zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-07-23 11:16:07 +02:00
Code Issues Projects Releases Packages Wiki Activity

Change how creds are handled

Browse source
This commit is contained in:
zandercymatics 2023-11-29 14:21:33 -07:00
parent e21b8b6e71
commit 159118d005
No known key found for this signature in database
GPG key ID: FF4636ABEC9682B7
2 changed files with 15 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/daily-csv-upload.yaml vendored
View file

@ -40,7 +40,7 @@ jobs:
id: var id: var
with: with:
script: | script: |
const environment = (github && github.event && github.event.inputs) ? github.event.inputs.environment : 'ZA'; const environment = (github && github.event && github.event.inputs) ? github.event.inputs.environment : 'za';
core.setOutput('environment', environment); core.setOutput('environment', environment);
wait-for-deploy: wait-for-deploy:

25
src/registrar/config/settings.py
View file

@ -33,18 +33,20 @@ env = environs.Env()
# Get secrets from Cloud.gov user provided service, if exists # Get secrets from Cloud.gov user provided service, if exists
# If not, get secrets from environment variables # If not, get secrets from environment variables
key_service = AppEnv().get_service(name="getgov-credentials") key_service = AppEnv().get_service(name="getgov-credentials")
# Get secrets from Cloud.gov user provided s3 service, if it exists
s3_key_service = AppEnv().get_service(name="getgov-s3")
if key_service and key_service.credentials: if key_service and key_service.credentials:
if s3_key_service and s3_key_service.credentials:
# Concatenate the credentials from our S3 service into our secret service
key_service.credentials.update(s3_key_service.credentials)
secret = key_service.credentials.get secret = key_service.credentials.get
else: else:
secret = env secret = env
# Get secrets from Cloud.gov user provided s3 service, if it exists
# If not, get secrets from environment variables.
s3_key_service = AppEnv().get_service(name="getgov-s3")
if s3_key_service and s3_key_service.credentials:
secret_s3 = s3_key_service.credentials.get
else:
secret_s3 = env
# # # ### # # # ###
# Values obtained externally # # Values obtained externally #
# # # ### # # # ###
@ -65,10 +67,11 @@ secret_key = secret("DJANGO_SECRET_KEY")
secret_aws_ses_key_id = secret("AWS_ACCESS_KEY_ID", None) secret_aws_ses_key_id = secret("AWS_ACCESS_KEY_ID", None)
secret_aws_ses_key = secret("AWS_SECRET_ACCESS_KEY", None) secret_aws_ses_key = secret("AWS_SECRET_ACCESS_KEY", None)
aws_s3_region_name = secret_s3("region", None) # TODO - allow for local env variable
secret_aws_s3_key_id = secret_s3("access_key_id", None) aws_s3_region_name = secret("region", None)
secret_aws_s3_key = secret_s3("secret_access_key", None) secret_aws_s3_key_id = secret("access_key_id", None)
secret_aws_s3_bucket_name = secret_s3("bucket", None) secret_aws_s3_key = secret("secret_access_key", None)
secret_aws_s3_bucket_name = secret("bucket", None)
secret_registry_cl_id = secret("REGISTRY_CL_ID") secret_registry_cl_id = secret("REGISTRY_CL_ID")
secret_registry_password = secret("REGISTRY_PASSWORD") secret_registry_password = secret("REGISTRY_PASSWORD")