settings: Deal with secret data in production mode

bbd64a92 · Antoine R. Dumont · 385d9814 · bbd64a92 · bbd64a92 · bbd64a92
Unverified Commit bbd64a92 authored 7 years ago by Antoine R. Dumont
--- a/Makefile.local
+++ b/Makefile.local
@@ -21,7 +21,7 @@ run-dev:
 	$(MANAGE) runserver

 run:
-	DJANGO_SECRET_KEY='production' gunicorn3 swh.deposit.wsgi
+	gunicorn3 swh.deposit.wsgi

 # .PHONY: test
 # test:

--- a/swh/deposit/settings/common.py
+++ b/swh/deposit/settings/common.py
@@ -24,9 +24,6 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/

-# SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = False
-
 ALLOWED_HOSTS = ['127.0.0.1', 'localhost']


@@ -74,17 +71,6 @@ TEMPLATES = [
 WSGI_APPLICATION = 'swh.deposit.wsgi.application'


-# Database
-# https://docs.djangoproject.com/en/1.10/ref/settings/#databases
-
-DATABASES = {
-    'default': {
-        'ENGINE': 'django.db.backends.postgresql',
-        'NAME': 'swh-deposit-dev',
-    }
-}
-
-
 # Password validation
 # https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators


--- a/swh/deposit/settings/development.py
+++ b/swh/deposit/settings/development.py
@@ -10,3 +10,13 @@ DEBUG = True

 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = 'development-key'
+
+# Database
+# https://docs.djangoproject.com/en/1.10/ref/settings/#databases
+
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.postgresql',
+        'NAME': 'swh-deposit-dev',
+    }
+}
--- a/swh/deposit/settings/production.py
+++ b/swh/deposit/settings/production.py
@@ -4,8 +4,48 @@
 # See top-level LICENSE file for more information

 from .common import *  # noqa
-from os import environ
+from swh.core import config

 DEBUG = False

-SECRET_KEY = environ['DJANGO_SECRET_KEY']
+# Database
+# https://docs.djangoproject.com/en/1.10/ref/settings/#databases
+# https://docs.djangoproject.com/en/1.10/ref/settings/#std:setting-DATABASES
+# https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/#databases
+
+DEFAULT_PATH = 'deposit/private'
+
+private_conf = config.load_named_config(DEFAULT_PATH)
+
+if not private_conf:
+    raise ValueError('Cannot run in production, missing private data file.')
+
+SECRET_KEY = private_conf['secret_key']
+
+db_conf = private_conf['db']
+
+db = {
+    'ENGINE': 'django.db.backends.postgresql',
+    'NAME': db_conf['name'],
+}
+
+db_user = db_conf.get('user')
+if db_user:
+    db['USER'] = db_user
+
+
+db_pass = db_conf.get('pass')
+if db_pass:
+    db['PASSWORD'] = db_pass
+
+db_host = db_conf.get('host')
+if db_host:
+    db['HOST'] = db_host
+
+db_port = db_conf.get('port')
+if db_port:
+    db['PORT'] = db_port
+
+DATABASES = {
+    'default': db,
+}