is True, this will be overwritten.

repository.config.AWS_REGION = 'us-east-1'

Default region for calling AWS services.

repository.config.AWS_SECRET_ACCESS_KEY = 'nope'

Secret auth key for requests to AWS services.

If VAULT_ENABLED is True, this will be overwritten.

repository.config.CSRF_SECRET = 'csrfbarsecret'

Secret used for generating CSRF tokens.

repository.config.DEBUG = False

enable/disable debug mode

repository.config.ENABLE_CALLBACKS = True

Enable/disable the Event.bind() feature.

repository.config.JWT_SECRET = None

Secret key for signing + verifying authentication JWTs.

repository.config.KUBE_TOKEN = 'fookubetoken'

Service account token for authenticating with Vault. May be a file path.

repository.config.LOGGER_HANDLER_POLICY = 'debug'

the policy of the default logging handler. The default is ‘always’ which means that the default logging handler is always active. ‘debug’ will only activate logging in debug mode, ‘production’ will only log in production and ‘never’ disables it entirely.

repository.config.LOGGER_NAME = 'search'

The name of the logger.

repository.config.LOGLEVEL = 20

Logging verbosity.

See `https://docs.python.org/3/library/logging.html#levels`_.

repository.config.NAMESPACE = None

Namespace in which this service is deployed; to qualify keys for secrets.

repository.config.PRESERVE_CONTEXT_ON_EXCEPTION = None

By default if the application is in debug mode the request context is not popped on exceptions to enable debuggers to introspect the data. This can be disabled by this key. You can also use this setting to force-enable it for non debug execution which might be useful to debug production applications (but also very risky).

repository.config.PROPAGATE_EXCEPTIONS = None

explicitly enable or disable the propagation of exceptions. If not set or explicitly set to None this is implicitly true if either TESTING or DEBUG is true.

repository.config.S3_BUCKET = 'canonical-None'

Bucket for storing compilation products and logs.

repository.config.S3_ENDPOINT = None

AWS S3 endpoint. Default is None (use the “real” S3 service).

repository.config.S3_VERIFY = True

Enable/disable TLS certificate verification for S3.

repository.config.SECRET_KEY = 'fooflasksecret'

Flask secret key.

repository.config.SERVER_NAME = None

the name and port number of the server. Required for subdomain support (e.g.: ‘myapp.dev:5000’) Note that localhost does not support subdomains so setting this to ‘localhost’ does not help. Setting a SERVER_NAME also by default enables URL generation without a request context but with an application context.

repository.config.SESSION_COOKIE_NAME = 'submission_ui_session'

Cookie used to store submission-related information.

repository.config.TESTING = False

enable/disable testing mode

repository.config.URLS = []

URLs for external services, for use with flask.url_for(). This subset of URLs is common only within submit, for now - maybe move to base if these pages seem relevant to other services.

For details, see arxiv.base.urls.

repository.config.USE_X_SENDFILE = False

Enable/disable x-sendfile

repository.config.VAULT_CERT = None

Path to CA certificate for TLS verification when talking to Vault.

repository.config.VAULT_ENABLED = False

Enable/disable secret retrieval from Vault.

repository.config.VAULT_HOST = 'foovaulthost'

Vault hostname/address.

repository.config.VAULT_PORT = '1234'

Vault API port.

repository.config.VAULT_REQUESTS = [{'type': 'generic', 'name': 'JWT_SECRET', 'mount_point': 'secret-None/', 'path': 'jwt', 'key': 'jwt-secret', 'minimum_ttl': 3600}, {'type': 'aws', 'name': 'AWS_S3_CREDENTIAL', 'mount_point': 'aws-None/', 'role': None}, {'type': 'generic', 'name': 'SQLALCHEMY_DATABASE_URI', 'mount_point': 'secret-None/', 'path': 'beta-mysql', 'key': 'uri', 'minimum_ttl': 360000}]

Requests for Vault secrets.

repository.config.VAULT_ROLE = 'submission-ui'

Vault role linked to this application’s service account.

repository.config.VAULT_SCHEME = 'https'

Default is https.

repository.config.WAIT_FOR_SERVICES = False

Disable/enable waiting for upstream services to be available on startup.

repository.config.WAIT_ON_STARTUP = 0

Number of seconds to wait before checking upstream services on startup.