2016-04-07 15:03:22 +02:00
|
|
|
#!/usr/bin/env python
|
2016-07-20 05:45:50 +02:00
|
|
|
# This tools generates /etc/zulip/zulip-secrets.conf
|
2013-10-25 19:35:24 +02:00
|
|
|
|
2015-11-01 17:11:06 +01:00
|
|
|
from __future__ import print_function
|
2017-01-24 06:36:39 +01:00
|
|
|
import sys
|
|
|
|
import os
|
|
|
|
import os.path
|
2016-06-25 17:07:13 +02:00
|
|
|
from os.path import dirname, abspath
|
2016-11-30 21:45:02 +01:00
|
|
|
if False:
|
2016-12-08 05:06:51 +01:00
|
|
|
from typing import Dict, Optional, Text
|
2016-06-25 17:07:13 +02:00
|
|
|
|
|
|
|
BASE_DIR = dirname(dirname(dirname(abspath(__file__))))
|
|
|
|
sys.path.append(BASE_DIR)
|
|
|
|
import scripts.lib.setup_path_on_import
|
2013-10-25 19:35:24 +02:00
|
|
|
|
|
|
|
os.environ['DJANGO_SETTINGS_MODULE'] = 'zproject.settings'
|
|
|
|
|
|
|
|
from django.utils.crypto import get_random_string
|
2016-06-20 14:00:27 +02:00
|
|
|
import six
|
2016-10-05 11:13:19 +02:00
|
|
|
import argparse
|
2016-10-28 00:04:05 +02:00
|
|
|
import uuid
|
2016-07-30 00:29:54 +02:00
|
|
|
from zerver.lib.str_utils import force_str
|
2013-10-25 19:35:24 +02:00
|
|
|
from zerver.lib.utils import generate_random_token
|
|
|
|
|
2013-11-14 14:59:33 +01:00
|
|
|
os.chdir(os.path.join(os.path.dirname(__file__), '..', '..'))
|
|
|
|
|
2013-11-10 16:04:24 +01:00
|
|
|
CAMO_CONFIG_FILENAME = '/etc/default/camo'
|
2013-10-25 19:35:24 +02:00
|
|
|
|
2015-08-20 08:15:21 +02:00
|
|
|
AUTOGENERATED_SETTINGS = ['shared_secret', 'avatar_salt', 'rabbitmq_password', 'local_database_password',
|
|
|
|
'initial_password_salt']
|
2013-10-25 19:35:24 +02:00
|
|
|
|
2016-07-31 08:29:21 +02:00
|
|
|
# TODO: We can eliminate this function if we refactor the install
|
|
|
|
# script to run generate_secrets before zulip-puppet-apply.
|
2013-10-25 19:35:24 +02:00
|
|
|
def generate_camo_config_file(camo_key):
|
2016-12-08 05:06:51 +01:00
|
|
|
# type: (Text) -> None
|
2013-10-25 19:35:24 +02:00
|
|
|
camo_config = """ENABLED=yes
|
|
|
|
PORT=9292
|
|
|
|
CAMO_KEY=%s
|
|
|
|
""" % (camo_key,)
|
|
|
|
with open(CAMO_CONFIG_FILENAME, 'w') as camo_file:
|
|
|
|
camo_file.write(camo_config)
|
2015-11-01 17:11:06 +01:00
|
|
|
print("Generated Camo config file %s" % (CAMO_CONFIG_FILENAME,))
|
2013-10-25 19:35:24 +02:00
|
|
|
|
|
|
|
def generate_django_secretkey():
|
2016-12-08 05:06:51 +01:00
|
|
|
# type: () -> Text
|
2016-07-30 00:29:54 +02:00
|
|
|
"""Secret key generation taken from Django's startproject.py"""
|
2013-10-25 19:35:24 +02:00
|
|
|
chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
|
|
|
|
return get_random_string(50, chars)
|
|
|
|
|
2016-06-20 14:00:27 +02:00
|
|
|
def get_old_conf(output_filename):
|
2017-03-03 23:15:18 +01:00
|
|
|
# type: (str) -> Dict[str, Text]
|
2016-06-20 14:00:27 +02:00
|
|
|
if not os.path.exists(output_filename):
|
|
|
|
return {}
|
|
|
|
|
2016-06-20 17:57:32 +02:00
|
|
|
secrets_file = six.moves.configparser.RawConfigParser() # type: ignore # https://github.com/python/typeshed/issues/307
|
2016-06-20 14:00:27 +02:00
|
|
|
secrets_file.read(output_filename)
|
|
|
|
|
|
|
|
def get_secret(key):
|
2017-03-03 23:15:18 +01:00
|
|
|
# type: (str) -> Optional[Text]
|
2016-06-20 14:00:27 +02:00
|
|
|
if secrets_file.has_option('secrets', key):
|
|
|
|
return secrets_file.get('secrets', key)
|
|
|
|
return None
|
|
|
|
|
|
|
|
fields = AUTOGENERATED_SETTINGS + ['secret_key', 'camo_key']
|
|
|
|
return {name: get_secret(name) for name in fields}
|
|
|
|
|
2015-08-20 08:15:21 +02:00
|
|
|
def generate_secrets(development=False):
|
2016-07-30 00:29:54 +02:00
|
|
|
# type: (bool) -> None
|
2015-08-21 01:46:52 +02:00
|
|
|
if development:
|
|
|
|
OUTPUT_SETTINGS_FILENAME = "zproject/dev-secrets.conf"
|
|
|
|
else:
|
|
|
|
OUTPUT_SETTINGS_FILENAME = "/etc/zulip/zulip-secrets.conf"
|
|
|
|
|
2016-07-30 00:29:54 +02:00
|
|
|
lines = [u'[secrets]\n']
|
2015-08-20 08:15:21 +02:00
|
|
|
|
|
|
|
def config_line(var, value):
|
2016-12-08 05:06:51 +01:00
|
|
|
# type: (Text, Text) -> Text
|
2015-08-20 08:15:21 +02:00
|
|
|
return "%s = %s\n" % (var, value)
|
|
|
|
|
2016-06-20 14:00:27 +02:00
|
|
|
old_conf = get_old_conf(OUTPUT_SETTINGS_FILENAME)
|
2015-08-20 08:15:21 +02:00
|
|
|
for name in AUTOGENERATED_SETTINGS:
|
2016-06-20 14:00:27 +02:00
|
|
|
lines.append(config_line(name, old_conf.get(name, generate_random_token(64))))
|
|
|
|
|
|
|
|
secret_key = old_conf.get('secret_key', generate_django_secretkey())
|
|
|
|
lines.append(config_line('secret_key', secret_key))
|
2015-08-20 08:15:21 +02:00
|
|
|
|
2016-06-20 14:00:27 +02:00
|
|
|
camo_key = old_conf.get('camo_key', get_random_string(64))
|
2015-08-20 08:15:21 +02:00
|
|
|
lines.append(config_line('camo_key', camo_key))
|
2016-06-20 14:00:27 +02:00
|
|
|
|
2016-10-28 00:04:05 +02:00
|
|
|
zulip_org_key = old_conf.get('zulip_org_key', get_random_string(64))
|
|
|
|
lines.append(config_line('zulip_org_key', zulip_org_key))
|
|
|
|
|
|
|
|
zulip_org_id = old_conf.get('zulip_org_id', str(uuid.uuid4()))
|
|
|
|
lines.append(config_line('zulip_org_id', zulip_org_id))
|
|
|
|
|
2015-08-20 08:15:21 +02:00
|
|
|
if not development:
|
|
|
|
# Write the Camo config file directly
|
|
|
|
generate_camo_config_file(camo_key)
|
|
|
|
|
2013-10-25 19:35:24 +02:00
|
|
|
out = open(OUTPUT_SETTINGS_FILENAME, 'w')
|
2016-07-30 00:29:54 +02:00
|
|
|
out.write(force_str("".join(lines)))
|
2013-10-25 19:35:24 +02:00
|
|
|
out.close()
|
|
|
|
|
2015-11-01 17:11:06 +01:00
|
|
|
print("Generated %s with auto-generated secrets!" % (OUTPUT_SETTINGS_FILENAME,))
|
2015-08-20 08:15:21 +02:00
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
|
2016-10-05 11:13:19 +02:00
|
|
|
parser = argparse.ArgumentParser()
|
|
|
|
group = parser.add_mutually_exclusive_group(required=True)
|
|
|
|
group.add_argument('--development', action='store_true', dest='development', help='For setting up the developer env for zulip')
|
|
|
|
group.add_argument('--production', action='store_false', dest='development', help='For setting up the production env for zulip')
|
|
|
|
results = parser.parse_args()
|
2015-08-20 08:15:21 +02:00
|
|
|
|
2016-10-05 11:13:19 +02:00
|
|
|
generate_secrets(results.development)
|