Mercurial Repository: p/roundup/code: roundup/configuration.py comparison

comparison roundup/configuration.py @ 6578:b1f1539c6a31

issue2551182 - ... allow loading values from external file. flake8 cleanups Secrets (passwords, secrets) can specify a file using file:// or file:///. The first line of the file is used as the secret. This allows committing config.ini to a VCS. Following settings are changed: [tracker] secret_key [tracker] jwt_secret [rdbms] password [mail] password details: in roundup/configuration.py: Defined SecretMandatoryOptions and SecretNullableOptions. Converted all secret keys and password to one of the above. Also if [mail] username is defined but [mail] password is not it throws an error at load. Cleaned up a couple of methods whose call signature included: def ...(..., settings={}): settings=None and it is set to empty dict inside the method. Also replace exception.message with str(exception) for python3 compatibility. in test/test_config: changed munge_configini to support changing only within a section, replacing keyword text.

author	John Rouillard <rouilj@ieee.org>
date	Mon, 03 Jan 2022 22:18:57 -0500
parents	c77bd76b57da
children	770503bd211e

comparison

equal deleted inserted replaced

-:61481d7bbb07
+:b1f1539c6a31
 # Roundup if used with Python 2 because it generates unicode objects
 # where not expected by the Python code.  Thus, a version check is
 # used here instead of try/except.
 import sys
 import getopt
-import logging, logging.config
+import errno
+import logging
+import logging.config
 import os
 import re
 import time
 import smtplib
 ### Exceptions
 class ConfigurationError(RoundupException):
 pass
 class ParsingOptionError(ConfigurationError):
 def __str__(self):
 return self.args[0]
 try:
 if config.has_option(self.section, self.setting):
 self.set(config.get(self.section, self.setting))
 except configparser.InterpolationSyntaxError as e:
 raise ParsingOptionError(
-_("Error in %(filepath)s with section [%(section)s] at option %(option)s: %(message)s")%{
+_("Error in %(filepath)s with section [%(section)s] at "
-"filepath": self.config.filepath,
+"option %(option)s: %(message)s") % {
-"section": e.section,
+"filepath": self.config.filepath,
-"option": e.option,
+"section": e.section,
-"message": e.message})
+"option": e.option,
+"message": str(e)})
 class BooleanOption(Option):
 """Boolean option: yes or no"""
 _val = value.lower()
 if _val in self.allowed:
 return _val
 raise OptionValueError(self, value, self.class_description)
 class IndexerOption(Option):
 """Valid options for indexer"""
 allowed = ['', 'xapian', 'whoosh', 'native']
 class_description = "Allowed values: %s" % ', '.join("'%s'" % a
 def str2value(self, value):
 _val = value.lower()
 if _val in self.allowed:
 return _val
 raise OptionValueError(self, value, self.class_description)
 class MailAddressOption(Option):
 """Email address
 raise OptionValueError(self, value, "Value must not be empty.")
 else:
 return value
+class SecretOption(Option):
+"""A string not beginning with file:// or a file starting with file://
+Paths may be either absolute or relative to the HOME.
+Value for option is the first line in the file.
+It is mean to store secret information in the config file but
+allow the config file to be stored in version control without
+storing the secret there.
+"""
+class_description = \
+"A string that starts with 'file://' is interpreted as a file path \n" \
+"relative to the tracker home. Using 'file:///' defines an absolute \n" \
+"path. The first line of the file will be used as the value. Any \n" \
+"string that does not start with 'file://' is used as is. It \n" \
+"removes any whitespace at the end of the line, so a newline can \n" \
+"be put in the file.\n"
+def get(self):
+_val = Option.get(self)
+if isinstance(_val, str) and _val.startswith('file://'):
+filepath = _val[7:]
+if filepath and not os.path.isabs(filepath):
+filepath = os.path.join(self.config["HOME"], filepath.strip())
+try:
+with open(filepath) as f:
+_val = f.readline().rstrip()
+# except FileNotFoundError: py2/py3
+# compatible version
+except EnvironmentError as e:
+if e.errno != errno.ENOENT:
+raise
+else:
+raise OptionValueError(self, _val,
+"Unable to read value for %s. Error opening "
+"%s: %s." % (self.name, e.filename, e.args[1]))
+return self.str2value(_val)
 class WebUrlOption(Option):
 """URL MUST start with http/https scheme and end with '/'"""
 def str2value(self, value):
 if not value:
 # .get() and class_description are from FilePathOption,
 get = FilePathOption.get
 class_description = FilePathOption.class_description
 # everything else taken from NullableOption (inheritance order)
+class SecretMandatoryOption(MandatoryOption, SecretOption):
+# use get from SecretOption and rest from MandatoryOption
+get = SecretOption.get
+class_description = SecretOption.class_description
+class SecretNullableOption(NullableOption, SecretOption):
+# use get from SecretOption and rest from NullableOption
+get = SecretOption.get
+class_description = SecretOption.class_description
 class TimezoneOption(Option):
 class_description = \
 """Used by roundup-server to verify http version is set to valid
 string."""
 def str2value(self, value):
 if value not in ["HTTP/1.0", "HTTP/1.1"]:
-raise OptionValueError(self, value, "Valid vaues for -V or --http_version are: HTTP/1.0, HTTP/1.1")
+raise OptionValueError(self, value,
+"Valid vaues for -V or --http_version are: HTTP/1.0, HTTP/1.1")
 return value
 class RegExpOption(Option):
 "tracker admin."),
 (BooleanOption, "migrate_passwords", "yes",
 "Setting this option makes Roundup migrate passwords with\n"
 "an insecure password-scheme to a more secure scheme\n"
 "when the user logs in via the web-interface."),
-(MandatoryOption, "secret_key", create_token(),
+(SecretMandatoryOption, "secret_key", create_token(),
 "A per tracker secret used in etag calculations for\n"
 "an object. It must not be empty.\n"
 "It prevents reverse engineering hidden data in an object\n"
 "by calculating the etag for a sample object. Then modifying\n"
 "hidden properties until the sample object's etag matches\n"
 "Changing this changes the etag and invalidates updates by\n"
 "clients. It must be persistent across application restarts.\n"
 "(Note the default value changes every time\n"
 "     roundup-admin updateconfig\n"
 "is run, so it must be explicitly set to a non-empty string.\n"),
-(MandatoryOption, "jwt_secret", "disabled",
+(SecretNullableOption, "jwt_secret", "disabled",
 "This is used to generate/validate json web tokens (jwt).\n"
 "Even if you don't use jwts it must not be empty.\n"
 "If less than 256 bits (32 characters) in length it will\n"
 "disable use of jwt. Changing this invalidates all jwts\n"
 "issued by the roundup instance requiring *all* users to\n"
 "for MySQL default port number is 3306.\n"
 "Leave this option empty to use backend default"),
 (NullableOption, 'user', 'roundup',
 "Database user name that Roundup should use.",
 ['MYSQL_DBUSER']),
-(NullableOption, 'password', 'roundup',
+(SecretNullableOption, 'password', 'roundup',
 "Database user password.",
 ['MYSQL_DBPASSWORD']),
 (NullableOption, 'read_default_file', '~/.my.cnf',
 "Name of the MySQL defaults file.\n"
 "Only used in MySQL connections."),
 "SMTP mail host that roundup will use to send mail",
 ["MAILHOST"],),
 (Option, "username", "", "SMTP login name.\n"
 "Set this if your mail host requires authenticated access.\n"
 "If username is not empty, password (below) MUST be set!"),
-(Option, "password", NODEFAULT, "SMTP login password.\n"
+(SecretMandatoryOption, "password", NODEFAULT, "SMTP login password.\n"
 "Set this if your mail host requires authenticated access."),
 (IntegerNumberGeqZeroOption, "port", smtplib.SMTP_PORT,
 "Default port to send SMTP on.\n"
 "Set this if your mail server runs on a different port."),
 (NullableOption, "local_hostname", '',
 # mapping from option names and aliases to Option instances
 options = None
 # actual name of the config file.  set on load.
 filepath = os.path.join(HOME, INI_FILE)
-def __init__(self, config_path=None, layout=None, settings={}):
+def __init__(self, config_path=None, layout=None, settings=None):
 """Initialize confing instance
 Parameters:
 config_path:
 optional directory or file name of the config file.
 settings:
 optional setting overrides (dictionary).
 The overrides are applied after loading config file.
 """
+if settings is None:
+settings = {}
 # initialize option containers:
 self.sections = []
 self.section_descriptions = {}
 self.section_options = {}
 self.options = {}
 # user configs
 ext = None
 detectors = None
-def __init__(self, home_dir=None, settings={}):
+def __init__(self, home_dir=None, settings=None):
+if settings is None:
+settings = {}
 Config.__init__(self, home_dir, layout=SETTINGS, settings=settings)
 # load the config if home_dir given
 if home_dir is None:
 self.init_logging()
 import textwrap
 lang_avail = b2s(xapian.Stem.get_available_languages())
 languages = textwrap.fill(_("Valid languages: ") +
 lang_avail, 75,
 subsequent_indent="   ")
-raise OptionValueError( options["INDEXER_LANGUAGE"],
+raise OptionValueError(options["INDEXER_LANGUAGE"],
 lang, languages)
+if options['MAIL_USERNAME']._value != "":
+# require password to be set
+if options['MAIL_PASSWORD']._value is NODEFAULT:
+raise OptionValueError(options["MAIL_PASSWORD"],
+"not defined",
+"mail username is set, so this must be defined.")
 def load(self, home_dir):
 """Load configuration from path designated by home_dir argument"""
 if os.path.isfile(os.path.join(home_dir, self.INI_FILE)):
 self.load_ini(home_dir)

Mercurial > p > roundup > code

comparison roundup/configuration.py @ 6578:b1f1539c6a31