All required env settings are now checkeda and depricated APP_CONFIG

.gitignore

@@ -10,7 +10,6 @@ capybara-*.html
 /spec/tmp
 **.orig
 config/initializers/secret_token.rb
-config/application.yml
 config/secrets.yml
 config/database.yml
 /export
@@ -25,3 +24,6 @@ config/database.yml
 
 # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
 .rvmrc
+
+# Ignore application configuration
+/config/application.yml

CHANGELOG.md

@@ -1,3 +1,8 @@
+27.02.2015
+
+* Simplified config/application-example.yml, 
+  now system will check if all required settings are present in application.yml 
+
 19.02.2015
 
 * Cetrificate only enabled, please setup certificates following doc/certificate.md document.

Gemfile

@@ -5,6 +5,9 @@ gem 'rails',        '4.2.0'
 gem 'iso8601',      '~> 0.8.2' # for dates and times
 gem 'hashie_rails', '~> 0.0.1'
 
+# load env
+gem 'figaro', '~> 1.1.0'
+
 # model related
 gem 'pg',                        '~> 0.18.0'
 gem 'ransack',                   '~> 1.5.1' # for searching

Gemfile.lock

@@ -152,6 +152,8 @@ GEM
       i18n (~> 0.5)
     fastercsv (1.5.5)
     ffi (1.9.6)
+    figaro (1.1.0)
+      thor (~> 0.14)
     flay (2.4.0)
       ruby_parser (~> 3.0)
       sexp_processor (~> 4.0)
@@ -459,6 +461,7 @@ DEPENDENCIES
   epp-xml (~> 0.10.4)
   fabrication (~> 2.12.2)
   faker (~> 1.3.0)
+  figaro (~> 1.1.0)
   grape (~> 0.10.1)
   guard (~> 2.6.1)
   guard-rails (~> 0.7.0)

app/controllers/epp/sessions_controller.rb

@@ -9,7 +9,7 @@ class Epp::SessionsController < EppController
   # rubocop: disable Metrics/CyclomaticComplexity
   def login
     cert_valid = true
-    if request.ip == APP_CONFIG['webclient_ip']
+    if request.ip == ENV['webclient_ip']
       @api_user = ApiUser.find_by(login_params)
     else
       if request.env['HTTP_SSL_CLIENT_S_DN_CN'] != login_params[:username]

app/models/api_user_deprecated.rb

@@ -32,10 +32,10 @@ class ApiUserDeprecated < ActiveRecord::Base
     csr_file.rewind
 
     crt_file = Tempfile.new('client_crt')
-    _out, err, _st = Open3.capture3("openssl ca -keyfile #{APP_CONFIG['ca_key_path']} \
-    -cert #{APP_CONFIG['ca_cert_path']} \
+    _out, err, _st = Open3.capture3("openssl ca -keyfile #{ENV['ca_key_path']} \
+    -cert #{ENV['ca_cert_path']} \
     -extensions usr_cert -notext -md sha256 \
-    -in #{csr_file.path} -out #{crt_file.path} -key '#{APP_CONFIG['ca_key_password']}' -batch")
+    -in #{csr_file.path} -out #{crt_file.path} -key '#{ENV['ca_key_password']}' -batch")
 
     if err.match(/Data Base Updated/)
       crt_file.rewind

app/models/certificate.rb

@@ -33,7 +33,7 @@ class Certificate < ActiveRecord::Base
       @cached_status = EXPIRED
     end
 
-    crl = OpenSSL::X509::CRL.new(File.open(APP_CONFIG['crl_path']).read)
+    crl = OpenSSL::X509::CRL.new(File.open(ENV['crl_path']).read)
     return @cached_status unless crl.revoked.map(&:serial).include?(parsed_crt.serial)
 
     @cached_status = REVOKED
@@ -45,10 +45,10 @@ class Certificate < ActiveRecord::Base
     csr_file.rewind
 
     crt_file = Tempfile.new('client_crt')
-    _out, err, _st = Open3.capture3("openssl ca -keyfile #{APP_CONFIG['ca_key_path']} \
-    -cert #{APP_CONFIG['ca_cert_path']} \
+    _out, err, _st = Open3.capture3("openssl ca -keyfile #{ENV['ca_key_path']} \
+    -cert #{ENV['ca_cert_path']} \
     -extensions usr_cert -notext -md sha256 \
-    -in #{csr_file.path} -out #{crt_file.path} -key '#{APP_CONFIG['ca_key_password']}' -batch")
+    -in #{csr_file.path} -out #{crt_file.path} -key '#{ENV['ca_key_password']}' -batch")
 
     if err.match(/Data Base Updated/)
       crt_file.rewind
@@ -67,9 +67,9 @@ class Certificate < ActiveRecord::Base
     crt_file.write(crt)
     crt_file.rewind
 
-    _out, err, _st = Open3.capture3("openssl ca -keyfile #{APP_CONFIG['ca_key_path']} \
-      -cert #{APP_CONFIG['ca_cert_path']} \
-      -revoke #{crt_file.path} -key '#{APP_CONFIG['ca_key_password']}' -batch")
+    _out, err, _st = Open3.capture3("openssl ca -keyfile #{ENV['ca_key_path']} \
+      -cert #{ENV['ca_cert_path']} \
+      -revoke #{crt_file.path} -key '#{ENV['ca_key_password']}' -batch")
 
     if err.match(/Data Base Updated/) || err.match(/ERROR:Already revoked/)
       save!
@@ -81,8 +81,8 @@ class Certificate < ActiveRecord::Base
       return false
     end
 
-    _out, _err, _st = Open3.capture3("openssl ca -keyfile #{APP_CONFIG['ca_key_path']} \
-      -cert #{APP_CONFIG['ca_cert_path']} \
-      -gencrl -out #{APP_CONFIG['crl_path']} -key '#{APP_CONFIG['ca_key_password']}' -batch")
+    _out, _err, _st = Open3.capture3("openssl ca -keyfile #{ENV['ca_key_path']} \
+      -cert #{ENV['ca_cert_path']} \
+      -gencrl -out #{ENV['crl_path']} -key '#{ENV['ca_key_password']}' -batch")
   end
 end

app/models/zonefile_setting.rb

@@ -18,7 +18,7 @@ class ZonefileSetting < ActiveRecord::Base
       "select generate_zonefile('#{origin}')"
     )[0]['generate_zonefile']
 
-    File.open("#{APP_CONFIG['zonefile_export_dir']}/#{filename}", 'w') { |f| f.write(zf) }
+    File.open("#{ENV['zonefile_export_dir']}/#{filename}", 'w') { |f| f.write(zf) }
 
     STDOUT << "#{Time.now.utc} - Successfully generated zonefile #{filename}\n"
   end

app/views/layouts/application.haml

@@ -21,7 +21,7 @@
             %span.icon-bar
             %span.icon-bar
           = link_to admin_dashboard_path, class: 'navbar-brand' do
-            = APP_CONFIG['app_name']
+            = ENV['app_name']
             - if unstable_env.present?
               .text-center
                 %small{style: 'color: #0074B3;'}= unstable_env

config/application-example.yml

@@ -1,4 +1,5 @@
-defaults: &defaults
+# Application configuration values
+
 app_name: .EE Registry
 zonefile_export_dir: 'export/zonefiles'
 
@@ -8,27 +9,15 @@ defaults: &defaults
 secret_key_base: please-change-it-you-can-generate-it-with-rake-secret
 devise_secret: please-change-it-you-can-generate-it-with-rake-secret
 
-  # Used by registry admin server:
+# Used by admin server, you can leave those empty for when running EPP server:
 crl_path:     '/home/registry/registry/shared/ca/crl/crl.pem'
 ca_cert_path: '/home/registry/registry/shared/ca/certs/ca.crt.pem'
 ca_key_path:  '/home/registry/registry/shared/ca/private/ca.key.pem'
 ca_key_password: 'your-root-key-password'
 
-  # Used by EPP server
+# Used only by EPP server, you can leave it empty when running admin server:
 webclient_ip: '127.0.0.1'
 
-development:
-  <<: *defaults
-
+# autotest config overwrites
 test:
   webclient_ip: '127.0.0.1' # it should match to localhost ip address
-  <<: *defaults
-
-alpha:
-  <<: *defaults
-
-staging:
-  <<: *defaults
-
-production:
-  <<: *defaults

config/initializers/app_config.rb

@@ -1,2 +0,0 @@
-APP_CONFIG = YAML.load_file("#{Rails.root}/config/application.yml")[Rails.env]
-Registry::Application.config.secret_token = APP_CONFIG['secret_key_base']

config/initializers/devise.rb

@@ -4,7 +4,7 @@ Devise.setup do |config|
   # The secret key used by Devise. Devise uses this key to generate
   # random tokens. Changing this key will render invalid all existing
   # confirmation, reset password and unlock tokens in the database.
-  config.secret_key = APP_CONFIG['devise_secret']
+  config.secret_key = ENV['devise_secret']
   
   # ==> Mailer Configuration
   # Configure the e-mail address which will be shown in Devise::Mailer,

config/initializers/env_required.rb

@@ -0,0 +1,13 @@
+required = %w(
+  app_name
+  zonefile_export_dir
+  secret_key_base
+  devise_secret
+  crl_path
+  ca_cert_path
+  ca_key_path
+  ca_key_password
+  webclient_ip
+)
+
+Figaro.require_keys(required)

config/initializers/set_secret.rb

@@ -0,0 +1 @@
+Registry::Application.config.secret_token = ENV['secret_key_base']