mirror of https://github.com/zulip/zulip.git
settings: Extract config file functions to a module.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
This commit is contained in:
Anders Kaseorg
Tim Abbott
parent
8e88e2ce15
commit
93b1c3d94b
|
|
@ -20,7 +20,7 @@ from zerver.lib.utils import generate_random_token
|
|||
from zerver.models import Realm, UserProfile, RealmAuditLog
|
||||
from corporate.models import Customer, CustomerPlan, LicenseLedger, \
|
||||
get_current_plan
|
||||
from zproject.settings import get_secret
|
||||
from zproject.config import get_secret
|
||||
|
||||
STRIPE_PUBLISHABLE_KEY = get_secret('stripe_publishable_key')
|
||||
stripe.api_key = get_secret('stripe_secret_key')
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ The Vagrant setup process runs this for you.
|
|||
## Secrets
|
||||
|
||||
Please don't put any passwords, secret access keys, etc. inline in the
|
||||
code. Instead, use the `get_secret` function in `zproject/settings.py`
|
||||
code. Instead, use the `get_secret` function in `zproject/config.py`
|
||||
to read secrets from `/etc/zulip/secrets.conf`.
|
||||
|
||||
## Dangerous constructs
|
||||
|
|
|
|||
|
|
@ -0,0 +1,51 @@
|
|||
import os
|
||||
from typing import Optional, overload
|
||||
import configparser
|
||||
|
||||
DEPLOY_ROOT = os.path.realpath(os.path.dirname(os.path.dirname(__file__)))
|
||||
|
||||
config_file = configparser.RawConfigParser()
|
||||
config_file.read("/etc/zulip/zulip.conf")
|
||||
|
||||
# Whether this instance of Zulip is running in a production environment.
|
||||
PRODUCTION = config_file.has_option('machine', 'deploy_type')
|
||||
DEVELOPMENT = not PRODUCTION
|
||||
|
||||
secrets_file = configparser.RawConfigParser()
|
||||
if PRODUCTION:
|
||||
secrets_file.read("/etc/zulip/zulip-secrets.conf")
|
||||
else:
|
||||
secrets_file.read(os.path.join(DEPLOY_ROOT, "zproject/dev-secrets.conf"))
|
||||
|
||||
@overload
|
||||
def get_secret(key: str, default_value: str, development_only: bool=False) -> str:
|
||||
...
|
||||
@overload
|
||||
def get_secret(key: str, default_value: Optional[str]=None,
|
||||
development_only: bool=False) -> Optional[str]:
|
||||
...
|
||||
def get_secret(key: str, default_value: Optional[str]=None,
|
||||
development_only: bool=False) -> Optional[str]:
|
||||
if development_only and PRODUCTION:
|
||||
return default_value
|
||||
if secrets_file.has_option('secrets', key):
|
||||
return secrets_file.get('secrets', key)
|
||||
return default_value
|
||||
|
||||
@overload
|
||||
def get_config(section: str, key: str, default_value: str) -> str:
|
||||
...
|
||||
@overload
|
||||
def get_config(section: str, key: str, default_value: Optional[str]=None) -> Optional[str]:
|
||||
...
|
||||
def get_config(section: str, key: str, default_value: Optional[str]=None) -> Optional[str]:
|
||||
if config_file.has_option(section, key):
|
||||
return config_file.get(section, key)
|
||||
return default_value
|
||||
|
||||
def get_from_file_if_exists(path: str) -> str:
|
||||
if os.path.exists(path):
|
||||
with open(path, "r") as f:
|
||||
return f.read()
|
||||
else:
|
||||
return ''
|
||||
|
|
@ -14,8 +14,6 @@ from copy import deepcopy
|
|||
import os
|
||||
import time
|
||||
import sys
|
||||
from typing import Any, Optional
|
||||
import configparser
|
||||
|
||||
from zerver.lib.db import TimeTrackingConnection
|
||||
import zerver.lib.logging_util
|
||||
|
|
@ -24,40 +22,7 @@ import zerver.lib.logging_util
|
|||
# INITIAL SETTINGS
|
||||
########################################################################
|
||||
|
||||
DEPLOY_ROOT = os.path.realpath(os.path.dirname(os.path.dirname(__file__)))
|
||||
|
||||
config_file = configparser.RawConfigParser()
|
||||
config_file.read("/etc/zulip/zulip.conf")
|
||||
|
||||
# Whether this instance of Zulip is running in a production environment.
|
||||
PRODUCTION = config_file.has_option('machine', 'deploy_type')
|
||||
DEVELOPMENT = not PRODUCTION
|
||||
|
||||
secrets_file = configparser.RawConfigParser()
|
||||
if PRODUCTION:
|
||||
secrets_file.read("/etc/zulip/zulip-secrets.conf")
|
||||
else:
|
||||
secrets_file.read(os.path.join(DEPLOY_ROOT, "zproject/dev-secrets.conf"))
|
||||
|
||||
def get_secret(key: str, default_value: Optional[Any]=None,
|
||||
development_only: bool=False) -> Optional[Any]:
|
||||
if development_only and PRODUCTION:
|
||||
return default_value
|
||||
if secrets_file.has_option('secrets', key):
|
||||
return secrets_file.get('secrets', key)
|
||||
return default_value
|
||||
|
||||
def get_config(section: str, key: str, default_value: Optional[Any]=None) -> Optional[Any]:
|
||||
if config_file.has_option(section, key):
|
||||
return config_file.get(section, key)
|
||||
return default_value
|
||||
|
||||
def get_from_file_if_exists(path: str) -> str:
|
||||
if os.path.exists(path):
|
||||
with open(path, "r") as f:
|
||||
return f.read()
|
||||
else:
|
||||
return ''
|
||||
from .config import DEPLOY_ROOT, PRODUCTION, DEVELOPMENT, get_secret, get_config, get_from_file_if_exists
|
||||
|
||||
# Make this unique, and don't share it with anybody.
|
||||
SECRET_KEY = get_secret("secret_key")
|
||||
|
|
|
|||
Loading…
Reference in New Issue