3. Configuration¶

ACCOUNT_CGM_SCHEMA¶

Type: str()

Default: override_me

Schema for the CGM account service.

ACCOUNT_PORTAVITA_SCHEMA¶

Type: str()

Default: override_me

Schema for the Portavita account service.

BABEL_DEFAULT_LOCALE¶

Type: enum('da', 'de', 'en', 'nl', 'ru')

Default: en

Locale to be used by the application.

BABEL_DEFAULT_TIMEZONE¶

Type: str()

Default: UTC

The timezone to be used for user facing dates.

BABEL_TRANSLATION_DIRECTORIES¶

Type: path()

Default: /opt/mgrid/explorer/locale

A semi-colon (;) separated string of absolute and relative (to the app root) paths to translation folders.

CACHE_PLATFORM_API_BACKEND¶

Type: str()

Default: dogpile.cache.memory

The name of the backend to use for the platform API cache. See https://dogpilecache.sqlalchemy.org/en/latest/api.html#module-dogpile.cache.backends.memory

CACHE_PLATFORM_API_BACKEND_ARGUMENTS¶

Type: map()

Default: {}

Backend-specific arguments.

CACHE_PLATFORM_API_ENABLED¶

Type: bool()

Default: False

Enable or disable the platform API cache.

CACHE_PLATFORM_API_EXPIRE¶

Type: int()

Default: 3600

Maximum age in seconds of items in the platform API cache.

CACHE_PLATFORM_API_MAX_BYTE_LIMIT¶

Type: int()

Default: 0

Maximum number of result bytes allowed for caching. For unlimited, set to 0 (default).

CACHE_SHORT_TERM_BACKEND¶

Type: str()

Default: dogpile.cache.memory

The name of the backend to use for the short term cache. See https://dogpilecache.sqlalchemy.org/en/latest/api.html#module-dogpile.cache.backends.memory

CACHE_SHORT_TERM_BACKEND_ARGUMENTS¶

Type: map()

Default: {}

Backend-specific arguments.

CACHE_SHORT_TERM_ENABLED¶

Type: bool()

Default: True

Enable or disable the short term cache.

CACHE_SHORT_TERM_EXPIRE¶

Type: int()

Default: 3600

Maximum age in seconds of items in the short term cache.

CACHE_UI_API_EXPIRE¶

Type: int()

Default: 3600

Maximum time in seconds to cache data from the UI API.

DBPOOL_DATABASE¶

Type: str()

Default: override_me

The name of the datamart database.

DBPOOL_HOST¶

Type: str()

Default: override_me

The hostname of the datamart database.

DBPOOL_MAXCONNS¶

Type: int()

Default: 5

Maximum number of connections in the DWH database pool.

DBPOOL_MINCONNS¶

Type: int()

Default: 1

Number of connections that are created automatically in the datamart database pool.

DBPOOL_PASSWORD¶

Type: password()

Default: override_me

The password of the DWH database.

DBPOOL_PORT¶

Type: int()

Default: 5432

The port of the DWH database.

DBPOOL_USER¶

Type: str()

Default: override_me

The username of the DWH database.

EXPLORER_ACTION_COLUMN¶

Type: any(null(), str())

Default: None

Name of the column which value is used to call the action function.

EXPLORER_ACTION_FUNCTION¶

Type: any(null(), str())

Default: None

Name of the JavaScript function that is called when the user clicks a row in the table.

EXPLORER_APPLICATIONS¶

Type: list()

Default: []

Applications in the navigation header. An example: - id: dashboard type: dashboard name: Dashboard url: “https://dashboard.example.com#/dashboard” local: False - id: presets type: presets name: Presets url: “https://dashboard.example.com#/presets” local: False - id: patient-explorer type: explorer name: Patient Explorer url: “https://explorer1.example.com/table” local: True - id: activity-explorer type: explorer name: Activity Explorer url: “https://explorer2.example.com/table” local: False - id: reports type: reports name: Reports url: “https://explorer1.example.com/report” local: True

EXPLORER_BASE_URL¶

Type: url()

Default: https://explorer.example.com

The base URL of the application.

EXPLORER_CERTIFICATE¶

Type: path()

Default: /etc/mgrid/explorer/reportserver.client.crt

Certificate for connecting with the Reportserver.

EXPLORER_CONFIG_DIRECTORY¶

Type: path()

Default: /etc/mgrid/explorer/config

Directory where the configuration (filters, presets, projections, reports) is loaded from.

EXPLORER_DOWNLOAD_POT_ENABLED¶

Type: bool()

Default: False

Enable or disable the ability to download translation files.

EXPLORER_FAVICON¶

Type: str()

Default: mgrid-favicon.png

Location of the favicon image. May be a relative path, e.g. /static/images/mgrid-favicon.png if the favicon is present in the Explorer Docker image, or an absolute URL, e.g. https://explorer.example.com/favicon.png. In the case of an absolute URL, make sure that the CORS settings of the nginx proxy in the Docker image allow this URL.

EXPLORER_FILE_CSV¶

Type: str()

Default: patients

Prefix of the filename that is used for CSV download.

EXPLORER_FILE_DECIMAL_SEPARATOR¶

Type: str()

Default: ,

Decimal separator that is used for CSV and TAB downloads.

EXPLORER_FILE_INCLUDE_UTF8_BOM¶

Type: bool()

Default: False

Include byte order mark (BOM) on UTF-8 export (utf-8-sig encoding). This is typically used for Microsoft-based systems.

EXPLORER_FILE_JSON¶

Type: str()

Default: patients

Prefix of the filename that is used for JSON download.

EXPLORER_FILE_TAB¶

Type: str()

Default: patients

Prefix of the filename that is used for TAB download.

EXPLORER_LOGIN_EXPIRE¶

Type: int()

Default: 86400

Expiry in seconds when logged in.

EXPLORER_LOGO¶

Type: str()

Default: cgm-logo.png

Location of the logo image for the UI. May be a relative path, e.g. /static/images/mgrid_logo.svg if the logo is present in the Explorer Docker image, or an absolute URL, e.g. https://explorer.example.com/logo.png. In the case of an absolute URL, make sure that the CORS settings of the nginx proxy in the Docker image allow this URL.

EXPLORER_PRIVATE_KEY¶

Type: path()

Default: /etc/mgrid/explorer/reportserver.client.key

Private key of the certificate for connecting with the Reportserver.

EXPLORER_REPORT_DISPLAY_TARGET¶

Type: str()

Default: _blank

Browser display target when opening a report.

EXPLORER_REPORTS_ENABLED¶

Type: bool()

Default: True

Enable or disable the reports tab.

EXPLORER_REPORTS_CA_CERT¶

Type: path()

Default: /etc/mgrid/explorer/reportserver.serverca.crt

Certificate of the Reportserver CA.

EXPLORER_REPORTSERVER_URL¶

Type: url()

Default: https://reportserver.example.com

URL of the Reportserver.

EXPLORER_SEARCHBAR_ENABLED¶

Type: bool()

Default: True

Enable or disable searching for presets in the UI.

EXPLORER_TABLENAME¶

Type: str()

Default: explorer

The name of the table where data for a particular user is located.

EXPLORER_META_TABLENAME¶

Type: str()

Default: datamart_meta

The name of the table where metadata about the data table is stored. (e.g. last update time)

EXPLORER_TITLE¶

Type: str()

Default: Patient Explorer

Title of the application, shown in the UI and in the browser tab.

HOST¶

Type: ip()

Default: 127.0.0.1

IP address the server binds to.

LOGGING_CONFIG_FILE¶

Type: path()

Default: /etc/mgrid/explorer/logging.ini

Path to the Python logging config file.

METRICS_PORT¶

Type: int()

Default: 8000

IP port the metrics server binds to.

NUMBER_FORMAT_LOCALE¶

Type: enum('da', 'de', 'en', 'nl', 'ru')

Default: en

Locale for formatting numbers.

OIDC_ACCESS_TOKEN_URL¶

Type: url()

Default: https://authprov.example.com/oauth/token

Access token URL for OpenID Connect.

OIDC_APPLICATION_NAME¶

Type: str()

Default: explorer

Application name for OpenID Connect.

OIDC_AUTHORIZE_URL¶

Type: url()

Default: https://authprov.example.com/oauth/authorize

Authorize URL for OpenID Connect.

OIDC_BASE_URL¶

Type: url()

Default: https://authprov.example.com

Base URL for OpenID Connect.

OIDC_CLIENT_ID¶

Type: str()

Default: override_me

Client identifier for OpenID Connect.

OIDC_CLIENT_SECRET¶

Type: password()

Default: override_me

Client secret for OpenID Connect.

OIDC_CLIENT_AUTH_METHOD¶

Type: enum('client_secret_post', 'client_secret_basic')

Default: client_secret_post

Client authentication method for OpenID Connect.

OIDC_INTROSPECT_URL¶

Type: url()

Default: https://authprov.example.com/oauth/introspect

Introspect URL for OpenID Connect (OAuth2 RFC7662).

OIDC_LOGOUT_REDIRECT_URL¶

Type: url()

Default: https://authprov.example.com/logout

Redirect URL after logging out with OpenID Connect.

OIDC_PROVIDER_DOMAINS¶

Type: list(str())

Default: ['override_me']

Provider domains for OpenID Connect.

OIDC_PROVIDER_NAME¶

Type: str()

Default: MGRID

Provider name for OpenID Connect.

OIDC_REDIRECT_URL¶

Type: url()

Default: https://explorer.example.com/oauth/redirect

Redirect URL after logging in with OpenID Connect.

OIDC_SCOPE¶

Type: str()

Default: openid organization roles session

Scope for OpenID Connect.

OIDC_USERINFO_URL¶

Type: url()

Default: https://authprov.example.com/userinfo

Userinfo URL for OpenID Connect.

OIDC_USERINFO_PUBLICKEY¶

Type: any(null(), password())

Default: None

Path to public key file or JWK of the OpenID Connect userinfo signature (JWS).

ORM_ENGINE_CONFIG¶

Type: map()

Default: {'max_overflow': 10, 'pool_pre_ping': True, 'pool_recycle': -1, 'pool_reset_on_return': 'rollback', 'pool_size': 5, 'pool_timeout': 30}

Configuration to pass to the engine creation function. https://docs.sqlalchemy.org/en/20/core/engines.html#sqlalchemy.engine_from_config

ORM_SCHEMA¶

Type: str()

Default: public

The schema for the ORM of the explorer instance. Adjust for multiple explorer use.

PERMANENT_SESSION_LIFETIME¶

Type: int()

Default: 86400

# Maximum number of seconds which a newly issued cookie will be considered valid. # After this amount of time, the cookie will expire (effectively logging the user out).

PLATFORM_API_DATABASE_FETCH_SIZE¶

Type: int()

Default: 100

Number of records (rows) to fetch at a time when returning results. Affects the memory requirements when returning results.

PLATFORM_DOMAIN¶

Type: domain()

Default: example.com

Domain of the platform.

PORT¶

Type: int()

Default: 5000

IP port the server binds to.

REQUESTS_AUTH_TIMEOUT¶

Type: int()

Default: 5

Timeout for HTTP requests to fetch JWT keys and introspect tokens.

REQUESTS_REPORTSERVER_TIMEOUT¶

Type: int()

Default: 300

Timeout for HTTP requests to reportserver.

SECRET_KEY¶

Type: password()

Default: override_me

# The secret used for session cookie signing.

SECURITY_ADMIN_ROLES¶

Type: list(str())

Default: []

Roles which are allowed to change configuration using the configadmin page.

SECURITY_AUTH_METHOD¶

Type: enum('headless-jwt', 'oidc', 'password')

Default: password

Authenticationm method for the application.

SECURITY_ALLROWS_ROLES¶

Type: list(str())

Default: []

Roles which are allowed to view the whole explorer table (i.e. without rowfilter).

SECURITY_GROUP_MANAGEMENT_ROLES¶

Type: list(str())

Default: []

Roles which are allowed to create and manage presets of user group.

SECURITY_JWT_CONTENT_ALGORITHM¶

Type: str()

Default: A256CBC-HS512

Encryption algorithm used by JWT for the content.

SECURITY_JWT_KEY_ALGORITHM¶

Type: str()

Default: A256KW

Encryption algorithm used by JWT for the key.

SECURITY_JWT_KEY_ID¶

Type: str()

Default: default

Key id to to select when security_jwt_secret points to a keyset

SECURITY_JWT_LEEWAY¶

Type: int()

Default: 100

Leeway before and after the current time that the JWT token is valid.

SECURITY_JWT_REQUIRED_CLAIMS¶

Type: list()

Default: ['exp', 'iat', 'nbf', 'sub']

Claims which must be present in the JWT token, or it will be rejected. Beware that for some identity providers Explorer requires certain claims (e.g., MGRID requires the sub claim).

SECURITY_JWT_SECRET¶

Type: password()

Default: override_me

Secret key, file or url for signing the JWT token.

SECURITY_JWT_TIMEOUT¶

Type: int()

Default: 1000

The JWT token is not valid if the exp or iat claim is later than the current time plus the timeout.

SECURITY_PEPPER¶

Type: password()

Default: override_me

Application-wide value added to the password before hashing.

SECURITY_PII_ROLES¶

Type: list(str())

Default: []

Roles which are allowed to see personally identifiable information (PII).

SECURITY_PLATFORM_USER¶

Type: str()

Default: system:platform

The value of the JWT subject used between Dashboard and Explorer.

SECURITY_PRESET_MANAGEMENT_ROLES¶

Type: list(str())

Default: []

Roles which are allowed to create and manage presets of a whole schema.

SECURITY_SSL_VERIFY¶

Type: bool()

Default: True

Verify SSL certificate during authentication.

SERVER_NAME¶

Type: any(domain(), null())

Default: None

Name of the server.

SESSION_COOKIE_HTTPONLY¶

Type: bool()

Default: True

# Enable or disable hiding cookie from JavaScript by setting the HttpOnly flag. # Not honored by all browsers.

SESSION_COOKIE_NAME¶

Type: str()

Default: __host-explorer-session

Name of the session cookie.

SESSION_COOKIE_PATH¶

Type: str()

Default: /

The path that the session cookie will be valid for.

SESSION_COOKIE_SAMESITE¶

Type: enum('None', 'Lax', 'Strict')

Default: Lax

Restricts how cookies are sent with requests from external sites.

SESSION_COOKIE_SECURE¶

Type: bool()

Default: True

Enable or disable sending the cookie only over a secure connection.

SESSION_FILE_DIR¶

Type: path()

Default: /tmp/flask_session

The directory where session files are stored.

SESSION_FILE_MODE¶

Type: int()

Default: 384

The file mode used for session files, e.g. 640.

SESSION_KEY_PREFIX¶

Type: str()

Default: session:

A prefix that is added to cache store keys.

SESSION_FILE_THRESHOLD¶

Type: int()

Default: 500

The maximum number of items the session stores before it starts deleting some.

SESSION_PERMANENT¶

Type: bool()

Default: False

Enable or disable permanent sessions.

SESSION_TYPE¶

Type: enum('null', 'filesystem', 'sqlalchemy')

Default: filesystem

Specifies which type of session interface to use.

WHITE_LABEL¶

Type: bool()

Default: False

Hide MGRID name and link to data protection statement when true.