Administrator Guide
*******************

This document describes configuration of WaiverDB server.


Authentication
==============

Option "AUTH_METHOD" is name of authentication method. This can be
“OIDC”, “Kerberos” or “SSL”.

Note: Special name “dummy”, used in development, authorizes any
  user.


Waive Permission
================

If "PERMISSION_MAPPING" option is unset, anyone is able to waive any
test result.

If the option is set, it describes which users and groups can waive
which test cases. It is a mapping from test case name pattern to dict
with user and group lists.

LDAP needs to be properly configured (i.e. options "LDAP_HOST" and
"LDAP_BASE").

   PERMISSION_MAPPING = {
     "^kernel-qe\.": {
         "groups": ["devel", "qa"],
         "users": []
     },
     "": {"groups": ["waiverdb-admins"], "users": []},
   }
   LDAP_HOST = 'ldap://ldap.example.com'
   LDAP_BASE = 'ou=Groups,dc=example,dc=com'

Option "SUPERUSERS" is a list of users who can waive results in place
of other users (which still require to have the permission). The
superuser name is then stored in the waiver under "proxied_by" field.

You can list the current permission mapping and list of superusers
with "GET /api/v1.0/config".


Waive from Web UI
=================

WaiverDB uses flask-cors to enable CORS. This allows web browsers to
tell which web sites can safely waive.

There are couple of important flask-cors options.

Option "CORS_ORIGINS" is a list of origins (it can be also string, a
single origin). This default to "*" which means all origins. The can
also contain regular expressions to match origins.

Option "CORS_SUPPORTS_CREDENTIALS", if set to "True", allows users to
make authenticated requests.

   CORS_ORIGINS = [
       "https://bodhi.fedoraproject.org",
       "https://dashboard.example.com",
   ]
   CORS_SUPPORTS_CREDENTIALS = True

Deprecated option "CORS_URL" overrides "CORS_ORIGINS".
