diff --git a/.gitignore b/.gitignore index d45eabf8e..a10657b94 100644 --- a/.gitignore +++ b/.gitignore @@ -28,7 +28,6 @@ config/initializers/super_admin.rb doc/*.svg config/france_connect.yml config/github_secrets.yml -config/initializers/mailjet.rb config/fog_credentials.yml uploads/* coverage/**/* diff --git a/README.md b/README.md index 55fef8bf7..24091683c 100644 --- a/README.md +++ b/README.md @@ -34,13 +34,6 @@ Afin d'initialiser l'environnement de développement, exécutez la commande suiv bundle install yarn install -## Bouchonnage de l’authentification - -Créer les fichiers de configuration avec les valeurs par défaut : - - cp config/france_connect.example.yml config/france_connect.yml - cp config/github_secrets.example.yml config/github_secrets.yml - ## Création de la base de données Les informations nécessaire à l'initialisation de la base doivent être pré-configurées à la main grâce à la procédure suivante : @@ -59,12 +52,6 @@ Afin de générer la BDD de l'application, il est nécessaire d'exécuter les co # Migrate the development database and the test database bin/rails db:migrate -## Connexion a Pipedrive - -Dans le fichier `config/intializers/token.rb`, ajouter - -`PIPEDRIVE_TOKEN = 'token'` - *Note : les valeurs pour ces paramètres sont renseignées dans le Keepass* ## Bouchonnage de la configuration diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 7ee21f212..0e409cf88 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -24,11 +24,6 @@ class ApplicationController < ActionController::Base end end - def default_url_options - return { protocol: 'https' } if Rails.env.staging? || Rails.env.production? - {} - end - def load_navbar_left_pannel_partial_url controller = request.controller_class method = params[:action] diff --git a/app/lib/api_entreprise/api.rb b/app/lib/api_entreprise/api.rb index b8cc26582..e4e53812b 100644 --- a/app/lib/api_entreprise/api.rb +++ b/app/lib/api_entreprise/api.rb @@ -1,8 +1,4 @@ class ApiEntreprise::API - class << self - attr_accessor :token - end - ENTREPRISE_RESOURCE_NAME = "entreprises" ETABLISSEMENT_RESOURCE_NAME = "etablissements" EXERCICES_RESOURCE_NAME = "exercices" @@ -49,7 +45,7 @@ class ApiEntreprise::API end def self.url(resource_name, siret_or_siren) - [API_ENTREPRISE_URL, resource_name, siret_or_siren].join("/") + [base_url, resource_name, siret_or_siren].join("/") end def self.params(siret_or_siren, procedure_id) @@ -57,7 +53,17 @@ class ApiEntreprise::API context: "demarches-simplifiees.fr", recipient: siret_or_siren, object: "procedure_id: #{procedure_id}", - token: SIADETOKEN + token: token } end + + private + + def self.token + Rails.application.secrets.api_entreprise[:key] + end + + def self.base_url + Rails.application.secrets.api_entreprise[:base_url] + end end diff --git a/app/lib/pipedrive/api.rb b/app/lib/pipedrive/api.rb index 8cbf1ca04..c537a4e50 100644 --- a/app/lib/pipedrive/api.rb +++ b/app/lib/pipedrive/api.rb @@ -48,7 +48,7 @@ class Pipedrive::API params.merge!({ start: 0, limit: 500, - api_token: PIPEDRIVE_TOKEN + api_token: token }) response = RestClient.get(url, params: params) @@ -56,14 +56,18 @@ class Pipedrive::API end def self.put(url, params) - url = "#{url}?api_token=#{PIPEDRIVE_TOKEN}" + url = "#{url}?api_token=#{token}" RestClient.put(url, params.to_json, { content_type: :json }) end def self.post(url, params) - url = "#{url}?api_token=#{PIPEDRIVE_TOKEN}" + url = "#{url}?api_token=#{token}" RestClient.post(url, params.to_json, { content_type: :json }) end + + def self.token + Rails.application.secrets.pipedrive[:key] + end end diff --git a/app/services/signature_service.rb b/app/services/signature_service.rb index 6896da62a..716813aa9 100644 --- a/app/services/signature_service.rb +++ b/app/services/signature_service.rb @@ -1,6 +1,4 @@ class SignatureService - CONFIG_PATH = Rails.root.join("config", "signing_key.yml") - class << self def generate RbNaCl::Util.bin2hex(RbNaCl::SigningKey.generate) @@ -24,15 +22,7 @@ class SignatureService private def signing_key - @@signing_key ||= RbNaCl::SigningKey.new(RbNaCl::Util.hex2bin(config[:key])) - end - - def config - if File.exist?(CONFIG_PATH) - YAML.safe_load(File.read(CONFIG_PATH)).symbolize_keys - else - {} - end + @@signing_key ||= RbNaCl::SigningKey.new(RbNaCl::Util.hex2bin(Rails.application.secrets.signing_key)) end end end diff --git a/app/services/staging_auth_service.rb b/app/services/staging_auth_service.rb index c4dd250d8..085ec497c 100644 --- a/app/services/staging_auth_service.rb +++ b/app/services/staging_auth_service.rb @@ -1,23 +1,13 @@ class StagingAuthService - CONFIG_PATH = Rails.root.join("config", "basic_auth.yml") - def self.authenticate(username, password) if enabled? - username == config[:username] && password == config[:password] + username == Rails.application.secrets.basic_auth[:username] && password == Rails.application.secrets.basic_auth[:password] else true end end def self.enabled? - !!config[:enabled] - end - - def self.config - if File.exist?(CONFIG_PATH) - YAML.safe_load(File.read(CONFIG_PATH)).symbolize_keys - else - {} - end + ENV['BASIC_AUTH_ENABLED'] == 'enabled' end end diff --git a/app/uploaders/remote_downloader.rb b/app/uploaders/remote_downloader.rb index 6d0d07e1b..73aef5579 100644 --- a/app/uploaders/remote_downloader.rb +++ b/app/uploaders/remote_downloader.rb @@ -4,6 +4,12 @@ class RemoteDownloader end def url - @url ||= File.join(STORAGE_URL, @filename) + @url ||= File.join(base_url, CarrierWave::Uploader::Base.fog_directory, @filename) + end + + protected + + def base_url + Rails.application.secrets.fog[:base_url] end end diff --git a/config/database.yml b/config/database.yml index 75dedfa2d..37d319404 100644 --- a/config/database.yml +++ b/config/database.yml @@ -1,17 +1,30 @@ -development: +default: &default adapter: postgresql encoding: unicode + pool: <%= ENV.fetch("DB_POOL") { 5 } %> + timeout: 5000 + +development: + <<: *default database: tps_development host: localhost - pool: 5 username: tps_development password: tps_development test: - adapter: postgresql - encoding: unicode + <<: *default database: tps_test host: localhost - pool: 5 username: tps_test password: tps_test + +production: &production + <<: *default + database: <%= ENV["DB_DATABASE"] %> + host: <%= ENV["DB_HOST"] %> + username: <%= ENV["DB_USERNAME"] %> + password: <%= ENV["DB_PASSWORD"] %> + +# Alias for production +staging: + <<: *production diff --git a/config/deploy.rb b/config/deploy.rb index a10494858..2aa98afd8 100644 --- a/config/deploy.rb +++ b/config/deploy.rb @@ -53,20 +53,7 @@ set :shared_paths, [ 'tmp/sockets', 'public/system', 'public/uploads', - 'config/database.yml', - "config/skylight.yml", - "config/fog_credentials.yml", - 'config/storage.yml', - 'config/initializers/secret_token.rb', - "config/environments/#{rails_env}.rb", - "config/initializers/token.rb", - "config/unicorn.rb", - "config/initializers/raven.rb", - 'config/france_connect.yml', - 'config/github_secrets.yml', - 'config/basic_auth.yml', - 'config/initializers/mailjet.rb', - 'config/initializers/storage_url.rb' + 'config/unicorn.rb' ] set :rbenv_path, "/usr/local/rbenv/bin/rbenv" @@ -111,15 +98,6 @@ task :setup => :environment do queue! %[mkdir -p "#{deploy_to}/shared/config/locales/dynamics"] queue! %[chmod g+rx,u+rwx "#{deploy_to}/shared/config/locales/dynamics"] - - queue! %[touch "#{deploy_to}/shared/config/database.yml"] - queue %[echo "-----> Be sure to edit 'shared/config/database.yml'."] - - queue! %[touch "#{deploy_to}/shared/environments/production.rb"] - queue %[echo "-----> Be sure to edit 'shared/environments/production.rb'."] - - queue! %[touch "#{deploy_to}/shared/environments/staging.rb"] - queue %[echo "-----> Be sure to edit 'shared/environments/staging.rb'."] end namespace :yarn do diff --git a/config/env.example b/config/env.example index dfc4c6d8b..adeedfa2b 100644 --- a/config/env.example +++ b/config/env.example @@ -1,2 +1,15 @@ APP_NAME="tps_local" APP_HOST="http://localhost:3000/" + +GITHUB_CLIENT_ID="" +GITHUB_CLIENT_SECRET="" + +FC_PARTICULIER_ID="" +FC_PARTICULIER_SECRET="" +FC_PARTICULIER_REDIRECT_URI="" +FC_PARTICULIER_HOST="" + +API_ENTREPRISE_KEY="" +API_ENTREPRISE_BASE_URL="https://entreprise.api.gouv.fr/v2" + +PIPEDRIVE_KEY="" diff --git a/config/environments/development.rb b/config/environments/development.rb index 95f5b0100..e906943f1 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -47,17 +47,15 @@ Rails.application.configure do # Action Mailer settings config.action_mailer.delivery_method = :smtp config.action_mailer.default_url_options = { host: 'localhost', port: 3000 } - config.action_mailer.asset_host = 'http://localhost:3000' # Config for mailcatcher https://mailcatcher.me/ config.action_mailer.smtp_settings = { - :address => "localhost", - :port => 1025, - :locale => 'fr' + address: 'localhost', + port: 1025, + locale: 'fr' } Rails.application.routes.default_url_options = { - host: 'localhost:3000', - protocol: :http + host: 'localhost:3000' } # Raises error for missing translations diff --git a/config/environments/production.rb b/config/environments/production.rb index 3ad812d62..4bcbef198 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -58,7 +58,7 @@ Rails.application.configure do # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) # Use a different cache store in production. - config.cache_store = :memory_store + # config.cache_store = :memory_store # Enable serving of images, stylesheets, and JavaScripts from an asset server. # config.action_controller.asset_host = 'http://assets.example.com' @@ -67,6 +67,25 @@ Rails.application.configure do # Set this to true and configure the email server for immediate delivery to raise delivery errors. # config.action_mailer.raise_delivery_errors = false + if ENV['MAILTRAP_ENABLED'] == 'enabled' + config.action_mailer.delivery_method = :smtp + config.action_mailer.smtp_settings = { + user_name: Rails.application.secrets.mailtrap[:username], + password: Rails.application.secrets.mailtrap[:password], + address: 'smtp.mailtrap.io', + domain: 'smtp.mailtrap.io', + port: '2525', + authentication: :cram_md5 + } + else + config.action_mailer.delivery_method = :mailjet + end + + config.action_mailer.default_url_options = { + protocol: :https, + host: ENV['APP_HOST'] + } + # Enable locale fallbacks for I18n (makes lookups for any locale fall back to # the I18n.default_locale when a translation cannot be found). config.i18n.fallbacks = true @@ -83,6 +102,9 @@ Rails.application.configure do config.active_record.dump_schema_after_migration = false Rails.application.routes.default_url_options = { - protocol: :https + protocol: :https, + host: ENV['APP_HOST'] } + + config.lograge.enabled = ENV['LOGRAGE_ENABLED'] == 'enabled' end diff --git a/config/environments/staging.rb b/config/environments/staging.rb new file mode 100644 index 000000000..4bcbef198 --- /dev/null +++ b/config/environments/staging.rb @@ -0,0 +1,110 @@ +Rails.application.configure do + # Settings specified here will take precedence over those in config/application.rb. + + # Verifies that versions and hashed value of the package contents in the project's package.json + config.webpacker.check_yarn_integrity = false + + # Code is not reloaded between requests. + config.cache_classes = true + + # Eager load code on boot. This eager loads most of Rails and + # your application in memory, allowing both threaded web servers + # and those relying on copy on write to perform better. + # Rake tasks automatically ignore this option for performance. + config.eager_load = true + + # Full error reports are disabled and caching is turned on. + config.consider_all_requests_local = false + config.action_controller.perform_caching = true + + # Enable Rack::Cache to put a simple HTTP cache in front of your application + # Add `rack-cache` to your Gemfile before enabling this. + # For large-scale production use, consider using a caching reverse proxy like + # NGINX, varnish or squid. + # config.action_dispatch.rack_cache = true + + # Disable serving static files from the `/public` folder by default since + # Apache or NGINX already handles this. + config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? + + # Compress JavaScripts and CSS. + config.assets.js_compressor = :uglifier + # config.assets.css_compressor = :sass + + # Do not fallback to assets pipeline if a precompiled asset is missed. + config.assets.compile = false + + # Asset digests allow you to set far-future HTTP expiration dates on all assets, + # yet still be able to expire them through the digest params. + config.assets.digest = true + + # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb + + # Specifies the header that your server uses for sending files. + # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache + # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX + + # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. + config.force_ssl = true + + # Use the lowest log level to ensure availability of diagnostic information + # when problems arise. + config.log_level = :debug + + # Prepend all log lines with the following tags. + # config.log_tags = [ :subdomain, :uuid ] + + # Use a different logger for distributed setups. + # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) + + # Use a different cache store in production. + # config.cache_store = :memory_store + + # Enable serving of images, stylesheets, and JavaScripts from an asset server. + # config.action_controller.asset_host = 'http://assets.example.com' + + # Ignore bad email addresses and do not raise email delivery errors. + # Set this to true and configure the email server for immediate delivery to raise delivery errors. + # config.action_mailer.raise_delivery_errors = false + + if ENV['MAILTRAP_ENABLED'] == 'enabled' + config.action_mailer.delivery_method = :smtp + config.action_mailer.smtp_settings = { + user_name: Rails.application.secrets.mailtrap[:username], + password: Rails.application.secrets.mailtrap[:password], + address: 'smtp.mailtrap.io', + domain: 'smtp.mailtrap.io', + port: '2525', + authentication: :cram_md5 + } + else + config.action_mailer.delivery_method = :mailjet + end + + config.action_mailer.default_url_options = { + protocol: :https, + host: ENV['APP_HOST'] + } + + # Enable locale fallbacks for I18n (makes lookups for any locale fall back to + # the I18n.default_locale when a translation cannot be found). + config.i18n.fallbacks = true + + config.active_storage.service = :clever_cloud + + # Send deprecation notices to registered listeners. + config.active_support.deprecation = :notify + + # Use default logging formatter so that PID and timestamp are not suppressed. + config.log_formatter = ::Logger::Formatter.new + + # Do not dump schema after migrations. + config.active_record.dump_schema_after_migration = false + + Rails.application.routes.default_url_options = { + protocol: :https, + host: ENV['APP_HOST'] + } + + config.lograge.enabled = ENV['LOGRAGE_ENABLED'] == 'enabled' +end diff --git a/config/features.rb b/config/features.rb index e86bd43a3..289d53a48 100644 --- a/config/features.rb +++ b/config/features.rb @@ -23,7 +23,7 @@ Flipflop.configure do group :production do feature :remote_storage, - default: Rails.env.production? || Rails.env.staging? + default: ENV['FOG_ENABLED'] == 'enabled' feature :weekly_overview, default: Rails.env.production? end diff --git a/config/fog_credentials.test.yml b/config/fog_credentials.test.yml deleted file mode 100644 index 932151ea1..000000000 --- a/config/fog_credentials.test.yml +++ /dev/null @@ -1,6 +0,0 @@ -default: - openstack_tenant: "ovh_fake_tenant_name" - openstack_api_key: "ovh_fake_password" - openstack_username: "ovh_fake_username" - openstack_auth_url: "https://auth.cloud.ovh.net/v2.0/tokens" - openstack_region: "SBG1" diff --git a/config/france_connect.example.yml b/config/france_connect.example.yml deleted file mode 100644 index 628ad6332..000000000 --- a/config/france_connect.example.yml +++ /dev/null @@ -1,8 +0,0 @@ -particulier_identifier: '' -particulier_secret: '' - -particulier_redirect_uri: '' -particulier_authorization_endpoint: '' -particulier_token_endpoint: '' -particulier_userinfo_endpoint: '' -particulier_logout_endpoint: '' diff --git a/config/github_secrets.example.yml b/config/github_secrets.example.yml deleted file mode 100644 index 88e49d175..000000000 --- a/config/github_secrets.example.yml +++ /dev/null @@ -1,2 +0,0 @@ -client_id: '' -client_secret: '' diff --git a/config/initializers/active_job_log_subscriber.rb b/config/initializers/active_job_log_subscriber.rb index b630519dd..cfcddc188 100644 --- a/config/initializers/active_job_log_subscriber.rb +++ b/config/initializers/active_job_log_subscriber.rb @@ -40,6 +40,7 @@ class ActiveJobLogSubscriber < ::ActiveJob::Logging::LogSubscriber tags.push('exception') if data[:exception] data[:tags] = tags data[:type] = 'tps' + data[:source] = ENV['SOURCE'] log(data) end diff --git a/config/initializers/active_storage_conf_override.rb b/config/initializers/active_storage_conf_override.rb deleted file mode 100644 index be56d2df4..000000000 --- a/config/initializers/active_storage_conf_override.rb +++ /dev/null @@ -1,4 +0,0 @@ -# FIXME: remove this once we moved to a properly structured infrastructure -if Rails.env.production? || Rails.env.staging? - Rails.application.config.active_storage.service = :clever_cloud -end diff --git a/config/initializers/carrierwave.rb b/config/initializers/carrierwave.rb index 19a7c2112..299105185 100644 --- a/config/initializers/carrierwave.rb +++ b/config/initializers/carrierwave.rb @@ -1,17 +1,18 @@ -if Rails.env.test? - Fog.credentials_path = Rails.root.join('config', 'fog_credentials.test.yml') -else - Fog.credentials_path = Rails.root.join('config', 'fog_credentials.yml') -end - CarrierWave.configure do |config| # These permissions will make dir and files available only to the user running # the servers config.permissions = 0664 config.directory_permissions = 0775 - if Rails.env.production? || Rails.env.staging? - config.fog_credentials = { provider: 'OpenStack' } + if ENV['FOG_ENABLED'] == 'enabled' + config.fog_credentials = { + provider: 'OpenStack', + openstack_tenant: Rails.application.secrets.fog[:openstack_tenant], + openstack_api_key: Rails.application.secrets.fog[:openstack_api_key], + openstack_username: Rails.application.secrets.fog[:openstack_username], + openstack_auth_url: Rails.application.secrets.fog[:openstack_auth_url], + openstack_region: Rails.application.secrets.fog[:openstack_region], + } end # This avoids uploaded files from saving to public/ and so @@ -22,11 +23,5 @@ CarrierWave.configure do |config| config.fog_public = true - if Rails.env.production? - config.fog_directory = "tps" - elsif Rails.env.development? - config.fog_directory = "test_local" - else - config.fog_directory = "tps_dev" - end + config.fog_directory = Rails.application.secrets.fog[:directory] end diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 46e0b9663..536fd745e 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -6,7 +6,7 @@ Devise.setup do |config| # The secret key used by Devise. Devise uses this key to generate # random tokens. Changing this key will render invalid all existing # confirmation, reset password and unlock tokens in the database. - # config.secret_key = '023b8d51611750f31982654ec5c14e275784af6a7a15aadbc599a973265e01e4218e209489b65e63d008b23754e4db268e376f652720fa9a69846853a365b811' + config.secret_key = Rails.application.secrets.secret_key_base # ==> Mailer Configuration # Configure the e-mail address which will be shown in Devise::Mailer, @@ -235,8 +235,7 @@ Devise.setup do |config| # Add a new OmniAuth provider. Check the wiki for more information on setting # up on your models and hooks. if !Rails.env.test? - github_secrets = YAML::load_file(File.join(__dir__, '../github_secrets.yml')) - config.omniauth :github, github_secrets['client_id'], github_secrets['client_secret'], scope: 'user:email' + config.omniauth :github, Rails.application.secrets.github[:client_id], Rails.application.secrets.github[:client_secret], scope: 'user:email' end # ==> Warden configuration diff --git a/config/initializers/france_connect.rb b/config/initializers/france_connect.rb index 493058fd9..dd3bcb2be 100644 --- a/config/initializers/france_connect.rb +++ b/config/initializers/france_connect.rb @@ -1,22 +1,3 @@ -FRANCE_CONNECT = if Rails.env.test? - { - particulier: { - identifier: 'plop', - secret: 'plip', - redirect_uri: 'https://bidon.com/endpoint', - authorization_endpoint: 'https://bidon.com/endpoint', - token_endpoint: 'https://bidon.com/endpoint', - userinfo_endpoint: 'https://bidon.com/endpoint', - logout_endpoint: 'https://bidon.com/endpoint', - } - } -else - fc_config_file_path = Rails.root.join("config", "france_connect.yml") - - # FIXME: with a yaml with a { particulier: {} } structure - config_hash = YAML.safe_load(File.read(fc_config_file_path)) - .reduce({}) { |acc, (key, value)| acc[key.gsub('particulier_', '')] = value; acc } - .symbolize_keys - - { particulier: config_hash } -end +FRANCE_CONNECT = { + particulier: Rails.application.secrets.france_connect_particulier +} diff --git a/config/initializers/lograge.rb b/config/initializers/lograge.rb index 0140b2346..8fec7ceea 100644 --- a/config/initializers/lograge.rb +++ b/config/initializers/lograge.rb @@ -10,6 +10,7 @@ Rails.application.configure do config.lograge.custom_options = lambda do |event| { type: 'tps', + source: ENV['SOURCE'], tags: ['request', event.payload[:exception] ? 'exception' : nil].compact, user_id: event.payload[:user_id], user_email: event.payload[:user_email], diff --git a/config/initializers/mailjet.rb b/config/initializers/mailjet.rb new file mode 100644 index 000000000..dafcb4084 --- /dev/null +++ b/config/initializers/mailjet.rb @@ -0,0 +1,5 @@ +Mailjet.configure do |config| + config.api_key = Rails.application.secrets.mailjet[:api_key] + config.secret_key = Rails.application.secrets.mailjet[:secret_key] + config.default_from = CONTACT_EMAIL +end diff --git a/config/initializers/raven.rb b/config/initializers/raven.rb new file mode 100644 index 000000000..18c449de4 --- /dev/null +++ b/config/initializers/raven.rb @@ -0,0 +1,7 @@ +if ENV['SENTRY_ENABLED'] == 'enabled' + require 'raven' + + Raven.configure do |config| + config.dsn = ENV['SENTRY_DSN_RAILS'] + end +end diff --git a/config/initializers/storage_url.rb b/config/initializers/storage_url.rb deleted file mode 100644 index d89d1bc83..000000000 --- a/config/initializers/storage_url.rb +++ /dev/null @@ -1 +0,0 @@ -STORAGE_URL = "https://storage.apientreprise.fr/#{CarrierWave::Uploader::Base.fog_directory}/" diff --git a/config/initializers/urls.rb b/config/initializers/urls.rb index 447f5eb63..9fa7943ef 100644 --- a/config/initializers/urls.rb +++ b/config/initializers/urls.rb @@ -1,7 +1,5 @@ API_CARTO_URL = "https://apicarto.sgmap.fr" -API_ENTREPRISE_URL = 'https://entreprise.api.gouv.fr/v2' - API_GEO_URL = "https://geo.api.gouv.fr" PIPEDRIVE_API_URL = 'https://api.pipedrive.com/v1' diff --git a/config/secrets.yml b/config/secrets.yml index 12d052523..0bd2c4b4d 100644 --- a/config/secrets.yml +++ b/config/secrets.yml @@ -9,14 +9,74 @@ # Make sure the secrets in this file are kept private # if you're sharing your code publicly. +defaults: &defaults + secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> + signing_key: <%= ENV["SIGNING_KEY"] %> + basic_auth: + username: <%= ENV['BASIC_AUTH_USERNAME'] %> + password: <%= ENV['BASIC_AUTH_PASSWORD'] %> + france_connect_particulier: + identifier: <%= ENV['FC_PARTICULIER_ID'] %> + secret: <%= ENV['FC_PARTICULIER_SECRET'] %> + redirect_uri: <%= ENV['FC_PARTICULIER_REDIRECT_URI'] %> + authorization_endpoint: <%= ENV['FC_PARTICULIER_HOST'] %>/api/v1/authorize + token_endpoint: <%= ENV['FC_PARTICULIER_HOST'] %>/api/v1/token + userinfo_endpoint: <%= ENV['FC_PARTICULIER_HOST'] %>/api/v1/userinfo + logout_endpoint: <%= ENV['FC_PARTICULIER_HOST'] %>/api/v1/logout + github: + client_id: <%= ENV['GITHUB_CLIENT_ID'] %> + client_secret: <%= ENV['GITHUB_CLIENT_SECRET'] %> + mailjet: + api_key: <%= ENV['MAILJET_API_KEY'] %> + secret_key: <%= ENV['MAILJET_SECRET_KEY'] %> + api_entreprise: + key: <%= ENV['API_ENTREPRISE_KEY'] %> + base_url: <%= ENV['API_ENTREPRISE_BASE_URL'] %> + pipedrive: + key: <%= ENV['PIPEDRIVE_KEY'] %> + fog: + openstack_tenant: <%= ENV['FOG_OPENSTACK_TENANT'] %> + openstack_api_key: <%= ENV['FOG_OPENSTACK_API_KEY'] %> + openstack_username: <%= ENV['FOG_OPENSTACK_USERNAME'] %> + openstack_auth_url: <%= ENV['FOG_OPENSTACK_AUTH_URL'] %> + openstack_region: <%= ENV['FOG_OPENSTACK_REGION'] %> + base_url: <% ENV['FOG_BASE_URL'] %> + directory: <%= ENV['FOG_DIRECTORY'] %> + mailtrap: + username: <%= ENV['MAILTRAP_USERNAME'] %> + password: <%= ENV['MAILTRAP_PASSWORD'] %> development: + <<: *defaults secret_key_base: 05a2d479d8e412198dabd08ef0eee9d6e180f5cbb48661a35fd1cae287f0a93d40b5f1da08f06780d698bbd458a0ea97f730f83ee780de5d4e31f649a0130cf0 + signing_key: aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017 test: + <<: *defaults secret_key_base: aa52abc3f3a629d04a61e9899a24c12f52b24c679cbf45f8ec0cdcc64ab9526d673adca84212882dff3911ac98e0c32ec4729ca7b3429ba18ef4dfd1bd18bc7a + signing_key: aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017 + api_entreprise: + key: api_entreprise_test_key + base_url: https://entreprise.api.gouv.fr/v2 + fog: + base_url: https://storage.apientreprise.fr + directory: tps_dev + pipedrive: + key: pipedrive_test_key + france_connect_particulier: + identifier: france_connect_test_identifier + secret: france_connect_test_secret + redirect_uri: https://bidon.com/endpoint + authorization_endpoint: https://bidon.com/endpoint + token_endpoint: https://bidon.com/endpoint + userinfo_endpoint: https://bidon.com/endpoint + logout_endpoint: https://bidon.com/endpoint # Do not keep production secrets in the repository, # instead read values from the environment. -production: - secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> +production: &production + <<: *defaults + +# Alias for production +staging: + <<: *production diff --git a/config/signing_key.yml b/config/signing_key.yml deleted file mode 100644 index 6940da6a9..000000000 --- a/config/signing_key.yml +++ /dev/null @@ -1,2 +0,0 @@ -# This is a signing key used in dev and test environments -key: 'aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017' diff --git a/config/skylight.yml b/config/skylight.yml new file mode 100644 index 000000000..4937b14ca --- /dev/null +++ b/config/skylight.yml @@ -0,0 +1,3 @@ +--- +# The authentication token for the application. +authentication: <%= ENV['SKYLIGHT_AUTHENTICATION_KEY'] || '' %> diff --git a/config/storage.yml b/config/storage.yml index 1f93f7323..80f0cf275 100644 --- a/config/storage.yml +++ b/config/storage.yml @@ -1,7 +1,11 @@ local: service: Disk root: <%= Rails.root.join("storage") %> - test: service: Disk root: <%= Rails.root.join("tmp/storage") %> +clever_cloud: + service: Cellar + access_key_id: <%= ENV['CLEVER_CLOUD_ACCESS_KEY_ID'] %> + secret_access_key: <%= ENV['CLEVER_CLOUD_SECRET_ACCESS_KEY'] %> + bucket: <%= ENV['CLEVER_CLOUD_BUCKET'] %> diff --git a/lib/tasks/dev.rake b/lib/tasks/dev.rake index c0bc7b01c..5c0bf8746 100644 --- a/lib/tasks/dev.rake +++ b/lib/tasks/dev.rake @@ -2,7 +2,6 @@ namespace :dev do desc 'Initialise dev environment' task :init do puts 'start initialisation' - Rake::Task['dev:generate_token_file'].invoke Rake::Task['dev:generate_franceconnect_file'].invoke Rake::Task['dev:generate_fog_credentials_file'].invoke Rake::Task['dev:generate_features_file'].invoke @@ -10,14 +9,6 @@ namespace :dev do puts 'end initialisation' end - task :generate_token_file do - puts 'creating token.rb file' - res = `rake secret`.delete("\n") - file = File.new('config/initializers/token.rb', 'w+') - file.write("TPS::Application.config.SIADETOKEN = '#{res}'") - file.close - end - task :generate_franceconnect_file do file = File.new('config/france_connect.yml', 'w+') comment = <<~EOF diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 1de2c6b03..e9a3be72a 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -81,9 +81,6 @@ DatabaseCleaner.strategy = :transaction TPS::Application.load_tasks -SIADETOKEN = :valid_token if !defined? SIADETOKEN -PIPEDRIVE_TOKEN = :pipedrive_test_token if !defined? PIPEDRIVE_TOKEN - include Warden::Test::Helpers include SmartListing::Helper