3. Configuration¶
- ACCOUNT_CGM_SCHEMA¶
Type:
str()
Default:
override_me
Schema for the CGM account service.
- ACCOUNT_PORTAVITA_SCHEMA¶
Type:
str()
Default:
override_me
Schema for the Portavita account service.
- BABEL_DEFAULT_LOCALE¶
Type:
enum('da', 'de', 'en', 'nl', 'ru')
Default:
en
Locale to be used by the application.
- BABEL_DEFAULT_TIMEZONE¶
Type:
str()
Default:
UTC
The timezone to be used for user facing dates.
- BABEL_TRANSLATION_DIRECTORIES¶
Type:
path()
Default:
/opt/mgrid/explorer/locale
A semi-colon (;) separated string of absolute and relative (to the app root) paths to translation folders.
- CACHE_PLATFORM_API_BACKEND¶
Type:
str()
Default:
dogpile.cache.memory
The name of the backend to use for the platform API cache. See https://dogpilecache.sqlalchemy.org/en/latest/api.html#module-dogpile.cache.backends.memory
- CACHE_PLATFORM_API_BACKEND_ARGUMENTS¶
Type:
map()
Default:
{}
Backend-specific arguments.
- CACHE_PLATFORM_API_ENABLED¶
Type:
bool()
Default:
False
Enable or disable the platform API cache.
- CACHE_PLATFORM_API_EXPIRE¶
Type:
int()
Default:
3600
Maximum age in seconds of items in the platform API cache.
- CACHE_PLATFORM_API_MAX_BYTE_LIMIT¶
Type:
int()
Default:
0
Maximum number of result bytes allowed for caching. For unlimited, set to
0
(default).
- CACHE_SHORT_TERM_BACKEND¶
Type:
str()
Default:
dogpile.cache.memory
The name of the backend to use for the short term cache. See https://dogpilecache.sqlalchemy.org/en/latest/api.html#module-dogpile.cache.backends.memory
- CACHE_SHORT_TERM_BACKEND_ARGUMENTS¶
Type:
map()
Default:
{}
Backend-specific arguments.
- CACHE_SHORT_TERM_ENABLED¶
Type:
bool()
Default:
True
Enable or disable the short term cache.
- CACHE_SHORT_TERM_EXPIRE¶
Type:
int()
Default:
3600
Maximum age in seconds of items in the short term cache.
- CACHE_UI_API_EXPIRE¶
Type:
int()
Default:
3600
Maximum time in seconds to cache data from the UI API.
- DBPOOL_DATABASE¶
Type:
str()
Default:
override_me
The name of the datamart database.
- DBPOOL_HOST¶
Type:
str()
Default:
override_me
The hostname of the datamart database.
- DBPOOL_MAXCONNS¶
Type:
int()
Default:
5
Maximum number of connections in the DWH database pool.
- DBPOOL_MINCONNS¶
Type:
int()
Default:
1
Number of connections that are created automatically in the datamart database pool.
- DBPOOL_PASSWORD¶
Type:
password()
Default:
override_me
The password of the DWH database.
- DBPOOL_PORT¶
Type:
int()
Default:
5432
The port of the DWH database.
- DBPOOL_USER¶
Type:
str()
Default:
override_me
The username of the DWH database.
- EXPLORER_ACTION_COLUMN¶
Type:
any(null(), str())
Default:
None
Name of the column which value is used to call the action function.
- EXPLORER_ACTION_FUNCTION¶
Type:
any(null(), str())
Default:
None
Name of the JavaScript function that is called when the user clicks a row in the table.
- EXPLORER_APPLICATIONS¶
Type:
list()
Default:
[]
Applications in the navigation header. An example: - id: dashboard type: dashboard name: Dashboard url: “https://dashboard.example.com#/dashboard” local: False - id: presets type: presets name: Presets url: “https://dashboard.example.com#/presets” local: False - id: patient-explorer type: explorer name: Patient Explorer url: “https://explorer1.example.com/table” local: True - id: activity-explorer type: explorer name: Activity Explorer url: “https://explorer2.example.com/table” local: False - id: reports type: reports name: Reports url: “https://explorer1.example.com/report” local: True
- EXPLORER_BASE_URL¶
Type:
url()
Default:
https://explorer.example.com
The base URL of the application.
- EXPLORER_CERTIFICATE¶
Type:
path()
Default:
/etc/mgrid/explorer/reportserver.client.crt
Certificate for connecting with the Reportserver.
- EXPLORER_CONFIG_DIRECTORY¶
Type:
path()
Default:
/etc/mgrid/explorer/config
Directory where the configuration (filters, presets, projections, reports) is loaded from.
- EXPLORER_DOWNLOAD_POT_ENABLED¶
Type:
bool()
Default:
False
Enable or disable the ability to download translation files.
- EXPLORER_FAVICON¶
Type:
str()
Default:
mgrid-favicon.png
Location of the favicon image. May be a relative path, e.g.
/static/images/mgrid-favicon.png
if the favicon is present in the Explorer Docker image, or an absolute URL, e.g.https://explorer.example.com/favicon.png
. In the case of an absolute URL, make sure that the CORS settings of the nginx proxy in the Docker image allow this URL.
- EXPLORER_FILE_CSV¶
Type:
str()
Default:
patients
Prefix of the filename that is used for CSV download.
- EXPLORER_FILE_DECIMAL_SEPARATOR¶
Type:
str()
Default:
,
Decimal separator that is used for CSV and TAB downloads.
- EXPLORER_FILE_INCLUDE_UTF8_BOM¶
Type:
bool()
Default:
False
Include byte order mark (BOM) on UTF-8 export (utf-8-sig encoding). This is typically used for Microsoft-based systems.
- EXPLORER_FILE_JSON¶
Type:
str()
Default:
patients
Prefix of the filename that is used for JSON download.
- EXPLORER_FILE_TAB¶
Type:
str()
Default:
patients
Prefix of the filename that is used for TAB download.
- EXPLORER_LOGIN_EXPIRE¶
Type:
int()
Default:
86400
Expiry in seconds when logged in.
- EXPLORER_LOGO¶
Type:
str()
Default:
cgm-logo.png
Location of the logo image for the UI. May be a relative path, e.g.
/static/images/mgrid_logo.svg
if the logo is present in the Explorer Docker image, or an absolute URL, e.g.https://explorer.example.com/logo.png
. In the case of an absolute URL, make sure that the CORS settings of the nginx proxy in the Docker image allow this URL.
- EXPLORER_PRIVATE_KEY¶
Type:
path()
Default:
/etc/mgrid/explorer/reportserver.client.key
Private key of the certificate for connecting with the Reportserver.
- EXPLORER_REPORT_DISPLAY_TARGET¶
Type:
str()
Default:
_blank
Browser display target when opening a report.
- EXPLORER_REPORTS_ENABLED¶
Type:
bool()
Default:
True
Enable or disable the reports tab.
- EXPLORER_REPORTS_CA_CERT¶
Type:
path()
Default:
/etc/mgrid/explorer/reportserver.serverca.crt
Certificate of the Reportserver CA.
- EXPLORER_REPORTSERVER_URL¶
Type:
url()
Default:
https://reportserver.example.com
URL of the Reportserver.
- EXPLORER_SEARCHBAR_ENABLED¶
Type:
bool()
Default:
True
Enable or disable searching for presets in the UI.
- EXPLORER_TABLENAME¶
Type:
str()
Default:
explorer
The name of the table where data for a particular user is located.
- EXPLORER_META_TABLENAME¶
Type:
str()
Default:
datamart_meta
The name of the table where metadata about the data table is stored. (e.g. last update time)
- EXPLORER_TITLE¶
Type:
str()
Default:
Patient Explorer
Title of the application, shown in the UI and in the browser tab.
- HOST¶
Type:
ip()
Default:
127.0.0.1
IP address the server binds to.
- LOGGING_CONFIG_FILE¶
Type:
path()
Default:
/etc/mgrid/explorer/logging.ini
Path to the Python logging config file.
- METRICS_PORT¶
Type:
int()
Default:
8000
IP port the metrics server binds to.
- NUMBER_FORMAT_LOCALE¶
Type:
enum('da', 'de', 'en', 'nl', 'ru')
Default:
en
Locale for formatting numbers.
- OIDC_ACCESS_TOKEN_URL¶
Type:
url()
Default:
https://authprov.example.com/oauth/token
Access token URL for OpenID Connect.
- OIDC_APPLICATION_NAME¶
Type:
str()
Default:
explorer
Application name for OpenID Connect.
- OIDC_AUTHORIZE_URL¶
Type:
url()
Default:
https://authprov.example.com/oauth/authorize
Authorize URL for OpenID Connect.
- OIDC_BASE_URL¶
Type:
url()
Default:
https://authprov.example.com
Base URL for OpenID Connect.
- OIDC_CLIENT_ID¶
Type:
str()
Default:
override_me
Client identifier for OpenID Connect.
- OIDC_CLIENT_SECRET¶
Type:
password()
Default:
override_me
Client secret for OpenID Connect.
- OIDC_CLIENT_AUTH_METHOD¶
Type:
enum('client_secret_post', 'client_secret_basic')
Default:
client_secret_post
Client authentication method for OpenID Connect.
- OIDC_INTROSPECT_URL¶
Type:
url()
Default:
https://authprov.example.com/oauth/introspect
Introspect URL for OpenID Connect (OAuth2 RFC7662).
- OIDC_LOGOUT_REDIRECT_URL¶
Type:
url()
Default:
https://authprov.example.com/logout
Redirect URL after logging out with OpenID Connect.
- OIDC_PROVIDER_DOMAINS¶
Type:
list(str())
Default:
['override_me']
Provider domains for OpenID Connect.
- OIDC_PROVIDER_NAME¶
Type:
str()
Default:
MGRID
Provider name for OpenID Connect.
- OIDC_REDIRECT_URL¶
Type:
url()
Default:
https://explorer.example.com/oauth/redirect
Redirect URL after logging in with OpenID Connect.
- OIDC_SCOPE¶
Type:
str()
Default:
openid organization roles session
Scope for OpenID Connect.
- OIDC_USERINFO_URL¶
Type:
url()
Default:
https://authprov.example.com/userinfo
Userinfo URL for OpenID Connect.
- OIDC_USERINFO_PUBLICKEY¶
Type:
any(null(), password())
Default:
None
Path to public key file or JWK of the OpenID Connect userinfo signature (JWS).
- ORM_ENGINE_CONFIG¶
Type:
map()
Default:
{'max_overflow': 10, 'pool_pre_ping': True, 'pool_recycle': -1, 'pool_reset_on_return': 'rollback', 'pool_size': 5, 'pool_timeout': 30}
Configuration to pass to the engine creation function. https://docs.sqlalchemy.org/en/20/core/engines.html#sqlalchemy.engine_from_config
- ORM_SCHEMA¶
Type:
str()
Default:
public
The schema for the ORM of the explorer instance. Adjust for multiple explorer use.
- PERMANENT_SESSION_LIFETIME¶
Type:
int()
Default:
86400
# Maximum number of seconds which a newly issued cookie will be considered valid. # After this amount of time, the cookie will expire (effectively logging the user out).
- PLATFORM_API_DATABASE_FETCH_SIZE¶
Type:
int()
Default:
100
Number of records (rows) to fetch at a time when returning results. Affects the memory requirements when returning results.
- PLATFORM_DOMAIN¶
Type:
domain()
Default:
example.com
Domain of the platform.
- PORT¶
Type:
int()
Default:
5000
IP port the server binds to.
- REQUESTS_AUTH_TIMEOUT¶
Type:
int()
Default:
5
Timeout for HTTP requests to fetch JWT keys and introspect tokens.
- REQUESTS_REPORTSERVER_TIMEOUT¶
Type:
int()
Default:
300
Timeout for HTTP requests to reportserver.
- SECRET_KEY¶
Type:
password()
Default:
override_me
# The secret used for session cookie signing.
- SECURITY_ADMIN_ROLES¶
Type:
list(str())
Default:
[]
Roles which are allowed to change configuration using the configadmin page.
- SECURITY_AUTH_METHOD¶
Type:
enum('headless-jwt', 'oidc', 'password')
Default:
password
Authenticationm method for the application.
- SECURITY_ALLROWS_ROLES¶
Type:
list(str())
Default:
[]
Roles which are allowed to view the whole explorer table (i.e. without rowfilter).
- SECURITY_GROUP_MANAGEMENT_ROLES¶
Type:
list(str())
Default:
[]
Roles which are allowed to create and manage presets of user group.
- SECURITY_JWT_CONTENT_ALGORITHM¶
Type:
str()
Default:
A256CBC-HS512
Encryption algorithm used by JWT for the content.
- SECURITY_JWT_KEY_ALGORITHM¶
Type:
str()
Default:
A256KW
Encryption algorithm used by JWT for the key.
- SECURITY_JWT_KEY_ID¶
Type:
str()
Default:
default
Key id to to select when security_jwt_secret points to a keyset
- SECURITY_JWT_LEEWAY¶
Type:
int()
Default:
100
Leeway before and after the current time that the JWT token is valid.
- SECURITY_JWT_REQUIRED_CLAIMS¶
Type:
list()
Default:
['exp', 'iat', 'nbf', 'sub']
Claims which must be present in the JWT token, or it will be rejected. Beware that for some identity providers Explorer requires certain claims (e.g., MGRID requires the
sub
claim).
- SECURITY_JWT_SECRET¶
Type:
password()
Default:
override_me
Secret key, file or url for signing the JWT token.
- SECURITY_JWT_TIMEOUT¶
Type:
int()
Default:
1000
The JWT token is not valid if the exp or iat claim is later than the current time plus the timeout.
- SECURITY_PEPPER¶
Type:
password()
Default:
override_me
Application-wide value added to the password before hashing.
- SECURITY_PII_ROLES¶
Type:
list(str())
Default:
[]
Roles which are allowed to see personally identifiable information (PII).
- SECURITY_PLATFORM_USER¶
Type:
str()
Default:
system:platform
The value of the JWT subject used between Dashboard and Explorer.
- SECURITY_PRESET_MANAGEMENT_ROLES¶
Type:
list(str())
Default:
[]
Roles which are allowed to create and manage presets of a whole schema.
- SECURITY_SSL_VERIFY¶
Type:
bool()
Default:
True
Verify SSL certificate during authentication.
- SERVER_NAME¶
Type:
any(domain(), null())
Default:
None
Name of the server.
- SESSION_COOKIE_HTTPONLY¶
Type:
bool()
Default:
True
# Enable or disable hiding cookie from JavaScript by setting the HttpOnly flag. # Not honored by all browsers.
- SESSION_COOKIE_NAME¶
Type:
str()
Default:
__host-explorer-session
Name of the session cookie.
- SESSION_COOKIE_PATH¶
Type:
str()
Default:
/
The path that the session cookie will be valid for.
- SESSION_COOKIE_SAMESITE¶
Type:
enum('None', 'Lax', 'Strict')
Default:
Lax
Restricts how cookies are sent with requests from external sites.
- SESSION_COOKIE_SECURE¶
Type:
bool()
Default:
True
Enable or disable sending the cookie only over a secure connection.
- SESSION_FILE_DIR¶
Type:
path()
Default:
/tmp/flask_session
The directory where session files are stored.
- SESSION_FILE_MODE¶
Type:
int()
Default:
384
The file mode used for session files, e.g. 640.
- SESSION_KEY_PREFIX¶
Type:
str()
Default:
session:
A prefix that is added to cache store keys.
- SESSION_FILE_THRESHOLD¶
Type:
int()
Default:
500
The maximum number of items the session stores before it starts deleting some.
- SESSION_PERMANENT¶
Type:
bool()
Default:
False
Enable or disable permanent sessions.
- SESSION_SERIALIZATION_FORMAT¶
Type:
enum('json', 'msgpack')
Default:
json
The serialization format to use for the session data.
- SESSION_SID_LENGTH¶
Type:
int()
Default:
32
The length of the generated session id in bytes.
- SESSION_TYPE¶
Type:
enum('null', 'filesystem', 'sqlalchemy')
Default:
filesystem
Specifies which type of session interface to use.
- SESSION_USE_SIGNER¶
Type:
bool()
Default:
True
Enable or disable signing of id cookie.
- WHITE_LABEL¶
Type:
bool()
Default:
False
Hide MGRID name and link to data protection statement when true.