Allow setting Allauth provider secrets from host system (#11194)

agjohnson · web-flow · commit 4770af1de0bb · 2024-03-07T13:38:31.000-08:00
* Allow setting Allauth provider secrets from host system This requires - readthedocs/common#209 It is modeled after the Stripe setting pattern. There is a stronger pattern here at some point, this is a bare minimum for now to unblock us from not having these settings on our local environments. You can use `direnv` to automatically export (and encrypt if you are so inclined) these secrets for your local envs. The env vars pass through Docker with common/#209 above. * Add some docs too * Note direnv too * Drop unused key env vars/settings for allauth pass through * Update common * Drop bitbucket provider settings/env vars * Update common
diff --git a/common b/common
@@ -1 +1 @@
-Subproject commit 8ad2d974abba545f27a9193907ddc0dda2377ef2
+Subproject commit 4af0fffd2cbeeb40f0a71b875beb99d6dc88a355
diff --git a/docs/dev/settings.rst b/docs/dev/settings.rst
@@ -130,5 +130,41 @@ ELASTICSEARCH_DSL_AUTOSYNC
 
 This setting is used for automatically indexing objects to elasticsearch.
 
-
 .. _elasticsearch-dsl-py.connections.configure: https://elasticsearch-dsl.readthedocs.io/en/stable/configuration.html#multiple-clusters
+
+
+Docker pass-through settings
+----------------------------
+
+If you run a Docker environment, it is possible to pass some secrets through to
+the Docker containers from your host system. For security reasons, we do not
+commit these secrets to our repository. Instead, we individually define these
+settings for our local environments.
+
+We recommend using `direnv`_ for storing local development secrets.
+
+.. _direnv: https://direnv.net/
+
+Allauth secrets
+~~~~~~~~~~~~~~~
+
+It is possible to set the Allauth application secrets for our supported
+providers using the following environment variables:
+
+.. envvar:: RTD_SOCIALACCOUNT_PROVIDERS_GITHUB_CLIENT_ID
+.. envvar:: RTD_SOCIALACCOUNT_PROVIDERS_GITHUB_SECRET
+.. envvar:: RTD_SOCIALACCOUNT_PROVIDERS_GITLAB_CLIENT_ID
+.. envvar:: RTD_SOCIALACCOUNT_PROVIDERS_GITLAB_SECRET
+.. envvar:: RTD_SOCIALACCOUNT_PROVIDERS_BITBUCKET_OAUTH2_CLIENT_ID
+.. envvar:: RTD_SOCIALACCOUNT_PROVIDERS_BITBUCKET_OAUTH2_SECRET
+.. envvar:: RTD_SOCIALACCOUNT_PROVIDERS_GOOGLE_CLIENT_ID
+.. envvar:: RTD_SOCIALACCOUNT_PROVIDERS_GOOGLE_SECRET
+
+Stripe secrets
+~~~~~~~~~~~~~~
+
+The following secrets are required to use ``djstripe`` and our Stripe integration.
+
+.. envvar:: RTD_STRIPE_SECRET
+.. envvar:: RTD_STRIPE_PUBLISHABLE
+.. envvar:: RTD_DJSTRIPE_WEBHOOK_SECRET
diff --git a/readthedocs/settings/docker_compose.py b/readthedocs/settings/docker_compose.py
@@ -208,6 +208,22 @@ def DATABASES(self):  # noqa
     STRIPE_TEST_SECRET_KEY = STRIPE_SECRET
     DJSTRIPE_WEBHOOK_SECRET = os.environ.get("RTD_DJSTRIPE_WEBHOOK_SECRET")
 
+    @property
+    def SOCIALACCOUNT_PROVIDERS(self):
+        """Allow settings social account settigs from the host system."""
+        providers = self._SOCIALACCOUNT_PROVIDERS
+        for provider in providers.keys():
+            try:
+                for setting in ["client_id", "secret"]:
+                    value = os.environ.get(
+                        f"RTD_SOCIALACCOUNT_PROVIDERS_{provider.upper()}_{setting.upper()}"
+                    )
+                    if value is not None:
+                        providers[provider]['APPS'][0][setting] = value
+            except KeyError:
+                pass
+        return providers
+
     RTD_SAVE_BUILD_COMMANDS_TO_STORAGE = True
     RTD_BUILD_COMMANDS_STORAGE = "readthedocs.storage.s3_storage.S3BuildCommandsStorage"
     BUILD_COLD_STORAGE_URL = "http://storage:9000/builds"
