Administrator Guide¶
This document describes configuration of WaiverDB server.
Authentication¶
Option AUTH_METHOD is name of authentication method. This can be “OIDC”,
“Kerberos” or “SSL”.
Note
Special name “dummy”, used in development, authorizes any user.
Waive Permission¶
If PERMISSION_MAPPING option is unset, anyone is able to waive any test
result.
If the option is set, it describes which users and groups can waive which test cases. It is a mapping from test case name pattern to dict with user and group lists.
LDAP needs to be properly configured (i.e. options LDAP_HOST and
LDAP_BASE).
PERMISSION_MAPPING = {
"^kernel-qe\.": {
"groups": ["devel", "qa"],
"users": []
},
"": {"groups": ["waiverdb-admins"], "users": []},
}
LDAP_HOST = 'ldap://ldap.example.com'
LDAP_BASE = 'ou=Groups,dc=example,dc=com'
Option SUPERUSERS is a list of users who can waive results in place of
other users (which still require to have the permission). The superuser name is
then stored in the waiver under proxied_by field.
You can list the current permission mapping and list of superusers with
GET /api/v1.0/config.
Waive from Web UI¶
WaiverDB uses flask-cors to enable CORS. This allows web browsers to tell which web sites can safely waive.
There are couple of important flask-cors options.
Option CORS_ORIGINS is a list of origins (it can be also string, a single
origin). This default to * which means all origins. The can also contain
regular expressions to match origins.
Option CORS_SUPPORTS_CREDENTIALS, if set to True, allows users to make
authenticated requests.
CORS_ORIGINS = [
"https://bodhi.fedoraproject.org",
"https://dashboard.example.com",
]
CORS_SUPPORTS_CREDENTIALS = True
Deprecated option CORS_URL overrides CORS_ORIGINS.