charm-k8s-discourse

Merge ~jk0ne/charm-k8s-discourse/+git/charm-k8s-discourse:master into charm-k8s-discourse:master

  1. Git
  2. lp:~jk0ne/charm-k8s-discourse/+git/charm-k8s-discourse
  3. master
  4. Merge into master
Proposed by Tom Haddon
Status: Merged
Approved by: Jay Kuri
Approved revision: e648d98bc23255156969219d042db61670e4436d
Merged at revision: f809f08bbf133cd8536e7a2bd1dd4bf3ce84f29c
Proposed branch: ~jk0ne/charm-k8s-discourse/+git/charm-k8s-discourse:master
Merge into: charm-k8s-discourse:master
Diff against target: 438 lines (+166/-52)
13 files modified
Makefile (+1/-1)
config.yaml (+13/-1)
dev/null (+0/-22)
image/Dockerfile (+2/-6)
image/scripts/pod_setup (+0/-6)
src/charm.py (+62/-4)
tests/unit/fixtures/config_invalid_bad_throttle_mode.yaml (+25/-0)
tests/unit/fixtures/config_invalid_missing_cors.yaml (+4/-0)
tests/unit/fixtures/config_invalid_missing_db_name.yaml (+4/-0)
tests/unit/fixtures/config_valid_complete.yaml (+15/-4)
tests/unit/fixtures/config_valid_with_tls.yaml (+19/-4)
tests/unit/fixtures/config_valid_without_tls.yaml (+20/-4)
tests/unit/test_charm.py (+1/-0)
Reviewer Review Type Date Requested Status
Tom Haddon Approve
Jay Kuri (community) Needs Resubmitting
Review via email: mp+397553@code.launchpad.net

Commit message

Release with environment based config and throttle features for bug #1910977

To post a comment you must log in.
Revision history for this message
Tom Haddon (mthaddon) wrote :

Some minor comments inline.

Revision history for this message
Tom Haddon (mthaddon) wrote :

Just a note (for myself as much as for you!) that we'll want to update https://charmhub.io/discourse/docs/authentication once this lands.

Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Unable to determine commit message from repository - please click "Set commit message" and enter the commit message manually.

Revision history for this message
Jay Kuri (jk0ne) wrote :

Updated and test deployed. Ready for actual review.

review: Needs Resubmitting
Revision history for this message
Tom Haddon (mthaddon) wrote :

Two very minor comments, but otherwise looks good. Thanks.

review: Approve
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change has no commit message, setting status to needs review.

Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision f809f08bbf133cd8536e7a2bd1dd4bf3ce84f29c

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/Makefile b/Makefile
2index 440712e..7d64ce6 100644
3--- a/Makefile
4+++ b/Makefile
5@@ -1,4 +1,4 @@
6-DISCOURSE_VERSION ?= v2.5.2
7+DISCOURSE_VERSION ?= v2.6.1
8 IMAGE_VERSION ?= $(DISCOURSE_VERSION)
9 IMAGE_NAME ?=discourse
10
11diff --git a/config.yaml b/config.yaml
12index b4609b1..8b78d10 100644
13--- a/config.yaml
14+++ b/config.yaml
15@@ -2,7 +2,7 @@ options:
16 discourse_image:
17 type: string
18 description: "Discourse image to use"
19- default: "discoursecharmers/discourse:v2.6.0"
20+ default: "discoursecharmers/discourse:v2.6.1"
21 image_user:
22 type: string
23 description: "Private registry username"
24@@ -67,3 +67,15 @@ options:
25 type: string
26 description: "The name of the K8s secret to be associated with the ingress resource."
27 default: ""
28+ throttle_level:
29+ type: string
30+ description: "Throttle level - blocks excessive usage by ip. Valid values: none, permissive, strict"
31+ default: none
32+ saml_target_url:
33+ type: string
34+ description: "SAML authentication target url"
35+ default: ""
36+ force_saml_login:
37+ type: boolean
38+ description: "Force saml login (full screen, no local database logins)"
39+ default: false
40diff --git a/image/Dockerfile b/image/Dockerfile
41index 6f84b22..15ac1dc 100644
42--- a/image/Dockerfile
43+++ b/image/Dockerfile
44@@ -15,11 +15,11 @@ ARG CONTAINER_APP_GROUP
45 ARG CONTAINER_APP_GID
46
47 # Used in Launchpad OCI Recipe build to tag the image.
48-LABEL org.label-schema.version=${CONTAINER_APP_VERSION:-v2.5.2}
49+LABEL org.label-schema.version=${CONTAINER_APP_VERSION:-v2.6.1}
50
51 # Copy any args we got into the environment.
52 ENV CONTAINER_APP_NAME ${CONTAINER_APP_NAME:-discourse}
53-ENV CONTAINER_APP_VERSION ${CONTAINER_APP_VERSION:-v2.5.2}
54+ENV CONTAINER_APP_VERSION ${CONTAINER_APP_VERSION:-v2.6.1}
55 ENV CONTAINER_APP_USERNAME ${CONTAINER_APP_USERNAME:-discourse}
56 ENV CONTAINER_APP_UID ${CONTAINER_APP_UID:-200}
57 ENV CONTAINER_APP_GROUP ${CONTAINER_APP_GROUP:-discourse}
58@@ -77,10 +77,6 @@ RUN cd ${CONTAINER_APP_ROOT}/app/plugins && git clone https://github.com/canonic
59 RUN chown -R ${CONTAINER_APP_USERNAME}:${CONTAINER_APP_GROUP} ${CONTAINER_APP_ROOT}/app/plugins
60 RUN cd ${CONTAINER_APP_ROOT}/app && su -s /bin/bash -c 'bin/bundle install' ${CONTAINER_APP_USERNAME}
61
62-RUN echo "saml_target_url = https://login.ubuntu.com/+saml" >> /srv/scripts/assets/discourse.conf.tmpl
63-RUN echo "saml_cert_fingerprint = 32:15:20:9F:A4:3C:8E:3E:8E:47:72:62:9A:86:8D:0E:E6:CF:45:D5" >> /srv/scripts/assets/discourse.conf.tmpl
64-RUN echo "saml_full_screen_login = true" >> /srv/scripts/assets/discourse.conf.tmpl
65-
66 RUN echo "markdown-saml image complete"
67
68 # Build the final image based on the IMAGE_TYPE specified.
69diff --git a/image/scripts/assets/discourse.conf.tmpl b/image/scripts/assets/discourse.conf.tmpl
70deleted file mode 100644
71index 09958ce..0000000
72--- a/image/scripts/assets/discourse.conf.tmpl
73+++ /dev/null
74@@ -1,22 +0,0 @@
75-hostname = $DISCOURSE_HOSTNAME
76-developer_emails = $DISCOURSE_DEVELOPER_EMAILS
77-serve_static_assets = true
78-db_host = $DISCOURSE_POSTGRES_HOST
79-db_username = $DISCOURSE_POSTGRES_USERNAME
80-db_password = $DISCOURSE_POSTGRES_PASSWORD
81-db_name = $DISCOURSE_POSTGRES_DB_NAME
82-smtp_domain = $DISCOURSE_SMTP_DOMAIN
83-smtp_address = $DISCOURSE_SMTP_ADDRESS
84-smtp_port = $DISCOURSE_SMTP_PORT
85-smtp_openssl_verify_mode = $DISCOURSE_SMTP_OPENSSL_VERIFY_MODE
86-smtp_user_name = $DISCOURSE_SMTP_USER_NAME
87-smtp_password = $DISCOURSE_SMTP_PASSWORD
88-smtp_authentication = $DISCOURSE_SMTP_AUTHENTICATION
89-enable_cors = $DISCOURSE_ENABLE_CORS
90-cors_origin = $DISCOURSE_CORS_ORIGIN
91-saml_target_url = $DISCOURSE_SAML_TARGET_URL
92-saml_cert_fingerprint = $DISCOURSE_CERT_FINGERPRINT
93-saml_full_screen_login = $DISCOURSE_FULL_SCREEN_LOGIN
94-refresh_maxmind_db_during_precompile_days = 0
95-redis_host = $DISCOURSE_REDIS_HOST
96-redis_port = $DISCOURSE_REDIS_PORT
97diff --git a/image/scripts/pod_setup b/image/scripts/pod_setup
98index 9e4e08a..d716174 100755
99--- a/image/scripts/pod_setup
100+++ b/image/scripts/pod_setup
101@@ -2,14 +2,8 @@
102
103 cd ${CONTAINER_APP_ROOT}/app
104
105-DISCOURSE_CONF=${CONTAINER_APP_ROOT}/app/config/discourse.conf
106-
107 export RAILS_ENV=${DISCOURSE_RAILS_ENVIRONMENT:-production}
108
109-# Generate our discourse.conf: Load config file and remove any lines we don't
110-# have config values for.
111-/usr/bin/envsubst < /srv/scripts/assets/discourse.conf.tmpl | grep -vE '= *$' > $DISCOURSE_CONF
112-
113 ### MIGRATION LOCK WORKAROUND STARTS HERE
114 #
115 # Try to get an exclusive lock via redis prior to migration so that we don't
116diff --git a/src/charm.py b/src/charm.py
117index bb5c4f6..1e5885b 100755
118--- a/src/charm.py
119+++ b/src/charm.py
120@@ -12,15 +12,37 @@ from ops.model import ActiveStatus, BlockedStatus, MaintenanceStatus, WaitingSta
121
122 pgsql = ops.lib.use("pgsql", 1, "postgresql-charmers@lists.launchpad.net")
123
124+THROTTLE_LEVELS = {
125+ "none": {'DISCOURSE_MAX_REQS_PER_IP_MODE': 'none', 'DISCOURSE_MAX_REQS_RATE_LIMIT_ON_PRIVATE': 'false'},
126+ "permissive": {
127+ 'DISCOURSE_MAX_REQS_PER_IP_MODE': 'warn+block',
128+ 'DISCOURSE_MAX_REQS_PER_IP_PER_MINUTE': 1000,
129+ 'DISCOURSE_MAX_REQS_PER_IP_PER_10_SECONDS': 100,
130+ 'DISCOURSE_MAX_USER_API_REQS_PER_MINUTE': 400,
131+ 'DISCOURSE_MAX_ASSET_REQS_PER_IP_PER_10_SECONDS': 400,
132+ 'DISCOURSE_MAX_REQS_RATE_LIMIT_ON_PRIVATE': 'false',
133+ },
134+ "strict": {
135+ 'DISCOURSE_MAX_REQS_PER_IP_MODE': 'block',
136+ 'DISCOURSE_MAX_REQS_PER_IP_PER_MINUTE': 200,
137+ 'DISCOURSE_MAX_REQS_PER_IP_PER_10_SECONDS': 50,
138+ 'DISCOURSE_MAX_USER_API_REQS_PER_MINUTE': 100,
139+ 'DISCOURSE_MAX_ASSET_REQS_PER_IP_PER_10_SECONDS': 200,
140+ 'DISCOURSE_MAX_REQS_RATE_LIMIT_ON_PRIVATE': 'false',
141+ },
142+}
143+
144
145 def create_discourse_pod_config(config):
146 """Create the pod environment config from the juju config."""
147+
148 pod_config = {
149- 'DISCOURSE_POSTGRES_USERNAME': config['db_user'],
150- 'DISCOURSE_POSTGRES_PASSWORD': config['db_password'],
151- 'DISCOURSE_POSTGRES_HOST': config['db_host'],
152- 'DISCOURSE_POSTGRES_NAME': config['db_name'],
153+ 'DISCOURSE_DB_USERNAME': config['db_user'],
154+ 'DISCOURSE_DB_PASSWORD': config['db_password'],
155+ 'DISCOURSE_DB_HOST': config['db_host'],
156+ 'DISCOURSE_DB_NAME': config['db_name'],
157 'DISCOURSE_DEVELOPER_EMAILS': config['developer_emails'],
158+ 'DISCOURSE_SERVE_STATIC_ASSETS': "true",
159 'DISCOURSE_HOSTNAME': config['external_hostname'],
160 'DISCOURSE_SMTP_DOMAIN': config['smtp_domain'],
161 'DISCOURSE_SMTP_ADDRESS': config['smtp_address'],
162@@ -30,12 +52,42 @@ def create_discourse_pod_config(config):
163 'DISCOURSE_SMTP_USER_NAME': config['smtp_username'],
164 'DISCOURSE_SMTP_PASSWORD': config['smtp_password'],
165 'DISCOURSE_REDIS_HOST': config['redis_host'],
166+ 'DISCOURSE_REDIS_PORT': 6379,
167 'DISCOURSE_ENABLE_CORS': config['enable_cors'],
168 'DISCOURSE_CORS_ORIGIN': config['cors_origin'],
169+ 'DISCOURSE_REFRESH_MAXMIND_DB_DURING_PRECOMPILE_DAYS': "0",
170 }
171+
172+ saml_config = get_saml_config(config)
173+ for key in saml_config:
174+ pod_config[key] = saml_config[key]
175+
176+ if THROTTLE_LEVELS.get(config['throttle_level']):
177+ for key in THROTTLE_LEVELS[config['throttle_level']]:
178+ pod_config[key] = THROTTLE_LEVELS[config['throttle_level']][key]
179+ else:
180+ for key in THROTTLE_LEVELS['none']:
181+ pod_config[key] = THROTTLE_LEVELS['none'][key]
182+
183 return pod_config
184
185
186+def get_saml_config(config):
187+ saml_fingerprints = {
188+ 'https://login.ubuntu.com/+saml': '32:15:20:9F:A4:3C:8E:3E:8E:47:72:62:9A:86:8D:0E:E6:CF:45:D5'
189+ }
190+ saml_config = {}
191+
192+ if config.get('saml_target_url'):
193+ saml_config['DISCOURSE_SAML_TARGET_URL'] = config['saml_target_url']
194+ saml_config['DISCOURSE_SAML_FULL_SCREEN_LOGIN'] = "true" if config['force_saml_login'] else "false"
195+ fingerprint = saml_fingerprints.get(config['saml_target_url'])
196+ if fingerprint:
197+ saml_config['DISCOURSE_SAML_CERT_FINGERPRINT'] = fingerprint
198+
199+ return saml_config
200+
201+
202 def create_ingress_config(app_name, config):
203 """Create the ingress config form the juju config."""
204 annotations = {}
205@@ -113,6 +165,12 @@ def check_for_config_problems(config):
206 if missing_fields:
207 errors.append('Required configuration missing: {}'.format(" ".join(missing_fields)))
208
209+ if not THROTTLE_LEVELS.get(config['throttle_level']):
210+ errors.append('throttle_level must be one of: ' + ' '.join(THROTTLE_LEVELS.keys()))
211+
212+ if config['force_saml_login'] and config['saml_target_url'] == '':
213+ errors.append('force_saml_login can not be true without a saml_target_url')
214+
215 return errors
216
217
218diff --git a/tests/unit/fixtures/config_invalid_bad_throttle_mode.yaml b/tests/unit/fixtures/config_invalid_bad_throttle_mode.yaml
219new file mode 100644
220index 0000000..46d7ee6
221--- /dev/null
222+++ b/tests/unit/fixtures/config_invalid_bad_throttle_mode.yaml
223@@ -0,0 +1,25 @@
224+config:
225+ cors_origin: '*'
226+ db_host: 10.9.89.237
227+ db_name: discourse
228+ db_password: a_real_password
229+ db_user: discourse_m
230+ developer_emails: some.person@example.com
231+ discourse_image: discourse-k8s:1.0.7f
232+ enable_cors: true
233+ external_hostname: discourse.local
234+ image_pass: ''
235+ image_user: ''
236+ redis_host: 10.9.89.197
237+ smtp_address: 167.89.123.58
238+ smtp_authentication: login
239+ smtp_domain: example.com
240+ smtp_openssl_verify_mode: none
241+ smtp_password: OBV10USLYF4K3
242+ smtp_port: 587
243+ smtp_username: apikey
244+ tls_secret_name: discourse_local
245+ saml_target_url: https://login.ubuntu.com/+saml
246+ force_saml_login: true
247+ throttle_level: scream
248+missing_fields: []
249diff --git a/tests/unit/fixtures/config_invalid_missing_cors.yaml b/tests/unit/fixtures/config_invalid_missing_cors.yaml
250index da4a5c8..d135c3f 100644
251--- a/tests/unit/fixtures/config_invalid_missing_cors.yaml
252+++ b/tests/unit/fixtures/config_invalid_missing_cors.yaml
253@@ -9,6 +9,7 @@ config:
254 image_pass: ''
255 image_user: ''
256 redis_host: 10.9.89.197
257+ redis_port: 6379
258 smtp_address: 167.89.123.58
259 smtp_authentication: login
260 smtp_domain: example.com
261@@ -16,5 +17,8 @@ config:
262 smtp_password: OBV10USLYF4K3
263 smtp_port: 587
264 smtp_username: apikey
265+ saml_target_url: https://login.ubuntu.com/+saml
266+ force_saml_login: true
267+ throttle_level: none
268 missing_fields:
269 - 'cors_origin'
270diff --git a/tests/unit/fixtures/config_invalid_missing_db_name.yaml b/tests/unit/fixtures/config_invalid_missing_db_name.yaml
271index 0e2ea39..865ae83 100644
272--- a/tests/unit/fixtures/config_invalid_missing_db_name.yaml
273+++ b/tests/unit/fixtures/config_invalid_missing_db_name.yaml
274@@ -7,6 +7,7 @@ config:
275 image_pass: ''
276 image_user: ''
277 redis_host: 10.9.89.197
278+ redis_port: 6379
279 smtp_address: 167.89.123.58
280 smtp_authentication: login
281 smtp_domain: example.com
282@@ -14,5 +15,8 @@ config:
283 smtp_password: OBV10USLYF4K3
284 smtp_port: 587
285 smtp_username: apikey
286+ saml_target_url: https://login.ubuntu.com/+saml
287+ force_saml_login: true
288+ throttle_level: none
289 missing_fields:
290 - 'db_name'
291diff --git a/tests/unit/fixtures/config_valid_complete.yaml b/tests/unit/fixtures/config_valid_complete.yaml
292index 28e7367..7c7299d 100644
293--- a/tests/unit/fixtures/config_valid_complete.yaml
294+++ b/tests/unit/fixtures/config_valid_complete.yaml
295@@ -19,16 +19,20 @@ config:
296 smtp_port: 587
297 smtp_username: apikey
298 tls_secret_name: discourse_local
299+ saml_target_url: https://login.ubuntu.com/+saml
300+ force_saml_login: true
301+ throttle_level: none
302 pod_config:
303 DISCOURSE_CORS_ORIGIN: '*'
304 DISCOURSE_DEVELOPER_EMAILS: some.person@example.com
305 DISCOURSE_ENABLE_CORS: true
306 DISCOURSE_HOSTNAME: discourse.local
307- DISCOURSE_POSTGRES_HOST: 10.9.89.237
308- DISCOURSE_POSTGRES_NAME: discourse
309- DISCOURSE_POSTGRES_PASSWORD: a_real_password
310- DISCOURSE_POSTGRES_USERNAME: discourse_m
311+ DISCOURSE_DB_HOST: 10.9.89.237
312+ DISCOURSE_DB_NAME: discourse
313+ DISCOURSE_DB_PASSWORD: a_real_password
314+ DISCOURSE_DB_USERNAME: discourse_m
315 DISCOURSE_REDIS_HOST: 10.9.89.197
316+ DISCOURSE_REDIS_PORT: 6379
317 DISCOURSE_SMTP_ADDRESS: 167.89.123.58
318 DISCOURSE_SMTP_AUTHENTICATION: login
319 DISCOURSE_SMTP_DOMAIN: example.com
320@@ -36,3 +40,10 @@ pod_config:
321 DISCOURSE_SMTP_PASSWORD: OBV10USLYF4K3
322 DISCOURSE_SMTP_PORT: 587
323 DISCOURSE_SMTP_USER_NAME: apikey
324+ DISCOURSE_REFRESH_MAXMIND_DB_DURING_PRECOMPILE_DAYS: '0'
325+ DISCOURSE_SERVE_STATIC_ASSETS: 'true'
326+ DISCOURSE_SAML_TARGET_URL: https://login.ubuntu.com/+saml
327+ DISCOURSE_SAML_FULL_SCREEN_LOGIN: "true"
328+ DISCOURSE_SAML_CERT_FINGERPRINT: 32:15:20:9F:A4:3C:8E:3E:8E:47:72:62:9A:86:8D:0E:E6:CF:45:D5
329+ DISCOURSE_MAX_REQS_PER_IP_MODE: "none"
330+ DISCOURSE_MAX_REQS_RATE_LIMIT_ON_PRIVATE: "false"
331diff --git a/tests/unit/fixtures/config_valid_with_tls.yaml b/tests/unit/fixtures/config_valid_with_tls.yaml
332index fa19ce1..8e9e225 100644
333--- a/tests/unit/fixtures/config_valid_with_tls.yaml
334+++ b/tests/unit/fixtures/config_valid_with_tls.yaml
335@@ -19,16 +19,20 @@ config:
336 smtp_port: 587
337 smtp_username: apikey
338 tls_secret_name: discourse-local
339+ saml_target_url: https://login.ubuntu.com/+saml
340+ force_saml_login: true
341+ throttle_level: permissive
342 pod_config:
343 DISCOURSE_CORS_ORIGIN: '*'
344 DISCOURSE_DEVELOPER_EMAILS: some.person@example.com
345 DISCOURSE_ENABLE_CORS: true
346 DISCOURSE_HOSTNAME: discourse.local
347- DISCOURSE_POSTGRES_HOST: 10.9.89.237
348- DISCOURSE_POSTGRES_NAME: discourse
349- DISCOURSE_POSTGRES_PASSWORD: a_real_password
350- DISCOURSE_POSTGRES_USERNAME: discourse_m
351+ DISCOURSE_DB_HOST: 10.9.89.237
352+ DISCOURSE_DB_NAME: discourse
353+ DISCOURSE_DB_PASSWORD: a_real_password
354+ DISCOURSE_DB_USERNAME: discourse_m
355 DISCOURSE_REDIS_HOST: 10.9.89.197
356+ DISCOURSE_REDIS_PORT: 6379
357 DISCOURSE_SMTP_ADDRESS: 167.89.123.58
358 DISCOURSE_SMTP_AUTHENTICATION: login
359 DISCOURSE_SMTP_DOMAIN: example.com
360@@ -36,3 +40,14 @@ pod_config:
361 DISCOURSE_SMTP_PASSWORD: OBV10USLYF4K3
362 DISCOURSE_SMTP_PORT: 587
363 DISCOURSE_SMTP_USER_NAME: apikey
364+ DISCOURSE_REFRESH_MAXMIND_DB_DURING_PRECOMPILE_DAYS: '0'
365+ DISCOURSE_SERVE_STATIC_ASSETS: 'true'
366+ DISCOURSE_SAML_TARGET_URL: https://login.ubuntu.com/+saml
367+ DISCOURSE_SAML_FULL_SCREEN_LOGIN: "true"
368+ DISCOURSE_SAML_CERT_FINGERPRINT: 32:15:20:9F:A4:3C:8E:3E:8E:47:72:62:9A:86:8D:0E:E6:CF:45:D5
369+ DISCOURSE_MAX_REQS_PER_IP_MODE: warn+block
370+ DISCOURSE_MAX_REQS_PER_IP_PER_MINUTE: 1000
371+ DISCOURSE_MAX_REQS_PER_IP_PER_10_SECONDS: 100
372+ DISCOURSE_MAX_USER_API_REQS_PER_MINUTE: 400
373+ DISCOURSE_MAX_ASSET_REQS_PER_IP_PER_10_SECONDS: 400
374+ DISCOURSE_MAX_REQS_RATE_LIMIT_ON_PRIVATE: "false"
375diff --git a/tests/unit/fixtures/config_valid_without_tls.yaml b/tests/unit/fixtures/config_valid_without_tls.yaml
376index 8c440b8..6dff7ab 100644
377--- a/tests/unit/fixtures/config_valid_without_tls.yaml
378+++ b/tests/unit/fixtures/config_valid_without_tls.yaml
379@@ -11,6 +11,7 @@ config:
380 image_pass: ''
381 image_user: ''
382 redis_host: 10.25.242.12
383+ redis_port: 6379
384 smtp_address: smtp.internal
385 smtp_authentication: login
386 smtp_domain: example.com
387@@ -18,16 +19,20 @@ config:
388 smtp_password:
389 smtp_port: 587
390 smtp_username: apikey
391+ saml_target_url: https://login.ubuntu.com/+saml
392+ force_saml_login: false
393+ throttle_level: strict
394 pod_config:
395 DISCOURSE_CORS_ORIGIN: '*'
396 DISCOURSE_DEVELOPER_EMAILS: is-admin@example.com
397 DISCOURSE_ENABLE_CORS: true
398 DISCOURSE_HOSTNAME: discourse.example.com
399- DISCOURSE_POSTGRES_HOST: 10.9.89.237
400- DISCOURSE_POSTGRES_NAME: discourse
401- DISCOURSE_POSTGRES_PASSWORD: a_real_password
402- DISCOURSE_POSTGRES_USERNAME: discourse_m
403+ DISCOURSE_DB_HOST: 10.9.89.237
404+ DISCOURSE_DB_NAME: discourse
405+ DISCOURSE_DB_PASSWORD: a_real_password
406+ DISCOURSE_DB_USERNAME: discourse_m
407 DISCOURSE_REDIS_HOST: 10.25.242.12
408+ DISCOURSE_REDIS_PORT: 6379
409 DISCOURSE_SMTP_ADDRESS: smtp.internal
410 DISCOURSE_SMTP_AUTHENTICATION: login
411 DISCOURSE_SMTP_DOMAIN: example.com
412@@ -35,3 +40,14 @@ pod_config:
413 DISCOURSE_SMTP_PASSWORD: null
414 DISCOURSE_SMTP_PORT: 587
415 DISCOURSE_SMTP_USER_NAME: apikey
416+ DISCOURSE_REFRESH_MAXMIND_DB_DURING_PRECOMPILE_DAYS: '0'
417+ DISCOURSE_SERVE_STATIC_ASSETS: 'true'
418+ DISCOURSE_SAML_TARGET_URL: https://login.ubuntu.com/+saml
419+ DISCOURSE_SAML_FULL_SCREEN_LOGIN: "false"
420+ DISCOURSE_SAML_CERT_FINGERPRINT: 32:15:20:9F:A4:3C:8E:3E:8E:47:72:62:9A:86:8D:0E:E6:CF:45:D5
421+ DISCOURSE_MAX_REQS_PER_IP_MODE: block
422+ DISCOURSE_MAX_REQS_PER_IP_PER_MINUTE: 200
423+ DISCOURSE_MAX_REQS_PER_IP_PER_10_SECONDS: 50
424+ DISCOURSE_MAX_USER_API_REQS_PER_MINUTE: 100
425+ DISCOURSE_MAX_ASSET_REQS_PER_IP_PER_10_SECONDS: 200
426+ DISCOURSE_MAX_REQS_RATE_LIMIT_ON_PRIVATE: "false"
427diff --git a/tests/unit/test_charm.py b/tests/unit/test_charm.py
428index 08794e6..0acd7a1 100644
429--- a/tests/unit/test_charm.py
430+++ b/tests/unit/test_charm.py
431@@ -47,6 +47,7 @@ class TestDiscourseK8sCharmHooksDisabled(unittest.TestCase):
432 self.harness.disable_hooks()
433 self.harness.set_leader(True)
434 self.harness.begin()
435+ self.maxDiff = None
436 self.configs = load_configs(os.path.join(os.path.dirname(__file__), 'fixtures'))
437
438 def test_valid_configs_are_ok(self):

Subscribers

People subscribed via source and target branches