feat: Workspace 1074

Pipfile

@@ -4,35 +4,28 @@ verify_ssl = true
 name = "pypi"
 
 [packages]
-celery = {version = "==5.4.0", extras = ["sqs"]}
 cryptography = "==46.0.7"
-boto3 = "==1.36.14"
-django = "==5.2.13"
+django = "==5.2.14"
 djangorestframework = "==3.16.1"
 django-filter = "==25.1"
 django-countries = "==7.6.1"
 django-cors-headers = "==4.7.0"
 django-csp = "==3.8"
-django-storages = {version = "==1.14.6", extras = ["s3"]}
 pyotp = "==2.9.0"
-python-dotenv = "==1.0.1"
 psycopg2-binary = "==2.9.9"
 redis = {version = "==5.2.1", extras = ["hiredis"]}
 regex = "==2024.11.6"
 requests = "==2.33.1"
-gunicorn = "==23.0.0"
-uvicorn-worker = "==0.2.0"
 pyjwt = "==2.12.1"
 psutil = "==7.0.0"
 google-auth = "==2.48.0"
-google-cloud-bigquery = "==3.38.0"
+google-cloud-secret-manager = "==2.27.0"
+google-crc32c = "==1.8.0"
 tink = {version = "==1.13.0", extras = ["gcpkms"]}
 cachetools = "==6.2.6"
 
 [dev-packages]
-celery-types = "==0.23.0"
 black = "==24.8.0"
-boto3-stubs = {version = "==1.38.39", extras = ["essential"]}
 pytest = "==8.3.3"
 pytest-cov = "==5.0.0"
 pytest-env = "==0.8.1"

codeforlife/__init__.py

@@ -5,12 +5,7 @@
 
 import os
 import sys
-import typing as t
-from io import StringIO
 from pathlib import Path
-from types import SimpleNamespace
-
-from .types import Env
 
 # Do NOT set manually!
 # This is auto-updated by python-semantic-release in the pipeline.
@@ -22,52 +17,24 @@
 USER_DIR = BASE_DIR.joinpath("user")
 
 
-if t.TYPE_CHECKING:
-    from mypy_boto3_s3.client import S3Client
-
-
-# pylint: disable-next=too-few-public-methods
-class Secrets(SimpleNamespace):
-    """The secrets for this service.
-
-    If a key does not exist, the value None will be returned.
-    """
-
-    def __getattribute__(self, name: str) -> t.Optional[str]:
-        try:
-            return super().__getattribute__(name)
-        except AttributeError:
-            return None
-
-
 def set_up_settings(service_base_dir: Path, service_name: str):
     """Set up the settings for the service.
 
     *This needs to be called before importing the CFL settings!*
 
-    To expose a secret to your Django project, you'll need to create a setting
-    for it following Django's conventions.
-
     Examples:
         ```
         from codeforlife import set_up_settings
 
         # Must set up settings before importing them!
-        secrets = set_up_settings(BASE_DIR, service_name="my-service")
+        set_up_settings(BASE_DIR, service_name="my-service")
 
         from codeforlife.settings import *
-
-        # Expose secret to django project.
-        SECRET_KEY = secrets.SECRET_KEY
         ```
 
     Args:
         service_base_dir: The base directory of the service.
         service_name: The name of the service.
-
-    Returns:
-        The secrets. These are not loaded as environment variables so that 3rd
-        party packages cannot read them.
     """
 
     # Validate CFL settings have not been imported yet.
@@ -76,57 +43,6 @@ def set_up_settings(service_base_dir: Path, service_name: str):
             "You must set up the CFL settings before importing them."
         )
 
-    # pylint: disable-next=import-outside-toplevel
-    from dotenv import dotenv_values, load_dotenv
-
     # Set required environment variables.
     os.environ["SERVICE_BASE_DIR"] = str(service_base_dir)
     os.environ["SERVICE_NAME"] = service_name
-
-    # Get environment name.
-    os.environ.setdefault("ENV", "local")
-    env = t.cast(Env, os.environ["ENV"])
-
-    # Load environment variables.
-    load_dotenv(service_base_dir / f"env/.env.{env}", override=False)
-    load_dotenv(service_base_dir / "env/.env", override=False)
-
-    # Get secrets.
-    if env == "local":
-        secrets_path = service_base_dir / "env/.env.local.secrets"
-        # TODO: move this to the dev container setup script.
-        if not os.path.exists(secrets_path):
-            # pylint: disable=line-too-long
-            secrets_file_comment = (
-                "# 📝 Local Secret Variables 📝\n"
-                "# These secret variables are only loaded in your local environment (on your PC).\n"
-                "#\n"
-                "# This file is git-ignored intentionally to keep these variables a secret.\n"
-                "#\n"
-                "# 🚫 DO NOT PUSH SECRETS TO THE CODE REPO 🚫\n"
-                "\n"
-            )
-            # pylint: enable=line-too-long
-
-            with open(secrets_path, "w+", encoding="utf-8") as secrets_file:
-                secrets_file.write(secrets_file_comment)
-
-        secrets = dotenv_values(secrets_path)
-    else:
-        # pylint: disable-next=import-outside-toplevel
-        import boto3
-
-        s3: "S3Client" = boto3.client("s3")
-        secrets_object = s3.get_object(
-            Bucket=os.environ["aws_s3_app_bucket"],
-            Key=(
-                os.environ["aws_s3_app_folder"]
-                + f"/secure/.env.secrets.{service_name}"
-            ),
-        )
-
-        secrets = dotenv_values(
-            stream=StringIO(secrets_object["Body"].read().decode("utf-8"))
-        )
-
-    return Secrets(**secrets)