Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

settings: Extract config file functions to a module. 

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
This commit is contained in:
Anders Kaseorg 2019-11-12 16:11:56 -08:00 committed by Tim Abbott
parent 8e88e2ce15
commit 93b1c3d94b
4 changed files with 54 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
corporate/lib/stripe.py
View File

@ -20,7 +20,7 @@ from zerver.lib.utils import generate_random_token
from zerver.models import Realm, UserProfile, RealmAuditLog from zerver.models import Realm, UserProfile, RealmAuditLog
from corporate.models import Customer, CustomerPlan, LicenseLedger, \ from corporate.models import Customer, CustomerPlan, LicenseLedger, \
get_current_plan get_current_plan
from zproject.settings import get_secret from zproject.config import get_secret
STRIPE_PUBLISHABLE_KEY = get_secret('stripe_publishable_key') STRIPE_PUBLISHABLE_KEY = get_secret('stripe_publishable_key')
stripe.api_key = get_secret('stripe_secret_key') stripe.api_key = get_secret('stripe_secret_key')

2
docs/contributing/code-style.md
View File

@ -31,7 +31,7 @@ The Vagrant setup process runs this for you.
## Secrets ## Secrets
Please don't put any passwords, secret access keys, etc. inline in the Please don't put any passwords, secret access keys, etc. inline in the
code. Instead, use the `get_secret` function in `zproject/settings.py` code. Instead, use the `get_secret` function in `zproject/config.py`
to read secrets from `/etc/zulip/secrets.conf`. to read secrets from `/etc/zulip/secrets.conf`.
## Dangerous constructs ## Dangerous constructs

51
zproject/config.py Normal file
View File

@ -0,0 +1,51 @@
import os
from typing import Optional, overload
import configparser
DEPLOY_ROOT = os.path.realpath(os.path.dirname(os.path.dirname(__file__)))
config_file = configparser.RawConfigParser()
config_file.read("/etc/zulip/zulip.conf")
# Whether this instance of Zulip is running in a production environment.
PRODUCTION = config_file.has_option('machine', 'deploy_type')
DEVELOPMENT = not PRODUCTION
secrets_file = configparser.RawConfigParser()
if PRODUCTION:
secrets_file.read("/etc/zulip/zulip-secrets.conf")
else:
secrets_file.read(os.path.join(DEPLOY_ROOT, "zproject/dev-secrets.conf"))
@overload
def get_secret(key: str, default_value: str, development_only: bool=False) -> str:
...
@overload
def get_secret(key: str, default_value: Optional[str]=None,
development_only: bool=False) -> Optional[str]:
...
def get_secret(key: str, default_value: Optional[str]=None,
development_only: bool=False) -> Optional[str]:
if development_only and PRODUCTION:
return default_value
if secrets_file.has_option('secrets', key):
return secrets_file.get('secrets', key)
return default_value
@overload
def get_config(section: str, key: str, default_value: str) -> str:
...
@overload
def get_config(section: str, key: str, default_value: Optional[str]=None) -> Optional[str]:
...
def get_config(section: str, key: str, default_value: Optional[str]=None) -> Optional[str]:
if config_file.has_option(section, key):
return config_file.get(section, key)
return default_value
def get_from_file_if_exists(path: str) -> str:
if os.path.exists(path):
with open(path, "r") as f:
return f.read()
else:
return ''

37
zproject/settings.py
View File

@ -14,8 +14,6 @@ from copy import deepcopy
import os import os
import time import time
import sys import sys
from typing import Any, Optional
import configparser
from zerver.lib.db import TimeTrackingConnection from zerver.lib.db import TimeTrackingConnection
import zerver.lib.logging_util import zerver.lib.logging_util
@ -24,40 +22,7 @@ import zerver.lib.logging_util
# INITIAL SETTINGS # INITIAL SETTINGS
######################################################################## ########################################################################
DEPLOY_ROOT = os.path.realpath(os.path.dirname(os.path.dirname(__file__))) from .config import DEPLOY_ROOT, PRODUCTION, DEVELOPMENT, get_secret, get_config, get_from_file_if_exists
config_file = configparser.RawConfigParser()
config_file.read("/etc/zulip/zulip.conf")
# Whether this instance of Zulip is running in a production environment.
PRODUCTION = config_file.has_option('machine', 'deploy_type')
DEVELOPMENT = not PRODUCTION
secrets_file = configparser.RawConfigParser()
if PRODUCTION:
secrets_file.read("/etc/zulip/zulip-secrets.conf")
else:
secrets_file.read(os.path.join(DEPLOY_ROOT, "zproject/dev-secrets.conf"))
def get_secret(key: str, default_value: Optional[Any]=None,
development_only: bool=False) -> Optional[Any]:
if development_only and PRODUCTION:
return default_value
if secrets_file.has_option('secrets', key):
return secrets_file.get('secrets', key)
return default_value
def get_config(section: str, key: str, default_value: Optional[Any]=None) -> Optional[Any]:
if config_file.has_option(section, key):
return config_file.get(section, key)
return default_value
def get_from_file_if_exists(path: str) -> str:
if os.path.exists(path):
with open(path, "r") as f:
return f.read()
else:
return ''
# Make this unique, and don't share it with anybody. # Make this unique, and don't share it with anybody.
SECRET_KEY = get_secret("secret_key") SECRET_KEY = get_secret("secret_key")