3. Configuration¶

ACCOUNT_CGM_SCHEMA¶

Type: str()

Default: override_me

Schema for the CGM account service.

ACCOUNT_PORTAVITA_SCHEMA¶

Type: str()

Default: override_me

Schema for the Portavita account service.

BABEL_DEFAULT_LOCALE¶

Type: enum('da', 'de', 'en', 'it', 'nl')

Default: en

Locale to be used by the application.

BABEL_DEFAULT_TIMEZONE¶

Type: str()

Default: UTC

The timezone to be used for user facing dates.

BABEL_TRANSLATION_DIRECTORIES¶

Type: path()

Default: /opt/mgrid/explorer/locale

A semi-colon (;) separated string of absolute and relative (to the app root) paths to translation folders.

CACHE_PLATFORM_API_BACKEND¶

Type: enum('dogpile.cache.memory', 'dogpile.cache.redis', 'dogpile.cache.redis_cluster', 'dogpile.cache.redis_sentinel','dogpile.cache.valkey', 'dogpile.cache.valkey_cluster', 'dogpile.cache.valkey_sentinel')

Default: dogpile.cache.memory

The name of the backend to use for the platform API cache. See https://dogpilecache.sqlalchemy.org/en/latest/api.html#module-dogpile.cache.backends.memory Currently supported backends are: dogpile.cache.memory dogpile.cache.redis dogpile.cache.redis_cluster dogpile.cache.redis_sentinel dogpile.cache.valkey dogpile.cache.valkey_cluster dogpile.cache.valkey_sentinel

CACHE_PLATFORM_API_BACKEND_ARGUMENTS¶

Type: map()

Default: {}

Backend-specific arguments.

CACHE_PLATFORM_API_ENABLED¶

Type: bool()

Default: False

Enable or disable the platform API cache.

CACHE_PLATFORM_API_EXPIRE¶

Type: any(null(), int())

Default: 3600

Maximum age in seconds of items in the platform API cache.

CACHE_PLATFORM_API_MAX_BYTE_LIMIT¶

Type: int()

Default: 0

Maximum number of result bytes allowed for caching. For unlimited, set to 0 (default).

CACHE_PLATFORM_API_USERNAME¶

Type: str()

Default: ''

Username part of the cache API basic authentication

CACHE_PLATFORM_API_PASSWORD¶

Type: str()

Default: ''

Password part of the cache API basic authentication

CACHE_SHORT_TERM_BACKEND¶

Type: str()

Default: dogpile.cache.memory

The name of the backend to use for the short term cache. See https://dogpilecache.sqlalchemy.org/en/latest/api.html#module-dogpile.cache.backends.memory

CACHE_SHORT_TERM_BACKEND_ARGUMENTS¶

Type: map()

Default: {}

Backend-specific arguments.

CACHE_SHORT_TERM_ENABLED¶

Type: bool()

Default: True

Enable or disable the short term cache.

CACHE_SHORT_TERM_EXPIRE¶

Type: any(null(), int())

Default: 3600

Maximum age in seconds of items in the short term cache.

DBPOOL_DATABASE¶

Type: str()

Default: override_me

The name of the datamart database.

DBPOOL_HOST¶

Type: str()

Default: override_me

The hostname of the datamart database.

DBPOOL_MAXCONNS¶

Type: int()

Default: 5

Maximum number of connections in the DWH database pool.

DBPOOL_MINCONNS¶

Type: int()

Default: 1

Number of connections that are created automatically in the datamart database pool.

DBPOOL_PASSWORD¶

Type: password()

Default: override_me

The password of the DWH database.

DBPOOL_PORT¶

Type: int()

Default: 5432

The port of the DWH database.

DBPOOL_USER¶

Type: str()

Default: override_me

The username of the DWH database.

EXPLORER_ACTION_COLUMN¶

Type: any(null(), str())

Default: None

Name of the column which value is used to call the action function.

EXPLORER_ACTION_FUNCTION¶

Type: any(null(), str())

Default: None

Name of the JavaScript function that is called when the user clicks a row in the table.

EXPLORER_BASE_URL¶

Type: url()

Default: https://explorer.example.com

The base URL of the application.

EXPLORER_CERTIFICATE¶

Type: path()

Default: /etc/mgrid/explorer/reportserver.client.crt

Certificate for connecting with the Reportserver.

EXPLORER_CONFIG_DIRECTORY¶

Type: path()

Default: /etc/mgrid/explorer/config

Directory where the configuration (filters, presets, projections, reports) is loaded from.

EXPLORER_FILE_CSV¶

Type: str()

Default: patients

Prefix of the filename that is used for CSV download.

EXPLORER_FILE_DECIMAL_SEPARATOR¶

Type: str()

Default: ,

Decimal separator that is used for CSV and TAB downloads.

EXPLORER_FILE_INCLUDE_UTF8_BOM¶

Type: bool()

Default: False

Include byte order mark (BOM) on UTF-8 export (utf-8-sig encoding). This is typically used for Microsoft-based systems.

EXPLORER_FILE_JSON¶

Type: str()

Default: patients

Prefix of the filename that is used for JSON download.

EXPLORER_FILE_TAB¶

Type: str()

Default: patients

Prefix of the filename that is used for TAB download.

EXPLORER_PRIVATE_KEY¶

Type: path()

Default: /etc/mgrid/explorer/reportserver.client.key

Private key of the certificate for connecting with the Reportserver.

EXPLORER_REPORTS_ENABLED¶

Type: bool()

Default: True

Enable or disable the reports tab.

EXPLORER_REPORTS_CA_CERT¶

Type: path()

Default: /etc/mgrid/explorer/reportserver.serverca.crt

Certificate of the Reportserver CA.

EXPLORER_REPORTSERVER_URL¶

Type: url()

Default: https://reportserver.example.com

URL of the Reportserver.

EXPLORER_TABLENAME¶

Type: str()

Default: explorer

The name of the table where data for a particular user is located.

EXPLORER_META_TABLENAME¶

Type: str()

Default: datamart_meta

The name of the table where metadata about the data table is stored. (e.g. last update time)

EXPLORER_TEMP_PRESET_TTL¶

Type: int()

Default: 86400

Time-to-live in seconds of a temporary preset.

EXPLORER_TITLE¶

Type: str()

Default: Patient Explorer

Title of the application, shown in the UI and in the browser tab.

HOST¶

Type: ip()

Default: 127.0.0.1

IP address the server binds to.

LOGGING_CONFIG_FILE¶

Type: path()

Default: /etc/mgrid/explorer/logging.ini

Path to the Python logging config file.

METRICS_PORT¶

Type: int()

Default: 8000

IP port the metrics server binds to.

NUMBER_FORMAT_LOCALE¶

Type: enum('da', 'de', 'en', 'nl', 'ru')

Default: en

Locale for formatting numbers.

OIDC_PROVIDER_DOMAINS¶

Type: list(str())

Default: ['override_me']

Provider domains for OpenID Connect.

OIDC_USERINFO_PUBLICKEY¶

Type: any(null(), password())

Default: None

Path to public key file or JWK of the OpenID Connect userinfo signature (JWS).

ORM_ENGINE_CONFIG¶

Type: map()

Default: {'max_overflow': 10, 'pool_pre_ping': True, 'pool_recycle': -1, 'pool_reset_on_return': 'rollback', 'pool_size': 5, 'pool_timeout': 30}

Configuration to pass to the engine creation function. https://docs.sqlalchemy.org/en/20/core/engines.html#sqlalchemy.engine_from_config

ORM_SCHEMA¶

Type: str()

Default: public

The schema for the ORM of the explorer instance. Adjust for multiple explorer use.

PLATFORM_API_DATABASE_FETCH_SIZE¶

Type: int()

Default: 100

Number of records (rows) to fetch at a time when returning results. Affects the memory requirements when returning results.

PORT¶

Type: int()

Default: 5000

IP port the server binds to.

REQUESTS_AUTH_TIMEOUT¶

Type: int()

Default: 5

Timeout for HTTP requests to fetch JWT keys and introspect tokens.

REQUESTS_REPORTSERVER_TIMEOUT¶

Type: int()

Default: 300

Timeout for HTTP requests to reportserver.

SECURITY_ADMIN_ROLES¶

Type: list(str())

Default: []

Roles which are allowed to view the database query and configuration yaml behind a preset.

SECURITY_ALLROWS_ROLES¶

Type: list(str())

Default: []

Roles which are allowed to view the whole explorer table (i.e. without rowfilter).

SECURITY_GROUP_MANAGEMENT_ROLES¶

Type: list(str())

Default: []

Roles which are allowed to create and manage presets of user group.

SECURITY_JWT_CONTENT_ALGORITHM¶

Type: str()

Default: A256CBC-HS512

Encryption algorithm used by JWT for the content.

SECURITY_JWT_KEY_ALGORITHM¶

Type: str()

Default: A256KW

Encryption algorithm used by JWT for the key.

SECURITY_JWT_KEY_ID¶

Type: str()

Default: default

Key id to to select when security_jwt_secret points to a keyset

SECURITY_JWT_LEEWAY¶

Type: int()

Default: 100

Leeway before and after the current time that the JWT token is valid.

SECURITY_JWT_REQUIRED_CLAIMS¶

Type: list()

Default: ['exp', 'iat', 'nbf', 'sub']

Claims which must be present in the JWT token, or it will be rejected. Beware that for some identity providers Explorer requires certain claims (e.g., MGRID requires the sub claim).

SECURITY_JWT_SECRET¶

Type: password()

Default: override_me

Secret key, file or url for signing the JWT token.

SECURITY_JWT_TIMEOUT¶

Type: int()

Default: 1000

The JWT token is not valid if the exp or iat claim is later than the current time plus the timeout.

SECURITY_PII_ROLES¶

Type: list(str())

Default: []

Roles which are allowed to see personally identifiable information (PII).

SECURITY_PLATFORM_USER¶

Type: str()

Default: system:platform

The value of the JWT subject used between Dashboard and Explorer.

SECURITY_PRESET_MANAGEMENT_ROLES¶

Type: list(str())

Default: []

Roles which are allowed to create and manage presets of a whole schema.

SERVER_NAME¶

Type: any(domain(), null())

Default: None

Name of the server.