-
Notifications
You must be signed in to change notification settings - Fork 0
/
superset_config.example.py
188 lines (162 loc) · 5.3 KB
/
superset_config.example.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
# Configuring Superset
# ====================
#
# Set the `SUPERSET_CONFIG_PATH` environment variable to allow Superset
# to find this config file. e.g.
#
# $ export SUPERSET_CONFIG_PATH=$HOME/src/dimagi/hq_superset/superset_config.py
#
import sentry_sdk
from cachelib.redis import RedisCache
from celery.schedules import crontab
from flask_appbuilder.security.manager import AUTH_DB, AUTH_OAUTH
from sentry_sdk.integrations.flask import FlaskIntegration
from ddtrace import patch
from hq_superset import flask_app_mutator, oauth
from hq_superset.const import OAUTH2_DATABASE_NAME
# Use a tool to generate a sufficiently random string, e.g.
# $ openssl rand -base64 42
# SECRET_KEY = ...
# [Fernet](https://cryptography.io/en/latest/fernet/) (symmetric
# encryption) is used to encrypt and decrypt client secrets so that the
# same credentials can be used to subscribe to many data sources.
#
# FERNET_KEYS is a list of keys where the first key is the current one,
# the second is the previous one, etc. Encryption uses the first key.
# Decryption is attempted with each key in turn.
#
# To generate a key:
# >>> from cryptography.fernet import Fernet
# >>> Fernet.generate_key()
# Keys can be bytes or strings.
# FERNET_KEYS = [...]
# Authentication backend
AUTH_TYPE = AUTH_OAUTH # Authenticate with CommCare HQ (only)
# AUTH_TYPE = AUTH_DB # Authenticate with Superset user DB (only)
# Override these for your databases for Superset and HQ Data
SQLALCHEMY_DATABASE_URI = 'postgresql://postgres:postgres@localhost:5432/superset'
SQLALCHEMY_BINDS = {
OAUTH2_DATABASE_NAME: 'postgresql://postgres:postgres@localhost:5432/superset_oauth2'
}
HQ_DATABASE_URI = "postgresql://commcarehq:commcarehq@localhost:5432/superset_cchq_data"
# Populate with oauth credentials from your local CommCareHQ
OAUTH_PROVIDERS = [
{
'name': 'commcare',
'token_key': 'access_token',
'remote_app': {
'client_id': '',
'client_secret': '',
'api_base_url': 'http://127.0.0.1:8000/',
'access_token_url': 'http://127.0.0.1:8000/oauth/token/',
'authorize_url': 'http://127.0.0.1:8000/oauth/authorize/',
'client_kwargs': {
'scope': 'reports:view access_apis'
},
}
}
]
# override expiry time for a specific grant type by
# setting this config
OAUTH2_TOKEN_EXPIRES_IN = {
# 'client_credentials': 3600 # seconds
}
# Will allow user self registration, allowing to create Flask users from
# Authorized User
AUTH_USER_REGISTRATION = True
# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Gamma"
# This is where async UCR imports are stored temporarily
SHARED_DIR = 'shared_dir'
# If this is enabled, UCRs larger than
# hq_superset.views.ASYNC_DATASOURCE_IMPORT_LIMIT_IN_BYTES
# are imported via Celery/Redis.
ENABLE_ASYNC_UCR_IMPORTS = False
# Enable below for sentry integration
sentry_sdk.init(
dsn='',
integrations=[FlaskIntegration()],
environment='test',
send_default_pii=True,
)
_REDIS_URL = 'redis://localhost:6379/0'
CACHE_CONFIG = {
'CACHE_TYPE': 'RedisCache',
'CACHE_DEFAULT_TIMEOUT': 300,
'CACHE_KEY_PREFIX': 'superset_',
'CACHE_REDIS_URL': _REDIS_URL
}
RESULTS_BACKEND = RedisCache(
host='localhost', port=6379, key_prefix='superset_results'
)
patch(redis=True)
class CeleryConfig:
accept_content = ['pickle']
broker_url = _REDIS_URL
imports = (
'superset.sql_lab',
'superset.tasks',
'hq_superset.tasks',
)
result_backend = _REDIS_URL
worker_log_level = 'DEBUG'
worker_prefetch_multiplier = 10
task_acks_late = True
task_annotations = {
'sql_lab.get_sql_results': {
'rate_limit': '100/s',
},
'email_reports.send': {
'rate_limit': '1/s',
'time_limit': 120,
'soft_time_limit': 150,
'ignore_result': True,
},
}
beat_schedule = {
# example:
# 'email_reports.schedule_hourly': {
# 'task': 'email_reports.schedule_hourly',
# 'schedule': crontab(minute='1', hour='*'),
# }
}
CELERY_CONFIG = CeleryConfig
LANGUAGES = {
'en': {'flag':'us', 'name':'English'},
'pt': {'flag':'pt', 'name':'Portuguese'}
}
# CommCare Analytics extensions
FLASK_APP_MUTATOR = flask_app_mutator
CUSTOM_SECURITY_MANAGER = oauth.CommCareSecurityManager
TALISMAN_CONFIG = {
"content_security_policy": {
"base-uri": ["'self'"],
"default-src": ["'self'"],
"img-src": [
"'self'",
"blob:",
"data:",
"https://apachesuperset.gateway.scarf.sh",
"https://static.scarf.sh/",
"*",
],
"worker-src": ["'self'", "blob:"],
"connect-src": [
"'self'",
"https://api.mapbox.com",
"https://events.mapbox.com",
],
"object-src": "'none'",
"style-src": [
"'self'",
"'unsafe-inline'",
"https://fonts.googleapis.com",
],
"font-src": ["'self'", "https://fonts.gstatic.com"],
"script-src": ["'self'", "'unsafe-eval'"],
},
"content_security_policy_nonce_in": ["script-src"],
"force_https": False,
"session_cookie_secure": False,
}
USER_DOMAIN_ROLE_EXPIRY = 60 # minutes