-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsettings.py
More file actions
executable file
·116 lines (98 loc) · 4.94 KB
/
settings.py
File metadata and controls
executable file
·116 lines (98 loc) · 4.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
from dotenv import dotenv_values
import json
import os
import re
import tempfile
### Use this to handle getting env vars from the .env file; it will handle the differences between Make's .env format and python-dotenv's format.
# get_env_value returns the correct, interpolated value for a variable.
# get_env returns variables that are often exported for env vars, as well as several variables that come from generated secrets. All other values are saved as CANDIG_ENV.
CANDIGV2_ENV = None
INTERPOLATED_ENV = None
with open(".env") as f:
envs = f.read().replace("define ", "").replace("endef", "")
with tempfile.NamedTemporaryFile("w", delete=False) as fp:
fp.write(envs)
CANDIGV2_ENV = dotenv_values(fp.name, interpolate=False)
INTERPOLATED_ENV = dotenv_values(fp.name, interpolate=True)
os.unlink(fp.name)
# Python-dotenv doesn't interpolate quite correctly, so get_env_value interpolates manually
def get_env_value(key):
try:
raw_value = CANDIGV2_ENV[key]
while True:
var_match = re.match(r"^(.*)\$\{(.+?)\}(.*)$", raw_value, re.DOTALL)
if var_match is not None:
raw_value = var_match.group(1) + CANDIGV2_ENV[var_match.group(2)] + var_match.group(3)
else:
break
CANDIGV2_ENV[key] = raw_value
return raw_value
except KeyError:
return None
def get_env():
vars = {}
vars["LOGFILE"] = get_env_value("LOGFILE")
vars["CANDIG_URL"] = get_env_value("TYK_LOGIN_TARGET_URL")
vars["CANDIG_CLIENT_ID"] = get_env_value("KEYCLOAK_CLIENT_ID")
vars["KEYCLOAK_PUBLIC_URL"] = get_env_value("KEYCLOAK_PUBLIC_URL")
vars["KEYCLOAK_AUTH_PREFIX"] = get_env_value("KEYCLOAK_AUTH_PREFIX")
vars["KEYCLOAK_REALM_URL"] = get_env_value("KEYCLOAK_REALM_URL")
vars["KEYCLOAK_ISSUER_URL"] = get_env_value("KEYCLOAK_ISSUER_URL")
vars["KEYCLOAK_REALM"] = get_env_value("KEYCLOAK_REALM")
vars["DEFAULT_ADMIN_USER"] = get_env_value("DEFAULT_ADMIN_USER")
vars["VAULT_URL"] = get_env_value("VAULT_SERVICE_PUBLIC_URL")
vars["OPA_URL"] = get_env_value("OPA_URL")
vars["TYK_LOGIN_TARGET_URL"] = get_env_value("TYK_LOGIN_TARGET_URL")
vars["TYK_POLICY_ID"] = get_env_value("TYK_POLICY_ID")
vars["CANDIG_DEBUG_MODE"] = get_env_value("CANDIG_DEBUG_MODE")
vars["CANDIG_USER_KEY"] = get_env_value("CANDIG_USER_KEY")
vars["VAULT_SERVICE_PUBLIC_URL"] = get_env_value("VAULT_SERVICE_PUBLIC_URL")
# vars that come from files:
if os.path.isfile("tmp/keycloak/client-secret"):
with open("tmp/keycloak/client-secret") as f:
vars["CANDIG_CLIENT_SECRET"] = f.read().splitlines().pop()
if os.path.isfile("tmp/vault/keys.txt"):
with open("tmp/vault/keys.txt") as f:
vars["VAULT_ROOT_TOKEN"] = f.read().splitlines().pop(-1)
if os.path.isfile("tmp/tyk/secret-key"):
with open("tmp/tyk/secret-key") as f:
vars["TYK_SECRET_KEY"] = f.read().splitlines().pop()
vars["POSTGRES_PASSWORD_FILE"] = os.path.abspath(f"tmp/postgres/db-secret")
vars["CANDIG_ENV"] = INTERPOLATED_ENV
vars["DB_PATH"] = "postgres-db"
vars["FEDERATION_SELF_SERVER_ID"] = get_env_value("FEDERATION_SELF_SERVER_ID")
vars["CANDIG_SITE_LOCATION"] = get_env_value("CANDIG_SITE_LOCATION")
vars["DISABLE_ROPC"] = get_env_value("DISABLE_ROPC")
vars["AUTH_ACCEPT_URL"] = get_env_value("AUTH_ACCEPT_URL")
# test users (note that they must be all lowercase or keycloak setup fails):
if get_env_value("DEFAULT_SITE_ADMIN_USER") is not None:
vars["CANDIG_SITE_ADMIN_USER"] = get_env_value("DEFAULT_SITE_ADMIN_USER").lower()
if os.path.isfile("tmp/keycloak/test-site-admin-password"):
with open("tmp/keycloak/test-site-admin-password") as f:
vars["CANDIG_SITE_ADMIN_PASSWORD"] = f.read().splitlines().pop()
else:
vars["CANDIG_SITE_ADMIN_USER"] = ""
vars["CANDIG_SITE_ADMIN_PASSWORD"] = ""
vars["CANDIG_NOT_ADMIN_USER"] = get_env_value("TEST_USER_1").lower()
if os.path.isfile("tmp/keycloak/test-user-password"):
with open("tmp/keycloak/test-user-password") as f:
vars["CANDIG_NOT_ADMIN_PASSWORD"] = f.read().splitlines().pop()
vars["CANDIG_NOT_ADMIN2_USER"] = get_env_value("TEST_USER_2").lower()
if os.path.isfile("tmp/keycloak/test-user2-password"):
with open("tmp/keycloak/test-user2-password") as f:
vars["CANDIG_NOT_ADMIN2_PASSWORD"] = f.read().splitlines().pop()
# test setup:
if os.path.isfile("tmp/vault/approle-token"):
vars["APPROLE_TOKEN_FILE"] = os.path.abspath("tmp/vault/approle-token")
if os.path.isfile("tmp/vault/opa-roleid"):
vars["ROLE_ID_FILE"] = os.path.abspath("tmp/vault/opa-roleid")
vars["SERVICE_NAME"] = "opa"
return vars
def main():
vars = get_env()
vars.pop('CANDIG_ENV')
with open("env.sh", "w") as f:
for key in vars.keys():
f.write(f"export {key}={vars[key]}\n")
if __name__ == "__main__":
main()