Ticket #219 (closed task: fixed)

Opened 3 years ago

Last modified 3 years ago

Move out build scripts and secrets from GSCF repository

Reported by: business@… Owned by: work@…
Priority: major Milestone: 0.6.2
Component: General Version:
Keywords: Cc:
Product: Operating system:
URL: Hardware:

Description

Currently, the GSCF repository has temporarily been closed due to security exposure. It should be open again as soon as possible.

Todo points:

  • move out build scripts to a private repository
  • leave 'gscf'/'dbnp' database password as default in Config.groovy but replace them in the build scripts by secure passwords for the different deploy environments
  • leave a default secret in Config.groovy but replace by a new one for the different deploy environments
  • replace the gmail username and password with something like 'your-email-server-here' and 'your-email-password-here' in Config.groovy but replace by gscfproject account credentials in the different deploy environments

Change History

Changed 3 years ago by work@…

Moved build scripts and vhost configuration into private svn server, and removed them from the gscf tree in r1214

Changed 3 years ago by work@…

  • milestone changed from 0.6.1 to 0.6.2

The other issues cannot be resolved in due time, hence changing milestone to 0.6.2

Changed 3 years ago by business@…

One configuration is called 'test' and that is annoying as it messes up the grails test-app functionality.

Changed 3 years ago by business@…

Actually, you can specify a location for the config files, that makes much more sense...

// locations to search for config files that get merged into the main config
// config files can either be Java properties files or ConfigSlurper? scripts

// grails.config.locations = [ "classpath:${appName}-config.properties",
// "classpath:${appName}-config.groovy",
// "file:${userHome}/.grails/${appName}-config.properties",
// "file:${userHome}/.grails/${appName}-config.groovy"]

// if(System.properties${appName}.config.location?) {
// grails.config.locations << "file:" + System.properties["${appName}.config.location"]
// }

Changed 3 years ago by work@…

yeah I know, but that is not really user friendly...

Changed 3 years ago by business@…

  • owner changed from work@… to business@…
  • status changed from new to assigned

* default configuration in the source code
* Local configuration in user home for DataSource?.groovy, Config.groovy possible that overrides the default
* later on, a nice configuration wizard
* security exposure problem can be solved by regenerating them randomly at app startup in the bootstrap

Changed 3 years ago by work@…

Changed crypto shared secret into random string on application startup in r1306

Changed 3 years ago by business@…

  • owner changed from business@… to work@…

Change default directory to ~/.grailsconfig and use that in our production instances.

Changed 3 years ago by work@…

moved application configuration out of Config.groovy and Datasource.groovy and centralized it in gscf/environment-config.properties in r1360

Server specific application configuration can be overrided in ~/.grails-config/gscf-environment-config.properties

Changed 3 years ago by work@…

also see r1363

Changed 3 years ago by work@…

moved the default authentication users also into the environment specific java property files in r1364

Changed 3 years ago by work@…

  • status changed from assigned to closed
  • resolution set to fixed

Hi robert, I was indeed aware of that particular ticket... but as of r1364 the externalization of configuration works as expected. Confirmed on CI, default development and default development with externalized configuration (in ~/.grails-config/gscf-development.properties)

Closing the issue...

Note: See TracTickets for help on using tickets.