Document outsourcing of secrets

- Document changes from Tecnativa/doodba-scaffolding#24. - Remove scaffolding tests. Since Tecnativa/doodba-scaffolding#15, the scaffolding has its own tests, and these are very hard to maintain.
Tecnativa · Mar 14, 2019 · 5c0db01 · 5c0db01
1 parent 5c74086
commit 5c0db01
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 55 deletions.
diff --git a/README.md b/README.md
@@ -745,12 +745,24 @@ change many things inside it, it's just a guideline.
 
 It includes pluggable `smtp` and `backup` services.
 
+###### Adding secrets
+
+Before booting this environment, you need to create a few files, which are
+excluded in Git and contain some secrets, needed to make this environment
+safe:
+
+- `./.docker/odoo.env` must define `ADMIN_PASSWORD`.
+- `./.docker/db-access.env` must define `PGPASSWORD`.
+- `./.docker/db-creation.env` must define `POSTGRES_PASSWORD` (must be equal to `PGPASSWORD` above).
+- `./.docker/smtp.env` must define `MAIL_RELAY_PASS` (password to access the real SMTP relay).
+- `./.docker/backup.env` must define `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY` (obtained from S3 provider) and `PASSPHRASE` (to encrypt backup archives).
+
+###### Booting production
+
 Once you fixed everything needed, run it with:
 
     docker-compose -f prod.yaml up --build --remove-orphans
 
-Remember that you will want to backup the filestore in `/var/lib/odoo` volume.
-
 ###### Global inverse proxy
 
 For [production][] and [test][] templates to work fine, you need to have a
@@ -857,6 +869,8 @@ but *removing possible pollution points*:
 
 - It is [isolated](#network-isolation).
 
+To use it, you need to [add secrets files just like for production](#adding-secrets), although secrets for smtp and backup containers are not needed because those don't exist here.
+
 Test it in your machine with:
 
     docker-compose -f test.yaml up --build

diff --git a/tests/__init__.py b/tests/__init__.py
@@ -4,18 +4,15 @@
 Each test must be a valid docker-compose.yaml file with a ``odoo`` service.
 """
 import logging
-import tempfile
 import unittest
 
 from itertools import product
-from os import environ, getlogin
+from os import environ
 from os.path import dirname, join
-from pwd import getpwnam
 from subprocess import Popen
 
 logging.basicConfig(level=logging.DEBUG)
 
-MAIN_SCAFFOLDING_VERSION = "11.0"
 DIR = dirname(__file__)
 ODOO_PREFIX = ("odoo", "--stop-after-init", "--workers=0")
 ODOO_VERSIONS = frozenset(environ.get(
@@ -304,55 +301,6 @@ def test_dependencies(self):
                 ("aloha_world",),
             )
 
-    @unittest.skipUnless(
-        MAIN_SCAFFOLDING_VERSION in ODOO_VERSIONS,
-        "Main scaffolding version is not being tested")
-    def test_main_scaffolding(self):
-        """Test the official scaffolding."""
-        with tempfile.TemporaryDirectory() as tmpdirname:
-            # Clone main scaffolding
-            self.popen(
-                ("git", "clone", "--depth", "1",
-                 "https://github.com/Tecnativa/doodba-scaffolding.git"),
-                cwd=tmpdirname,
-            )
-            # Create needed external networks
-            for network in ("inverseproxy_shared", "globalwhitelist_shared"):
-                self.popen(("docker", "network", "create", network))
-            tmpdirname = join(tmpdirname, "doodba-scaffolding")
-            # Special env keys for setup-devel
-            pwdata = getpwnam(environ["USER"])
-            setup_env = {
-                "COMPOSE_FILE": "setup-devel.yaml",
-                # Avoid unlink permission errors
-                "UID": str(pwdata.pw_uid),
-                "GID": str(pwdata.pw_gid),
-            }
-            # TODO Test all supported versions
-            for sub_env in matrix(odoo={MAIN_SCAFFOLDING_VERSION}):
-                # Setup the devel environment
-                self.compose_test(tmpdirname, dict(sub_env, **setup_env), ())
-                # Travis seems to have a different UID than 1000
-                if environ.get("TRAVIS"):
-                    self.popen(
-                        ("sudo", "chown", "1000:1000",
-                         join(tmpdirname, "odoo", "auto", "addons")),
-                    )
-                # Test all 3 official environments
-                for dcfile in ("devel", "test", "prod"):
-                    sub_env["COMPOSE_FILE"] = "{}.yaml".format(dcfile)
-                    self.compose_test(
-                        tmpdirname, sub_env,
-                        # ``odoo`` command works
-                        ("odoo", "--version"),
-                    )
-                # Restore owner in Travis so directory can be removed
-                if environ.get("TRAVIS"):
-                    self.popen(
-                        ("sudo", "chown", "-R", "{0}:{0}".format(getlogin()),
-                         join(tmpdirname, "odoo", "auto", "addons")),
-                    )
-
 
 if __name__ == "__main__":
     unittest.main()