atoti.config package

Submodules

atoti.config.parsing module

exception atoti.config.parsing.ConfigParsingError(message, parsed_object=None)

Bases: ValueError

Error raised when the parsing of the config failed.

args
with_traceback()

Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.

Module contents

atoti.config.create_basic_authentication(users, *, realm=None)

Create a basic authentication.

Parameters

  • users (Collection[BasicUser]) – The users that can authenticate against the session.

  • realm (Optional[str]) – The realm describing the protected area. Different realms can be used to isolate sessions running on the same domain (regardless of the port). The realm will also be displayed by the browser when prompting for credentials. Defaults to f"{session_name} atoti session at {session_id}".

Return type

BasicAuthentication

atoti.config.create_basic_user(name, password, *, roles=None)

Create a basic user with roles.

Parameters

  • name (str) – User name.

  • password (str) – User password.

  • roles (Optional[Collection[str]]) – The roles given to the user. The role ROLE_USER, which is required to access the application, will automatically be added to the passed roles.

Return type

BasicUser

atoti.config.create_branding(*, accent_color=None, favicon=None, frame_color=None, logo=None, title=None)

Create an application branding configuration.

Parameters

  • accent_color (Optional[str]) – The CSS color to give to hovered elements of the frame (header and sidenav).

  • favicon (Union[Path, str, None]) – The file path to the .ico image to use as the favicon.

  • frame_color (Optional[str]) – The CSS color to give to the background of the frame (header and sidenav).

  • logo (Union[Path, str, None]) – The file path to the .svg image that will be displayed in a 24px by 24px area in the upper-left corner.

  • title (Optional[str]) – The title to give to the page.

Return type

Branding

atoti.config.create_config(*, authentication=None, branding=None, cache_cloud_files=None, default_locale=None, extra_jars=None, https=None, i18n_directory=None, inherit_global_config=True, java_args=None, jwt_key_pair=None, max_memory=None, metadata_db=None, port=None, roles=None, same_site=None, sampling_mode=None, url_pattern=None)

Create a configuration.

Note

Configuration inheritance is enabled by default. Pass inherit_global_config=False to prevent this configuration from being merged with the global one.

Parameters

  • authentication (Optional[Auth]) – The authentication mechanism that will be used by the server.

  • branding (Optional[Branding]) – The UI elements to change in the app to replace the atoti branding with another one.

  • cache_cloud_files (Optional[bool]) – Whether to cache loaded cloud files locally in the temp directory. Watched files will not be cached. Defaults to True.

  • default_locale (Optional[str]) – The default locale to use for internationalizing the session.

  • extra_jars (Optional[Collection[Union[str, Path]]]) – A collection of JAR paths that will be added to the classpath of the Java process.

  • https (Optional[HttpsConfiguration]) – The certificate and its password used to enable HTTPS on the application.

  • i18n_directory (Union[Path, str, None]) –

    The directory from which translation files will be loaded. It should contain a list of files named after their corresponding locale (e.g. en-US.json for US translations). The application will behave differently depending on how metadata_db is configured:

    • If metadata_db is a path to a file:

      • If a value is specified for i18n_directory, those files will be uploaded to the local metadata DB, overriding any previously defined translations.

      • If no value is specified for i18n_directory, the default translations for atoti will be uploaded to the local metadata DB.

    • If a remote metadata DB has been configured:

      • If a value is specified for i18n_directory, this data will be pushed to the remote metadata DB, overriding any previously existing values.

      • If no value has been specified for i18n_directory and translations exist in the remote metadata DB, those values will be loaded into the session.

      • If no value has been specified for i18n_directory and no translations exist in the remote metadata DB, the default translations for atoti will be uploaded to the remote metadata DB.

  • inherit_global_config (bool) – Whether this config should be merged with the default config if it exists. The path of the default config is $ATOTI_HOME/config.yml where the $ATOTI_HOME environment variable defaults to $HOME/.atoti.

  • java_args (Optional[Collection[str]]) – Collection of additional arguments to pass to the Java process. For instance: ["-verbose:gc", "-Xms1g", "-XX:+UseG1GC"].

  • jwt_key_pair (Optional[JwtKeyPair]) – The key pair to use for signing JWT s.

  • max_memory (Optional[str]) – Max memory allocated to each session. Actually sets the -Xmx JVM parameter. The format is a string containing a number followed by a unit among G, M and K. For instance: 64G. Defaults to the JVM default memory which is 25% of the machine memory.

  • metadata_db (Union[Path, str, None]) – The description of the database where the session’s metadata will be stored. If a path to a file is given, it will be created if needed.

  • port (Optional[int]) – The port on which the session will be exposed. Defaults to a random available port.

  • roles (Optional[Collection[Role]]) –

    The roles and their restrictions. There are 2 predefined roles in atoti:

    • ROLE_USER: required to access the application

    • ROLE_ADMIN: gives full access (read, write, delete, etc…) to the application

  • same_site (Optional[Literal[‘lax’, ‘none’, ‘strict’]]) – The value to use for the SameSite attribute of the HTTP cookie sent by the session when authentication is configured. Setting it to none requires the session to be served in HTTPS so url_pattern must also be defined and start with https://. Defaults to lax.

  • sampling_mode (Optional[SamplingMode]) –

    The sampling mode describing how files are loaded into the stores. It is faster to build the data model when only part of the data is loaded.

    Modes are available in atoti.sampling.

    If not FULL, call load_all_data() to load everything once the model definition is done.

  • url_pattern (Optional[str]) –

    The pattern used to build the URL accessed through atoti.session.Session.url. The following placeholder replacements will be made:

    • {host}: The address of the machine hosting the session.

    • {port}: The port on which the session is exposed.

    • {protocol}: http or https depending on whether the https option was defined or not.

    Defaults to {protocol}://localhost:{port}.

Return type

SessionConfiguration

atoti.config.create_https_config(*, certificate, password)

Create a PKCS 12 keystore configuration.

Parameters

  • certificate (Union[Path, str]) – The path to the certificate

  • password (str) – The password for the certificate

Return type

HttpsConfiguration

atoti.config.create_jwt_key_pair(public_key, private_key)

Return a key pair to sign JSON Web Tokens.

Only RSA keys using the PKCS 8 standard are supported. A key pair can be generated using a library like pycryptodome for example.

Return type

JwtKeyPair

atoti.config.create_ldap_authentication(*, url, base_dn, user_search_filter='(uid={0})', user_search_base='', group_search_filter='(uniqueMember={0})', group_search_base='', group_role_attribute_name='cn', role_mapping=None)

Create a LDAP authentication.

Parameters

  • url (str) – The LDAP URL including the protocol and port. For instance ldap://example.com:389.

  • base_dn (str) – Base Distinguished Name of the directory service. For instance dc=example,dc=com.

  • user_search_filter (str) – The LDAP filter used to search for users. For instance (uid={0}). The substituted parameter is the user’s login name.

  • user_search_base (str) – Search base for user searches. For instance ou=people

  • group_search_filter (str) – The LDAP filter to search for groups. For instance (uniqueMember={0}). The substituted parameter is the DN of the user.

  • group_search_base (str) – The search base for group membership searches. For instance ou=roles.

  • group_role_attribute_name (str) – The attribute name that maps a group to a role.

  • role_mapping (Optional[Mapping[str, Collection[str]]]) – The mapping between the roles returned by the LDAP authentication provider and the corresponding roles to use in atoti. LDAP roles are case insensitive. Users without the role ROLE_USER will not have access to the application.

Return type

LdapAuthentication

atoti.config.create_oidc_authentication(*, provider_id, issuer_url, client_id, client_secret, name_attribute=None, paths_to_authorities=None, scopes=None, role_mapping=None)

Create an OpenID connect authentication.

Parameters

  • provider_id (str) – The name of your provider. This string is used to build the redirectUrl using this template {baseUrl}:{port}/login/oauth2/code/{providerId} .

  • issuer_url (str) – The issuer URL parameter from your provider’s OpenID connect configuration endpoint.

  • client_id (str) – The app’s clientId, obtained from the authentication provider.

  • client_secret (str) – The app’s clientSecret, obtained from the authentication provider.

  • name_attribute (Optional[str]) – The key in the idToken of the parameter to display as the username in the application.

  • paths_to_authorities (Optional[Collection[str]]) – The path to the authorities to use in atoti in the returned access token or id token.

  • scopes (Optional[Collection[str]]) – The scopes to request from the authentication provider (e.g. email, username, etc.).

  • role_mapping (Optional[Mapping[str, Collection[str]]]) – The mapping between the roles returned by the authentication provider and the corresponding roles to use in atoti. Users without the role ROLE_USER will not have access to the application.

Return type

OidcAuthentication

atoti.config.create_role(name, *, restrictions=None)

Create a role with the given restrictions.

Parameters
Return type

Role