Refactor Settings object

DiamondJoseph · DiamondJoseph · commit 2df58a517f1b · 2025-03-14T15:59:23.000Z
diff --git a/docs/source/explanations/security.md b/docs/source/explanations/security.md
@@ -169,18 +169,13 @@ using a username and password. It requires one additional dependency:
 pip install pamela
 ```
 
-The configuration file(s) should include:
-
-```yaml
-authenticator: tiled.authenticators:PAMAuthenticator
-```
-
 Here is a complete working example:
 
 ```yaml
 # pam_config.yml
-providers:
-  - authenticator: tiled.authenticators:PAMAuthenticator
+authenticators:
+  - authenticator:
+      type: tiled.authenticators:PAMAuthenticator
     # This 'provider' can be any string; it is used to differentiate
     # authentication providers when multiple ones are supported.
     provider: local
@@ -243,10 +238,10 @@ pip install httpx
 The configuration file(s) must include the following.
 
 ```yaml
-providers:
+authenticators:
 - provider: example.com
-  authenticator: tiled.authenticators:OIDCAuthenticator
-  args:
+  authenticator:
+    type: tiled.authenticators:OIDCAuthenticator
     # Values should come from your OIDC provider configuration
     # The audience claim is checked by the OIDC Client (Tiled)
     # It checks that the Authentication header that you are passed has not been intercepted
@@ -273,10 +268,10 @@ should only for used for development and demos.
 
 ```yaml
 # dictionary_config.yml
-providers:
+authenticators:
 - provider: toy
-  authenticator: tiled.authenticators:DictionaryAuthenticator
-  args:
+  authenticator:
+    type: tiled.authenticators:DictionaryAuthenticator
     users_to_passwords:
       alice: ${ALICE_PASSWORD}
       bob: ${BOB_PASSWORD}
@@ -294,9 +289,10 @@ The ``DummyAuthenticator`` accepts *any* username and password combination.
 
 ```yaml
 # dummy_config.yml
-providers:
+authenticators:
 - provider: toy
-  authenticator: tiled.authenticators:DummyAuthenticator
+  authenticator:
+    type: tiled.authenticators:DummyAuthenticator
 trees:
   - path: /
     tree: tiled.examples.generated_minimal:tree
diff --git a/example_configs/google_auth.yml b/example_configs/google_auth.yml
@@ -1,8 +1,8 @@
 # Must set environment variables GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET to run.
-providers:
+authenticators:
 - provider: google
-  authenticator: tiled.authenticators:OIDCAuthenticator
-  args:
+  authenticator:
+    type: tiled.authenticators:OIDCAuthenticator
     audience: tiled  # something unique to ensure received headers are for you
     # These values come from https://console.cloud.google.com/apis/credential
     client_id: ${GOOGLE_CLIENT_ID}
diff --git a/example_configs/multiple_providers.yml b/example_configs/multiple_providers.yml
@@ -1,21 +1,21 @@
-providers:
+authenticators:
 - provider: one
-  authenticator: tiled.authenticators:DictionaryAuthenticator
-  args:
+  authenticator:
+    type: tiled.authenticators:DictionaryAuthenticator
     users_to_passwords:
       alice: ${ALICE_PASSWORD}
       bob: ${BOB_PASSWORD}
       cara: ${CARA_PASSWORD}
 - provider: two
-  authenticator: tiled.authenticators:DictionaryAuthenticator
-  args:
+  authenticator:
+    type: tiled.authenticators:DictionaryAuthenticator
     users_to_passwords:
       alice: ${ALICE_PASSWORD}
       bob: ${BOB_PASSWORD}
       cara: ${CARA_PASSWORD}
 - provider: three
-  authenticator: tiled.authenticators:DictionaryAuthenticator
-  args:
+  authenticator:
+    type: tiled.authenticators:DictionaryAuthenticator
     users_to_passwords:
       alice: ${ALICE_PASSWORD}
       bob: ${BOB_PASSWORD}
diff --git a/example_configs/orcid_auth.yml b/example_configs/orcid_auth.yml
@@ -1,8 +1,8 @@
 # Must set environment variables ORCID_CLIENT_ID and ORCID_CLIENT_SECRET to run.
-providers:
+authenticators:
 - provider: orcid
-  authenticator: tiled.authenticators:OIDCAuthenticator
-  args:
+  authenticator:
+    type: tiled.authenticators:OIDCAuthenticator
     audience: tiled  # something unique to ensure received headers are for you
     # These values come from https://orcid.org/developer-tools
     client_id: ${ORCID_CLIENT_ID}
diff --git a/example_configs/saml.yml b/example_configs/saml.yml
@@ -1,10 +1,10 @@
 # Use this configuration with this demo docker container as the idp.
 
 # docker run --name=testsamlidp_idp -p 8080:8080 -p 8443:8443 -e SIMPLESAMLPHP_SP_ENTITY_ID=http://localhost:8000 -e SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE=http://localhost:8000/auth/provider/saml/code -e SIMPLESAMLPHP_SP_SINGLE_LOGOUT_SERVICE=http://localhost:8000/ -d kristophjunge/test-saml-idp
-providers:
+authenticators:
 - provider: saml
-  authenticator: tiled.authenticators:SAMLAuthenticator
-  args:
+  authenticator:
+    type: tiled.authenticators:SAMLAuthenticator
     attribute_name: "email"
     saml_settings:
       strict: False
diff --git a/example_configs/simple_oidc/config.yml b/example_configs/simple_oidc/config.yml
@@ -4,16 +4,15 @@
 # - OIDC_BASE_URL (e.g. http://localhost:9000)
 # and update 'public_keys' section below to match values at http://localhost:9000/certs
 #
-authentication:
-  providers:
-  - provider: simple_oidc
-    authenticator: tiled.authenticators:OIDCAuthenticator
-    args:
-      audience: ${OIDC_CLIENT_ID}
-      client_id: ${OIDC_CLIENT_ID}
-      client_secret: ${OIDC_CLIENT_SECRET}
-      well_known_uri: "${OIDC_BASE_URL}/.well-known/openid-configuration"
-      confirmation_message: "You have logged in with Simple OIDC as {id}."
+authenticators:
+- provider: simple_oidc
+  authenticator:
+    type: tiled.authenticators:OIDCAuthenticator
+    audience: ${OIDC_CLIENT_ID}
+    client_id: ${OIDC_CLIENT_ID}
+    client_secret: ${OIDC_CLIENT_SECRET}
+    well_known_uri: "${OIDC_BASE_URL}/.well-known/openid-configuration"
+    confirmation_message: "You have logged in with Simple OIDC as {id}."
 trees:
  # Just some arbitrary example data...
  # The point of this example is the authenticaiton above.
diff --git a/example_configs/toy_authentication.yml b/example_configs/toy_authentication.yml
@@ -1,7 +1,7 @@
-providers:
+authenticators:
 - provider: toy
-  authenticator: tiled.authenticators:DictionaryAuthenticator
-  args:
+  authenticator:
+    type: tiled.authenticators:DictionaryAuthenticator
     users_to_passwords:
       alice: ${ALICE_PASSWORD}
       bob: ${BOB_PASSWORD}
diff --git a/tiled/_tests/test_access_control.py b/tiled/_tests/test_access_control.py
@@ -79,13 +79,13 @@ def context(tmpdir_module):
         "authenticators": [
             {
                 "provider": "toy",
-                "authenticator": "tiled.authenticators:DictionaryAuthenticator",
-                "args": {
+                "authenticator": {
+                    "type": "tiled.authenticators:DictionaryAuthenticator",
                     "users_to_passwords": {
                         "alice": "secret1",
                         "bob": "secret2",
                         "admin": "admin",
-                    }
+                    },
                 },
             }
         ],
@@ -358,11 +358,11 @@ def test_service_principal_access(tmpdir):
         "authenticators": [
             {
                 "provider": "toy",
-                "authenticator": "tiled.authenticators:DictionaryAuthenticator",
-                "args": {
+                "authenticator": {
+                    "type": "tiled.authenticators:DictionaryAuthenticator",
                     "users_to_passwords": {
                         "admin": "admin",
-                    }
+                    },
                 },
             }
         ],
diff --git a/tiled/_tests/test_authentication.py b/tiled/_tests/test_authentication.py
@@ -43,8 +43,10 @@ def config(sqlite_or_postgresql_database_uri):
         "authenticators": [
             {
                 "provider": "toy",
-                "authenticator": "tiled.authenticators:DictionaryAuthenticator",
-                "args": {"users_to_passwords": {"alice": "secret1", "bob": "secret2"}},
+                "authenticator": {
+                    "type": "tiled.authenticators:DictionaryAuthenticator",
+                    "users_to_passwords": {"alice": "secret1", "bob": "secret2"},
+                },
             }
         ],
         "database": {
@@ -260,15 +262,17 @@ def test_multiple_providers(enter_username_password, config, monkeypatch):
         [
             {
                 "provider": "second",
-                "authenticator": "tiled.authenticators:DictionaryAuthenticator",
-                "args": {"users_to_passwords": {"cara": "secret3", "doug": "secret4"}},
+                "authenticator": {
+                    "type": "tiled.authenticators:DictionaryAuthenticator",
+                    "users_to_passwords": {"cara": "secret3", "doug": "secret4"},
+                },
             },
             {
                 "provider": "third",
-                "authenticator": "tiled.authenticators:DictionaryAuthenticator",
-                "args": {
+                "authenticator": {
+                    "type": "tiled.authenticators:DictionaryAuthenticator",
                     # Duplicate 'cara' username.
-                    "users_to_passwords": {"cara": "secret5", "emilia": "secret6"}
+                    "users_to_passwords": {"cara": "secret5", "emilia": "secret6"},
                 },
             },
         ],
@@ -292,15 +296,17 @@ def test_multiple_providers_name_collision(config):
     config["authenticators"] = [
         {
             "provider": "some_name",
-            "authenticator": "tiled.authenticators:DictionaryAuthenticator",
-            "args": {"users_to_passwords": {"cara": "secret3", "doug": "secret4"}},
+            "authenticator": {
+                "type": "tiled.authenticators:DictionaryAuthenticator",
+                "users_to_passwords": {"cara": "secret3", "doug": "secret4"},
+            },
         },
         {
             "provider": "some_name",  # duplicate!
-            "authenticator": "tiled.authenticators:DictionaryAuthenticator",
-            "args": {
+            "authenticator": {
+                "type": "tiled.authenticators:DictionaryAuthenticator",
                 # Duplicate 'cara' username.
-                "users_to_passwords": {"cara": "secret5", "emilia": "secret6"}
+                "users_to_passwords": {"cara": "secret5", "emilia": "secret6"},
             },
         },
     ]
diff --git a/tiled/_tests/test_catalog.py b/tiled/_tests/test_catalog.py
@@ -375,13 +375,13 @@ async def test_access_control(tmpdir):
         "authenticators": [
             {
                 "provider": "toy",
-                "authenticator": "tiled.authenticators:DictionaryAuthenticator",
-                "args": {
+                "authenticator": {
+                    "type": "tiled.authenticators:DictionaryAuthenticator",
                     "users_to_passwords": {
                         "alice": "secret1",
                         "bob": "secret2",
                         "admin": "admin",
-                    }
+                    },
                 },
             }
         ],
diff --git a/tiled/_tests/test_configs/config_missing_secret_keys.yml b/tiled/_tests/test_configs/config_missing_secret_keys.yml
@@ -7,8 +7,8 @@ uvicorn:
   port: 8000
 providers:
 - provider: test
-  authenticator: tiled.authenticators:DictionaryAuthenticator
-  args:
+  authenticator:
+    type: tiled.authenticators:DictionaryAuthenticator
     users_to_passwords:
       alice: secret1
       bob: secret2
diff --git a/tiled/_tests/test_configs/config_missing_secret_keys_public.yml b/tiled/_tests/test_configs/config_missing_secret_keys_public.yml
@@ -10,8 +10,8 @@ database:
 allow_anonymous_access: true
 providers:
 - provider: test
-  authenticator: tiled.authenticators:DictionaryAuthenticator
-  args:
+  authenticator:
+    type: tiled.authenticators:DictionaryAuthenticator
     users_to_passwords:
       alice: secret1
       bob: secret2
diff --git a/tiled/_tests/test_configs/config_with_secret_keys.yml b/tiled/_tests/test_configs/config_with_secret_keys.yml
@@ -10,8 +10,8 @@ database:
 allow_anonymous_access: true
 providers:
 - provider: test
-  authenticator: tiled.authenticators:DictionaryAuthenticator
-  args:
+  authenticator:
+    type: tiled.authenticators:DictionaryAuthenticator
     users_to_passwords:
       alice: PASSWORD
 secret_keys:
diff --git a/tiled/_tests/test_openapi.py b/tiled/_tests/test_openapi.py
@@ -12,8 +12,10 @@
     "authenticators": [
         {
             "provider": "toy",
-            "authenticator": "tiled.authenticators:DictionaryAuthenticator",
-            "args": {"users_to_passwords": {"alice": "secret1", "bob": "secret2"}},
+            "authenticator": {
+                "type": "tiled.authenticators:DictionaryAuthenticator",
+                "users_to_passwords": {"alice": "secret1", "bob": "secret2"},
+            },
         }
     ],
     "trees": [
diff --git a/tiled/_tests/test_scaled_config_option.py b/tiled/_tests/test_scaled_config_option.py
@@ -5,10 +5,10 @@
 
 import pytest
 
-from tiled.server.settings import Settings
+from tiled.server.settings import Settings, UnscalableConfig
 
 from ..config import parse_configs
-from ..server.app import UnscalableConfig, build_app
+from ..server.app import build_app
 
 here = Path(__file__).parent.absolute()
 
diff --git a/tiled/_tests/test_server.py b/tiled/_tests/test_server.py
@@ -92,8 +92,10 @@ def multiuser_server(tmpdir):
         "authenticators": [
             {
                 "provider": "toy",
-                "authenticator": "tiled.authenticators:DictionaryAuthenticator",
-                "args": {"users_to_passwords": {"alice": "secret1", "bob": "secret2"}},
+                "authenticator": {
+                    "type": "tiled.authenticators:DictionaryAuthenticator",
+                    "users_to_passwords": {"alice": "secret1", "bob": "secret2"},
+                },
             }
         ],
         "database": {
diff --git a/tiled/authenticators.py b/tiled/authenticators.py
diff --git a/tiled/schemas.py b/tiled/schemas.py
diff --git a/tiled/server/app.py b/tiled/server/app.py
diff --git a/tiled/server/protocols.py b/tiled/server/protocols.py
diff --git a/tiled/server/router.py b/tiled/server/router.py
diff --git a/tiled/server/settings.py b/tiled/server/settings.py
