feature: adicionando suporte a 1password (#7)

* feature: obter secrets de 1password * chore: organizando CI workflow
2022-08-31 18:04:25 -03:00
parent f8402a87d4
commit 7c66517882
5 changed files with 165 additions and 72 deletions
--- a/app/settings.py
+++ b/app/settings.py
@@ -3,12 +3,16 @@ import os
 from pathlib import Path
 import sentry_sdk
 from sentry_sdk.integrations.django import DjangoIntegration
+from .utils import get_op_config

+op_config = get_op_config()

-SCOPE = os.getenv("SCOPE", "production")
+print(op_config)
+
+SCOPE = op_config['settings.SCOPE']

 sentry_sdk.init(
-    dsn=os.getenv("SENTRY_DSN"),
+    dsn=op_config['settings.SENTRY_DSN'],
    integrations=[DjangoIntegration()],
    environment=SCOPE,
    send_default_pii=False,
@@ -19,12 +23,12 @@ sentry_sdk.init(
 BASE_DIR = Path(__file__).resolve().parent.parent

 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = os.getenv("SECRET_KEY", "changeme")
+SECRET_KEY = op_config['settings.SECRET_KEY']

 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = os.getenv("DEBUG", "0") in ["1", "true"]
+DEBUG = op_config.get("settings.DEBUG", "0") in ["1", "true"]

-ALLOWED_HOSTS = os.getenv("ALLOWED_HOSTS", "127.0.0.1,localhost").split(",")
+ALLOWED_HOSTS = op_config.get("settings.ALLOWED_HOSTS", "127.0.0.1,localhost").split(",")

 # Application definition
 INSTALLED_APPS = [
@@ -80,11 +84,11 @@ AUTH_USER_MODEL = "core.User"
 DATABASES = {
    "default": {
        "ENGINE": "django.db.backends.mysql",
-        "NAME": os.getenv("DB_NAME"),
-        "USER": os.getenv("DB_USER"),
-        "PASSWORD": os.getenv("DB_PASS"),
-        "HOST": os.getenv("DB_HOST"),
-        "PORT": os.getenv("DB_PORT"),
+        "NAME": op_config['database.name'],
+        "USER": op_config['database.user'],
+        "PASSWORD": op_config['database.password'],
+        "HOST": op_config['database.host'],
+        "PORT": op_config['database.port'],
        "OPTIONS": {"charset": "utf8mb4"},
    }
 }
--- a/app/utils.py
+++ b/app/utils.py
@@ -0,0 +1,27 @@
+import os
+
+import onepasswordconnectsdk
+from onepasswordconnectsdk.client import Client, new_client_from_environment
+
+
+def get_op_config():
+    op_client: Client = new_client_from_environment()
+
+    OP_DJANGO_SETTINGS_VARS = [
+        'database.host',
+        'database.port',
+        'database.name',
+        'database.user',
+        'database.password',
+        'settings.ALLOWED_HOSTS',
+        'settings.DEBUG',
+        'settings.SCOPE',
+        'settings.SENTRY_DSN',
+        'settings.SECRET_KEY',
+    ]
+
+    op_config_get = {}
+    for var in OP_DJANGO_SETTINGS_VARS:
+        op_config_get[var] = {"opitem": "mines", "opfield": var}
+
+    return onepasswordconnectsdk.load_dict(op_client, op_config_get)