THREESCALE-10924: Remove duplicated config .yml files, keep only those in config/

[mayorova]

What this PR does / why we need it:

We currently have multiple places where .yml configuration files are set:

• config - the default folder
• config/examples - these are not added to the container image, but for development they need to be copied to config
• openshift/system/config - these are copied to the container image by Dockerfile commands.

This causes some inconveniences:

• whenever the config changes, we need to update all the files
• we sometimes need to remember to copy the updated files from example to local versions again

This can be avoided by having a single set of configs. Normally, they would not collide, because we use development and test for development, and production typically is only used in the container image. And even if we wanted to run production locally, the values are normally configured through env variables, so it's the matter of adjusting your .env file.

Which issue(s) this PR fixes

https://issues.redhat.com/browse/THREESCALE-10924

Verification steps

See these comments:
#3766 (comment)
#3766 (comment)

Special notes for your reviewer:

[mayorova]

I think there was actually a bug here. This access_code is retrieved here:

porta/lib/developer_portal/lib/access_code_protection.rb

Line 42 in 3f78b0f

access_code.presence || ThreeScale.config.access_code

But with this code, it was resulting in nil. The correct way to get the value would be Rails.application.config.access_code. But I thought it would be better to place it under three_scale specific config.

[mayorova]

This file is overwritten by 3scale operator: https://github.com/3scale/3scale-operator/blob/87c3f3b9d18b2fb625d05fa6c2cbb60b3c397d0c/pkg/3scale/amp/component/system.go#L1227-L1235

Need to figure out:

• do we need it? can't we use the built-in zync.yml file?
• if we have one already in config, would operator override it?

[mayorova]

This file is not used. It was initially added in 809e5de, but then its loading was removed in 79d15ba

[mayorova]

Differences between the current and the target configs, caused by the refactoring of the config files (this is with the assumption that .env file is in a specific way):

development:

• web_hooks.sanitized_url - changed from "http://localhost/ping" to "http://127.0.0.1/"
• three_scale.access_code added (was not existing before, due to a bug, explained here)
• three_scale.core.fake_server: false added (was not present before, the behavior is the same)
• three_scale.currencies - added a hash with a list of values, was empty hash before (2 default currencies were used in this case) - I think there is no reason to NOT have the full currencies list in development
• three_scale.noreply_email - changed from "no-reply@example.net" to "no-reply@example.com"
• three_scale.notification_email - changed from "3scale Notification <no-reply@example.com>" to "example.com Notification <no-reply@example.com>"
• three_scale.segment.write_key - changed from "null" to true - we don't really use it in development, and as it is disabled anyway, the value doesn't matter.
• three_scale.service_discovery.client_id - was "3scale", now is nil, shouldn't matter as it is disabled.
• smtp_settings - usd to be empty, now they are complete.
• database - pool changed from 25 to 5

Files to compare:
devmaster.txt
devcleaned.txt

production (with configs copied from openshift/system/config:

• three_scale.access_code added (was not existing before, due to a bug, explained here)
• three_scale.bugsnag_api_key and three_scale.bugsnag_release_stage added. The API key is nil if env var is not set, so the behavior is the same (i.e. Bugsnag not enabled)
• three_scale.daily_weekly_reports_pref has value false, previously was missing (because is not in the settings.yml file in openshift. The outcome is the same.
• three_scale.error_reporting_stages - was empty, now is set to ["production"]
• rolling_updates.billable_contracts and rolling_updates.provider_sso were missing, and now are set to nil, so the behavior is the same.
• zync config was missing (as it's overwritten by operator), and now it is set to some localhost default values. In theory it should be rewritten by the operator still - but need to check.
• domain_substitution -was empty, now has config enabled: false

Files to compare:
prodmaster.txt
prodcleaned.txt

[mayorova]

Script that I used to print the configs:

#!/usr/bin/ruby

config = {}

%i(web_hooks three_scale zync domain_substitution paperclip_defaults backend_client redis s3).each do |key|
  config[key] = Rails.configuration.send(key).sort.to_h
end

config[:cache_store] = Rails.configuration.cache_store

config[:smtp_settings] = Rails.configuration.action_mailer.smtp_settings

config[:zync] = {}
%i(endpoint authentication connect_timeout send_timeout receive_timeout skip_non_oidc_applications).each do |key|
  config[:zync][key] = Rails.configuration.zync.send(key)
end

config[:database] = ActiveRecord::Base.configurations[Rails.env]

pp config; nil

Example commands:

bundle exec rails runner /path/to/script.rb > devmaster.txt
RAILS_ENV=production bundle exec rails runner /path/to/script.rb > prodmaster.txt

[mayorova]

OK, this might be a potential place that a developer might want to change locally. We can add an env var for this.

[mayorova]

So, this might be controversial...
This changed file does the ENV['DATABASE_URL'].to_s 3 times 😬 (well, I guess at the execution time it will be 2.
But to be honest, for me it's much easier to understand this one than the original one: https://github.com/3scale/porta/blob/539780953ebc6eddebcc1450a842e9d3198ea571/config/examples/database.yml

But maybe I'm wrong, and the original is actually better. Opinions welcome!

[mayorova]

I changed my mind 🙃

I will revert the format of this file to the original one.

[jlledom]

What is this for?

[mayorova]

This is for Segment analytics

porta/app/views/provider/_analytics.html.erb

Line 7 in 99b24fb

analytics.load("<%= segment.write_key %>");

We use it in SaaS, on-premises it's disabled. This true value was in openshift configs, but the value actually doesn't matter, cause as long as it's disabled, it won't be used.

We can actually add env vars here, so we can later reuse this config in SaaS. But not sure whether to leave it for another PR.

[jlledom]

If it's disabled by default in all environments, how they enable it in SaaS? I guess they need to create a configmap for this file and mount it. I think it would be better to add an env variable to enable it, and leave it disabled by default. Anyway, better to do it in another PR I think.

[jlledom]

Does this disable adding Github as an external auth provider?

[mayorova]

This is for "3scale-branded" GitHub integration, that is used in SaaS *

This has always been disabled in on-premises: https://github.com/3scale/porta/blob/99b24fb6622653c0f040e36b5530bd1b55e8f64b/openshift/system/config/oauth2.yml

• in SaaS we have a global GitHub client, that we allow the providers to use for authentication, without the need to set up their own GitHub OAuth application. They can still use their own GitHub apps, this setting doesn't (or at least shouldn't) prevent that.

[jlledom]

Then I think it should be disabled by default. With current configuration it's enabled by for development, but with empty id and key:

base: &default
  github:
    enabled: <%= ENV.fetch('GITHUB_ENABLED', '1') == '1' %>
    client_id: <%= ENV['GITHUB_CLIENT_ID'] %>
    client_secret: <%= ENV['GITHUB_CLIENT_SECRET'] %>

development:
  <<: *default

IMO it should be like this:

    enabled: <%= ENV.fetch('GITHUB_ENABLED', '0') == '1' %>

[mayorova]

Yep, makes sense 👍

[akostadinov]

nice!