Merge pull request #3056 from werwty/feature/2416

Remove SECRET_KEY from Django settings
pulp · Jun 14, 2017 · 6474186 · 6474186
2 parents 08a503d + 3179575
commit 6474186
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 5 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -23,6 +23,8 @@ before_script:
 script:
     # flake8 the diff
     - "git diff HEAD^ '*.py' | flake8 --diff --config flake8.cfg"
+    # add secret key to django settings.py
+    - echo "SECRET_KEY= '$(cat /dev/urandom | tr -dc 'a-z0-9!@#$%^&*(-_=+)' | head -c 50)'" >> platform/pulpcore/app/settings.py
     # tests can't run without migrations being made
     - "python manage.py makemigrations pulp_app"
     # chain these so we don't try to run tests if the db reset fails

diff --git a/docs/index.rst b/docs/index.rst
@@ -3,6 +3,7 @@ Pulp Documentation
 .. toctree::
    :maxdepth: 2
 
+   installation
    cli_guide/index
    integration_guide/index
    contributing/index

diff --git a/docs/installation.rst b/docs/installation.rst
@@ -0,0 +1,34 @@
+==================
+Installation Guide
+==================
+
+PyPI
+----
+
+CentOS, RHEL, Fedora
+--------------------
+
+Source
+------
+
+
+Configuration Files
+-------------------
+
+Pulp's server configuration file is located at `/etc/pulp/server.yaml`
+
+SECRET_KEY
+    In order to get a pulp server up and running a `Django SECRET_KEY
+    <https://docs.djangoproject.com/en/1.11/ref/settings/#std:setting-SECRET_KEY>`_ must be
+    provided in server.yaml.
+
+    The following code snippet can be used to generate a random SECRET_KEY
+
+.. code-block:: python
+   :linenos:
+
+   import random;
+
+   chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
+   print(''.join(random.choice(chars) for i in range(50)))
+
diff --git a/platform/etc/pulp/server.yaml b/platform/etc/pulp/server.yaml
@@ -2,7 +2,8 @@
 #
 # Values shown are the default values used, unless otherwise indicated.
 
-
+# Django Settings
+#
 # `allowed_hosts`: A list of strings representing the host/domain names that
 # Pulp can serve. This is a security measure to prevent HTTP Host header
 # attacks. A value beginning with a period can be used as a sub-domain wildcard.
@@ -29,6 +30,14 @@
 #     HOST:
 #     PORT:
 
+# `SECRET_KEY`: A secret key for a particular Django installation. This is used to provide
+# cryptographic signing, and should be set to a unique, unpredictable value.
+# Pulp does not provide a default secret key. This must be user provided in order for the
+# Pulp Django Application to run.
+# SECURITY WARNING: keep the secret key used in production secret!
+#
+# SECRET_KEY:
+
 # Logging configuration
 #
 # `logging`: Logging configuration for Pulp. By default, Pulp logs to syslog.

diff --git a/platform/pulpcore/app/settings.py b/platform/pulpcore/app/settings.py
@@ -21,11 +21,8 @@
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
 
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = '*u&ouzf)09#*dnm8t9jxahz-y=uwe0g&yn9ir-(lj@l*$cc%qo'
-
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DEBUG = False
 
 # Silenced warnings
 # - fields.W342 is the warning for having "unique=True" on a ForeignKeyField, which is something