Separate Custom Settings From Secrets

[wesleyboar]

Goal

Extract non-secret custom settings from secrets.py so that they can be saved in the repo to reduce the manual maintenance of secrets.py.

Core Portal will do the same for itself via FP-304. The "Direction" is based on that of FP-304.

Requirements

1. Non-secret settings must not be in secrets.py.
2. Non-secret settings must be comited to the repo.

Direction

Portal's Solution

• task/FP-304: Separate custom settings from secrets Core-Portal#393

Original Idea

Archived

1. In the {env}.env file (e.g. dev.env) of the TACC/Core-Portal-Deployments repo:

   CUSTOM_SETTINGS_CMS=dev.custom_settings_cms.py
   

2. In the deploy script for the Jenkins "Core Portal Deploy" job:

   cp $CUSTOM_SETTINGS /opt/portal/Camino/conf/portal/custom_settings.py
   

3. In TACC/Core-CMS settings.py:

   from taccsite_cms.custom_settings import *
   

4. Use custom_settings.py instead of .env for THEME.

5. Remove THEME from Jenkins "Core CMS" job.

6. Migrate non-secret settings.py values to custom_settings.py.

7. Remove non-secret settings.py values from CMS Stache entries.

8. Update TACC/Core-Portal's sample.secrets.py.

Background

In GitLab by @taoteg on Jul 22, 2020, 18:05

Right now the branindg configurations for each portal is included in its secrets.py file, but these values are not sensitive (eg - secret).

In order to better clarify the role of the secrets.py file, and better clarify the location of branding specific configurations, separate all bradning and logo settings out into branding.py and then overwrite the default values (automatically configured using demo values as of the new settings update). This will result in the unique values (only) for each SAD CMS site living in the secrets.py file and overwriting default values living in settings.py, default_settings.py (formerly example_setting.py) and branding.py.

And months later, @rstijerina and @tacc-wbomar discuss a solution for portal then CMS.

[wesleyboar]

In GitLab by @tacc-wbomar on Sep 10, 2020, 12:49

Note: Issue #43 (GL-37) (branch task/37-per-site-assets) identifies the current secret customization per website into a secrets.py per website, but does not use them.

[wesleyboar]

In GitLab by @tacc-wbomar on Nov 19, 2020, 15:07

Note: Portal team is also doing this via FP-304: Separate real secrets from custom settings in settings_secret.py.

[taoteg]

Yes, this sounds great. Once this is done, it will be easier to make the case for moving everything into our magical Core-Projects-Resources repo to unify the external unique elements.

[wesleyboar]

@rstijerina has begun work on this for Portal via TACC/Core-Portal @ task/FP-304--custom-settings (compare).

I plan to wait and follow suite. I don't have the brain power today to concurrently perform it for CMS.

[wesleyboar]

P.S. This issue is currently blocking #192.

[taoteg]

TACC/Core-Portal#393 is merged into main on Core-portal, so we can now follow suit here and align the two setups. I am testing the setup in 3dem for the portal container, will replicate here for cms container once I have vetted it. Progress!

[wesleyboar]

This did not follow the pattern of TACC/Core-Portal#393, but its similar and we hope to update it later this year to match more closely.