Administrator Guide¶
This document describes configuration of WaiverDB server.
Authentication¶
Option AUTH_METHOD is name of authentication method. This can be “OIDC”,
“Kerberos” or “SSL”.
Note
Special name “dummy”, used in development, authorizes any user.
Waive Permission¶
If PERMISSIONS option (and PERMISSION_MAPPING deprecated option) is
unset, anyone is able to waive any test result.
If the option is set, it describes which users and groups can waive which test
cases. Field testcases contains a glob expression to match test case names
and map them to groups and/or users.
It is helpful to include metadata about permissions: name,
maintainer and description.
LDAP needs to be properly configured (i.e. options LDAP_HOST and
LDAP_BASE).
PERMISSIONS = {
{
"name": "kernel-qe",
"maintainers": ["alice@example.com"],
"testcases": ["kernel-qe.*"],
"groups": ["devel", "qa"],
"users": ["alice@example.com"]
},
{
"name": "Admins",
"maintainers": ["bob@example.com"],
"testcases": ["*"],
"groups": ["waiverdb-admins"]
}
}
LDAP_HOST = 'ldap://ldap.example.com'
LDAP_BASE = 'ou=Groups,dc=example,dc=com'
Option SUPERUSERS is a list of users who can waive results in place of
other users (which still require to have the permission). The superuser name is
then stored in the waiver under proxied_by field.
You can list the current permission mapping and list of superusers with
GET /api/v1.0/config.
Waive from Web UI¶
WaiverDB uses flask-cors to enable CORS. This allows web browsers to tell which web sites can safely waive.
There are couple of important flask-cors options.
Option CORS_ORIGINS is a list of origins (it can be also string, a single
origin). This default to * which means all origins. The can also contain
regular expressions to match origins.
Option CORS_SUPPORTS_CREDENTIALS, if set to True, allows users to make
authenticated requests.
CORS_ORIGINS = [
"https://bodhi.fedoraproject.org",
"https://dashboard.example.com",
]
CORS_SUPPORTS_CREDENTIALS = True
Deprecated option CORS_URL overrides CORS_ORIGINS.