Load vault secrets from environment less stores or which are not written by dynaconf#725
Conversation
dynaconf/default_settings.py
Outdated
|
|
||
| # If provided environments will be loaded separatelly | ||
| ENVIRONMENTS_FOR_DYNACONF = get("ENVIRONMENTS_FOR_DYNACONF", False) | ||
| MAIN_ENV_FOR_DYNACONF = get("MAIN_ENVIRONMENTS_FOR_DYNACONF", "MAIN") |
There was a problem hiding this comment.
| MAIN_ENV_FOR_DYNACONF = get("MAIN_ENVIRONMENTS_FOR_DYNACONF", "MAIN") | |
| MAIN_ENVIRONMENT_FOR_DYNACONF = get("MAIN_ENVIRONMENT_FOR_DYNACONF", "MAIN") |
There was a problem hiding this comment.
I would like to stick to the standard of naming the specific environment for dynaconf. E.g DEFAULT_ENV_FOR_DYNACONF.
Similarly, I will rename MAIN_ENVIRONMENT_FOR_DYNACONF as MAIN_ENV_FOR_DYNACONF
a769aef to
4ee5343
Compare
dynaconf/default_settings.py
Outdated
|
|
||
| # If provided environments will be loaded separatelly | ||
| ENVIRONMENTS_FOR_DYNACONF = get("ENVIRONMENTS_FOR_DYNACONF", False) | ||
| MAIN_ENV_FOR_DYNACONF = get("MAIN_ENVIRONMENTS_FOR_DYNACONF", "MAIN") |
There was a problem hiding this comment.
I would like to stick to the standard of naming the specific environment for dynaconf. E.g DEFAULT_ENV_FOR_DYNACONF.
Similarly, I will rename MAIN_ENVIRONMENT_FOR_DYNACONF as MAIN_ENV_FOR_DYNACONF
|
Ping @rochacbruno , Need to get this in as we are blocked! Are you good with the changes or would you want to add changes in Doc and Version Doc ? |
|
@jyejare some of the ci tests are not passing I was not able to verify yet the reason |
|
@rochacbruno I hope that's not related to this change, but I can take a look! I didnt observe it first as all the ticks looked green. |
4ee5343 to
9a4be35
Compare
|
@rochacbruno Fixed tests failing ! Please revisit . |
|
Ci is broken, not related to your PR, I will test locally and if pass I will merge |
|
@rochacbruno Sorry, in my last comment, I wanted to say "failing tests passed, please revisit", but said "ulta" :) |
|
@rochacbruno Whats the plan on releasing a new version of dynaConf with this change? Is it sooner or can you release it soon for us ? |
|
@jyejare I can cut a 3.1.8 from master branch this week, I will have some free time by friday to do the triage. |
|
@rochacbruno That's good news for us !! Thanks :) |
Shortlog of commits since last release:
Anderson Sousa (1):
Document the usage with python -m (#710)
Andressa Cabistani (2):
Add unique label when merging lists to fix issue #653 (#661)
Add new validation to fix issue #585 (#667)
Armin Berres (1):
Fix typo in error message
Bruno Rocha (7):
Release version 3.1.7
Found this bug that was duplicating the generated envlist (#663)
Add support for Python 3.10 (#665)
Attempt to fix #555 (#669)
Create update_contributors.yml
Fixing pre-coomit and docs CI
Added `dynaconf get` command to cli (#730)
Caneco (2):
improvement: add brand new logo to the project (#686)
improvement: update socialcard to match the python way (#687)
EdwardCuiPeacock (2):
Feature: add @Jinja and @Format casting (#704)
Combo converter doc (#735)
Eitan Mosenkis (1):
Fix FlaskConfig.setdefault (#706)
Enderson Menezes (Mr. Enderson) (2):
Force PYTHONIOENCODING to utf-8 to fix #664 (#672)
edit: move discussions to github tab (#682)
Eugene Triguba (1):
Fix custom prefix link in envvar documentation (#680)
Gibran Herrera (1):
Fix Issue 662 Lazy validation (#675)
Jitendra Yejare (2):
Load vault secrets from environment less stores or which are not written by dynaconf (#725)
Use default value when settings is blank (#729)
Pavel Alimpiev (1):
Update docs link (#678)
Ugo Benassayag (1):
Added validate_only_current_env to validator (issue #734) (#736)
Waylon Walker (1):
Docs Fix Spelling (#696)
dependabot[bot] (3):
Bump django from 2.1.5 to 2.2.26 in /example/django_pytest_pure (#711)
Bump mkdocs from 1.1.2 to 1.2.3 (#715)
Bump django from 2.2.26 to 2.2.27 in /example/django_pytest_pure (#717)
github-actions[bot] (2):
[automated] Update Contributors File (#691)
[automated] Update Contributors File (#732)
lowercase00 (1):
Makes Django/Flask kwargs case insensitive (#721)
Problem Statement:
This PR fixes #723 !
The issue is observed when the secrets are created in Vault store without using DynaConf way of creating it that is CLI way of
dynaconf writeor using dynaconf APIs.The secrets were directly created to
MOUNT_POINT/PATHusing Hashicorp vault CLI / API and hence the dynaconf environments were not created there.So while reading these non-dynaconf/non-environemnts based secrets from Vault using DynaConf, we were hitting to the wrong path, that is:
Dynaconf(environments=True)) then we hit the developement enviroments path that is :mount_point/path/developement.Dynaconf()) then we hit the main environments path that is :mount_point/path/main.Whereas in our case, we should hit to the
mount_point/pathpath since we havent used DynaConfs environments based way of creating the secrets.Solution:
The proposed solution allows users to access both "DynaConfs
environments=Falsesecrets" as well as "Vault CLI/API pushed secrets (non-environment based)" by looking into bothmount_point/path/mainand directmount_point/pathdirectories.This PR also fixes some vault v2 APIs accessing and removes unnecessary looping over
datakey for v2 secrets.