Add the process environment to zuul.conf parser

This will allow users to set environment variables with sensitive strings like passwords, but keep a single config file. This comes in handy when using Kubernetes in particular, as it wants to handle sensitive data and templated config files in a very different manner. Change-Id: I38f6c4da82e1647ad197908f19ea6df23e04fc32
2018-10-23 15:45:13 -07:00 · 2018-10-23 15:45:13 -07:00 · f2229705f3
parent b768ece2c0
commit f2229705f3
5 changed files with 44 additions and 2 deletions
--- a/doc/source/admin/components.rst
+++ b/doc/source/admin/components.rst
@ -75,6 +75,11 @@ location may be supplied on the command line) which uses an INI file
 syntax.  Each component may have its own configuration file, though
 you may find it simpler to use the same file for all components.

+Zuul will interpolate environment variables given in the config file
+escaped as python string expansion, so ``foo=%(HOME)s`` will set the
+value of ``foo`` to the same value as the environment variable named
+``HOME``.
+
 An example ``zuul.conf``:

 .. code-block:: ini
--- a/doc/source/admin/examples/docker-compose.yaml
+++ b/doc/source/admin/examples/docker-compose.yaml
@ -46,6 +46,7 @@ services:
      - http_proxy
      - https_proxy
      - no_proxy=${no_proxy},gerrit
+      - ZUUL_MYSQL_PASSWORD=secret
    command: "sh -c '/var/playbooks/wait-to-start.sh && zuul-scheduler -d'"
    # FIXME: The scheduler has no ansible anymore so use the executor image.
    #        This needs to be changes such that ansible is not required for startup.
@ -62,6 +63,8 @@ services:
    ports:
      - "9000:9000"
    image: zuul/zuul-web
+    environment:
+      ZUUL_MYSQL_PASSWORD: secret
    volumes:
      - "./etc_zuul/:/etc/zuul/:z"
      - "./playbooks/:/var/playbooks/:z"
@ -71,6 +74,7 @@ services:
      - http_proxy
      - https_proxy
      - no_proxy=${no_proxy},gerrit,scheduler
+      - ZUUL_MYSQL_PASSWORD=secret
    command: "zuul-executor -d"
    depends_on:
      - scheduler
--- a/doc/source/admin/examples/etc_zuul/zuul.conf
+++ b/doc/source/admin/examples/etc_zuul/zuul.conf
@ -28,7 +28,7 @@ baseurl=https://opendev.org
 [connection "mysql"]
 name=mysql
 driver=sql
-dburi=mysql+pymysql://zuul:secret@mysql/zuul
+dburi=mysql+pymysql://zuul:%(ZUUL_MYSQL_PASSWORD)s@mysql/zuul

 [web]
 listen_address=0.0.0.0
--- a/tests/unit/test_cmd.py
+++ b/tests/unit/test_cmd.py
@ -0,0 +1,33 @@
+# Copyright 2013 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import fixtures
+import tempfile
+import testtools
+
+import zuul.cmd
+
+
+class TestCmd(testtools.TestCase):
+    def test_read_config_with_environment(self):
+        "Test that readConfig interpolates environment vars"
+
+        with tempfile.NamedTemporaryFile() as test_config:
+            test_config.write(b'[DEFAULT]\nfoo=%(ENV_TEST)s\n')
+            test_config.flush()
+            with fixtures.EnvironmentVariable('ENV_TEST', 'baz'):
+                app = zuul.cmd.ZuulApp()
+                app.parseArguments(['-c', test_config.name])
+                app.readConfig()
+                self.assertEquals('baz', app.config.get('DEFAULT', 'foo'))
--- a/zuul/cmd/init.py
+++ b/zuul/cmd/init.py
@ -123,7 +123,7 @@ class ZuulApp(object):
        return parser

    def readConfig(self):
-        self.config = configparser.ConfigParser()
+        self.config = configparser.ConfigParser(os.environ)
        if self.args.config:
            locations = [self.args.config]
        else: