From bfae3fbe187455caaa25aeae2d9c78f31700d3bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89loi=20Rivard?= Date: Fri, 29 Mar 2024 13:57:00 +0100 Subject: [PATCH] doc: pydantic-settings nested secret directories are not ready yet https://github.com/pydantic/pydantic-settings/issues/154 --- doc/configuration.rst | 11 +++++++---- tests/app/test_configuration.py | 24 +++++++++++++++++++++--- 2 files changed, 28 insertions(+), 7 deletions(-) diff --git a/doc/configuration.rst b/doc/configuration.rst index 854c8f3c..91796d29 100644 --- a/doc/configuration.rst +++ b/doc/configuration.rst @@ -27,12 +27,15 @@ The way environment variables are parsed can be read from the `pydantic-settings Settings will also be read from a local ``.env`` file if present. -Secret parameters -================= +.. TODO: Uncomment this when pydantic-settings implements nested secrets directories + https://github.com/pydantic/pydantic-settings/issues/154 -A ``SECRETS_DIR`` environment variable can be passed as an environment variable, being a path to a directory in which are stored files named after the configuration settings. + Secret parameters + ================= -For instance, you can set ``SECRETS_DIR=/run/secrets`` and put your secret key in the file ``/run/secrets/SECRET_KEY``. + A ``SECRETS_DIR`` environment variable can be passed as an environment variable, being a path to a directory in which are stored files named after the configuration settings. + + For instance, you can set ``SECRETS_DIR=/run/secrets`` and put your secret key in the file ``/run/secrets/SECRET_KEY``. Parameters ========== diff --git a/tests/app/test_configuration.py b/tests/app/test_configuration.py index 14dcde6b..e7bef440 100644 --- a/tests/app/test_configuration.py +++ b/tests/app/test_configuration.py @@ -9,10 +9,11 @@ from canaille.app.configuration import settings_factory from canaille.app.configuration import validate -def test_configuration_file_suffix(tmp_path, backend, configuration): +def test_configuration_secrets_directory(tmp_path, backend, configuration): os.environ["SECRETS_DIR"] = str(tmp_path) - file_path = os.path.join(tmp_path, "SECRET_KEY") - with open(file_path, "w") as fd: + + secret_key_path = tmp_path / "SECRET_KEY" + with open(secret_key_path, "w") as fd: fd.write("very-secret") del configuration["SECRET_KEY"] @@ -22,6 +23,23 @@ def test_configuration_file_suffix(tmp_path, backend, configuration): del os.environ["SECRETS_DIR"] +@pytest.skip +# Not fully implemented in pydantic-settings yet +# https://github.com/pydantic/pydantic-settings/issues/154 +def test_configuration_nestedsecrets_directory(tmp_path, backend, configuration): + os.environ["SECRETS_DIR"] = str(tmp_path) + + smtp_password_path = tmp_path / "CANAILLE__SMTP__PASSWORD" + with open(smtp_password_path, "w") as fd: + fd.write("very-very-secret") + + del configuration["CANAILLE"]["SMTP"]["PASSWORD"] + + app = create_app(configuration) + assert app.config["CANAILLE"]["SMTP"]["PASSWORD"] == "very-very-secret" + del os.environ["SECRETS_DIR"] + + def test_configuration_from_environment_vars(): os.environ["SECRET_KEY"] = "very-very-secret" os.environ["CANAILLE__SMTP__FROM_ADDR"] = "user@mydomain.tld"