Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-wc64-c5rv-32pf
Drop user_settings module
  • Loading branch information
adityasaky committed May 10, 2023
2 parents 3989c84 + 9835aae commit 3a21d84
Show file tree
Hide file tree
Showing 7 changed files with 6 additions and 418 deletions.
53 changes: 5 additions & 48 deletions doc/source/settings.rst
@@ -1,53 +1,10 @@
Settings
========

For historical reasons some command line options may also be configured via
rcfiles in one of the following locations *.in_totorc*, *~/.in_totorc*,
*~/.in_toto/config*, *~/.config/in_toto*, *~/.config/in_toto/config*,
*/etc/in_totorc*, */etc/in_toto/config* or via environment variables in above
presented order of precedence.

Default values for these settings are defined in the `in_toto.settings
<https://github.com/in-toto/in-toto/blob/develop/in_toto/settings.py>`_ module.
Settings names are case sensitive and settings values that contain colons are
parsed as list.
Default values for some in-toto CLI/API arguments are defined in global variables of the
``in_toto.settings`` module. Historically, configuration required modifying these
globals directly in source code or at runtime. This method is discouraged. Instead,
CLI/API arguments should be used.

.. note::
Settings configured via rcfiles and environment variables are **only**
considered if in-toto is invoked form the **command line**, and ignored when
using the API.
The default ``in_toto.settings``, on the other hand, are considered in both
cases, unless overridden via API function arguments or, in the case of CLI
usage, environment variables, rcfiles, or CLI arguments.


Setting Types
-------------

- ``ARTIFACT_EXCLUDE_PATTERNS`` -- gitignore-style paths patterns exclude
artifacts from being recorded.
- ``ARTIFACT_BASE_PATH`` -- material and product paths passed to
``in-toto-run`` are searched relative to the base path. The base path itself
is not included in the link metadata. Default is the current working
directory.
- ``LINK_CMD_EXEC_TIMEOUT`` -- maximum timeout setting for the in-toto-run
command.


Example Usage
-------------

.. code-block:: sh
# Configure settings via bash-style environment variable export
export IN_TOTO_ARTIFACT_BASE_PATH='/home/user/project'
export IN_TOTO_ARTIFACT_EXCLUDE_PATTERNS='*.link:.gitignore'
export IN_TOTO_LINK_CMD_EXEC_TIMEOUT='10'
.. code-block:: sh
# Configure settings via ~/.in_totorc
[in-toto settings]
ARTIFACT_BASE_PATH=/home/user/project
ARTIFACT_EXCLUDE_PATTERNS=*.link:.gitignore
LINK_CMD_EXEC_TIMEOUT=10
The globals ``DEBUG`` and ``LINK_CMD_EXEC_TIMEOUT`` can only be configured directly.
4 changes: 0 additions & 4 deletions in_toto/in_toto_record.py
Expand Up @@ -33,7 +33,6 @@
from securesystemslib import interface

import in_toto.runlib
import in_toto.user_settings
from in_toto import __version__
from in_toto.common_args import (
BASE_PATH_ARGS,
Expand Down Expand Up @@ -233,9 +232,6 @@ def main():

LOG.setLevelVerboseOrQuiet(args.verbose, args.quiet)

# Override defaults in settings.py with environment variables and RCfiles
in_toto.user_settings.set_settings()

# Regular signing and GPG signing are mutually exclusive
if (args.key is None) == (args.gpg is None):
parser.print_usage()
Expand Down
4 changes: 0 additions & 4 deletions in_toto/in_toto_run.py
Expand Up @@ -32,7 +32,6 @@

from securesystemslib import interface

import in_toto.user_settings
from in_toto import __version__, runlib
from in_toto.common_args import (
BASE_PATH_ARGS,
Expand Down Expand Up @@ -254,9 +253,6 @@ def main():

LOG.setLevelVerboseOrQuiet(args.verbose, args.quiet)

# Override defaults in settings.py with environment variables and RCfiles
in_toto.user_settings.set_settings()

# Regular signing and GPG signing are mutually exclusive
if (args.key is None) == (args.gpg is None):
parser.print_usage()
Expand Down
3 changes: 1 addition & 2 deletions in_toto/runlib.py
Expand Up @@ -111,8 +111,7 @@ def record_artifacts_as_dict(
exclude_patterns: (optional)
Artifacts matched by the pattern are excluded from the result.
Exclude patterns can be passed as argument or specified via
ARTIFACT_EXCLUDE_PATTERNS setting (see `in_toto.settings`) or
via envvars or rcfiles (see `in_toto.user_settings`).
ARTIFACT_EXCLUDE_PATTERNS setting (see `in_toto.settings`).
If passed, patterns specified via settings are overriden.
base_path: (optional)
Expand Down
6 changes: 0 additions & 6 deletions in_toto/settings.py
Expand Up @@ -25,14 +25,8 @@
import in_toto.settings
in_toto.settings.ARTIFACT_BASE_PATH = "/home/user/project"
```
- or, when using in-toto via command line tooling, with environment variables
or RCfiles, see the `in_toto.user_settings` module
"""
# The debug setting is used to set to the in-toto base logger to logging.DEBUG
# TODO: This setting is currently not available via environment variables or
# rcfiles, partially because at the moment it is read before we parse
# envvars/rcfiles. Do we want to make it available to those as well?
DEBUG = False

# See docstring of `in-toto.record_artifacts_as_dict` for how this is used
Expand Down
227 changes: 0 additions & 227 deletions in_toto/user_settings.py

This file was deleted.

0 comments on commit 3a21d84

Please sign in to comment.