Merge pull request #274 from CodeForPhilly/271-secrets

c-simpson · web-flow · commit 314f90d3e7f1 · 2021-04-26T18:23:58.000-04:00
Improved secrets handling for deployment
diff --git a/src/server/alembic.ini b/src/server/alembic.ini
@@ -36,7 +36,7 @@ script_location = alembic
 # output_encoding = utf-8
 
 # Container
-sqlalchemy.url = postgresql://postgres:thispasswordisverysecure@paws-compose-db/paws
+sqlalchemy.url = postgresql://postgres:PASSWORD@paws-compose-db/paws
 
 # Local
 # sqlalchemy.url = postgresql://postgres:thispasswordisverysecure@localhost/paws
diff --git a/src/server/alembic/env.py b/src/server/alembic/env.py
@@ -3,6 +3,8 @@
 from sqlalchemy import engine_from_config
 from sqlalchemy import pool
 
+from os import environ
+
 from alembic import context
 
 # this is the Alembic Config object, which provides
@@ -25,6 +27,13 @@
 # ... etc.
 
 
+PG_URL1 = 'postgresql://postgres:'
+PG_URL2 = environ['POSTGRES_PASSWORD']
+PG_URL3 = '@paws-compose-db/paws'
+
+PG_URL = PG_URL1 + PG_URL2 + PG_URL3
+
+
 def run_migrations_offline():
     """Run migrations in 'offline' mode.
 
@@ -37,7 +46,8 @@ def run_migrations_offline():
     script output.
 
     """
-    url = config.get_main_option("sqlalchemy.url")
+    # url = config.get_main_option("sqlalchemy.url")
+    url = PG_URL
     context.configure(
         url=url,
         target_metadata=target_metadata,
@@ -60,6 +70,7 @@ def run_migrations_online():
         config.get_section(config.config_ini_section),
         prefix="sqlalchemy.",
         poolclass=pool.NullPool,
+        url=PG_URL,
     )
 
     with connectable.connect() as connection:
diff --git a/src/server/api/common_api.py b/src/server/api/common_api.py
@@ -7,7 +7,23 @@
 import time
 from datetime import datetime
 import dateutil.parser
-from secrets import SHELTERLUV_SECRET_TOKEN
+
+
+try:   
+    from secrets import SHELTERLUV_SECRET_TOKEN
+except ImportError:   
+    # Not running locally
+    print("Couldn't get SL_TOKEN from file, trying environment **********")
+    from os import environ
+
+    try:
+        SHELTERLUV_SECRET_TOKEN = environ['SHELTERLUV_SECRET_TOKEN']
+    except KeyError:
+        # Nor in environment
+        # You're SOL for now
+        print("Couldn't get secrets from file or environment")
+
+
 
 from api import jwt_ops
 
diff --git a/src/server/app.py b/src/server/app.py
@@ -4,7 +4,21 @@
 
 from flask_jwt_extended import JWTManager
 
-from secrets import JWT_SECRET, APP_SECRET_KEY
+try:   
+    from secrets import JWT_SECRET, APP_SECRET_KEY
+except ImportError:   
+    # Not running locally
+    print("Could not get secrets from file, trying environment **********")
+    from os import environ
+
+    try:
+        JWT_SECRET = environ['JWT_SECRET']
+        APP_SECRET_KEY = environ['APP_SECRET_KEY']
+    except KeyError:
+        # Nor in environment
+        # You're SOL for now
+        print("Couldn't get secrets from file or environment")
+
 
 app = Flask(__name__)
 
diff --git a/src/server/bin/export_secrets.sh b/src/server/bin/export_secrets.sh
@@ -0,0 +1,7 @@
+set -o allexport
+ while read k _ v; 
+    do 
+      eval $k=$v;
+      export k;
+    done < 'secrets.py'
+ set +o allexport
diff --git a/src/server/bin/startServer.sh b/src/server/bin/startServer.sh
@@ -1,9 +1,10 @@
+#!/bin/bash
 
 # we may want to switch this to a script which logs output, etc?
 echo "------------STARTING `date` ------------------"
 set FLASK_APP=server/app.py
 export FLASK_APP
-
+source bin/export_secrets.sh
 # This abomination ensures that the PG server has finished its restart cycle
 echo "SLEEPING.. WAITING FOR DB"; sleep 5; echo "WAKING"; alembic upgrade head; echo "DB SETUP";
 #; python -m flask run --host=0.0.0.0 --no-reload
diff --git a/src/server/pipeline/shelterluv_api_handler.py b/src/server/pipeline/shelterluv_api_handler.py
@@ -1,7 +1,21 @@
 import requests
 import csv
 from config import RAW_DATA_PATH
-from secrets import SHELTERLUV_SECRET_TOKEN
+
+try:   
+    from secrets import SHELTERLUV_SECRET_TOKEN
+except ImportError:   
+    # Not running locally
+    print("Couldn't get SL_TOKEN from file, trying environment **********")
+    from os import environ
+
+    try:
+        SHELTERLUV_SECRET_TOKEN = environ['SHELTERLUV_SECRET_TOKEN']
+    except KeyError:
+        # Nor in environment
+        # You're SOL for now
+        print("Couldn't get secrets from file or environment")
+
 
 
 def write_csv(json_data):
diff --git a/src/server/user_mgmt/base_users.py b/src/server/user_mgmt/base_users.py
@@ -3,7 +3,25 @@
 from api import user_api
 import sqlalchemy as sa
 
-from secrets import BASEUSER_PW, BASEEDITOR_PW, BASEADMIN_PW
+try:   
+    from secrets import BASEUSER_PW, BASEEDITOR_PW, BASEADMIN_PW
+except ImportError:   
+    # Not running locally
+    print("Couldn't get BASE user PWs from file, trying environment **********")
+    from os import environ
+
+    try:
+        BASEUSER_PW = environ['BASEUSER_PW']
+        BASEEDITOR_PW = environ['BASEEDITOR_PW']
+        BASEADMIN_PW = environ['BASEADMIN_PW']
+
+    except KeyError:
+        # Nor in environment
+        # You're SOL for now
+        print("Couldn't get secrets from file or environment")
+
+
+
 
 
 from sqlalchemy import Table, Column, Integer, String, MetaData, ForeignKey
