This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2016-08-09
Channels
- # admin-announcements (5)
- # architecture (8)
- # beginners (7)
- # boot (41)
- # braveandtrue (1)
- # cider (77)
- # clara (3)
- # cljs-dev (56)
- # cljsjs (7)
- # cljsrn (7)
- # clojure (44)
- # clojure-austin (3)
- # clojure-brasil (1)
- # clojure-hk (3)
- # clojure-russia (137)
- # clojure-spec (14)
- # clojure-uk (44)
- # clojurescript (33)
- # cloverage (3)
- # core-async (10)
- # css (1)
- # cursive (16)
- # datomic (116)
- # devcards (14)
- # emacs (1)
- # events (1)
- # funcool (2)
- # functionalprogramming (1)
- # hammock-driven-dev (1)
- # jobs-rus (124)
- # lein-figwheel (1)
- # leiningen (1)
- # liberator (4)
- # melbourne (3)
- # mount (73)
- # off-topic (3)
- # om (4)
- # om-next (15)
- # onyx (38)
- # other-languages (4)
- # perun (2)
- # proton (36)
- # protorepl (2)
- # random (1)
- # re-frame (56)
- # reagent (7)
- # specter (4)
- # testing (1)
- # untangled (13)
- # yada (18)
A question about cprop
, I am reading: https://github.com/tolitius/cprop#merging-configurations
and I gather that the :merge
clause is merged after
am I correct in saying that this part is therefore not overridable by system props/env vars?
it is not correct lol
it is not overridable by conf
and classpath resource file
no I had a bug yesterday but it is more a bug in my head 😄
you can do crazy things like:
(load-config :resource "path/within/classpath/to.edn"
:file "/path/to/some.edn"
:merge [{:datomic {:url "foo.bar"}}
(from-file "/path/to/another.edn")
(from-resource "path/within/classpath/to-another.edn")
(parse-runtime-args ...)
(from-system-props)
(from-env)])
so I have a conf
file
then I do:
(c/load-config :merge [env/defaults
{:version (if-let [version (version!)] version "0.0.0")}])
so I expected that my conf
file could override the stuff in env/defaults
every prop matches
but conf
takes precedence on the :merge
clause right?
hm.. not really, here is the order:
1. classpath resource config
2. file on a file system (pointed by a conf system property or by (load-config :file <path>))
3. custom configurations, maps from various sources, etc.
4. System properties
5. ENV variables
yeah 😄
that's why I was saying...read the docs Andrea!
that's ok, I don't expect people to read it, it just there for my reference to answer questions quickly 🙂
the README is consistent
good point
yeah now it is super clear
I will do this:
(defn make-config
"Creates a default configuration map"
[]
(merge env/defaults
(c/load-config :merge [{:version (if-let [version (version!)] version "0.0.0")}])))
then I would have a (say) dev overrides somewhere under dev-resources/dev-overrides.edn
, and then I start things with -Dconf=dev-resources/dev-overrides.edn
yes, the thing is, I already have that
I wanted an external file
per-server
and conf
it is very convenient
on the server
right, so you can just have config.edn
in your classpath (which would be read by default), and just use -Dconf=server-path-to/overrides.edn
yep, the env/defaults
thing is a namespace a-la-Luminus for codeful conf
so it makes sense to merge it first (no priority)
I usually have things that I always want to override as:
:server {:application {:version "OVERRIDE ME"}
:http {:port "OVERRIDE ME"
:max-channel-memory-size 0
:max-total-memory-size 0
:http {:request {:max-chunk-size 8192
...
yeah I keep those there but empty
and then
:server {:application {:version "1.0"}
:http {:port "4242"}}
in override.edn
great yes I am doing the same
the file is convenient because I can just copy the one in resources
and launch java with -Dconf=....
ah ah, the important is to have the choice and cprop
gives you plenty
yea, I am actually experimenting with Vault
( https://github.com/tolitius/gblog ), and going through my thinking phase on having a cprop
extension to it
oh that's a wonderful tool did not know it (I mean Ghost)!
yeah encrypted stuff would be great to integrate in cprop, but at least one piece of info has to be clear text on the server I guess
it could be a temp token, that would only work for you and only one time and only for the next 5 seconds
i.e. you would run things like:
export ACCESS_TOKEN=$(./tools/vault/wrap-token.sh /secret/postgres); docker-compose up
cool stuff
and encrypting of the info is done with a master key before that (sorry dunno how vault works)
I guess is basically some sort of bitcoin seeded wallet
right, when you install Vault you get a root token. you don't have to give it out to others, but you can use it to store
secrets in Vault. you also can create a token for someone else to store creds to Vault (no need to use the root token).
once creds are set / stored, all the apps that need these creds would only need a temp token
it is kind of similar to bitcoin really, as long as you don't lose your master key, you can always generate tokens/public keys to decrypt
I'll have a look
thanks for sharing!