authnzerver.autosetup module

This contains functions to set up the authnzerver automatically on first-start.

authnzerver.autosetup.autogen_secrets_authdb(basedir: str, database_url: str = None, interactive: bool = False, generate_envfile: bool = True)[source]

This automatically generates secrets files and an authentication DB.

Run this only once on the first start of an authnzerver.

Parameters:
  • basedir (str) –

    The base directory of the authnzerver.

    • The authentication database will be written to a file called .authdb.sqlite in this directory.
    • The secret token to authenticate HTTP communications between the authnzerver and a frontend server will be written to a file called .authnzerver-secret-key in this directory.
    • Credentials for a superuser that can be used to edit various authnzerver options, and users will be written to .authnzerver-admin-credentials in this directory.
    • A random salt value will be written to .authnzerver-random-salt in this directory. This is used to hash user IDs and other PII in logs.
  • database_url (str or None) – If this is a str, must be a valid SQLAlchemy database URL to use to connect to a database and make the necessary tables for authentication info. If this is None, will create a new SQLite database in the <basedir>/.authdb.sqlite file.
  • interactive (bool) – If True, will ask the user for an admin email address and password. Otherwise, will auto-generate both.
  • generate_envfile (bool) – If True, generates an .env file in the basedir containing all the required information for the next start up of the server.
Returns:

(authdb_path, creds, secret_file, salt_file, env_file) – The names of the files written by this function will be returned as a tuple of strings.
Return type:

tuple of str
authnzerver.autosetup.generate_env(database_path: str, fernet_secret_file: str, salt_file: str, basedir: str) → Optional[str][source]

This generates environment variables containing the required items for authnzrv start up after autosetup is complete.

If write_env_file is True, will write these to an .env file in the basedir.

Parameters:
  • database_path (str) – The SQLAlchemy URL of the database to use, or the path on disk to an SQLite database. If database_path points to a file on disk, this function will assume it’s an SQLite file and construct the appropriate SQLAlchemy database URL.
  • fernet_secret_file (str) – The path to the shared secret key needed to secure authnzerver-frontend communications.
  • salt_file (str) – The path to the file containing the PII salt to encrypt PII in authnzerver logs.
  • basedir (str) – The path to the authnzerver’s basedir.
Returns:

Returns the path to the .env file generated in the basedir as a string.
Return type:

environ_file