Allowed the ability to provide a static SECRET_KEY for use with CSRF protection (fixes #128)
This commit is contained in:
@@ -174,6 +174,8 @@ For information about how to generate the correct keys please refer to the
|
|||||||
|
|
||||||
Other settings that might be interesting:
|
Other settings that might be interesting:
|
||||||
|
|
||||||
|
* ``SECRET_KEY``: Refer to `Flask documentation`_, section sessions: How to
|
||||||
|
generate good secret keys, to set the value.
|
||||||
* ``PUPPETDB_TIMEOUT``: Defaults to 20 seconds but you might need to increase
|
* ``PUPPETDB_TIMEOUT``: Defaults to 20 seconds but you might need to increase
|
||||||
this value. It depends on how big the results are when querying PuppetDB.
|
this value. It depends on how big the results are when querying PuppetDB.
|
||||||
This behaviour will change in a future release when pagination will be
|
This behaviour will change in a future release when pagination will be
|
||||||
@@ -188,6 +190,7 @@ Other settings that might be interesting:
|
|||||||
a set of endpoints in PuppetDB. Change this to ``False`` to disable this.
|
a set of endpoints in PuppetDB. Change this to ``False`` to disable this.
|
||||||
|
|
||||||
.. _pypuppetdb documentation: http://pypuppetdb.readthedocs.org/en/v0.1.0/quickstart.html#ssl
|
.. _pypuppetdb documentation: http://pypuppetdb.readthedocs.org/en/v0.1.0/quickstart.html#ssl
|
||||||
|
.. _Flask documentation: http://flask.pocoo.org/docs/0.10/quickstart/#sessions
|
||||||
|
|
||||||
Puppet Enterprise
|
Puppet Enterprise
|
||||||
-----------------
|
-----------------
|
||||||
|
|||||||
@@ -1,7 +1,6 @@
|
|||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
from __future__ import absolute_import
|
from __future__ import absolute_import
|
||||||
|
|
||||||
import os
|
|
||||||
import logging
|
import logging
|
||||||
import collections
|
import collections
|
||||||
try:
|
try:
|
||||||
@@ -15,6 +14,7 @@ from flask import (
|
|||||||
Response, stream_with_context, redirect,
|
Response, stream_with_context, redirect,
|
||||||
request
|
request
|
||||||
)
|
)
|
||||||
|
from flask_wtf.csrf import CsrfProtect
|
||||||
|
|
||||||
from pypuppetdb import connect
|
from pypuppetdb import connect
|
||||||
|
|
||||||
@@ -26,11 +26,13 @@ from puppetboard.utils import (
|
|||||||
|
|
||||||
|
|
||||||
app = Flask(__name__)
|
app = Flask(__name__)
|
||||||
|
CsrfProtect(app)
|
||||||
|
|
||||||
app.config.from_object('puppetboard.default_settings')
|
app.config.from_object('puppetboard.default_settings')
|
||||||
graph_facts = app.config['GRAPH_FACTS']
|
graph_facts = app.config['GRAPH_FACTS']
|
||||||
app.config.from_envvar('PUPPETBOARD_SETTINGS', silent=True)
|
app.config.from_envvar('PUPPETBOARD_SETTINGS', silent=True)
|
||||||
graph_facts += app.config['GRAPH_FACTS']
|
graph_facts += app.config['GRAPH_FACTS']
|
||||||
app.secret_key = os.urandom(24)
|
app.secret_key = app.config['SECRET_KEY']
|
||||||
|
|
||||||
app.jinja_env.filters['jsonprint'] = jsonprint
|
app.jinja_env.filters['jsonprint'] = jsonprint
|
||||||
|
|
||||||
|
|||||||
@@ -1,9 +1,12 @@
|
|||||||
|
import os
|
||||||
|
|
||||||
PUPPETDB_HOST = 'localhost'
|
PUPPETDB_HOST = 'localhost'
|
||||||
PUPPETDB_PORT = 8080
|
PUPPETDB_PORT = 8080
|
||||||
PUPPETDB_SSL_VERIFY = True
|
PUPPETDB_SSL_VERIFY = True
|
||||||
PUPPETDB_KEY = None
|
PUPPETDB_KEY = None
|
||||||
PUPPETDB_CERT = None
|
PUPPETDB_CERT = None
|
||||||
PUPPETDB_TIMEOUT = 20
|
PUPPETDB_TIMEOUT = 20
|
||||||
|
SECRET_KEY = os.urandom(24)
|
||||||
DEV_LISTEN_HOST = '127.0.0.1'
|
DEV_LISTEN_HOST = '127.0.0.1'
|
||||||
DEV_LISTEN_PORT = 5000
|
DEV_LISTEN_PORT = 5000
|
||||||
DEV_COFFEE_LOCATION = 'coffee'
|
DEV_COFFEE_LOCATION = 'coffee'
|
||||||
|
|||||||
@@ -11,7 +11,7 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
{% endwith %}
|
{% endwith %}
|
||||||
<div class="ui form">
|
<div class="ui form">
|
||||||
<form method="POST" action="{{ url_for('query')}}"
|
<form method="POST" action="{{ url_for('query') }}">
|
||||||
{{ form.csrf_token }}
|
{{ form.csrf_token }}
|
||||||
<div class="field {% if form.query.errors %} error {% endif %}">
|
<div class="field {% if form.query.errors %} error {% endif %}">
|
||||||
{{ form.query(autofocus="autofocus", rows=5, placeholder="Enter your query: [\"=\", \"name\", \"hostname\"]. You may omit the opening and closing bracket.") }}
|
{{ form.query(autofocus="autofocus", rows=5, placeholder="Enter your query: [\"=\", \"name\", \"hostname\"]. You may omit the opening and closing bracket.") }}
|
||||||
@@ -26,7 +26,6 @@
|
|||||||
</div>
|
</div>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
</div>
|
</div>
|
||||||
{{ form.hidden_tag() }}
|
|
||||||
<input type=submit class="ui submit button" value='Submit'>
|
<input type=submit class="ui submit button" value='Submit'>
|
||||||
<input type=reset class="ui red submit button" value='Cancel'>
|
<input type=reset class="ui red submit button" value='Cancel'>
|
||||||
</form>
|
</form>
|
||||||
|
|||||||
Reference in New Issue
Block a user