added config to specify the absolute path to a permissions yaml file so a different one can be set outside of the app repo w/ burnettk

2023-05-04 14:44:24 -04:00 · 2023-05-04 14:44:24 -04:00 · c5d7a87e61
parent 5debe44391
commit c5d7a87e61
4 changed files with 17 additions and 14 deletions
--- a/spiffworkflow-backend/src/spiffworkflow_backend/config/init.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/init.py
@ -88,18 +88,18 @@ def setup_config(app: Flask) -> None:
    else:
        app.config.from_pyfile(f"{app.instance_path}/config.py", silent=True)

-    app.config["PERMISSIONS_FILE_FULLPATH"] = None
-    permissions_file_name = app.config["SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME"]
-    if permissions_file_name is not None:
-        app.config["PERMISSIONS_FILE_FULLPATH"] = os.path.join(
-            app.root_path,
-            "config",
-            "permissions",
-            permissions_file_name,
-        )
-        print(f"base_permissions: loaded permissions file: {permissions_file_name}")
-    else:
-        print("base_permissions: no permissions file loaded")
+    if app.config["SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_ABSOLUTE_PATH"] is None:
+        permissions_file_name = app.config["SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME"]
+        if permissions_file_name is not None:
+            app.config["SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_ABSOLUTE_PATH"] = os.path.join(
+                app.root_path,
+                "config",
+                "permissions",
+                permissions_file_name,
+            )
+            print(f"base_permissions: loaded permissions file: {permissions_file_name}")
+        else:
+            print("base_permissions: no permissions file loaded")

    # unversioned (see .gitignore) config that can override everything and include secrets.
    # src/spiffworkflow_backend/config/secrets.py
--- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
@ -78,6 +78,9 @@ SPIFFWORKFLOW_BACKEND_ENCRYPTION_LIB = environ.get(

 SPIFFWORKFLOW_BACKEND_LOG_TO_FILE = environ.get("SPIFFWORKFLOW_BACKEND_LOG_TO_FILE", default="false") == "true"

+SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_ABSOLUTE_PATH = environ.get(
+    "SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_ABSOLUTE_PATH"
+)
 SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = environ.get("SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME")

 # Sentry Configuration
--- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/openid_blueprint/openid_blueprint.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/openid_blueprint/openid_blueprint.py
@ -141,7 +141,7 @@ def get_users() -> Any:
    """Load users from a local configuration file."""
    global permission_cache
    if not permission_cache:
-        with open(current_app.config["PERMISSIONS_FILE_FULLPATH"]) as file:
+        with open(current_app.config["SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_ABSOLUTE_PATH"]) as file:
            permission_cache = yaml.safe_load(file)
    if "users" in permission_cache:
        return permission_cache["users"]
--- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
@ -197,7 +197,7 @@ class AuthorizationService:
            )

        permission_configs = None
-        with open(current_app.config["PERMISSIONS_FILE_FULLPATH"]) as file:
+        with open(current_app.config["SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_ABSOLUTE_PATH"]) as file:
            permission_configs = yaml.safe_load(file)

        default_group = None