From ba4dac051bd988d54ac9de2cad555db43e1ee230 Mon Sep 17 00:00:00 2001 From: Martyn Inglis Date: Mon, 11 Jan 2016 09:32:49 +0000 Subject: [PATCH 1/3] Integrated credstash as a live properties setting in the app.py class - initial versions kept it out of this class but updated as lots of duplication and errors as config set up in multiple places and not all picking up credstash. --- app/__init__.py | 9 ++++++++- db.py | 4 +--- wsgi.py | 18 +----------------- 3 files changed, 10 insertions(+), 21 deletions(-) diff --git a/app/__init__.py b/app/__init__.py index 4ce430175..5ad123e1c 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -13,7 +13,7 @@ from app.its_dangerous_session import ItsdangerousSessionInterface import app.proxy_fix from config import configs from utils import logging - +from credstash import getAllSecrets db = SQLAlchemy() login_manager = LoginManager() @@ -76,6 +76,13 @@ def init_app(app): if key in os.environ: app.config[key] = convert_to_boolean(os.environ[key]) + if app.config['NOTIFY_ADMIN_ENVIRONMENT'] == 'live': + secrets = getAllSecrets(region="eu-west-1") + + for key in app.config.keys(): + if key in secrets: + app.config[key] = secrets[key] + @app.context_processor def inject_global_template_variables(): return {'asset_path': '/static/'} diff --git a/db.py b/db.py index 40ed2511c..2b5613df6 100644 --- a/db.py +++ b/db.py @@ -1,5 +1,3 @@ -from app import create_app -import os from credstash import getAllSecrets from flask.ext.script import Manager, Server from flask_migrate import Migrate, MigrateCommand @@ -7,7 +5,7 @@ from app import create_app, db secrets = getAllSecrets(region="eu-west-1") -application = create_app(os.getenv('NOTIFICATIONS_ADMIN_ENVIRONMENT') or 'live') +application = create_app('live') for key in application.config.keys(): if key in secrets: diff --git a/wsgi.py b/wsgi.py index f394112fe..febb098ce 100644 --- a/wsgi.py +++ b/wsgi.py @@ -1,22 +1,6 @@ from app import create_app -import os -from credstash import getAllSecrets -from flask.ext.script import Manager, Server -from flask_migrate import Migrate, MigrateCommand -from app import create_app, db -secrets = getAllSecrets(region="eu-west-1") - -application = create_app(os.getenv('NOTIFICATIONS_ADMIN_ENVIRONMENT') or 'live') - -for key in application.config.keys(): - if key in secrets: - application.config[key] = secrets[key] - - -manager = Manager(application) -migrate = Migrate(application, db) -manager.add_command('db', MigrateCommand) +application = create_app('live') if __name__ == "__main__": application.run() From 42b62ce7cd25e8c4359191b8f350f0624cadde6e Mon Sep 17 00:00:00 2001 From: Martyn Inglis Date: Mon, 11 Jan 2016 09:50:12 +0000 Subject: [PATCH 2/3] Removed secrets setup from db script --- db.py | 8 -------- 1 file changed, 8 deletions(-) diff --git a/db.py b/db.py index 2b5613df6..139f9267b 100644 --- a/db.py +++ b/db.py @@ -1,17 +1,9 @@ -from credstash import getAllSecrets from flask.ext.script import Manager, Server from flask_migrate import Migrate, MigrateCommand from app import create_app, db -secrets = getAllSecrets(region="eu-west-1") - application = create_app('live') -for key in application.config.keys(): - if key in secrets: - application.config[key] = secrets[key] - - manager = Manager(application) migrate = Migrate(application, db) manager.add_command('db', MigrateCommand) From 7efa513777c8c6fac06963c744fe4d2d42bd993a Mon Sep 17 00:00:00 2001 From: Martyn Inglis Date: Mon, 11 Jan 2016 09:59:31 +0000 Subject: [PATCH 3/3] Ensured credstash is located only with the wsgi/gunicorn code. --- app/__init__.py | 15 ++++++--------- db.py | 5 ++++- wsgi.py | 5 ++++- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/app/__init__.py b/app/__init__.py index 5ad123e1c..ca9fe9414 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -13,7 +13,6 @@ from app.its_dangerous_session import ItsdangerousSessionInterface import app.proxy_fix from config import configs from utils import logging -from credstash import getAllSecrets db = SQLAlchemy() login_manager = LoginManager() @@ -22,13 +21,13 @@ csrf = CsrfProtect() admin_api_client = AdminAPIClient() -def create_app(config_name): +def create_app(config_name, config_overrides=None): application = Flask(__name__) application.config['NOTIFY_ADMIN_ENVIRONMENT'] = config_name application.config.from_object(configs[config_name]) + init_app(application, config_overrides) db.init_app(application) - init_app(application) init_csrf(application) logging.init_app(application) @@ -71,17 +70,15 @@ def init_csrf(application): abort(400, reason) -def init_app(app): +def init_app(app, config_overrides): for key, value in app.config.items(): if key in os.environ: app.config[key] = convert_to_boolean(os.environ[key]) - if app.config['NOTIFY_ADMIN_ENVIRONMENT'] == 'live': - secrets = getAllSecrets(region="eu-west-1") - + if config_overrides: for key in app.config.keys(): - if key in secrets: - app.config[key] = secrets[key] + if key in config_overrides: + app.config[key] = config_overrides[key] @app.context_processor def inject_global_template_variables(): diff --git a/db.py b/db.py index 139f9267b..4aa190099 100644 --- a/db.py +++ b/db.py @@ -1,8 +1,11 @@ from flask.ext.script import Manager, Server from flask_migrate import Migrate, MigrateCommand from app import create_app, db +from credstash import getAllSecrets -application = create_app('live') +secrets = getAllSecrets(region="eu-west-1") + +application = create_app('live', secrets) manager = Manager(application) migrate = Migrate(application, db) diff --git a/wsgi.py b/wsgi.py index febb098ce..138a48c6f 100644 --- a/wsgi.py +++ b/wsgi.py @@ -1,6 +1,9 @@ from app import create_app +from credstash import getAllSecrets -application = create_app('live') +secrets = getAllSecrets(region="eu-west-1") + +application = create_app('live', secrets) if __name__ == "__main__": application.run()