cartography icon indicating copy to clipboard operation
cartography copied to clipboard
verified publisher icon lyft

using dynaconf for settings management

Open jychp opened this issue 10 months ago • 1 comments

Summary

I find launching Cartography with parameters to be anoying. This PR (currently applied to only one module) introduces Dynaconf for more efficient configuration management:

  • Through a configuration file
  • Overridable via environment variables
  • With automatic loading of a .env file

In the future, it could also support providers like Vault.

This approach brings several advantages:

  • Simplicity for local test environments (which can be defined via a .env file)
  • Easier deployment in environments like K8S
  • No need to pass configuration as arguments to all objects (the settings object behaves similarly to a singleton)

This PR ensures backward compatibility (with DeprecationWarnings). In the provided example, the "legacy" launch with arguments still works, and launching via environment variables is also supported.

For the given example, it is necessary to export (or have a .env file) with the following variables:

CARTOGRAPHY_NEO4J__USER="neo4j"
CARTOGRAPHY_NEO4J__PASSWORD="neo4j"
CARTOGRAPHY_LASTPASS__CID="foo"
CARTOGRAPHY_LASTPASS__PROVHASH="bar"

Related issues or PR

  • https://github.com/cartography-cncf/cartography/issues/1072
  • https://github.com/cartography-cncf/cartography/pull/1124

Tests

  • [ ] statsd
  • [ ] analysis
  • [ ] aws
  • [ ] azure
  • [ ] bigfix
  • [ ] crowdstrike
  • [ ] cve
  • [ ] digitalocean
  • [ ] duo
  • [x] github
  • [ ] gsuite
  • [ ] jamf
  • [ ] k8s
  • [ ] kandji
  • [ ] lastpass
  • [ ] okta
  • [ ] pagerduty
  • [ ] semgrep
  • [ ] snipeit

jychp avatar Feb 03 '25 13:02 jychp

Before this change :

Env to export (by export, docker-compose file etc ...)

NEO4J_PASSWORD=<CHANGEME>
LASTPASS_CID=<CHANGEME>
LASTPASS_PROVEHASH=<CHANGEME>

Command:

cartography --neo4j-uri=XXX --neo4j-user=<CHANGEME> --neo4j-password-env-var=NEO4J_PASSWORD --neo4j-database=<CHANGEME> --selected-modules=lastpass --lastpass-cid-env-var=LASTPASS_CID --lastpass-provhash-env-var=LASTPASS_PROVEHASH

After this change : Note: This change ensure back compatibility

Env to export (by export, docker-compose file etc ... and auto .env loading)

CARTOGRAPHY_NEO4J__URI="<CHANGEME>" (could also be defined in settings.toml)
CARTOGRAPHY_NEO4J__USER="<CHANGEME>" (could also be defined in settings.toml)
CARTOGRAPHY_NEO4J__DATABASE="<CHANGEME>" (could also be defined in settings.toml)
CARTOGRAPHY_NEO4J__PASSWORD="<CHANGEME>"
CARTOGRAPHY_LASTPASS__CID="<CHANGEME>"
CARTOGRAPHY_LASTPASS__PROVHASH="<CHANGEME>"

Command:

cartography --selected-modules=lastpass

jychp avatar Feb 04 '25 17:02 jychp