From 93b1c3d94b4c17715af56914a147d638b232b9bf Mon Sep 17 00:00:00 2001 From: Anders Kaseorg Date: Tue, 12 Nov 2019 16:11:56 -0800 Subject: [PATCH] settings: Extract config file functions to a module. Signed-off-by: Anders Kaseorg --- corporate/lib/stripe.py | 2 +- docs/contributing/code-style.md | 2 +- zproject/config.py | 51 +++++++++++++++++++++++++++++++++ zproject/settings.py | 37 +----------------------- 4 files changed, 54 insertions(+), 38 deletions(-) create mode 100644 zproject/config.py diff --git a/corporate/lib/stripe.py b/corporate/lib/stripe.py index ba48c41892..d6c2ed1647 100644 --- a/corporate/lib/stripe.py +++ b/corporate/lib/stripe.py @@ -20,7 +20,7 @@ from zerver.lib.utils import generate_random_token from zerver.models import Realm, UserProfile, RealmAuditLog from corporate.models import Customer, CustomerPlan, LicenseLedger, \ get_current_plan -from zproject.settings import get_secret +from zproject.config import get_secret STRIPE_PUBLISHABLE_KEY = get_secret('stripe_publishable_key') stripe.api_key = get_secret('stripe_secret_key') diff --git a/docs/contributing/code-style.md b/docs/contributing/code-style.md index 8f2c017555..c4f9d203a1 100644 --- a/docs/contributing/code-style.md +++ b/docs/contributing/code-style.md @@ -31,7 +31,7 @@ The Vagrant setup process runs this for you. ## Secrets Please don't put any passwords, secret access keys, etc. inline in the -code. Instead, use the `get_secret` function in `zproject/settings.py` +code. Instead, use the `get_secret` function in `zproject/config.py` to read secrets from `/etc/zulip/secrets.conf`. ## Dangerous constructs diff --git a/zproject/config.py b/zproject/config.py new file mode 100644 index 0000000000..bd9cdc75a7 --- /dev/null +++ b/zproject/config.py @@ -0,0 +1,51 @@ +import os +from typing import Optional, overload +import configparser + +DEPLOY_ROOT = os.path.realpath(os.path.dirname(os.path.dirname(__file__))) + +config_file = configparser.RawConfigParser() +config_file.read("/etc/zulip/zulip.conf") + +# Whether this instance of Zulip is running in a production environment. +PRODUCTION = config_file.has_option('machine', 'deploy_type') +DEVELOPMENT = not PRODUCTION + +secrets_file = configparser.RawConfigParser() +if PRODUCTION: + secrets_file.read("/etc/zulip/zulip-secrets.conf") +else: + secrets_file.read(os.path.join(DEPLOY_ROOT, "zproject/dev-secrets.conf")) + +@overload +def get_secret(key: str, default_value: str, development_only: bool=False) -> str: + ... +@overload +def get_secret(key: str, default_value: Optional[str]=None, + development_only: bool=False) -> Optional[str]: + ... +def get_secret(key: str, default_value: Optional[str]=None, + development_only: bool=False) -> Optional[str]: + if development_only and PRODUCTION: + return default_value + if secrets_file.has_option('secrets', key): + return secrets_file.get('secrets', key) + return default_value + +@overload +def get_config(section: str, key: str, default_value: str) -> str: + ... +@overload +def get_config(section: str, key: str, default_value: Optional[str]=None) -> Optional[str]: + ... +def get_config(section: str, key: str, default_value: Optional[str]=None) -> Optional[str]: + if config_file.has_option(section, key): + return config_file.get(section, key) + return default_value + +def get_from_file_if_exists(path: str) -> str: + if os.path.exists(path): + with open(path, "r") as f: + return f.read() + else: + return '' diff --git a/zproject/settings.py b/zproject/settings.py index 0a68000630..05826eb9dd 100644 --- a/zproject/settings.py +++ b/zproject/settings.py @@ -14,8 +14,6 @@ from copy import deepcopy import os import time import sys -from typing import Any, Optional -import configparser from zerver.lib.db import TimeTrackingConnection import zerver.lib.logging_util @@ -24,40 +22,7 @@ import zerver.lib.logging_util # INITIAL SETTINGS ######################################################################## -DEPLOY_ROOT = os.path.realpath(os.path.dirname(os.path.dirname(__file__))) - -config_file = configparser.RawConfigParser() -config_file.read("/etc/zulip/zulip.conf") - -# Whether this instance of Zulip is running in a production environment. -PRODUCTION = config_file.has_option('machine', 'deploy_type') -DEVELOPMENT = not PRODUCTION - -secrets_file = configparser.RawConfigParser() -if PRODUCTION: - secrets_file.read("/etc/zulip/zulip-secrets.conf") -else: - secrets_file.read(os.path.join(DEPLOY_ROOT, "zproject/dev-secrets.conf")) - -def get_secret(key: str, default_value: Optional[Any]=None, - development_only: bool=False) -> Optional[Any]: - if development_only and PRODUCTION: - return default_value - if secrets_file.has_option('secrets', key): - return secrets_file.get('secrets', key) - return default_value - -def get_config(section: str, key: str, default_value: Optional[Any]=None) -> Optional[Any]: - if config_file.has_option(section, key): - return config_file.get(section, key) - return default_value - -def get_from_file_if_exists(path: str) -> str: - if os.path.exists(path): - with open(path, "r") as f: - return f.read() - else: - return '' +from .config import DEPLOY_ROOT, PRODUCTION, DEVELOPMENT, get_secret, get_config, get_from_file_if_exists # Make this unique, and don't share it with anybody. SECRET_KEY = get_secret("secret_key")