Merge ~jk0ne/charm-k8s-discourse/+git/charm-k8s-discourse:master into charm-k8s-discourse:master
- Git
- lp:~jk0ne/charm-k8s-discourse/+git/charm-k8s-discourse
- master
- Merge into master
Proposed by
Tom Haddon
Status: | Merged | ||||
---|---|---|---|---|---|
Approved by: | Jay Kuri | ||||
Approved revision: | e648d98bc23255156969219d042db61670e4436d | ||||
Merged at revision: | f809f08bbf133cd8536e7a2bd1dd4bf3ce84f29c | ||||
Proposed branch: | ~jk0ne/charm-k8s-discourse/+git/charm-k8s-discourse:master | ||||
Merge into: | charm-k8s-discourse:master | ||||
Diff against target: |
438 lines (+166/-52) 13 files modified
Makefile (+1/-1) config.yaml (+13/-1) dev/null (+0/-22) image/Dockerfile (+2/-6) image/scripts/pod_setup (+0/-6) src/charm.py (+62/-4) tests/unit/fixtures/config_invalid_bad_throttle_mode.yaml (+25/-0) tests/unit/fixtures/config_invalid_missing_cors.yaml (+4/-0) tests/unit/fixtures/config_invalid_missing_db_name.yaml (+4/-0) tests/unit/fixtures/config_valid_complete.yaml (+15/-4) tests/unit/fixtures/config_valid_with_tls.yaml (+19/-4) tests/unit/fixtures/config_valid_without_tls.yaml (+20/-4) tests/unit/test_charm.py (+1/-0) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Tom Haddon | Approve | ||
Jay Kuri (community) | Needs Resubmitting | ||
Review via email: mp+397553@code.launchpad.net |
Commit message
Release with environment based config and throttle features for bug #1910977
Description of the change
To post a comment you must log in.
Revision history for this message
Tom Haddon (mthaddon) wrote : | # |
Revision history for this message
Tom Haddon (mthaddon) wrote : | # |
Just a note (for myself as much as for you!) that we'll want to update https:/
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote : | # |
This merge proposal is being monitored by mergebot. Change the status to Approved to merge.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote : | # |
Unable to determine commit message from repository - please click "Set commit message" and enter the commit message manually.
Revision history for this message
Jay Kuri (jk0ne) wrote : | # |
Updated and test deployed. Ready for actual review.
review:
Needs Resubmitting
Revision history for this message
Tom Haddon (mthaddon) wrote : | # |
Two very minor comments, but otherwise looks good. Thanks.
review:
Approve
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote : | # |
Change has no commit message, setting status to needs review.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote : | # |
Change successfully merged at revision f809f08bbf133cd
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | diff --git a/Makefile b/Makefile |
2 | index 440712e..7d64ce6 100644 |
3 | --- a/Makefile |
4 | +++ b/Makefile |
5 | @@ -1,4 +1,4 @@ |
6 | -DISCOURSE_VERSION ?= v2.5.2 |
7 | +DISCOURSE_VERSION ?= v2.6.1 |
8 | IMAGE_VERSION ?= $(DISCOURSE_VERSION) |
9 | IMAGE_NAME ?=discourse |
10 | |
11 | diff --git a/config.yaml b/config.yaml |
12 | index b4609b1..8b78d10 100644 |
13 | --- a/config.yaml |
14 | +++ b/config.yaml |
15 | @@ -2,7 +2,7 @@ options: |
16 | discourse_image: |
17 | type: string |
18 | description: "Discourse image to use" |
19 | - default: "discoursecharmers/discourse:v2.6.0" |
20 | + default: "discoursecharmers/discourse:v2.6.1" |
21 | image_user: |
22 | type: string |
23 | description: "Private registry username" |
24 | @@ -67,3 +67,15 @@ options: |
25 | type: string |
26 | description: "The name of the K8s secret to be associated with the ingress resource." |
27 | default: "" |
28 | + throttle_level: |
29 | + type: string |
30 | + description: "Throttle level - blocks excessive usage by ip. Valid values: none, permissive, strict" |
31 | + default: none |
32 | + saml_target_url: |
33 | + type: string |
34 | + description: "SAML authentication target url" |
35 | + default: "" |
36 | + force_saml_login: |
37 | + type: boolean |
38 | + description: "Force saml login (full screen, no local database logins)" |
39 | + default: false |
40 | diff --git a/image/Dockerfile b/image/Dockerfile |
41 | index 6f84b22..15ac1dc 100644 |
42 | --- a/image/Dockerfile |
43 | +++ b/image/Dockerfile |
44 | @@ -15,11 +15,11 @@ ARG CONTAINER_APP_GROUP |
45 | ARG CONTAINER_APP_GID |
46 | |
47 | # Used in Launchpad OCI Recipe build to tag the image. |
48 | -LABEL org.label-schema.version=${CONTAINER_APP_VERSION:-v2.5.2} |
49 | +LABEL org.label-schema.version=${CONTAINER_APP_VERSION:-v2.6.1} |
50 | |
51 | # Copy any args we got into the environment. |
52 | ENV CONTAINER_APP_NAME ${CONTAINER_APP_NAME:-discourse} |
53 | -ENV CONTAINER_APP_VERSION ${CONTAINER_APP_VERSION:-v2.5.2} |
54 | +ENV CONTAINER_APP_VERSION ${CONTAINER_APP_VERSION:-v2.6.1} |
55 | ENV CONTAINER_APP_USERNAME ${CONTAINER_APP_USERNAME:-discourse} |
56 | ENV CONTAINER_APP_UID ${CONTAINER_APP_UID:-200} |
57 | ENV CONTAINER_APP_GROUP ${CONTAINER_APP_GROUP:-discourse} |
58 | @@ -77,10 +77,6 @@ RUN cd ${CONTAINER_APP_ROOT}/app/plugins && git clone https://github.com/canonic |
59 | RUN chown -R ${CONTAINER_APP_USERNAME}:${CONTAINER_APP_GROUP} ${CONTAINER_APP_ROOT}/app/plugins |
60 | RUN cd ${CONTAINER_APP_ROOT}/app && su -s /bin/bash -c 'bin/bundle install' ${CONTAINER_APP_USERNAME} |
61 | |
62 | -RUN echo "saml_target_url = https://login.ubuntu.com/+saml" >> /srv/scripts/assets/discourse.conf.tmpl |
63 | -RUN echo "saml_cert_fingerprint = 32:15:20:9F:A4:3C:8E:3E:8E:47:72:62:9A:86:8D:0E:E6:CF:45:D5" >> /srv/scripts/assets/discourse.conf.tmpl |
64 | -RUN echo "saml_full_screen_login = true" >> /srv/scripts/assets/discourse.conf.tmpl |
65 | - |
66 | RUN echo "markdown-saml image complete" |
67 | |
68 | # Build the final image based on the IMAGE_TYPE specified. |
69 | diff --git a/image/scripts/assets/discourse.conf.tmpl b/image/scripts/assets/discourse.conf.tmpl |
70 | deleted file mode 100644 |
71 | index 09958ce..0000000 |
72 | --- a/image/scripts/assets/discourse.conf.tmpl |
73 | +++ /dev/null |
74 | @@ -1,22 +0,0 @@ |
75 | -hostname = $DISCOURSE_HOSTNAME |
76 | -developer_emails = $DISCOURSE_DEVELOPER_EMAILS |
77 | -serve_static_assets = true |
78 | -db_host = $DISCOURSE_POSTGRES_HOST |
79 | -db_username = $DISCOURSE_POSTGRES_USERNAME |
80 | -db_password = $DISCOURSE_POSTGRES_PASSWORD |
81 | -db_name = $DISCOURSE_POSTGRES_DB_NAME |
82 | -smtp_domain = $DISCOURSE_SMTP_DOMAIN |
83 | -smtp_address = $DISCOURSE_SMTP_ADDRESS |
84 | -smtp_port = $DISCOURSE_SMTP_PORT |
85 | -smtp_openssl_verify_mode = $DISCOURSE_SMTP_OPENSSL_VERIFY_MODE |
86 | -smtp_user_name = $DISCOURSE_SMTP_USER_NAME |
87 | -smtp_password = $DISCOURSE_SMTP_PASSWORD |
88 | -smtp_authentication = $DISCOURSE_SMTP_AUTHENTICATION |
89 | -enable_cors = $DISCOURSE_ENABLE_CORS |
90 | -cors_origin = $DISCOURSE_CORS_ORIGIN |
91 | -saml_target_url = $DISCOURSE_SAML_TARGET_URL |
92 | -saml_cert_fingerprint = $DISCOURSE_CERT_FINGERPRINT |
93 | -saml_full_screen_login = $DISCOURSE_FULL_SCREEN_LOGIN |
94 | -refresh_maxmind_db_during_precompile_days = 0 |
95 | -redis_host = $DISCOURSE_REDIS_HOST |
96 | -redis_port = $DISCOURSE_REDIS_PORT |
97 | diff --git a/image/scripts/pod_setup b/image/scripts/pod_setup |
98 | index 9e4e08a..d716174 100755 |
99 | --- a/image/scripts/pod_setup |
100 | +++ b/image/scripts/pod_setup |
101 | @@ -2,14 +2,8 @@ |
102 | |
103 | cd ${CONTAINER_APP_ROOT}/app |
104 | |
105 | -DISCOURSE_CONF=${CONTAINER_APP_ROOT}/app/config/discourse.conf |
106 | - |
107 | export RAILS_ENV=${DISCOURSE_RAILS_ENVIRONMENT:-production} |
108 | |
109 | -# Generate our discourse.conf: Load config file and remove any lines we don't |
110 | -# have config values for. |
111 | -/usr/bin/envsubst < /srv/scripts/assets/discourse.conf.tmpl | grep -vE '= *$' > $DISCOURSE_CONF |
112 | - |
113 | ### MIGRATION LOCK WORKAROUND STARTS HERE |
114 | # |
115 | # Try to get an exclusive lock via redis prior to migration so that we don't |
116 | diff --git a/src/charm.py b/src/charm.py |
117 | index bb5c4f6..1e5885b 100755 |
118 | --- a/src/charm.py |
119 | +++ b/src/charm.py |
120 | @@ -12,15 +12,37 @@ from ops.model import ActiveStatus, BlockedStatus, MaintenanceStatus, WaitingSta |
121 | |
122 | pgsql = ops.lib.use("pgsql", 1, "postgresql-charmers@lists.launchpad.net") |
123 | |
124 | +THROTTLE_LEVELS = { |
125 | + "none": {'DISCOURSE_MAX_REQS_PER_IP_MODE': 'none', 'DISCOURSE_MAX_REQS_RATE_LIMIT_ON_PRIVATE': 'false'}, |
126 | + "permissive": { |
127 | + 'DISCOURSE_MAX_REQS_PER_IP_MODE': 'warn+block', |
128 | + 'DISCOURSE_MAX_REQS_PER_IP_PER_MINUTE': 1000, |
129 | + 'DISCOURSE_MAX_REQS_PER_IP_PER_10_SECONDS': 100, |
130 | + 'DISCOURSE_MAX_USER_API_REQS_PER_MINUTE': 400, |
131 | + 'DISCOURSE_MAX_ASSET_REQS_PER_IP_PER_10_SECONDS': 400, |
132 | + 'DISCOURSE_MAX_REQS_RATE_LIMIT_ON_PRIVATE': 'false', |
133 | + }, |
134 | + "strict": { |
135 | + 'DISCOURSE_MAX_REQS_PER_IP_MODE': 'block', |
136 | + 'DISCOURSE_MAX_REQS_PER_IP_PER_MINUTE': 200, |
137 | + 'DISCOURSE_MAX_REQS_PER_IP_PER_10_SECONDS': 50, |
138 | + 'DISCOURSE_MAX_USER_API_REQS_PER_MINUTE': 100, |
139 | + 'DISCOURSE_MAX_ASSET_REQS_PER_IP_PER_10_SECONDS': 200, |
140 | + 'DISCOURSE_MAX_REQS_RATE_LIMIT_ON_PRIVATE': 'false', |
141 | + }, |
142 | +} |
143 | + |
144 | |
145 | def create_discourse_pod_config(config): |
146 | """Create the pod environment config from the juju config.""" |
147 | + |
148 | pod_config = { |
149 | - 'DISCOURSE_POSTGRES_USERNAME': config['db_user'], |
150 | - 'DISCOURSE_POSTGRES_PASSWORD': config['db_password'], |
151 | - 'DISCOURSE_POSTGRES_HOST': config['db_host'], |
152 | - 'DISCOURSE_POSTGRES_NAME': config['db_name'], |
153 | + 'DISCOURSE_DB_USERNAME': config['db_user'], |
154 | + 'DISCOURSE_DB_PASSWORD': config['db_password'], |
155 | + 'DISCOURSE_DB_HOST': config['db_host'], |
156 | + 'DISCOURSE_DB_NAME': config['db_name'], |
157 | 'DISCOURSE_DEVELOPER_EMAILS': config['developer_emails'], |
158 | + 'DISCOURSE_SERVE_STATIC_ASSETS': "true", |
159 | 'DISCOURSE_HOSTNAME': config['external_hostname'], |
160 | 'DISCOURSE_SMTP_DOMAIN': config['smtp_domain'], |
161 | 'DISCOURSE_SMTP_ADDRESS': config['smtp_address'], |
162 | @@ -30,12 +52,42 @@ def create_discourse_pod_config(config): |
163 | 'DISCOURSE_SMTP_USER_NAME': config['smtp_username'], |
164 | 'DISCOURSE_SMTP_PASSWORD': config['smtp_password'], |
165 | 'DISCOURSE_REDIS_HOST': config['redis_host'], |
166 | + 'DISCOURSE_REDIS_PORT': 6379, |
167 | 'DISCOURSE_ENABLE_CORS': config['enable_cors'], |
168 | 'DISCOURSE_CORS_ORIGIN': config['cors_origin'], |
169 | + 'DISCOURSE_REFRESH_MAXMIND_DB_DURING_PRECOMPILE_DAYS': "0", |
170 | } |
171 | + |
172 | + saml_config = get_saml_config(config) |
173 | + for key in saml_config: |
174 | + pod_config[key] = saml_config[key] |
175 | + |
176 | + if THROTTLE_LEVELS.get(config['throttle_level']): |
177 | + for key in THROTTLE_LEVELS[config['throttle_level']]: |
178 | + pod_config[key] = THROTTLE_LEVELS[config['throttle_level']][key] |
179 | + else: |
180 | + for key in THROTTLE_LEVELS['none']: |
181 | + pod_config[key] = THROTTLE_LEVELS['none'][key] |
182 | + |
183 | return pod_config |
184 | |
185 | |
186 | +def get_saml_config(config): |
187 | + saml_fingerprints = { |
188 | + 'https://login.ubuntu.com/+saml': '32:15:20:9F:A4:3C:8E:3E:8E:47:72:62:9A:86:8D:0E:E6:CF:45:D5' |
189 | + } |
190 | + saml_config = {} |
191 | + |
192 | + if config.get('saml_target_url'): |
193 | + saml_config['DISCOURSE_SAML_TARGET_URL'] = config['saml_target_url'] |
194 | + saml_config['DISCOURSE_SAML_FULL_SCREEN_LOGIN'] = "true" if config['force_saml_login'] else "false" |
195 | + fingerprint = saml_fingerprints.get(config['saml_target_url']) |
196 | + if fingerprint: |
197 | + saml_config['DISCOURSE_SAML_CERT_FINGERPRINT'] = fingerprint |
198 | + |
199 | + return saml_config |
200 | + |
201 | + |
202 | def create_ingress_config(app_name, config): |
203 | """Create the ingress config form the juju config.""" |
204 | annotations = {} |
205 | @@ -113,6 +165,12 @@ def check_for_config_problems(config): |
206 | if missing_fields: |
207 | errors.append('Required configuration missing: {}'.format(" ".join(missing_fields))) |
208 | |
209 | + if not THROTTLE_LEVELS.get(config['throttle_level']): |
210 | + errors.append('throttle_level must be one of: ' + ' '.join(THROTTLE_LEVELS.keys())) |
211 | + |
212 | + if config['force_saml_login'] and config['saml_target_url'] == '': |
213 | + errors.append('force_saml_login can not be true without a saml_target_url') |
214 | + |
215 | return errors |
216 | |
217 | |
218 | diff --git a/tests/unit/fixtures/config_invalid_bad_throttle_mode.yaml b/tests/unit/fixtures/config_invalid_bad_throttle_mode.yaml |
219 | new file mode 100644 |
220 | index 0000000..46d7ee6 |
221 | --- /dev/null |
222 | +++ b/tests/unit/fixtures/config_invalid_bad_throttle_mode.yaml |
223 | @@ -0,0 +1,25 @@ |
224 | +config: |
225 | + cors_origin: '*' |
226 | + db_host: 10.9.89.237 |
227 | + db_name: discourse |
228 | + db_password: a_real_password |
229 | + db_user: discourse_m |
230 | + developer_emails: some.person@example.com |
231 | + discourse_image: discourse-k8s:1.0.7f |
232 | + enable_cors: true |
233 | + external_hostname: discourse.local |
234 | + image_pass: '' |
235 | + image_user: '' |
236 | + redis_host: 10.9.89.197 |
237 | + smtp_address: 167.89.123.58 |
238 | + smtp_authentication: login |
239 | + smtp_domain: example.com |
240 | + smtp_openssl_verify_mode: none |
241 | + smtp_password: OBV10USLYF4K3 |
242 | + smtp_port: 587 |
243 | + smtp_username: apikey |
244 | + tls_secret_name: discourse_local |
245 | + saml_target_url: https://login.ubuntu.com/+saml |
246 | + force_saml_login: true |
247 | + throttle_level: scream |
248 | +missing_fields: [] |
249 | diff --git a/tests/unit/fixtures/config_invalid_missing_cors.yaml b/tests/unit/fixtures/config_invalid_missing_cors.yaml |
250 | index da4a5c8..d135c3f 100644 |
251 | --- a/tests/unit/fixtures/config_invalid_missing_cors.yaml |
252 | +++ b/tests/unit/fixtures/config_invalid_missing_cors.yaml |
253 | @@ -9,6 +9,7 @@ config: |
254 | image_pass: '' |
255 | image_user: '' |
256 | redis_host: 10.9.89.197 |
257 | + redis_port: 6379 |
258 | smtp_address: 167.89.123.58 |
259 | smtp_authentication: login |
260 | smtp_domain: example.com |
261 | @@ -16,5 +17,8 @@ config: |
262 | smtp_password: OBV10USLYF4K3 |
263 | smtp_port: 587 |
264 | smtp_username: apikey |
265 | + saml_target_url: https://login.ubuntu.com/+saml |
266 | + force_saml_login: true |
267 | + throttle_level: none |
268 | missing_fields: |
269 | - 'cors_origin' |
270 | diff --git a/tests/unit/fixtures/config_invalid_missing_db_name.yaml b/tests/unit/fixtures/config_invalid_missing_db_name.yaml |
271 | index 0e2ea39..865ae83 100644 |
272 | --- a/tests/unit/fixtures/config_invalid_missing_db_name.yaml |
273 | +++ b/tests/unit/fixtures/config_invalid_missing_db_name.yaml |
274 | @@ -7,6 +7,7 @@ config: |
275 | image_pass: '' |
276 | image_user: '' |
277 | redis_host: 10.9.89.197 |
278 | + redis_port: 6379 |
279 | smtp_address: 167.89.123.58 |
280 | smtp_authentication: login |
281 | smtp_domain: example.com |
282 | @@ -14,5 +15,8 @@ config: |
283 | smtp_password: OBV10USLYF4K3 |
284 | smtp_port: 587 |
285 | smtp_username: apikey |
286 | + saml_target_url: https://login.ubuntu.com/+saml |
287 | + force_saml_login: true |
288 | + throttle_level: none |
289 | missing_fields: |
290 | - 'db_name' |
291 | diff --git a/tests/unit/fixtures/config_valid_complete.yaml b/tests/unit/fixtures/config_valid_complete.yaml |
292 | index 28e7367..7c7299d 100644 |
293 | --- a/tests/unit/fixtures/config_valid_complete.yaml |
294 | +++ b/tests/unit/fixtures/config_valid_complete.yaml |
295 | @@ -19,16 +19,20 @@ config: |
296 | smtp_port: 587 |
297 | smtp_username: apikey |
298 | tls_secret_name: discourse_local |
299 | + saml_target_url: https://login.ubuntu.com/+saml |
300 | + force_saml_login: true |
301 | + throttle_level: none |
302 | pod_config: |
303 | DISCOURSE_CORS_ORIGIN: '*' |
304 | DISCOURSE_DEVELOPER_EMAILS: some.person@example.com |
305 | DISCOURSE_ENABLE_CORS: true |
306 | DISCOURSE_HOSTNAME: discourse.local |
307 | - DISCOURSE_POSTGRES_HOST: 10.9.89.237 |
308 | - DISCOURSE_POSTGRES_NAME: discourse |
309 | - DISCOURSE_POSTGRES_PASSWORD: a_real_password |
310 | - DISCOURSE_POSTGRES_USERNAME: discourse_m |
311 | + DISCOURSE_DB_HOST: 10.9.89.237 |
312 | + DISCOURSE_DB_NAME: discourse |
313 | + DISCOURSE_DB_PASSWORD: a_real_password |
314 | + DISCOURSE_DB_USERNAME: discourse_m |
315 | DISCOURSE_REDIS_HOST: 10.9.89.197 |
316 | + DISCOURSE_REDIS_PORT: 6379 |
317 | DISCOURSE_SMTP_ADDRESS: 167.89.123.58 |
318 | DISCOURSE_SMTP_AUTHENTICATION: login |
319 | DISCOURSE_SMTP_DOMAIN: example.com |
320 | @@ -36,3 +40,10 @@ pod_config: |
321 | DISCOURSE_SMTP_PASSWORD: OBV10USLYF4K3 |
322 | DISCOURSE_SMTP_PORT: 587 |
323 | DISCOURSE_SMTP_USER_NAME: apikey |
324 | + DISCOURSE_REFRESH_MAXMIND_DB_DURING_PRECOMPILE_DAYS: '0' |
325 | + DISCOURSE_SERVE_STATIC_ASSETS: 'true' |
326 | + DISCOURSE_SAML_TARGET_URL: https://login.ubuntu.com/+saml |
327 | + DISCOURSE_SAML_FULL_SCREEN_LOGIN: "true" |
328 | + DISCOURSE_SAML_CERT_FINGERPRINT: 32:15:20:9F:A4:3C:8E:3E:8E:47:72:62:9A:86:8D:0E:E6:CF:45:D5 |
329 | + DISCOURSE_MAX_REQS_PER_IP_MODE: "none" |
330 | + DISCOURSE_MAX_REQS_RATE_LIMIT_ON_PRIVATE: "false" |
331 | diff --git a/tests/unit/fixtures/config_valid_with_tls.yaml b/tests/unit/fixtures/config_valid_with_tls.yaml |
332 | index fa19ce1..8e9e225 100644 |
333 | --- a/tests/unit/fixtures/config_valid_with_tls.yaml |
334 | +++ b/tests/unit/fixtures/config_valid_with_tls.yaml |
335 | @@ -19,16 +19,20 @@ config: |
336 | smtp_port: 587 |
337 | smtp_username: apikey |
338 | tls_secret_name: discourse-local |
339 | + saml_target_url: https://login.ubuntu.com/+saml |
340 | + force_saml_login: true |
341 | + throttle_level: permissive |
342 | pod_config: |
343 | DISCOURSE_CORS_ORIGIN: '*' |
344 | DISCOURSE_DEVELOPER_EMAILS: some.person@example.com |
345 | DISCOURSE_ENABLE_CORS: true |
346 | DISCOURSE_HOSTNAME: discourse.local |
347 | - DISCOURSE_POSTGRES_HOST: 10.9.89.237 |
348 | - DISCOURSE_POSTGRES_NAME: discourse |
349 | - DISCOURSE_POSTGRES_PASSWORD: a_real_password |
350 | - DISCOURSE_POSTGRES_USERNAME: discourse_m |
351 | + DISCOURSE_DB_HOST: 10.9.89.237 |
352 | + DISCOURSE_DB_NAME: discourse |
353 | + DISCOURSE_DB_PASSWORD: a_real_password |
354 | + DISCOURSE_DB_USERNAME: discourse_m |
355 | DISCOURSE_REDIS_HOST: 10.9.89.197 |
356 | + DISCOURSE_REDIS_PORT: 6379 |
357 | DISCOURSE_SMTP_ADDRESS: 167.89.123.58 |
358 | DISCOURSE_SMTP_AUTHENTICATION: login |
359 | DISCOURSE_SMTP_DOMAIN: example.com |
360 | @@ -36,3 +40,14 @@ pod_config: |
361 | DISCOURSE_SMTP_PASSWORD: OBV10USLYF4K3 |
362 | DISCOURSE_SMTP_PORT: 587 |
363 | DISCOURSE_SMTP_USER_NAME: apikey |
364 | + DISCOURSE_REFRESH_MAXMIND_DB_DURING_PRECOMPILE_DAYS: '0' |
365 | + DISCOURSE_SERVE_STATIC_ASSETS: 'true' |
366 | + DISCOURSE_SAML_TARGET_URL: https://login.ubuntu.com/+saml |
367 | + DISCOURSE_SAML_FULL_SCREEN_LOGIN: "true" |
368 | + DISCOURSE_SAML_CERT_FINGERPRINT: 32:15:20:9F:A4:3C:8E:3E:8E:47:72:62:9A:86:8D:0E:E6:CF:45:D5 |
369 | + DISCOURSE_MAX_REQS_PER_IP_MODE: warn+block |
370 | + DISCOURSE_MAX_REQS_PER_IP_PER_MINUTE: 1000 |
371 | + DISCOURSE_MAX_REQS_PER_IP_PER_10_SECONDS: 100 |
372 | + DISCOURSE_MAX_USER_API_REQS_PER_MINUTE: 400 |
373 | + DISCOURSE_MAX_ASSET_REQS_PER_IP_PER_10_SECONDS: 400 |
374 | + DISCOURSE_MAX_REQS_RATE_LIMIT_ON_PRIVATE: "false" |
375 | diff --git a/tests/unit/fixtures/config_valid_without_tls.yaml b/tests/unit/fixtures/config_valid_without_tls.yaml |
376 | index 8c440b8..6dff7ab 100644 |
377 | --- a/tests/unit/fixtures/config_valid_without_tls.yaml |
378 | +++ b/tests/unit/fixtures/config_valid_without_tls.yaml |
379 | @@ -11,6 +11,7 @@ config: |
380 | image_pass: '' |
381 | image_user: '' |
382 | redis_host: 10.25.242.12 |
383 | + redis_port: 6379 |
384 | smtp_address: smtp.internal |
385 | smtp_authentication: login |
386 | smtp_domain: example.com |
387 | @@ -18,16 +19,20 @@ config: |
388 | smtp_password: |
389 | smtp_port: 587 |
390 | smtp_username: apikey |
391 | + saml_target_url: https://login.ubuntu.com/+saml |
392 | + force_saml_login: false |
393 | + throttle_level: strict |
394 | pod_config: |
395 | DISCOURSE_CORS_ORIGIN: '*' |
396 | DISCOURSE_DEVELOPER_EMAILS: is-admin@example.com |
397 | DISCOURSE_ENABLE_CORS: true |
398 | DISCOURSE_HOSTNAME: discourse.example.com |
399 | - DISCOURSE_POSTGRES_HOST: 10.9.89.237 |
400 | - DISCOURSE_POSTGRES_NAME: discourse |
401 | - DISCOURSE_POSTGRES_PASSWORD: a_real_password |
402 | - DISCOURSE_POSTGRES_USERNAME: discourse_m |
403 | + DISCOURSE_DB_HOST: 10.9.89.237 |
404 | + DISCOURSE_DB_NAME: discourse |
405 | + DISCOURSE_DB_PASSWORD: a_real_password |
406 | + DISCOURSE_DB_USERNAME: discourse_m |
407 | DISCOURSE_REDIS_HOST: 10.25.242.12 |
408 | + DISCOURSE_REDIS_PORT: 6379 |
409 | DISCOURSE_SMTP_ADDRESS: smtp.internal |
410 | DISCOURSE_SMTP_AUTHENTICATION: login |
411 | DISCOURSE_SMTP_DOMAIN: example.com |
412 | @@ -35,3 +40,14 @@ pod_config: |
413 | DISCOURSE_SMTP_PASSWORD: null |
414 | DISCOURSE_SMTP_PORT: 587 |
415 | DISCOURSE_SMTP_USER_NAME: apikey |
416 | + DISCOURSE_REFRESH_MAXMIND_DB_DURING_PRECOMPILE_DAYS: '0' |
417 | + DISCOURSE_SERVE_STATIC_ASSETS: 'true' |
418 | + DISCOURSE_SAML_TARGET_URL: https://login.ubuntu.com/+saml |
419 | + DISCOURSE_SAML_FULL_SCREEN_LOGIN: "false" |
420 | + DISCOURSE_SAML_CERT_FINGERPRINT: 32:15:20:9F:A4:3C:8E:3E:8E:47:72:62:9A:86:8D:0E:E6:CF:45:D5 |
421 | + DISCOURSE_MAX_REQS_PER_IP_MODE: block |
422 | + DISCOURSE_MAX_REQS_PER_IP_PER_MINUTE: 200 |
423 | + DISCOURSE_MAX_REQS_PER_IP_PER_10_SECONDS: 50 |
424 | + DISCOURSE_MAX_USER_API_REQS_PER_MINUTE: 100 |
425 | + DISCOURSE_MAX_ASSET_REQS_PER_IP_PER_10_SECONDS: 200 |
426 | + DISCOURSE_MAX_REQS_RATE_LIMIT_ON_PRIVATE: "false" |
427 | diff --git a/tests/unit/test_charm.py b/tests/unit/test_charm.py |
428 | index 08794e6..0acd7a1 100644 |
429 | --- a/tests/unit/test_charm.py |
430 | +++ b/tests/unit/test_charm.py |
431 | @@ -47,6 +47,7 @@ class TestDiscourseK8sCharmHooksDisabled(unittest.TestCase): |
432 | self.harness.disable_hooks() |
433 | self.harness.set_leader(True) |
434 | self.harness.begin() |
435 | + self.maxDiff = None |
436 | self.configs = load_configs(os.path.join(os.path.dirname(__file__), 'fixtures')) |
437 | |
438 | def test_valid_configs_are_ok(self): |
Some minor comments inline.