From 8a075db4188edd92093d6f67a93e1c98b1c60cb4 Mon Sep 17 00:00:00 2001
From: Guewen Baconnier <guewen.baconnier@camptocamp.com>
Date: Thu, 19 Jul 2018 08:35:43 +0200
Subject: [PATCH 1/3] Add SERVER_ENV_CONFIG to configure vars from env.
 variable

---
 server_environment/README.rst     |  8 ++++++--
 server_environment/serv_config.py | 11 +++++++++++
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/server_environment/README.rst b/server_environment/README.rst
index fdf8816..a68bc25 100644
--- a/server_environment/README.rst
+++ b/server_environment/README.rst
@@ -47,8 +47,12 @@ You should then edit the settings you need in the
   `default/` directory using the .ini file syntax;
 * each environment you need to define is stored in its own directory
   and can override or extend default values;
-* finally, you can override or extend values in the main configuration
-  file of you instance.
+* you can override or extend values in the main configuration
+  file of you instance;
+* additional configuration can be passed in the environment variable
+  ``SERVER_ENV_CONFIG``, overriding any values set in the configuration files.
+  This is a multi-line environment variable in the same configparser format than
+  the files.
 
 Values associated to keys
 containing 'passw' are only displayed in the 'dev' environment.
diff --git a/server_environment/serv_config.py b/server_environment/serv_config.py
index e07a173..5bc3500 100644
--- a/server_environment/serv_config.py
+++ b/server_environment/serv_config.py
@@ -97,9 +97,20 @@ def _load_config():
         config_p.read(conf_files)
     except Exception as e:
         raise Exception('Cannot read config files "%s":  %s' % (conf_files, e))
+
     config_p.read(system_base_config.rcfile)
     config_p.remove_section('options')
 
+    env_config = os.getenv('SERVER_ENV_CONFIG')
+    if env_config:
+        try:
+            config_p.read_string(env_config)
+        except configparser.Error as err:
+            raise Exception(
+                'SERVER_ENV_CONFIG content could not be parsed: %s'
+                % (err,)
+            )
+
     return config_p
 
 

From 3b074b1061e13ca1c932c605824124ce642c8d35 Mon Sep 17 00:00:00 2001
From: Guewen Baconnier <guewen.baconnier@camptocamp.com>
Date: Fri, 20 Jul 2018 11:53:54 +0200
Subject: [PATCH 2/3] Add SERVER_ENV_CONFIG_SECRET alongside SERVER_ENV_CONFIG

Allows to isolate the secrets in your deployment
---
 server_environment/README.rst     | 10 ++++++----
 server_environment/serv_config.py | 21 ++++++++++++---------
 2 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/server_environment/README.rst b/server_environment/README.rst
index a68bc25..a31a143 100644
--- a/server_environment/README.rst
+++ b/server_environment/README.rst
@@ -27,6 +27,8 @@ the incoming and outgoing mail servers depending on the environment.
 To install this module, you need to provide a companion module called
 `server_environment_files`. You can copy and customize the provided
 `server_environment_files_sample` module for this purpose.
+You can provide additional options in environment variables
+``SERVER_ENV_CONFIG`` and ``SERVER_ENV_CONFIG_SECRET``.
 
 
 Configuration
@@ -48,11 +50,11 @@ You should then edit the settings you need in the
 * each environment you need to define is stored in its own directory
   and can override or extend default values;
 * you can override or extend values in the main configuration
-  file of you instance;
+  file of your instance;
 * additional configuration can be passed in the environment variable
-  ``SERVER_ENV_CONFIG``, overriding any values set in the configuration files.
-  This is a multi-line environment variable in the same configparser format than
-  the files.
+  ``SERVER_ENV_CONFIG`` and/or ``SERVER_ENV_CONFIG_SECRET``, overriding any
+  values set in the configuration files. This is a multi-line environment
+  variable in the same configparser format than the files.
 
 Values associated to keys
 containing 'passw' are only displayed in the 'dev' environment.
diff --git a/server_environment/serv_config.py b/server_environment/serv_config.py
index 5bc3500..17ba30e 100644
--- a/server_environment/serv_config.py
+++ b/server_environment/serv_config.py
@@ -31,6 +31,8 @@ from .system_info import get_server_environment
 from odoo.addons import server_environment_files
 _dir = os.path.dirname(server_environment_files.__file__)
 
+ENV_VAR_NAMES = ('SERVER_ENV_CONFIG', 'SERVER_ENV_CONFIG_SECRET')
+
 # Same dict as RawConfigParser._boolean_states
 _boolean_states = {'1': True, 'yes': True, 'true': True, 'on': True,
                    '0': False, 'no': False, 'false': False, 'off': False}
@@ -101,15 +103,16 @@ def _load_config():
     config_p.read(system_base_config.rcfile)
     config_p.remove_section('options')
 
-    env_config = os.getenv('SERVER_ENV_CONFIG')
-    if env_config:
-        try:
-            config_p.read_string(env_config)
-        except configparser.Error as err:
-            raise Exception(
-                'SERVER_ENV_CONFIG content could not be parsed: %s'
-                % (err,)
-            )
+    for varname in ENV_VAR_NAMES:
+        env_config = os.getenv(varname)
+        if env_config:
+            try:
+                config_p.read_string(env_config)
+            except configparser.Error as err:
+                raise Exception(
+                    '%s content could not be parsed: %s'
+                    % (varname, err,)
+                )
 
     return config_p
 

From 9e98c79a31516c3a15eed70b028a0297e6ade277 Mon Sep 17 00:00:00 2001
From: Guewen Baconnier <guewen.baconnier@camptocamp.com>
Date: Mon, 23 Jul 2018 11:56:50 +0200
Subject: [PATCH 3/3] Improve documentation regarding variables

---
 server_environment/README.rst | 69 +++++++++++++++++++++++++++++------
 1 file changed, 58 insertions(+), 11 deletions(-)

diff --git a/server_environment/README.rst b/server_environment/README.rst
index a31a143..e1b9749 100644
--- a/server_environment/README.rst
+++ b/server_environment/README.rst
@@ -35,29 +35,76 @@ Configuration
 =============
 
 To configure this module, you need to edit the main configuration file
-of your instance, and add a directive called `running_env`. Commonly
+of your instance, and add a directive called ``running_env``. Commonly
 used values are 'dev', 'test', 'production'::
 
   [options]
   running_env=dev
 
-You should then edit the settings you need in the
-`server_environment_files` addon. The
-`server_environment_files_sample` can be used as an example:
+Values associated to keys containing 'passw' are only displayed in the 'dev'
+environment.
+
+You have several possibilities to set configuration values:
+
+server_environment_files
+------------------------
+
+You can edit the settings you need in the ``server_environment_files`` addon. The
+``server_environment_files_sample`` can be used as an example:
 
 * values common to all / most environments can be stored in the
-  `default/` directory using the .ini file syntax;
+  ``default/`` directory using the .ini file syntax;
 * each environment you need to define is stored in its own directory
   and can override or extend default values;
 * you can override or extend values in the main configuration
   file of your instance;
-* additional configuration can be passed in the environment variable
-  ``SERVER_ENV_CONFIG`` and/or ``SERVER_ENV_CONFIG_SECRET``, overriding any
-  values set in the configuration files. This is a multi-line environment
-  variable in the same configparser format than the files.
 
-Values associated to keys
-containing 'passw' are only displayed in the 'dev' environment.
+Environment variable
+--------------------
+
+You can define configuration in the environment variable ``SERVER_ENV_CONFIG``
+and/or ``SERVER_ENV_CONFIG_SECRET``. The 2 variables are handled the exact same
+way, this is only a convenience for the deployment where you can isolate the
+secrets in a different, encrypted, file. This is a multi-line environment variable
+in the same configparser format than the files.
+If you used options in ``server_environment_files``, the options set in the
+environment variable overrides them. 
+
+The options in the environment variable are not dependent of ``running_env``,
+the content of the variable must be set accordingly to the running environment.
+
+Example of setup:
+
+
+A public file, containing that will contain public variables::
+
+    # These variables are not odoo standard variables,
+    # they are there to represent what your file could look like
+    export WORKERS='8'
+    export MAX_CRON_THREADS='1'
+    export LOG_LEVEL=info
+    export LOG_HANDLER=":INFO"
+    export DB_MAXCONN=5
+
+    # server environment options
+    export SERVER_ENV_CONFIG="
+    [storage_backend.my-sftp]
+    sftp_server=10.10.10.10
+    sftp_login=foo
+    sftp_port=22200
+    directory_path=Odoo
+    "
+
+A second file which is encrypted and contains secrets::
+
+    # This variable is not an odoo standard variable,
+    # it is there to represent what your file could look like
+    export DB_PASSWORD='xxxxxxxxx'
+    # server environment options
+    export SERVER_ENV_CONFIG_SECRET="
+    [storage_backend.my-sftp]
+    sftp_password=xxxxxxxxx
+    "
 
 Usage
 =====