[TIP] Testing programs that are intended to be distributed in public repos but which need non-public information in order to work

Tarek Ziadé ziade.tarek at gmail.com
Fri Aug 26 23:03:05 PDT 2011 

On Sat, Aug 27, 2011 at 2:46 PM, Laura Creighton <lac at openend.se> wrote:
> I'm writing an app that I'm hosting publicly on bitbucket.  In order for it
> to work, I need to use my secret password to get into the postgresql
> database at the site I am developing this on, and my PayPal developer
> account id and password, and things of that nature.  But I don't want
> to share this information with the world.
>
> Currently, all this information lives in one file, called settings.py .
> I've asked hg not to track this file.  Instead I have a file called
> settings.notreal.py, which is tracked and is a copy of settings.py
> with the sensitive data replaced with dummy data.  But this means that
> I, and anybody else who wants to hack on the thing needs to know
> that if they make any changes to settings.py they have to make them
> to settings.notreal.py, too.  A trivial python script can generate
> one from the other, the problem is in remembering to do so before you
> make your commit, etc. so that your commit messages i.e 'fix for failing test
> ABC' aren't complete lies, because they leave out the actual fix.
>
> This must be a common situation, with a well understood solution, but
> my Google-fu apparantly isn't up to finding the correct keywords to
> search for.  Maybe the whole approach of having 2 files is wrong, and
> that is why I am not finding anything.  So what do people do?  And
> what url should I read to figure out how to do it too?

FWIW, I completely isolate the username/password in all my tests and
use environment variables or command line options to load them in the
test fixture.

For example, in Jenkins I run my tests with a makefile and call it like this:

  $ make test USER=tarek PASSWORD=secret

The default values are dumb values, and there's nothing stored in any
file. I find it a bit "dangerous" as it's easy to forget about it and
add it in the repository (I happened to me in the past ;))

Of course that supposes your Jenkins is protected. But you could also do:

  $ make test CREDENTIALS=/a/file/stored/on/the/slave

In any case I would advise not to have the credentials located in the
root of the repository

HTH
Cheers
Tarek



>
> Laura
>
> _______________________________________________
> testing-in-python mailing list
> testing-in-python at lists.idyll.org
> http://lists.idyll.org/listinfo/testing-in-python
>



-- 
Tarek Ziadé | http://ziade.org

More information about the testing-in-python mailing list